一个VC写的完整、简单的Sniffer代码

简介: 一个VC写的完整、简单的Sniffer代码

以下完整、简单的Sniffer代码代码是用SOCK_RAW写的.SP2已经不支持RAW

#include <winsock2.h>
#include <windows.h>
#include <ws2tcpip.h>
#include <stdio.h>
#include <stdlib.h>
#define MAX_HOSTNAME_LAN 255
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
#define MAX_ADDR_LEN 16
typedef struct tcpheader {
     unsigned short int sport;
     unsigned short int dport;
     unsigned int th_seq;
     unsigned int th_ack;
     unsigned char th_x2:4;
     unsigned char th_off:4;
     unsigned char Flags;
     unsigned short int th_win;
     unsigned short int th_sum;
     unsigned short int th_urp;
}TCP_HDR;
struct ipheader {
unsigned char ip_hl:4, ip_v:4; /* this means that each member is 4 bits */
unsigned char ip_tos;
unsigned short int ip_len;
unsigned short int ip_id;
unsigned short int ip_off;
unsigned char ip_ttl;
unsigned char ip_p;
unsigned short int ip_sum;
unsigned int ip_src;
unsigned int ip_dst;
}; /* total ip header length: 20 bytes (=160 bits) */
// Psuedo Header
typedef struct ps_hdr
{
    unsigned int   source_address;   // Source Address         =>      4 Bytes
    unsigned int   dest_address;     // Destination Address     =>      4 Bytes
    unsigned char  placeholder;         // Place Holder         =>      1 Bytes
    unsigned char  protocol;         // Protocol         =>      1 Bytes
    unsigned short tcp_length;         // TCP Length         =>    +  2 Bytes
                     //                       = 12 Bytes
    struct tcpheader tcp;
}PS_HDR;
typedef struct udphdr {
unsigned short sport;
unsigned short dport;
unsigned short len;
unsigned short cksum;
}UDP_HDR;
void hexdump(char *pointer)
{
    if ((*(pointer)>0))
    printf("//x%2.2i",*(pointer));
    else
    printf("//x%2.2i",(*(pointer))*(-1)+82);
}
void main()
{
    SOCKET sock;
    WSADATA wsd;
    char RecvBuf[65535] = {0};
    DWORD  dwBytesRet;
    int pCount=0;
    unsigned int  optval = 1; //the pointer , which shows us the payload begin
    unsigned char *datatcp=NULL; //the pointer , which shows us the payload begin
    unsigned char *dataudp=NULL;
    int lentcp=0, lenudp;
    WSAStartup(MAKEWORD(2,1),&wsd);
    if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP))==SOCKET_ERROR)
    {
        exit(1);
    }
    char FAR name[MAX_HOSTNAME_LAN];
    gethostname(name, MAX_HOSTNAME_LAN);
    struct hostent FAR * pHostent;
    pHostent = (struct hostent * )malloc(sizeof(struct hostent));
    pHostent = gethostbyname(name);
    SOCKADDR_IN sa;
    sa.sin_family = AF_INET;
    sa.sin_port = htons(6000);
    memcpy(&sa.sin_addr.S_un.S_addr, pHostent->h_addr_list[0], pHostent->h_length);
    bind(sock, (SOCKADDR *)&sa, sizeof(sa));
    //if you don't have raw socket support (win 95/98/me/win2kuser) it calls the exit(1) function
    if ((WSAGetLastError())==10013)
    exit(1);
    WSAIoctl(sock, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL);
    struct udphdr *pUdpheader;
    struct ipheader *pIpheader;
    struct tcpheader *pTcpheader;
    char szSourceIP[MAX_ADDR_LEN], szDestIP[MAX_ADDR_LEN];
    SOCKADDR_IN saSource, saDest;
    pIpheader = (struct ipheader *)RecvBuf;
    pTcpheader = (struct tcpheader *)(RecvBuf+ sizeof(struct ipheader ));
    pUdpheader = (struct udphdr *) (RecvBuf+ sizeof(struct ipheader ));
    while (1)
    {
       
        memset(RecvBuf, 0, sizeof(RecvBuf));
        recv(sock, RecvBuf, sizeof(RecvBuf), 0);
        saSource.sin_addr.s_addr = pIpheader->ip_src;
        strncpy(szSourceIP, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN);
        //Check Dest IP
        saDest.sin_addr.s_addr = pIpheader->ip_dst;
        strncpy(szDestIP, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN);
       
        lentcp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct tcpheader)));    
        lenudp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct udphdr)));        
        if(    (pIpheader->ip_p)==IPPROTO_TCP&&lentcp!=0)
        {
            printf("*******************************************/n");
            pCount++;    
            datatcp=(unsigned char *) RecvBuf+sizeof(struct ipheader)+sizeof(struct tcpheader);
            printf("-TCP-/n");                    
            printf("/nDestination address->%s/n",szDestIP);
            printf("/nDestination port->%i/n",ntohs(pTcpheader->dport));
            printf("datatcp address->%x/n",datatcp);
            printf("size of ipheader->%i/n",sizeof(struct ipheader));
            printf("size of tcpheader->%i/n",sizeof(struct tcpheader));
            printf("size of the hole packet->%i/n",ntohs(pIpheader->ip_len));
            printf("/nchar Packet%i []=/"",pCount,lentcp);
            for (int i=0;i<lentcp;i++)
            {
                printf("//x%.2x",*(datatcp+i)); //hexdump(datatcp+i);
                if(i%10==0)
                {                        
                    printf("/"");
                    printf("/n/"");
                }
            }
            printf("/";/n/n/n");
            for (int i2=0;i2<lentcp;i2++)
            {
                if( *(datatcp+i2)<=127&&*(datatcp+i2)>=20)
                    printf("%c",*(datatcp+i2));
                else
                    printf(".");
            }
            printf("/n/n");
            printf("*******************************************/n");    
        }
        if(    (pIpheader->ip_p)==IPPROTO_UDP&&lentcp!=0)
        {
            pCount++;                        
            dataudp=(unsigned char *) RecvBuf+sizeof(struct ipheader)+sizeof(struct udphdr);
            printf("-UDP-/n");
            printf("/nDestination address->%s/n",szDestIP);
            printf("/nDestination port->%d/n",ntohs(pTcpheader->dport));
            printf("dataudp address->%x/n",dataudp);
            printf("size of ipheader->%i/n",sizeof(struct ipheader));
            printf("size of udpheader->%i/n",sizeof(struct udphdr));
            printf("size of the hole packet->%i/n",ntohs(pIpheader->ip_len));
            printf("/nchar Packet%i []=/"",pCount,lenudp);
            for (int x=0;x<lenudp;x++)
            {
                printf("//x%.2x",*(dataudp+x));
                if (x%10==0)
                {                        
                    printf("/"");
                    printf("/n/"");
                }
            }
            printf("/";/n/n/n");
            for (int x2=0;x2<lenudp;x2++)
            {
                if( *(dataudp+x2)<=127&&*(dataudp+x2)>=20)
                    printf("%c",*(dataudp+x2));
                else
                    printf(".");
            }
            printf("/n/n");
            printf("*******************************************/n");
        }
    }
要用"伪造数据包"的方法,来禁止一切TCP连接,用Winpcap改写的代码为:
#include <winsock2.h>
#include <windows.h>
#include <ws2tcpip.h>
#include <stdio.h>
#include <stdlib.h>
#pragma comment(lib,"ws2_32.lib")
#define MAX_HOSTNAME_LAN 255
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
#define MAX_ADDR_LEN 16
struct ipheader {
unsigned char ip_hl:4, ip_v:4; /* this means that each member is 4 bits */
unsigned char ip_tos;
unsigned short int ip_len;
unsigned short int ip_id;
unsigned short int ip_off;
unsigned char ip_ttl;
unsigned char ip_p;
unsigned short int ip_sum;
unsigned int ip_src;
unsigned int ip_dst;
}; /* total ip header length: 20 bytes (=160 bits) */
typedef struct tcpheader {
unsigned short int sport;
unsigned short int dport;
unsigned int th_seq;
unsigned int th_ack;
unsigned char th_x:4;
unsigned char th_off:4;
unsigned char Flags;
unsigned short int th_win;
unsigned short int th_sum;
unsigned short int th_urp;
}TCP_HDR;
typedef struct udphdr {
unsigned short sport;
unsigned short dport;
unsigned short len;
unsigned short cksum;
}UDP_HDR;
void main()
{
SOCKET sock;
WSADATA wsd;
DWORD dwBytesRet;
unsigned int optval = 1;
unsigned char *dataudp,*datatcp;
int i,pCount=0,lentcp, lenudp;
SOCKADDR_IN sa,saSource, saDest;
struct hostent FAR * pHostent;
char FAR name[MAX_HOSTNAME_LAN];
char szSourceIP[MAX_ADDR_LEN], szDestIP[MAX_ADDR_LEN],RecvBuf[65535] = {0};
struct udphdr *pUdpheader;
struct ipheader *pIpheader;
struct tcpheader *pTcpheader;
WSAStartup(MAKEWORD(2,1),&wsd);
if ((sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP))==SOCKET_ERROR)exit(1);
gethostname(name, MAX_HOSTNAME_LAN);
pHostent = gethostbyname(name);
sa.sin_family = AF_INET;
sa.sin_port = htons(6000);
memcpy(&sa.sin_addr.S_un.S_addr, pHostent->h_addr_list[0], pHostent->h_length);
bind(sock, (SOCKADDR *)&sa, sizeof(sa));
if ((WSAGetLastError())==10013)exit(1);
WSAIoctl(sock, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL);
pIpheader = (struct ipheader *)RecvBuf;
pTcpheader = (struct tcpheader *)(RecvBuf+ sizeof(struct ipheader ));
pUdpheader = (struct udphdr *) (RecvBuf+ sizeof(struct ipheader ));
while (1)
{
memset(RecvBuf, 0, sizeof(RecvBuf));
recv(sock, RecvBuf, sizeof(RecvBuf), 0);
saSource.sin_addr.s_addr = pIpheader->ip_src;
strncpy(szSourceIP, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN);
saDest.sin_addr.s_addr = pIpheader->ip_dst;
strncpy(szDestIP, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN);
lentcp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct tcpheader)));
lenudp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct udphdr)));
if((pIpheader->ip_p)==IPPROTO_TCP&&lentcp!=0)
{
printf("*******************************************/n");
pCount++;
datatcp=(unsigned char *) RecvBuf+sizeof(struct ipheader)+sizeof(struct tcpheader);
printf("-TCP-/n");
printf("/nDestination address->%s/n",szDestIP);
printf("/nDestination port->%i/n",ntohs(pTcpheader->dport));
printf("datatcp address->%x/n",datatcp);
printf("size of ipheader->%i/n",sizeof(struct ipheader));
printf("size of tcpheader->%i/n",sizeof(struct tcpheader));
printf("size of the hole packet->%i/n",ntohs(pIpheader->ip_len));
printf("/nchar Packet%i [%i]=/"",pCount,lentcp-1);
for (i=0;i<lentcp;i++)
{
printf("//x%.2x",*(datatcp+i));
if (i%10==0)printf("/"/n/"");
}
printf("/";/n/n/n");
for (i=0;i<lentcp;i++)
{
if( *(datatcp+i)<=127&&*(datatcp+i)>=20)printf("%c",*(datatcp+i));
else printf(".");
}
printf("/n/n*******************************************/n");
}
if((pIpheader->ip_p)==IPPROTO_UDP&&lentcp!=0)
{
pCount++;
dataudp=(unsigned char *) RecvBuf+sizeof(struct ipheader)+sizeof(struct udphdr);
printf("-UDP-/n");
printf("/nDestination address->%s/n",szDestIP);
printf("/nDestination port->%d/n",ntohs(pTcpheader->dport));
printf("dataudp address->%x/n",dataudp);
printf("size of ipheader->%i/n",sizeof(struct ipheader));
printf("size of udpheader->%i/n",sizeof(struct udphdr));
printf("size of the hole packet->%i/n",ntohs(pIpheader->ip_len));
printf("/nchar Packet%i [%i]=/"",pCount,lenudp-1);
for (i=0;i<lenudp;i++)
{
printf("//x%.2x",*(dataudp+i));
if (i%10==0)printf("/"/n/"");
}
printf("/";/n/n/n");
for (i=0;i<lenudp;i++)
{
if( *(dataudp+i)<=127&&*(dataudp+i)>=20)printf("%c",*(dataudp+i));
else printf(".");
}
printf("/n/n*******************************************/n");
}
}
}
相关文章
|
3月前
|
安全 Windows
中了Viking,抓到CONFIG.EXE,NTDLL32.dll,webpnt.exe等
中了Viking,抓到CONFIG.EXE,NTDLL32.dll,webpnt.exe等
|
3月前
|
安全
遭遇nat.exe,socks.exe,USP10.dll,BOSC.dll,kb080387.CNT,~ctwxw.txt等1
遭遇nat.exe,socks.exe,USP10.dll,BOSC.dll,kb080387.CNT,~ctwxw.txt等1
|
6月前
Qt6.5打包(QT windeployqt不是内部或外部命令、QT错误:缺少libgcc_s_seh-1.dll ,无法正常启动(0xc000007b) 问题解决方法)
Qt6.5打包(QT windeployqt不是内部或外部命令、QT错误:缺少libgcc_s_seh-1.dll ,无法正常启动(0xc000007b) 问题解决方法)
712 1
|
Linux
MAC编译jogl/gluegen很顺利
MAC编译jogl/gluegen很顺利
64 0
|
XML JSON 监控
Onvif开发笔记(一):使用gSOAP编译Onvif协议之gSOAP介绍与编译
Onvif开发笔记(一):使用gSOAP编译Onvif协议之gSOAP介绍与编译
Onvif开发笔记(一):使用gSOAP编译Onvif协议之gSOAP介绍与编译
|
Linux
VC使用命令行编译很复杂
VC使用命令行编译很复杂
91 0