myxray.c

来自「一个Linux下抓包演示程序」· C语言 代码 · 共 692 行 · 第 1/2 页

C
692
字号
//有记录几种攻击的功能,具体什么攻击看了程序就知道了。:)//myxray.c V0.2#include <sys/socket.h>#include <sys/types.h>#include <stdio.h>#include <errno.h>#include <sys/ioctl.h>#include <net/if.h>#include <signal.h>#include <netinet/ip.h>#include <netinet/in.h>#include <string.h>#include <arpa/inet.h>#include <netinet/if_ether.h>#include <netinet/ip_icmp.h>#include <time.h>#include <netinet/igmp.h>#define __FAVOR_BSD#include <netinet/tcp.h>#include <netdb.h>#include <netinet/udp.h>#define PACKET_SIZE 4096#define ETH_HW_ADDR_LEN 6#define IP_ADDR_LEN 4#define LOWCOUNTER 10#define MAX(a,b) ((a)>(b)?(a):(b))struct arp_packet    {    u_char targ_hw_addr[ETH_HW_ADDR_LEN];    u_char src_hw_addr[ETH_HW_ADDR_LEN];    u_short frame_type;    u_short hw_type;    u_short prot_type;    u_char hw_addr_size;    u_char prot_addr_size;    u_short op;    u_char sndr_hw_addr[ETH_HW_ADDR_LEN];    u_char sndr_ip_addr[IP_ADDR_LEN];    u_char rcpt_hw_addr[ETH_HW_ADDR_LEN];    u_char rcpt_ip_addr[IP_ADDR_LEN];    u_char padding[18];    } ;void leave();char * hwaddr (unsigned char *,char *);void writearpbuf(FILE *,char *,int);//写一个arpbuf到fd中void writetcpbuf(FILE *,char *,int);void writeudpbuf(FILE *,char *,int);void writeigmpbuf(FILE *,char *,int);void writeicmpbuf(FILE *,char *,int);int fd_recv = -1 ;time_t one,two,temptime;char arpbufone[PACKET_SIZE];char tcpbufone[PACKET_SIZE];char udpbufone[PACKET_SIZE];char igmpbufone[PACKET_SIZE];char icmpbufone[PACKET_SIZE];int arpcounter=0,tcpcounter=0,igmpcounter=0,icmpcounter=0,udpcounter=0;char writebuf[PACKET_SIZE];FILE * waringfd;unsigned int total=0,totalarp=0,disarp=0,totaltcp=0,distcp=0,totaludp=0,disudp=0,totalicmp=0,disicmp=0,totaligmp=0,disigmp=0;struct ifreq ifr,ifr_old;main(int argc, char *argv[]){char device[] = "eth0"; // ethernet device namechar protocol[16];u_char buf_recv[PACKET_SIZE]; // buffer for receiveint ihl;int ethprotol;int ipfragoff,df,mf;int protol;char buf1[20],buf2[20],buf3[20],buf4[20];char strptr[255];char *srcaddr,*dstaddr;struct ethhdr *eth ;struct arp_packet *arphead;struct udphdr *udp;struct icmp *icmphdr;struct iphdr * ip;struct tcphdr * tcp1;char *flagsmes;int flags;struct igmp * igmp1;struct in_addr in1;struct in_addr in2;int from_len, datalen;struct sockaddr from;int arpenable=0;int tcpenable=0;int icmpenable=0;int igmpenable=0;int loenable=0;int udpenable=0;char *tcpflag=NULL;int c;char *dstip=NULL;char *srcip=NULL;extern char *optarg;extern int optind;const charmessage[]="-a display arp packet-t display tcp packet-f   one of RST FIN SYN PUSH ACK URG display only tcpflag tcp packet-u display udp packet-i display icmp packet-g display igmp packet-A display all packet-l also display lo layer packet-s srcip display srcip packet-d dstip display dstip packetWelcome to use myxray which writed by sztcww Good Luck";if (argc==1) {printf("%s\n",message);exit(-1);}while ((c = getopt(argc, argv, "Aatugil?s:d:f:")) != EOF)        switch (c) {    case 'A':  tcpenable=1;  udpenable=1;  icmpenable=1;  igmpenable=1;  arpenable=1;  break;case 'd':  dstip=optarg;break;    case 's':srcip=optarg;break;    case 'f':tcpflag=optarg;break;case 'a':         arpenable=1;         break;    case 't':         tcpenable=1;         break;    case 'i':         icmpenable=1;         break;    case 'g':igmpenable=1;        break;    case 'u':         udpenable=1;         break;    case 'l':loenable=1;break;    case '?':         printf("%s\n",message);         exit(-1);        }if ( (waringfd=fopen("myxray.waring","a+"))==NULL) {perror("fopen");exit(-1);} fd_recv = socket(AF_INET, SOCK_PACKET, htons(0x0003));if (fd_recv < 0) { perror( "packet socket error"); exit(-1); }strcpy(ifr.ifr_name, device);if (ioctl(fd_recv, SIOCGIFFLAGS, &ifr) < 0 ) {  perror("ioctl SIOCGIFFLAGS error");  if (fd_recv >= 0) close(fd_recv);  exit(-1);}ifr_old = ifr;ifr.ifr_flags |= IFF_PROMISC;if (ioctl(fd_recv, SIOCSIFFLAGS, &ifr) < 0 ) {  perror("ioctl SIOCSIFFLAGS error");  if (fd_recv >= 0) close(fd_recv);  exit(-1);}signal(SIGINT, leave);signal(SIGTERM, leave);one=time(NULL);AGAIN:bzero(&from, sizeof(from));from_len = sizeof(from);bzero(buf_recv, PACKET_SIZE);datalen = recvfrom(fd_recv, (char *)buf_recv, 4096, 0,&from, &from_len);if (datalen < 0){perror("recvfrom error");  exit(-1);}total++;buf_recv[datalen] = '\0';if (loenable==0)if (strcmp(device, from.sa_data) != 0) goto AGAIN;eth=(struct ethhdr *)buf_recv;ethprotol=ntohs(eth->h_proto);if (ethprotol==0x0806) {arphead=(struct arp_packet *)buf_recv;    memcpy(&in1,arphead->sndr_ip_addr, IP_ADDR_LEN);    memcpy(&in2,arphead->rcpt_ip_addr, IP_ADDR_LEN);    srcaddr=inet_ntoa(in1);    dstaddr=(char*)inet_ntop(AF_INET,&in2,strptr,sizeof(strptr));totalarp++;    if ( (!memcmp(srcaddr,dstaddr,MAX(strlen(srcaddr),strlen(dstaddr))))&&(memcmp(hwaddr(arphead->rcpt_hw_addr,buf1),"00:00:00:00:00:00",17)) )  writearpbuf(waringfd,buf_recv,1);/*纪录arp包中srcaddr,dstaddr相同的数据包*/else{if ( memcmp(buf_recv,arpbufone,datalen)==0 ) arpcounter++;else {if (arpcounter>LOWCOUNTER)/*纪录连续抓到的,arpcounter>LOWCOUNTER的arp包 */  {writearpbuf(waringfd,arpbufone,arpcounter+1);}memcpy(arpbufone,buf_recv,datalen);arpcounter=0;}//end else}//end else}if ((ethprotol==0x0806)&&(arpenable)){//arpif ( ( (dstip==NULL)||(strcmp(dstaddr,dstip)==0) )&&((srcip==NULL)||(strcmp(srcaddr,srcip)==0) ) )    { temptime=time(NULL);  printf("Recorded %sethhdr\nsrchw:%s--->dsthw:%s proto:%xH\n",  ctime(&temptime),hwaddr(eth->h_source,buf1),hwaddr(eth->h_dest,buf2),ethprotol);  printf("arphdr\nhwtype:%d protol:%xH hw_size:%d pro_size:%d op:%d\ns_ha:% s s_ip:%s\nd_ha:%s d_ip:%s\n",ntohs(arphead->hw_type),ntohs(arphead->prot_type),arphead->hw_addr_size, arphead->prot_addr_size,ntohs(arphead->op), hwaddr(arphead->sndr_hw_addr,buf1),srcaddr, hwaddr(arphead->rcpt_hw_addr,buf2),dstaddr);  printf("-----------------------------------------------------------\n");disarp++;  }  goto AGAIN;}//end arpif (ethprotol==0x0800){//ipip = (struct iphdr *)&buf_recv[14];  ihl = (int)ip->ihl << 2;in1.s_addr = ip->saddr;  in2.s_addr = ip->daddr;  srcaddr=inet_ntoa(in1);dstaddr=(char *)inet_ntop(AF_INET,&in2,strptr,sizeof(strptr));  //iphdr  protol=ip->protocol;  ipfragoff=ntohs(ip->frag_off);  df=ipfragoff&IP_DF;  mf=ipfragoff&IP_MF;   if (df!=0) df=1;  if (mf!=0) mf=1;  protol=ip->protocol;switch (protol) {case 6 :totaltcp++;  tcp1 = (struct tcphdr *)&buf_recv[14 + ihl];  flags= tcp1->th_flags;  if (flags&TH_PUSH) flagsmes="PUSH";  if (flags&TH_ACK) flagsmes="ACK";  if (flags&TH_URG) flagsmes="URG";  if (flags&TH_FIN) flagsmes="FIN";  if (flags&TH_SYN) flagsmes="SYN";  if (flags&TH_RST) flagsmes="RST";if ( !memcmp(buf_recv,tcpbufone,datalen))tcpcounter++;else {if (tcpcounter>LOWCOUNTER){         writetcpbuf(waringfd,tcpbufone,tcpcounter);}tcpcounter=0;memcpy(tcpbufone,buf_recv,datalen);     } break;case 1 : totalicmp++;   icmphdr=(struct icmp *)&buf_recv[14 + ihl];            if (!memcmp(buf_recv,icmpbufone,datalen))icmpcounter++; else { if (icmpcounter>LOWCOUNTER)             {writeicmpbuf(waringfd,icmpbufone,icmpcounter);              }icmpcounter=0;             memcpy(icmpbufone,buf_recv,datalen);}break;case 17:totaludp++;  udp= (struct udphdr *)&buf_recv[14 + ihl];            if ( !memcmp(buf_recv,udpbufone,datalen)) udpcounter++;else {   if (udpcounter>LOWCOUNTER)               {     writeudpbuf(waringfd,udpbufone,udpcounter);               }   udpcounter=0;               memcpy(udpbufone,buf_recv,datalen);}break;case 2 :totaligmp++;      igmp1=(struct igmp *)&buf_recv[14+ihl];            if (!memcmp(inet_ntoa(igmp1->igmp_group),"0.0.0.0",7))writeigmpbuf(waringfd,buf_recv,1);else {  if (!memcmp(buf_recv,igmpbufone,datalen)) igmpcounter++;   else   {    if (igmpcounter>LOWCOUNTER)             {writeigmpbuf(waringfd,igmpbufone,igmpcounter); }   igmpcounter=0;

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?