📄 netspy.c
字号:
/*
*
* Copyright (C) 2003 Xiangbin Lee <honeycombs@sina.com> <honeycombs@263.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software Foundation.
*/
#include "netspy.h"
#include "netdrv.h"
/*
* ETH
*/
ETH_P_TYPE eth_p_type[MAX_ETHER_TYPE_NUM]=
{
{"ETH_P_LOOP", ETH_P_LOOP, "Ethernet Loopback packet"},
{"ETH_P_PUP", ETH_P_PUP, "Xerox PUP packet"},
{"ETH_P_PUPAT", ETH_P_PUPAT, "Xerox PUP Addr Trans packet"},
{"ETH_P_IP", ETH_P_IP, "Internet Protocol packet"},
{"ETH_P_X25", ETH_P_X25, "CCITT X.25"},
{"ETH_P_ARP", ETH_P_ARP, "Address Resolution packet"},
{"ETH_P_BPQ", ETH_P_BPQ, "G8BPQ AX.25 Ethernet Packet"},
{"ETH_P_IEEEPUP", ETH_P_IEEEPUP, "Xerox IEEE802.3 PUP packet"},
{"ETH_P_IEEEPUPAT", ETH_P_IEEEPUPAT, "Xerox IEEE802.3 PUP Addr Trans packet"},
{"ETH_P_DEC", ETH_P_DEC, "DEC Assigned proto"},
{"ETH_P_DNA_DL", ETH_P_DNA_DL, "DEC DNA Dump/Load"},
{"ETH_P_DNA_RC", ETH_P_DNA_RC, "DEC DNA Remote Console"},
{"ETH_P_DNA_RT", ETH_P_DNA_RT, "DEC DNA Routing"},
{"ETH_P_LAT", ETH_P_LAT, "DEC LAT"},
{"ETH_P_DIAG", ETH_P_DIAG, "DEC Diagnostics"},
{"ETH_P_CUST", ETH_P_CUST, "DEC Customer use"},
{"ETH_P_SCA", ETH_P_SCA, "DEC Systems Comms Arch"},
{"ETH_P_RARP", ETH_P_RARP, "Reverse Addr Res packet"},
{"ETH_P_ATALK", ETH_P_ATALK, "Appletalk DDP"},
{"ETH_P_AARP", ETH_P_AARP, "Appletalk AARP"},
{"ETH_P_IPX", ETH_P_IPX, "IPX over DIX"},
{"ETH_P_IPV6", ETH_P_IPV6, "IPv6 over bluebook"},
{"ETH_P_PPP_DISC", ETH_P_PPP_DISC, "PPPoE discovery messages"},
{"ETH_P_PPP_SES", ETH_P_PPP_SES, "PPPoE session messages"},
{"ETH_P_ATMMPOA", ETH_P_ATMMPOA, "MultiProtocol Over ATM"},
{"ETH_P_ATMFATE", ETH_P_ATMFATE, "Frame-based ATM Transport over Ethernet"},
};
void BufGetETHhdr(ETHHDR *lphdr, unsigned char *lpbuf)
{
memcpy(lphdr->h_dest,lpbuf,ETH_ALEN);
memcpy(lphdr->h_source,lpbuf+ETH_ALEN,ETH_ALEN);
lphdr->h_proto=(lpbuf[ETH_ALEN+ETH_ALEN]<<8)|(lpbuf[ETH_ALEN+ETH_ALEN+1]);
}
ETH_P_TYPE ip_p_type[MAX_IPPROTOCOL_NUM]=
{
{"IPPROTO_IP", IPPROTO_IP, "Dummy protocol for TCP"},
{"IPPROTO_ICMP", IPPROTO_ICMP, "Internet Control Message Protocol"},
{"IPPROTO_IGMP", IPPROTO_IGMP, "Internet Group Management Protocol"},
{"IPPROTO_GGP", IPPROTO_GGP, "gateway^2 (deprecated)"},
{"IPPROTO_IPIP", IPPROTO_IPIP, "IPIP tunnels (older KA9Q tunnels use 94)"},
{"IPPROTO_TCP", IPPROTO_TCP, "Transmission Control Protocol"},
{"IPPROTO_EGP", IPPROTO_EGP, "Exterior Gateway Protocol"},
{"IPPROTO_PUP", IPPROTO_PUP, "PUP protocol."},
{"IPPROTO_UDP", IPPROTO_UDP, "User Datagram Protocol"},
{"IPPROTO_IDP", IPPROTO_IDP, "XNS IDP protocol"},
{"IPPROTO_TP", IPPROTO_TP, "SO Transport Protocol Class 4"},
{"IPPROTO_IPV6", IPPROTO_IPV6, "IPv6 header"},
{"IPPROTO_ROUTING", IPPROTO_ROUTING, "IPv6 routing header"},
{"IPPROTO_FRAGMENT", IPPROTO_FRAGMENT, "IPv6 fragmentation header"},
{"IPPROTO_RSVP", IPPROTO_RSVP, "Reservation Protocol"},
{"IPPROTO_GRE", IPPROTO_GRE, "General Routing Encapsulation"},
{"IPPROTO_ESP", IPPROTO_ESP, "encapsulating security payload"},
{"IPPROTO_AH", IPPROTO_AH, "authentication header"},
{"IPPROTO_ICMPV6", IPPROTO_ICMPV6, "ICMPv6"},
{"IPPROTO_NONE", IPPROTO_NONE, "IPv6 no next header"},
{"IPPROTO_DSTOPTS", IPPROTO_DSTOPTS, "IPv6 destination options"},
{"IPPROTO_ND", IPPROTO_ND, "UNOFFICIAL net disk proto"},
{"IPPROTO_MTP", IPPROTO_MTP, "Multicast Transport Protocol"},
{"IPPROTO_ENCAP", IPPROTO_ENCAP, "Encapsulation Header"},
{"IPPROTO_PIM", IPPROTO_PIM, "Protocol Independent Multicast"},
{"IPPROTO_COMP", IPPROTO_COMP, "Compression Header Protocol"},
{"IPPROTO_RAW", IPPROTO_RAW, "Raw IP packets"},
};
/* try to tell linker where WinSock library is */
u_short in_cksum(const u_short *addr, register u_int len, int csum)
{
int nleft = len;
const u_short *w = addr;
u_short answer;
int sum = csum;
/*
* Our algorithm is simple, using a 32 bit accumulator (sum),
* we add sequential 16 bit words to it, and at the end, fold
* back all the carry bits from the top 16 bits into the lower
* 16 bits.
*/
while (nleft > 1) {
sum += *w++;
nleft -= 2;
}
if (nleft == 1)
sum += htons(*(u_char *)w<<8);
/*
* add back carry outs from top 16 bits to low 16 bits
*/
sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
sum += (sum >> 16); /* add carry */
answer = ~sum; /* truncate to 16 bits */
return (answer);
}
/*
* IP
*/
void BufGetIPhdr(IPHDR *lphdr, unsigned char *lpbuf)
{
lphdr->version=lpbuf[0]>>4;
lphdr->head_len=lpbuf[0]&0xF;
lphdr->tos=lpbuf[1];
lphdr->packet_len=(lpbuf[2]<<8)|(lpbuf[3]);
lphdr->ip_id=(lpbuf[4]<<8)|(lpbuf[5]);
lphdr->ip_off.unused=0;
lphdr->ip_off.DF=((lpbuf[6]&0x40)!=0);
lphdr->ip_off.MF=((lpbuf[6]&0x20)!=0);
lphdr->ip_off.off=((lpbuf[6]&0x19)<<8)|(lpbuf[7]);
lphdr->ttl=lpbuf[8];
lphdr->protocol=lpbuf[9];
lphdr->checksum=(lpbuf[10]<<8)|(lpbuf[11]);
lphdr->sourceIP=(((lpbuf[12]<<8)|(lpbuf[13]))<<16)|(lpbuf[14]<<8)|(lpbuf[15]);
lphdr->destIP= (((lpbuf[16]<<8)|(lpbuf[17]))<<16)|(lpbuf[18]<<8)|(lpbuf[19]);
}
int BufSetIPhdr(IPHDR *lphdr, unsigned char *lpbuf)
{
lpbuf[0]=(lphdr->version<<4)|(lphdr->head_len&0xF);
lpbuf[1]=lphdr->tos;
lpbuf[2]=lphdr->packet_len>>8;
lpbuf[3]=lphdr->packet_len&0xFF;
lpbuf[4]=lphdr->ip_id>>8;
lpbuf[5]=lphdr->ip_id&0xFF;
lpbuf[6]=((lphdr->ip_off.DF!=0)<<6)|((lphdr->ip_off.MF!=0)<<5)|((lphdr->ip_off.off>>8)&0x19);
lpbuf[7]=lphdr->ip_off.off&0xFF;
lpbuf[8]=lphdr->ttl;
lpbuf[9]=lphdr->protocol;
lpbuf[10]=lpbuf[11]=0;
lpbuf[12]=(lphdr->sourceIP>>24)&0xFF;
lpbuf[13]=(lphdr->sourceIP>>16)&0xFF;
lpbuf[14]=(lphdr->sourceIP>>8)&0xFF;
lpbuf[15]=(lphdr->sourceIP)&0xFF;
lpbuf[16]=(lphdr->destIP>>24)&0xFF;
lpbuf[17]=(lphdr->destIP>>16)&0xFF;
lpbuf[18]=(lphdr->destIP>>8)&0xFF;
lpbuf[19]=(lphdr->destIP)&0xFF;
return 20;
}
/*
* ICMP
*/
void BufGetICMPhdr(ICMPHDR *lphdr, unsigned char *lpbuf)
{
lphdr->type=lpbuf[0];
lphdr->code=lpbuf[1];
lphdr->checksum=(lpbuf[2]<<8)|(lpbuf[3]);
switch(lphdr->type)
{
case 0:
lphdr->echo.id=(lpbuf[4]<<8)|(lpbuf[5]);
lphdr->echo.sequence=(lpbuf[6]<<8)|(lpbuf[7]);
lphdr->OTm_stamp=0;
lphdr->RTm_stamp=0;
lphdr->TTm_stamp=0;
break;
case 5:
lphdr->gateway=(((lpbuf[4]<<8)|(lpbuf[5]))<<16)|(lpbuf[6]<<8)|(lpbuf[7]);
break;
case 8:
lphdr->echo.id=(lpbuf[4]<<8)|(lpbuf[5]);
lphdr->echo.sequence=(lpbuf[6]<<8)|(lpbuf[7]);
break;
case 12:
lphdr->pointer=lpbuf[4];
break;
case 13:
case 14:
lphdr->echo.id=(lpbuf[4]<<8)|(lpbuf[5]);
lphdr->echo.sequence=(lpbuf[6]<<8)|(lpbuf[7]);
lphdr->OTm_stamp=(((lpbuf[8]<<8)|(lpbuf[9]))<<16)|(lpbuf[10]<<8)|(lpbuf[11]);
lphdr->RTm_stamp=(((lpbuf[12]<<8)|(lpbuf[13]))<<16)|(lpbuf[14]<<8)|(lpbuf[15]);
lphdr->TTm_stamp=(((lpbuf[16]<<8)|(lpbuf[17]))<<16)|(lpbuf[18]<<8)|(lpbuf[19]);
break;
};
}
int BufSetICMPhdr(ICMPHDR *lphdr, unsigned char *lpbuf)
{
int ret =0;
lpbuf[0]=lphdr->type;
lpbuf[1]=lphdr->code;
lpbuf[2]=lpbuf[3]=0;
switch(lphdr->type)
{
case 3:
case 4:
case 11:
lpbuf[4]=lpbuf[5]=lpbuf[6]=lpbuf[7]=0;
ret=8;
break;
case 0:
lpbuf[4]=(lphdr->echo.id>>8)&0xFF;
lpbuf[5]=(lphdr->echo.id)&0xFF;
lpbuf[6]=(lphdr->echo.sequence>>8)&0xFF;
lpbuf[7]=(lphdr->echo.sequence)&0xFF;
ret=8;
break;
case 5:
lpbuf[4]=(lphdr->gateway>>24)&0xFF;
lpbuf[5]=(lphdr->gateway>>16)&0xFF;
lpbuf[6]=(lphdr->gateway>>8)&0xFF;
lpbuf[7]=(lphdr->gateway)&0xFF;
ret=8;
break;
case 8:
lpbuf[4]=(lphdr->echo.id>>8)&0xFF;
lpbuf[5]=(lphdr->echo.id)&0xFF;
lpbuf[6]=(lphdr->echo.sequence>>8)&0xFF;
lpbuf[7]=(lphdr->echo.sequence)&0xFF;
ret=8;
break;
case 12:
lpbuf[4]=lphdr->pointer;
lpbuf[5]=lpbuf[6]=lpbuf[7]=0;
ret=8;
break;
case 13:
case 14:
lpbuf[4]=(lphdr->echo.id>>8)&0xFF;
lpbuf[5]=(lphdr->echo.id)&0xFF;
lpbuf[6]=(lphdr->echo.sequence>>8)&0xFF;
lpbuf[7]=(lphdr->echo.sequence)&0xFF;
lpbuf[8]=(lphdr->OTm_stamp>>24)&0xFF;
lpbuf[9]=(lphdr->OTm_stamp>>16)&0xFF;
lpbuf[10]=(lphdr->OTm_stamp>>8)&0xFF;
lpbuf[11]=(lphdr->OTm_stamp)&0xFF;
lpbuf[12]=(lphdr->RTm_stamp>>24)&0xFF;
lpbuf[13]=(lphdr->RTm_stamp>>16)&0xFF;
lpbuf[14]=(lphdr->RTm_stamp>>8)&0xFF;
lpbuf[15]=(lphdr->RTm_stamp)&0xFF;
lpbuf[16]=(lphdr->TTm_stamp>>24)&0xFF;
lpbuf[17]=(lphdr->TTm_stamp>>16)&0xFF;
lpbuf[18]=(lphdr->TTm_stamp>>8)&0xFF;
lpbuf[19]=(lphdr->TTm_stamp)&0xFF;
ret=20;
break;
default :
ret=3;
};
return ret;
}
/*
* IGMP
*/
void BufGetIGMPhdr(IGMPHDR *lphdr, unsigned char *lpbuf)
{
lphdr->version=lpbuf[0]<<4;
lphdr->type=lpbuf[0]&0xF;
lphdr->unused=lpbuf[1];
lphdr->checksum=(lpbuf[2]<<8)|(lpbuf[3]);
lphdr->ip4=(((lpbuf[4]<<8)|(lpbuf[5]))<<16)|(lpbuf[6]<<8)|(lpbuf[7]);
}
int BufSetIGMPhdr(IGMPHDR *lphdr, unsigned char *lpbuf)
{
lpbuf[0]=((lphdr->version&0xF)<<4)&(lphdr->type&0xF);
lpbuf[1]=lphdr->unused;
lpbuf[2]=lpbuf[3]=0;
lpbuf[4]=(unsigned char)((lphdr->ip4>>24)&0xFF);
lpbuf[5]=(unsigned char)((lphdr->ip4>>16)&0xFF);
lpbuf[6]=(unsigned char)((lphdr->ip4>>8)&0xFF);
lpbuf[7]=(unsigned char)((lphdr->ip4)&0xFF);
return 8;
}
/*
* TCP
*/
void BufGetTCPhdr(TCPHDR *lphdr, unsigned char *lpbuf)
{
lphdr->sport=(lpbuf[0]<<8)|(lpbuf[1]);
lphdr->dport=(lpbuf[2]<<8)|(lpbuf[3]);
lphdr->seq=(((lpbuf[4]<<8)|(lpbuf[5]))<<16)|(lpbuf[6]<<8)|(lpbuf[7]);
lphdr->ack=(((lpbuf[8]<<8)|(lpbuf[9]))<<16)|(lpbuf[10]<<8)|(lpbuf[11]);
lphdr->doflag.Offset=(lpbuf[12]>>4);
lphdr->doflag.Reserved=(lpbuf[12]<<6)|(lpbuf[13]>>6);
lphdr->doflag.URG=(lpbuf[13]>>5)&0x1;
lphdr->doflag.ACK=(lpbuf[13]>>4)&0x1;
lphdr->doflag.PSH=(lpbuf[13]>>3)&0x1;
lphdr->doflag.RST=(lpbuf[13]>>2)&0x1;
lphdr->doflag.SYN=(lpbuf[13]>>1)&0x1;
lphdr->doflag.FIN=(lpbuf[13])&0x1;
lphdr->winsize=(lpbuf[14]<<8)|(lpbuf[15]);
lphdr->chksum=(lpbuf[16]<<8)|(lpbuf[17]);
lphdr->urgp=(lpbuf[18]<<8)|(lpbuf[19]);
}
void BufGetUDPhdr(UDPHDR *lphdr, unsigned char *lpbuf)
{
lphdr->source= (lpbuf[0]<<8)|(lpbuf[1]);
lphdr->dest= (lpbuf[2]<<8)|(lpbuf[3]);
lphdr->len= (lpbuf[4]<<8)|(lpbuf[5]);
lphdr->check= (lpbuf[6]<<8)|(lpbuf[7]);
}
/* --------------- IP packet Spy er ---------------- */
int IpspySocket(char *device,int pflag)
{
int fd=0;
struct ifreq ifr;
int s;
/*open up our magic SOCK_PACKET */
fd=socket(AF_INET, SOCK_PACKET, htons(ETH_P_ALL));
if(fd < 0)
{
SPYERROR("\n SPYERROR: IpspySocket, cant get SOCK_PACKET socket");
return 0;
}
/*set our device into promiscuous mode */
strcpy(ifr.ifr_name, device);
s=ioctl(fd, SIOCGIFFLAGS, &ifr);
if(s < 0)
{
SPYERROR("\n SPYERROR: IpspySocket, cant get flags");
close(fd);
return (0);
}
#define SPY_SOCK_FLAG (IFF_PROMISC)
if ( pflag )
ifr.ifr_flags |= (SPY_SOCK_FLAG); /* set promiscuous mode */
else
ifr.ifr_flags &= ~(SPY_SOCK_FLAG);
s=ioctl(fd, SIOCSIFFLAGS, &ifr);
if(s < 0)
{
SPYERROR("\n SPYERROR: IpspySocket, cant set promiscuous mode");
close(fd);
return (0);
}
return fd;
}
int IpspySocketRecv(int sock, unsigned char *lpbuf, int maxlen)
{
int ret=0;
bzero(lpbuf,maxlen);
#ifdef GTK_INCLUDE
if(CheckSocketRead(sock,1000))
#endif
{
ret=read(sock,lpbuf,maxlen);
}
return ret;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -