sniffer.h

Sniffer using Sock_raw. 挺不错的。

////////////////////////////////////////////////////////////////////////////////////
//                             Raw Sniffer Code  V1.0                             //
//                        powered by shadow @2004/10/4                            //
//                   my web:http://www.codehome.6600.org                          //
////////////////////////////////////////////////////////////////////////////////////

//-------------------------------------user define-------------------------------//
//-------->IP HEADER DEFINE
//
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
#define MAX_SUBTHREAD_NUM 100
#define LISTEN_PORT 7500
#define WM_SNIFFER_STOP    WM_USER+100    //嗅探停止消息
#define WM_SNIFFER_RESTART WM_USER+101    //嗅探重新开始消息
#define WM_SNIFFER_CLOSE   WM_USER+102    //嗅探彻底关闭消息
/*
#define WM_ALLSNIFFER_STOP    WM_USER+103  
#define WM_ALLSNIFFER_CLOSE   WM_USER+104
#define WM_ALLSNIFFER_RESTART WM_USER+105
*/
#define SNIFFER_STATE_START 1           //嗅探在进行中
#define SNIFFER_STATE_CLOSE 2           //嗅探已完全关闭
#define SNIFFER_STATE_STOP 3            //嗅探暂停
#define IPPROTO_TCP_TXT "TCP"
#define IPPROTO_UDP_TXT "UDP"
#define IPPROTO_ICMP_TXT "ICMP"
#define IPPROTO_IGMP_TXT "IGMP"
#define IPPROTO_DEFAULT_TXT "unknow protocol"
#define ICMP_HEADER_LEN 4 //各协议默认头长，tcp和ip头长可变
#define TCP_HEADER_LEN 20
#define UDP_HEADER_LEN 8
#define IP_HEADER_LEN 20
//-------------------------------------------------------------------------------//
typedef struct _IPADDRESS{ //4字节ip地址,相当于DWORD FROMIP
    unsigned char address[4];
}IPADDRESS;
typedef struct _IP{ //IP头定义
	unsigned char VersionHdl; //4位版本号和4位ip头长,每位代表4字节长度
	unsigned char ServiceType;//服务类型
	unsigned short TotalLen;  //数据包总长
	unsigned short Identifier;//标志
    unsigned short FragOff;   //偏移量
	unsigned char TTL;        //生存周期
	unsigned char Protocol;   //协议类型
	unsigned short IpChkSum;  //校验码
	IPADDRESS FromIP;         //源IP地址
	IPADDRESS ToIP;           //目的IP地址
}IP_HEADER;   
typedef struct _UDP{//UDP头定义
    WORD FromPort;            //源端口
	WORD ToPort;              //目的端口
	WORD UdpLen;              //udp头长
	WORD UdpChkSum;           //校验码
}UDP_HEADER;
typedef struct _TCP{//TCP头定义
    WORD FromPort;            //源端口
	WORD ToPort;              //目的端口
	DWORD SeqNum;             //顺序码
	DWORD ACKNum;             //回应码
	BYTE HeaderLen;           //TCP头长
	BYTE Flags;               //标志
	WORD Window;              //窗口大小
	WORD TcpChkSum;           //校验码
	WORD UrgPtr;              //紧急指针
}TCP_HEADER;
typedef struct _ICMP{//ICMP头定义
    BYTE Type;                //类型
	BYTE Code;                //区别码？
	WORD IcmpChkSum;          //校验码
}ICMP_HEADER;

//SOCKET RawSocket;//监听原始套接字
//defien class
class SNIFFER  
{
public:
	int StartSniffer(CString fpath);
	int StopSelfDefineSniffer();
	int StartSelfDefineSniffer(CString ProtoType,CString sourceip,CString sourceport,CString destip,CString destport,int way,int maxdata,CString fpath);
	int SnifferClose();
	int ReStart();
	int Start();
	SNIFFER();
	virtual ~SNIFFER();
	int Stop();
	int MainThreadId;
	int SubThreadNum;
	int SubThreadId[MAX_SUBTHREAD_NUM];
	int ErrorCode;
private:
	bool WsaStartup;
	char * GetLastError(int errorcode);
	char * SnifferError[14];
	int SnifferState;
	LPVOID Form_ptr;
};