sniffer.c

自己用libnids写的sniff

#include <sys/types.h>
#ifdef WIN32
	#include <io.h>
#else
	#include <sys/socket.h>
	#include <arpa/inet.h>
#endif
#include <netinet/in.h>
#include <netinet/in_systm.h>

#include <windows.h> 
#include <stdio.h> 
#include <string.h> 
#include <mysql.h> 
#include "nids.h"



/*
-----------------------------------------------------------------------------------------------------------------------
UDP协议首部的数据结构
-----------------------------------------------------------------------------------------------------------------------
 */
struct udp_header
{
    unsigned short udp_source_port;
    unsigned short udp_destination_port;
    unsigned short udp_length;
    unsigned short udp_checksum;
};
/*
-----------------------------------------------------------------------------------------------------------------------
ICMP协议首部的数据结构
-----------------------------------------------------------------------------------------------------------------------
 */
struct icmp_header
{
    unsigned int icmp_type;
    unsigned int icmp_code;
    unsigned char icmp_checksum;
    unsigned char icmp_id;
    unsigned char icmp_sequence;
};
/*
-----------------------------------------------------------------------------------------------------------------------
IP协议首部的数据结构
-----------------------------------------------------------------------------------------------------------------------
 */
struct ip_header
{
    #if defined(WORDS_BIGENDIAN)
        unsigned char ip_version: 4,  /* 版本 */
        ip_header_length: 4; /* 首部长度 */
    #else
        unsigned char ip_header_length: 4, ip_version: 4;
    #endif
    unsigned char ip_tos; /* 服务类型 */
    unsigned short ip_length; /* 总长度 */
    unsigned short ip_id; /* 标识 */
    unsigned short ip_off; /* 标志和偏移 */
    unsigned char ip_ttl; /* 生存时间 */
    unsigned char ip_protocol; /* 协议类型 */
    unsigned short ip_checksum; /* 校验和 */
    struct in_addr ip_source_address; /* 源IP地址 */
    struct in_addr ip_destination_address; /* 目的IP地址 */

	unsigned char source_port; /* 源端口号 */
    unsigned char destination_port; /* 目的端口号 */

};
/*
-----------------------------------------------------------------------------------------------------------------------
TCP协议首部
-----------------------------------------------------------------------------------------------------------------------
 */
struct tcp_header
{
    unsigned char tcp_source_port; /* 源端口号 */
    unsigned char tcp_destination_port; /* 目的端口号 */
    unsigned short tcp_sequence; /* 学列码 */
    unsigned short tcp_acknowledgement; /* 确认号 */
    #ifdef WORDS_BIGENDIAN
        unsigned int tcp_offset: 4,  /* 数据偏移 */
        tcp_reserved: 4; /* 保留 */
    #else
        unsigned int tcp_reserved: 4,  /* 保留 */
        tcp_offset: 4; /* 数据偏移 */
    #endif
    unsigned int tcp_flags; /* 标志 */
    unsigned char tcp_windows; /* 窗口大小 */
    unsigned char tcp_checksum; /* 校验和 */
    unsigned char tcp_urgent_pointer; /* 紧急指针 */
};
char ascii_string[10000];
char *char_to_ascii(char ch)
{
    char *string;
    ascii_string[0] = 0;
    string = ascii_string;
    if (isgraph(ch))
        *string++ = ch;
    else if (ch == ' ')
        *string++ = ch;
    else if (ch == '\n' || ch == '\r')
        *string++ = ch;
    else
        *string++ = '.';
    *string = 0;
    return ascii_string;
}

char* GetCurTime(char* pTime) 
{
    struct tm *tf;
    time_t lTime;
    
    time(&lTime);
    tf = localtime(&lTime);  
    sprintf(pTime, "%02d:%02d:%02d", //格式为YYYYMMDDHHMMSS
		tf->tm_hour, tf->tm_min, tf->tm_sec);
	
	return pTime ;
}

/*
=======================================================================================================================
下面是分析IP协议的函数
=======================================================================================================================
 */
void ip_protocol_packet_callback(u_char *packet_content)
{
	char szSqlText[500]=""; 

    struct ip_header *ip_protocol;
    u_int total_length;
    char szTime[20];
    char protocol[20];
	char sourceIP[20];
	char destinationIP[20];

	u_short source_port;
	u_short destination_port;
	GetCurTime(szTime);
    
    
    ip_protocol = (struct ip_header*)(packet_content);

	total_length = ntohs(ip_protocol->ip_length);

	sprintf(sourceIP      ,inet_ntoa(ip_protocol->ip_source_address));
	sprintf(destinationIP ,inet_ntoa(ip_protocol->ip_destination_address));
	

    switch (ip_protocol->ip_protocol) /* 判断上层协议类型 */
    {
	case 6:{
			struct tcp_header *tcp_protocol;

			strcpy(protocol,"TCP");
			
			tcp_protocol = (struct tcp_header*)(packet_content + 14+20);

			source_port = ntohs(tcp_protocol->tcp_source_port);
			/* 获取源端口号 */
			destination_port = ntohs(tcp_protocol->tcp_destination_port);
			/* 获取目的端口号 */
			
            break;
		   }
	case 17:{
			struct udp_header *udp_protocol;
			
			strcpy(protocol,"UDP");
					
			udp_protocol = (struct udp_header*)(packet_content + 20);

			source_port = ntohs(udp_protocol->udp_source_port);
			/* 获取源端口号 */
			destination_port = ntohs(udp_protocol->udp_destination_port);
			/* 获取目的端口号 */			

            break;
			}
	case 1:{
			strcpy(protocol,"ICMP");
			source_port        =0;
			destination_port   =0;
            break;
		   }
        default:
            break;
    }

	printf("-------------Time:%s----------------------\n",szTime);
    
   
	printf("协议:%s\n", protocol);

    printf("源IP地址:%s\n", sourceIP);
    printf("目的IP地址:%s\n", destinationIP);
	printf("源端口号:%d\n", source_port);
	printf("目的端口号:%d\n", destination_port);

	printf("总长度:%d\n",total_length );
	sprintf(szSqlText, "insert into nettrafficinfo values(\'%s\',\'%s\',\'%s\',\'%d\',\'%d\',%d,\'%s\')",
		protocol,sourceIP,destinationIP,source_port,destination_port,total_length,szTime); 
	Write_Log(szSqlText);
//	printf("%s\n",szSqlText);

}
/*
=======================================================================================================================
下面是回调函数
=======================================================================================================================
 */
void ip_callback(u_char  *a_packet, int len)
{
    ip_protocol_packet_callback(a_packet);
    /* 调用分析IP协议的函数 */
}
/*
=======================================================================================================================
下面是写日志的函数，向MYSQL中写数据
=======================================================================================================================
 */
BOOL Write_Log(char *szSqlText)
{
	

	
	MYSQL * myData ; 

	char szTargetDSN[] = "LOG"; 
	BOOL bCreate = TRUE; 
	
	if ( (myData = mysql_init((MYSQL*) 0)) && mysql_real_connect( myData, NULL, "root", "", szTargetDSN, MYSQL_PORT, NULL, 0 ) ) 
	{ 
		if(bCreate) 
		{ 
			if (mysql_query( myData, szSqlText)) 
			{//执行SQL语句出错 
				printf( "Can't insert data to table\n") ; 
				mysql_close( myData ) ; 
				return FALSE ; 
			} 
		} 
		
	} 
	else 
	{
		//连接数据库出错 
		printf( "Can't connect to the mysql server ") ; 
		mysql_close( myData ) ; 
		return FALSE ; 
	} 
	mysql_close( myData ) ; 
	return TRUE ; 
}

/*
=======================================================================================================================
主函数
=======================================================================================================================
 */
void main()
{
    if (!nids_init())
     /* Libnids初始化 */
    {
        printf("出现错误：%s\n", nids_errbuf);
        exit(1);
    }
    nids_register_ip_frag(ip_callback);
    /* 注册分析IP协议的回调函数 */
    nids_run();
    /* 进入循环捕获数据包的状态 */
}