📄 sniffer.cpp
字号:
#include <stdafx.h>
#include <winsock2.h>
#include <windows.h>
#include <ws2tcpip.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define MAX_HOSTNAME_LAN 255
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
#define MAX_ADDR_LEN 16
#pragma comment(lib,"WS2_32.lib")
typedef struct tcpheader
{
unsigned short int sport;
unsigned short int dport;
unsigned int th_seq;
unsigned int th_ack;
unsigned char th_x2:4;
unsigned char th_off:4;
unsigned char th_flag;
unsigned short int th_win;
unsigned short int th_sum;
unsigned short int th_urp;
}TCP_HDR;
struct ipheader
{
unsigned char h_lenver; /* this means that each member is 4 bits */
unsigned char ip_tos;
unsigned short int ip_len;
unsigned short int ip_id;
unsigned short int ip_off;
unsigned char ip_ttl;
unsigned char ip_p;
unsigned short int ip_sum;
unsigned int ip_src;
unsigned int ip_dst;
}IP_HDR; /* total ip header length: 20 bytes (=160 bits) */
// Psuedo Header
typedef struct ps_hdr
{
unsigned int source_address; // Source Address => 4 Bytes
unsigned int dest_address; // Destination Address => 4 Bytes
unsigned char placeholder; // Place Holder => 1 Bytes
unsigned char protocol; // Protocol => 1 Bytes
unsigned short th_length; // TCP Length => + 2 Bytes
struct tcpheader tcp;
}PS_HDR;
typedef struct udphdr
{
unsigned short sport;
unsigned short dport;
unsigned short len;
unsigned short cksum;
} UDP_HDR;
typedef struct icmphdr
{
unsigned short sport;
unsigned short dport;
BYTE i_type;
BYTE i_code;
USHORT i_cksum;
USHORT i_id;
USHORT i_seq;
ULONG timestamp;
}ICMP_HDR;
void hexdump(char *pointer)
{
if ((*(pointer)>0))
printf("\0x%2.2i",*(pointer));
else
printf("\0x%2.2i",(*(pointer))*(-1)+82);
}
void main()
{
SOCKET sock;
WSADATA wsd;
char RecvBuf[65535] = {0};
char entity_content[65535]={0};
char temp[65535]= {0};
DWORD dwBytesRet;
int pCount=0;
unsigned int optval = 1; //the pointer , which shows us the payload begin
unsigned char *dataip=NULL;
unsigned char *datatcp=NULL; //the pointer , which shows us the payload begin
unsigned char *dataudp=NULL;
unsigned char *dataicmp=NULL;
int lentcp=0, lenudp,lenicmp,lenip;
int k;
char TcpFlag[6]={'F','S','R','P','A','U'}; //定义TCP的标志位
WSAStartup(MAKEWORD(2,1),&wsd);
if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP))==SOCKET_ERROR)
{
exit(0);
}
char FAR name[MAX_HOSTNAME_LAN];
gethostname(name, MAX_HOSTNAME_LAN);
struct hostent FAR * pHostent;
pHostent = (struct hostent * )malloc(sizeof(struct hostent));
pHostent = gethostbyname(name);
SOCKADDR_IN sa;
sa.sin_family = AF_INET;
sa.sin_port = htons(6000);
memcpy(&sa.sin_addr.S_un.S_addr, pHostent->h_addr_list[0], pHostent->h_length);
bind(sock, (SOCKADDR *)&sa, sizeof(sa));
//if you don't have raw socket support (win 95/98/me/win2kuser) it calls the exit(1) function
if ((WSAGetLastError())==10013)
exit(0);
WSAIoctl(sock, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL);
struct udphdr *pUdpheader;
struct ipheader *pIpheader;
struct tcpheader *pTcpheader;
struct icmphdr *pIcmpheader;
char szSourceIP[MAX_ADDR_LEN], szDestIP[MAX_ADDR_LEN];
SOCKADDR_IN saSource, saDest;
pIpheader = (struct ipheader *)RecvBuf;
pTcpheader = (struct tcpheader *)(RecvBuf+ sizeof(struct ipheader ));
pUdpheader = (struct udphdr *) (RecvBuf+ sizeof(struct ipheader ));
pIcmpheader = (struct icmphdr *) (RecvBuf+ sizeof(struct ipheader ));
int iIphLen = sizeof(unsigned long) * ( pIpheader->h_lenver & 0x0f );
while (1)
{
memset(RecvBuf, 0, sizeof(RecvBuf));
recv(sock, RecvBuf, sizeof(RecvBuf), 0);
saSource.sin_addr.s_addr = pIpheader->ip_src;
strncpy(szSourceIP, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN);
//Check Dest IP
saDest.sin_addr.s_addr = pIpheader->ip_dst;
strncpy(szDestIP, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN);
lenip=ntohs(pIpheader->ip_len);
lentcp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct tcpheader)));
lenudp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct udphdr)));
lenicmp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct icmphdr)));
if((pIpheader->ip_p)==IPPROTO_TCP&&lentcp!=0)
{
pCount++;
dataip=(unsigned char *) RecvBuf;
datatcp=(unsigned char *) RecvBuf+sizeof(struct ipheader)+sizeof(struct tcpheader);
entity_content[65535]=*datatcp;
printf("\n###################数据包[%i]=%d字节数据###################",pCount,lentcp);
printf("\n*******************IP协议头部*********************\n");
printf("标识:%i\n",ntohs(pIpheader->ip_id));
printf("总长度:%i\n",ntohs(pIpheader->ip_len));
printf("偏移量:%i\n",ntohs(pIpheader->ip_off));
printf("生存时间:%d\n",pIpheader->ip_ttl);
printf("服务类型:%d\n",pIpheader->ip_tos);
printf("协议类型:%d\n",pIpheader->ip_p);
printf("检验和:%i\n",ntohs(pIpheader->ip_sum));
printf("源IP地址:%s ",szSourceIP);
printf("\n目的IP地址:%s ",szDestIP);
printf("\n****************TCP协议头部******************\n");
printf("源端口:%i\n",ntohs(pTcpheader->sport));
printf("目的端口:%i\n",ntohs(pTcpheader->dport));
printf("序列号:%i\n",ntohs(pTcpheader->th_seq));
printf("应答号:%i\n",ntohs(pTcpheader->th_ack));
printf("检验和:%i\n",ntohs(pTcpheader->th_sum));
printf("标志位:");
unsigned char FlagMask = 1;
int t=0,j,p=0,i5=0;
int lenhttp=0;
for( k=0; k<6; k++ )
{
if((pTcpheader->th_flag) & FlagMask)
printf("%c",TcpFlag[k]);
else
printf(" ");
FlagMask=FlagMask<<1;
}
if(ntohs(pTcpheader->sport)==80||ntohs(pTcpheader->dport)==80)
for(j=0;j<lentcp;j++)
{
if( *(datatcp+j)==0x0d&&*(datatcp+j+1)==0x0a&&*(datatcp+j+2)==0x0d&&*(datatcp+j+3)==0x0a)
{
lenhttp=j;
printf("\n****************HTTP协议******************\n");
printf("HTTP头部长度:%d\n",lenhttp);
break;
}
}
for(k=0;k<lentcp;k++)
{
if( *(datatcp+k)==0x42&&*(datatcp+k+1)==0x69&&*(datatcp+k+2)==0x74&&*(datatcp+k+3)==0x54&&*(datatcp+k+4)==0x6f&&*(datatcp+k+5)==0x72&&*(datatcp+k+6)==0x72&&*(datatcp+k+7)==0x65&&*(datatcp+k+8)==0x6e)
printf("\n****************BitTorrent******************\n");
}
for(int i3=0;i3<lenhttp;i3++)
{
if(*(datatcp+i3)!=0x0d&&*(datatcp+i3+1)!=0x0a)
printf("%c",*(datatcp+i3));
else
printf("\n");
}
for (int i=0;i<lenip;i++) //读取数据包的内容
{
if(i%16==0)
{
printf("\n");
printf("");
printf(" %04x: ", (u_int)(i +14));
}
printf(" %.2x",*(dataip+i)); //hexdump(datatcp+i);
}
printf("\n\n\n");
for (int i2=0;i2<lenip;i2++)
{
if( *(dataip+i2)<=127&&*(dataip+i2)>=20)
printf("%c",*(dataip+i2));
else
printf(".");
}
printf("\n\n");
printf("%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\n");
}
if( (pIpheader->ip_p)==IPPROTO_UDP&&lenudp!=0)
{
pCount++;
dataip=(unsigned char *) RecvBuf;
dataudp=(unsigned char *) RecvBuf+sizeof(struct ipheader)+sizeof(struct udphdr);
printf("\n###################数据包[%i]=%d字节数据###################",pCount,lenudp);
printf("\n*******************IP协议头部*********************\n");
printf("标识:%i\n",ntohs(pIpheader->ip_id));
printf("总长度:%i\n",ntohs(pIpheader->ip_len));
printf("偏移量:%i\n",ntohs(pIpheader->ip_off));
printf("生存时间:%d\n",pIpheader->ip_ttl);
printf("服务类型:%d\n",pIpheader->ip_tos);
printf("协议类型:%d\n",pIpheader->ip_p);
printf("检验和:%i\n",ntohs(pIpheader->ip_sum));
printf("源IP地址:%s ",szSourceIP);
printf("\n目的IP地址:%s ",szDestIP);
printf("\n****************UDP协议头部******************\n");
printf("源端口:%i\n",ntohs(pUdpheader->sport));
printf("目的端口:%i\n",ntohs(pUdpheader->dport));
printf("检验和:%i\n",ntohs(pUdpheader->cksum));
printf("UDP长度:%i\n",ntohs(pUdpheader->len));
for (int i=0;i<lenip;i++) //读取数据包的内容
{
if(i%16==0)
{
printf("\n");
printf("");
printf(" %04x: ", (u_int)(i +14));
}
printf(" %.2x",*(dataip+i));
}
printf("\n\n\n");
for (int x2=0;x2<lenip;x2++)
{
if( *(dataip+x2)<=127&&*(dataip+x2)>=20)
printf("%c",*(dataip+x2));
else
printf(".");
}
printf("\n\n");
printf("%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\n");
}
if( (pIpheader->ip_p)==IPPROTO_ICMP&&lenicmp!=0)
{
pCount++;
dataip=(unsigned char *) RecvBuf;
dataicmp=(unsigned char *) RecvBuf+sizeof(struct ipheader)+sizeof(struct icmphdr);
printf("\n###################数据包[%i]=%d字节数据###################",pCount,lenicmp);
printf("\n*******************ICMP协议头部*********************\n");
printf("标识:%i\n",ntohs(pIpheader->ip_id));
printf("总长度:%i\n",ntohs(pIpheader->ip_len));
printf("偏移量:%i\n",ntohs(pIpheader->ip_off));
printf("生存时间:%d\n",pIpheader->ip_ttl);
printf("服务类型:%d\n",pIpheader->ip_tos);
printf("协议类型:%d\n",pIpheader->ip_p);
printf("检验和:%i\n",ntohs(pIpheader->ip_sum));
printf("源IP地址:%s ",szSourceIP);
printf("\n目的IP地址:%s ",szDestIP);
printf("\n****************ICMP协议头部******************\n");
printf("源端口:%i\n",ntohs(pIcmpheader->sport));
printf("目的端口:%i\n",ntohs(pIcmpheader->dport));
printf("序列号:%i\n",ntohs(pIcmpheader->i_seq));
printf("标识号:%i\n",ntohs(pIcmpheader->i_id));
printf("类型:%d,%d\n ", pIcmpheader->i_type,pIcmpheader->i_code);
printf("时间:%c\n",pIcmpheader->timestamp);
for (int i=0;i<lenip;i++) //读取数据包的内容
{
if(i%16==0)
{
printf("\n");
printf("");
printf(" %04x: ", (u_int)(i +14));
}
printf(" %.2x",*(dataip+i));
}
printf("\n\n\n");
for (int x2=0;x2<lenip;x2++)
{
if( *(dataip+x2)<=127&&*(dataip+x2)>=20)
printf("%c",*(dataip+x2));
else
printf(".");
}
printf("\n\n");
printf("%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\n");
}
}}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -