📄 portscandetect_tab.cpp
字号:
#include "portscandetect_tab.h"extern "C" { #include <nids.h>}using namespace std;#define PORT_TMP_DIR "./PortScanDetect.txt"ofstream port_out_file(PORT_TMP_DIR);/***********************************************************/PortScanDetect_Tab::PortScanDetect_Tab(QWidget *parent) : QWidget(parent){ portscan_start = new QPushButton( this, "portscan_start" ); portscan_start->setGeometry( QRect( 40, 250, 70, 32 ) ); portscan_start->setText( tr( "Start" ) ); portscan_clear = new QPushButton( this, "portscan_clear" ); portscan_clear->setGeometry( QRect( 130, 250, 70, 32 ) ); portscan_clear->setText( tr( "Clear" ) ); disp_listview = new QListView( this, "disp_listview" ); disp_listview->addColumn( tr( "Seq" ) ); disp_listview->setGeometry( QRect( 10, 60, 210, 180 ) ); connect( portscan_start, SIGNAL( clicked() ), this, SLOT( start_display() ) ); //一个信号对应两个槽 connect( portscan_start, SIGNAL( clicked() ), this, SLOT( start_detect() ) ); //一个保存结果至文件,一个读出并显示 connect( portscan_clear, SIGNAL( clicked() ), this, SLOT( clear_detect() ) ); disp_listview->setSorting(1, FALSE); detect_stopped = TRUE; display_stopped = TRUE; readfiledisplay_thread = new PortFileDisplay_Thread(this); }PortScanDetect_Tab::~PortScanDetect_Tab(){}void PortScanDetect_Tab::start_display(){ if(display_stopped) { readfiledisplay_thread->start(); portscan_start->setText(tr("Running...")); display_stopped = FALSE; }}void PortScanDetect_Tab::start_detect(){ if(detect_stopped) { start(); portscan_start->setText(tr("Running...")); detect_stopped = FALSE; }}void PortScanDetect_Tab::clear_detect(){ disp_listview->clear();}void PortScanDetect_Tab::run(){ detect_run();}void PortScanDetect_Tab::stop(){ }void PortScanDetect_Tab::display(QString output){//注意内存占用过多的问题,需要增加计数器进行记录,到达上限后清空,存放至文件 list_item = new QListViewItem(disp_listview); list_item -> setText(0, output);}void PortScanDetect_Tab::detect_run(){ nids_params.syslog_register = my_nids_syslog; /* 注册检测攻击的函数 */ nids_params.pcap_filter = "ip"; if (!nids_init()) /* Libnids初始化 */ { error_buf.sprintf("出现错误:%s\n", nids_errbuf); display(error_buf); exit(); } nids_run(); /* 进入循环捕获数据包的状态 */}void PortScanDetect_Tab::my_nids_syslog(int type, int errnum, struct ip_header *iph, void *data){ static int scan_number = 0; char source_ip[20]; char destination_ip[20]; char string_content[1024]; struct host *host_information; unsigned char flagsand = 255, flagsor = 0; int i; char content[1024]; switch (type) //检测类型 { case NIDS_WARN_IP: if (errnum != NIDS_WARN_IP_HDR) { strcpy(source_ip, inet_ntoa(*((struct in_addr*) &(iph->ip_src.s_addr)))); strcpy(destination_ip, inet_ntoa(*((struct in_addr*) &(iph->ip_dst.s_addr)))); sprintf(string_content, "%s,packet(apparently from %s to %s\n", nids_warnings[errnum], source_ip, destination_ip); port_out_file << string_content <<endl; } else { sprintf(string_content, "%s\n", nids_warnings[errnum]); port_out_file << string_content <<endl; break; } case NIDS_WARN_TCP: strcpy(source_ip, inet_ntoa(*((struct in_addr*) &(iph->ip_src.s_addr)))); strcpy(destination_ip, inet_ntoa(*((struct in_addr*) &(iph->ip_dst.s_addr)))); if (errnum != NIDS_WARN_TCP_HDR) { sprintf(string_content,"%s,from %s:%hi to %s:%hi\n", nids_warnings[errnum], source_ip, ntohs(((struct tcp_header*)data)->th_sport), destination_ip, ntohs(((struct tcp_header*)data)->th_dport)); port_out_file << string_content <<endl; } else { sprintf(string_content, "%s,from %s to %s\n", nids_warnings[errnum], source_ip, destination_ip); port_out_file << string_content <<endl; } break; case NIDS_WARN_SCAN: scan_number++; sprintf(string_content, "------------- %d -------------\n", scan_number); printf("%s", string_content); port_out_file << string_content <<endl; sprintf(string_content, "----- 发现扫描攻击 -----\n"); port_out_file << string_content <<endl; host_information = (struct host*)data; sprintf(string_content, "扫描者的IP地址为:\n"); printf("%s", string_content); port_out_file << string_content <<endl; sprintf(string_content, "%s\n", inet_ntoa(*((struct in_addr*) &(host_information->addr)))); printf("%s", string_content); port_out_file << string_content <<endl; sprintf(string_content, "被扫描者的IP地址和端口号为:\n"); printf("%s", string_content); for (i = 0; i < host_information->n_packets; i++) { strcat(string_content, inet_ntoa(*((struct in_addr*) &(host_information->packets[i].addr)))); sprintf(string_content + strlen(string_content), ":%hi\n", host_information->packets[i].port); flagsand &= host_information->packets[i].flags; flagsor |= host_information->packets[i].flags; } port_out_file << string_content <<endl; printf("%s", string_content); sprintf(string_content, " "); if (flagsand == flagsor) { i = flagsand; switch (flagsand) { case 2: strcat(string_content, "扫描类型为: SYN\n"); port_out_file << string_content <<endl; break; case 0: strcat(string_content, "扫描类型为: NULL\n"); port_out_file << string_content <<endl; break; case 1: strcat(string_content, "扫描类型为: FIN\n"); port_out_file << string_content <<endl; break; default: sprintf(string_content + strlen(string_content), "标志=0x%x\n", i); port_out_file << string_content <<endl; } } else { strcat(string_content, "标志异常\n"); port_out_file << string_content <<endl; } printf("%s", string_content); break; default: sprintf(content, "未知"); printf("%s", string_content); port_out_file << string_content <<endl; break; } }/********************************************************/PortFileDisplay_Thread::PortFileDisplay_Thread(PortScanDetect_Tab *parent){ p = parent;}PortFileDisplay_Thread::~PortFileDisplay_Thread(){}void PortFileDisplay_Thread::run(){ read_file_display(PORT_TMP_DIR, p->disp_listview, p->list_item);}void PortFileDisplay_Thread::stop(){}void PortFileDisplay_Thread::read_file_display( const QString &FILENAME, QListView *listview , QListViewItem *list_item ){ listview->clear(); QFile f( FILENAME ); if ( !f.open( IO_ReadOnly ) ) return; QTextStream t( &f ); while(1) { msleep(200); while ( !t.eof() ) { list_item = new QListViewItem( listview, 0 ); list_item->setText( 0, t.readLine() ); } } f.close();}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -