📄 ntsniff.c
字号:
/*
* NtSniff by Davide Libenzi ( To rebuild NtSniff You need Microsoft SDK & DDK )
* Copyright (C) 1999 Davide Libenzi
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* Davide Libenzi <davidel@maticad.it>
*
*/
#define UNICODE 1
#include <windows.h>
#include <windowsx.h>
#include <winsock.h>
#include <tchar.h>
#include <stdio.h>
#include <stdlib.h>
#include <conio.h>
#include <time.h>
#include "packet32.h"
#include "ntddndis.h"
#define __LITTLE_ENDIAN_BITFIELD
#define COUNTOF(a) (sizeof(a) / sizeof((a)[0]))
#define SZERO(s) memset(&(s), 0, sizeof(s))
#define PACKETOF(p, r) (memcmp(p, r, sizeof(PACKET_LINK)) == 0)
#define MAX_PACKET_SIZE 8192
#define ETH_ALEN 6
#define MAX_VICTIMS 16
#define CAPTLEN 512
#define TIMEOUT 15
#define MAX_LISTEN_PORTS 64
#define MATCH_OR -1
#define MATCH_AND -2
#define VF_RST (1 << 0)
#define VF_FIN (1 << 1)
#pragma pack(push)
#pragma pack(1)
typedef unsigned char __u8;
typedef unsigned short __u16;
typedef unsigned int __u32;
/* INDENT OFF */
typedef struct _ETH_HEADER
{
unsigned char h_dest[ETH_ALEN];
unsigned char h_source[ETH_ALEN];
unsigned short h_proto;
} ETH_HEADER;
typedef struct _IP_HEADER
{
#if defined(__LITTLE_ENDIAN_BITFIELD)
__u8 ihl:4,
version:4;
#elif defined (__BIG_ENDIAN_BITFIELD)
__u8 version:4,
ihl:4;
#endif
__u8 tos;
__u16 tot_len;
__u16 id;
__u16 frag_off;
__u8 ttl;
__u8 protocol;
__u16 check;
__u32 saddr;
__u32 daddr;
} IP_HEADER;
typedef struct _TCP_HEADER
{
__u16 source;
__u16 dest;
__u32 seq;
__u32 ack_seq;
#if defined(__LITTLE_ENDIAN_BITFIELD)
__u16 res1:4,
doff:4,
fin:1,
syn:1,
rst:1,
psh:1,
ack:1,
urg:1,
res2:2;
#elif defined(__BIG_ENDIAN_BITFIELD)
__u16 doff:4,
res1:4,
res2:2,
urg:1,
ack:1,
psh:1,
rst:1,
syn:1,
fin:1;
#endif
__u16 window;
__u16 check;
__u16 urg_ptr;
} TCP_HEADER;
/* INDENT ON */
typedef struct _ETHER_PACKET
{
ETH_HEADER ETH;
IP_HEADER IP;
TCP_HEADER TCP;
} ETHER_PACKET;
typedef struct _CONTROL_BLOCK
{
PVOID hFile;
HANDLE hEvent;
TCHAR AdapterName[128];
ULONG PacketLength;
ULONG LastReadSize;
UINT BufferSize;
BYTE PacketBuffer[MAX_PACKET_SIZE];
} CONTROL_BLOCK, *PCONTROL_BLOCK;
typedef struct _PACKET_LINK
{
unsigned long saddr;
unsigned long daddr;
unsigned short sport;
unsigned short dport;
} PACKET_LINK, *PPACKET_LINK;
typedef struct _VICTIM
{
PACKET_LINK pl;
unsigned long flags;
int bytes_read;
int active;
time_t start_time;
char *buffer;
} VICTIM;
#pragma pack(pop)
static int IsListenPorts(int iSrcPort, int iDstPort);
static int IsListenAddresses(__u32 saddr, __u32 daddr);
static int InitVictims(VICTIM * pVictim, int iNumVictims);
static void FreeVictims(VICTIM * pVictim, int iNumVictims);
static void FlushVictim(VICTIM * pVictim);
static VICTIM *FilterPacket(IP_HEADER * pIpHdr, TCP_HEADER * pTcpHdr,
VICTIM * pVictim, int iNumVictims);
static void PrintHeader(VICTIM * pVictim);
static char *HostLookup(unsigned long int in);
static void StoreData(int iDataLenght, char *pszData, VICTIM * pVictim);
static void DumpData(int iDataLenght, char *pszData);
static void PrintData(int iDataLenght, char *pszData);
static void ShowUsage(void);
static int ParseCmdLine(int argc, char *argv[]);
static BOOL CtrlC_Handler(DWORD dwEvent);
static long lSniffedData = 0;
static long lMaxSniffedData = 0;
static int iStopSniff = 0;
static int iResolveAddr = 0;
static int iBinMode = 0;
static FILE *pDumpFile = NULL;
static char szDumpFile[MAX_PATH] = "";
static int iTimeout = TIMEOUT,
iCapLenght = CAPTLEN;
static CONTROL_BLOCK Adapter;
static int iMatchMode = MATCH_OR;
static __u32 spy_saddr = 0;
static __u32 spy_daddr = 0;
static VICTIM Victim[MAX_VICTIMS];
static int iSrcPortsCount = 0;
static int iSrcPorts[MAX_LISTEN_PORTS];
static int iDstPortsCount = 0;
static int iDstPorts[MAX_LISTEN_PORTS];
static int IsListenPorts(int iSrcPort, int iDstPort)
{
int ii,
match = iMatchMode;
if (iSrcPortsCount > 0)
{
for (ii = 0; ii < iSrcPortsCount; ii++)
if (iSrcPorts[ii] == iSrcPort)
{
++match;
break;
}
}
else
++match;
if (iDstPortsCount > 0)
{
for (ii = 0; ii < iDstPortsCount; ii++)
if (iDstPorts[ii] == iDstPort)
{
++match;
break;
}
}
else
++match;
return ((match >= 0) ? 1 : 0);
}
static int IsListenAddresses(__u32 saddr, __u32 daddr)
{
int match = iMatchMode;
if ((spy_saddr == 0) || (saddr == spy_saddr))
++match;
if ((spy_daddr == 0) || (daddr == spy_daddr))
++match;
return ((match >= 0) ? 1 : 0);
}
static int InitVictims(VICTIM * pVictim, int iNumVictims)
{
int ii;
for (ii = 0; ii < iNumVictims; ii++)
{
SZERO(pVictim[ii]);
if ((pVictim[ii].buffer = (char *) LocalAlloc(LPTR, iCapLenght + 1)) == NULL)
{
_ftprintf(stderr, _T("Failed to alloc %d bytes\n"), iCapLenght + 1);
for (--ii; ii >= 0; ii--)
LocalFree((HLOCAL) pVictim[ii].buffer);
return (-1);
}
}
return (0);
}
static void FreeVictims(VICTIM * pVictim, int iNumVictims)
{
int ii;
for (ii = 0; ii < iNumVictims; ii++)
LocalFree((HLOCAL) pVictim[ii].buffer);
}
static void FlushVictim(VICTIM * pVictim)
{
if (pVictim->bytes_read > 0)
{
lSniffedData += pVictim->bytes_read;
PrintHeader(pVictim);
if (iBinMode)
DumpData(pVictim->bytes_read, pVictim->buffer);
else
PrintData(pVictim->bytes_read, pVictim->buffer);
}
pVictim->pl.saddr = 0;
pVictim->pl.daddr = 0;
pVictim->pl.sport = 0;
pVictim->pl.dport = 0;
pVictim->flags = 0;
pVictim->bytes_read = 0;
pVictim->active = 0;
pVictim->start_time = 0;
}
static VICTIM *FilterPacket(IP_HEADER * pIpHdr, TCP_HEADER * pTcpHdr,
VICTIM * pVictim, int iNumVictims)
{
int ii;
time_t tmcurr = time(NULL);
VICTIM *pPktVictim = NULL,
*pFreeVictim = NULL;
if (pIpHdr->protocol != 6)
return (NULL);
for (ii = 0; ii < iNumVictims; ii++)
{
VICTIM *pCurrVictim = &pVictim[ii];
if (pCurrVictim->active != 0)
{
if (pCurrVictim->flags & VF_RST)
{
FlushVictim(pCurrVictim);
_ftprintf(pDumpFile, _T("\n<<< [RST]\n"));
if (pFreeVictim == NULL)
pFreeVictim = pCurrVictim;
}
else if (pCurrVictim->flags & VF_FIN)
{
FlushVictim(pCurrVictim);
_ftprintf(pDumpFile, _T("\n<<< [FIN]\n"));
if (pFreeVictim == NULL)
pFreeVictim = pCurrVictim;
}
else if (pCurrVictim->bytes_read > iCapLenght)
{
FlushVictim(pCurrVictim);
_ftprintf(pDumpFile, _T("\n<<< [CAPLEN Exceeded]\n"));
if (pFreeVictim == NULL)
pFreeVictim = pCurrVictim;
}
else if (tmcurr > (pCurrVictim->start_time + iTimeout))
{
FlushVictim(pCurrVictim);
_ftprintf(pDumpFile, _T("\n<<< [Timed Out]\n"));
if (pFreeVictim == NULL)
pFreeVictim = pCurrVictim;
}
else if ((pTcpHdr->dest == pCurrVictim->pl.dport) &&
(pTcpHdr->source == pCurrVictim->pl.sport) &&
(pIpHdr->saddr == pCurrVictim->pl.saddr) &&
(pIpHdr->daddr == pCurrVictim->pl.daddr))
{
pPktVictim = pCurrVictim;
if (pTcpHdr->rst == 1)
pPktVictim->flags |= VF_RST;
if (pTcpHdr->fin == 1)
pPktVictim->flags |= VF_FIN;
}
}
else if (pFreeVictim == NULL)
pFreeVictim = pCurrVictim;
}
if (pPktVictim != NULL)
return (pPktVictim);
if ((pFreeVictim != NULL) &&
IsListenPorts(ntohs(pTcpHdr->source), ntohs(pTcpHdr->dest)) &&
IsListenAddresses(pIpHdr->saddr, pIpHdr->daddr))
{
if (pTcpHdr->syn == 1)
{
pFreeVictim->pl.saddr = pIpHdr->saddr;
pFreeVictim->pl.daddr = pIpHdr->daddr;
pFreeVictim->pl.sport = pTcpHdr->source;
pFreeVictim->pl.dport = pTcpHdr->dest;
pFreeVictim->flags = 0;
pFreeVictim->active = 1;
pFreeVictim->bytes_read = 0;
pFreeVictim->start_time = time(NULL);
if (pTcpHdr->rst == 1)
pFreeVictim->flags |= VF_RST;
if (pTcpHdr->fin == 1)
pFreeVictim->flags |= VF_FIN;
return (pFreeVictim);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -