📄 ntsniff.c
字号:
}
return (NULL);
}
static void PrintHeader(VICTIM * pVictim)
{
fprintf(pDumpFile, "\n>>> { %s [%d] => ", HostLookup(pVictim->pl.saddr),
(int) ntohs(pVictim->pl.sport));
fprintf(pDumpFile, "%s [%d] }\n", HostLookup(pVictim->pl.daddr),
(int) ntohs(pVictim->pl.dport));
}
static char *HostLookup(unsigned long int in)
{
static char szHostName[512] = "";
struct in_addr iaddr;
SZERO(iaddr);
iaddr.s_addr = in;
if (iResolveAddr)
{
struct hostent *he = gethostbyaddr((char *) &iaddr, sizeof(struct in_addr), AF_INET);
if (he == NULL)
strcpy(szHostName, inet_ntoa(iaddr));
else
strcpy(szHostName, he->h_name);
}
else
strcpy(szHostName, inet_ntoa(iaddr));
return (szHostName);
}
static void StoreData(int iDataLenght, char *pszData, VICTIM * pVictim)
{
int iStoreSize = min(iDataLenght, iCapLenght - pVictim->bytes_read);
char *buffer = pVictim->buffer + pVictim->bytes_read;
memcpy(buffer, pszData, iStoreSize);
pVictim->bytes_read += iStoreSize;
}
static void DumpData(int iDataLenght, char *pszData)
{
int ii = 0;
while (ii < iDataLenght)
{
int jj,
iSize = min(16, iDataLenght - ii);
for (jj = 0; jj < 16; jj++)
if (jj < iSize)
_ftprintf(pDumpFile, _T("%02X "), (unsigned int) pszData[ii + jj] & 0xff);
else
_ftprintf(pDumpFile, _T(" "));
_ftprintf(pDumpFile, _T("| "));
for (jj = 0; jj < iSize; jj++)
if (isprint(pszData[ii + jj]))
_ftprintf(pDumpFile, _T("%c"), pszData[ii + jj]);
else
_ftprintf(pDumpFile, _T("."));
_ftprintf(pDumpFile, _T("\n"));
ii += iSize;
}
}
static void PrintData(int iDataLenght, char *pszData)
{
int ii,
tt = 0;
for (ii = 0; ii < iDataLenght; ii++)
{
if (pszData[ii] == 13)
{
_ftprintf(pDumpFile, _T("\n"));
tt = 0;
}
else if (isprint(pszData[ii]))
{
_ftprintf(pDumpFile, _T("%c"), pszData[ii]);
tt++;
}
if (tt > 78)
{
tt = 0;
_ftprintf(pDumpFile, _T("\n"));
}
}
if (tt > 0)
_ftprintf(pDumpFile, _T("\n"));
}
static void ShowUsage(void)
{
_ftprintf(stderr, _T("<<< NtSniff 1.0 by Davide Libenzi - davidel@maticad.it >>>\n"
"Use: ntsniff [-hfbrARmcostST]\n"
"-h = Show this help\n"
"-f s = Set output file [ StdOut ]\n"
"-b = Set binary mode\n"
"-r = Resolve address names ( slower )\n"
"-A = Set rules match mode to AND\n"
"-R = Set rules match mode to OR [ Default ]\n"
"-m i = Set max bytes x session [ Unlimited ]\n"
"-c i = Set max bytes x packet capture [ %d ]\n"
"-o i = Set sniff timeout [ %d ]\n"
"-s s = Set sniffer victim ( source ) [ All ]\n"
"-t s = Set sniffer victim ( target ) [ All ]\n"
"-S i = Set port to sniff ( -S i1 -S i2 ... source ) [ All ]\n"
"-T i = Set port to sniff ( -T i1 -T i2 ... target ) [ All ]\n"),
CAPTLEN, TIMEOUT);
}
static int ParseCmdLine(int argc, char *argv[])
{
int ii;
for (ii = 1; ii < argc; ii++)
{
if (argv[ii][0] != '-')
{
ShowUsage();
return (-1);
}
switch (argv[ii][1])
{
case ('S'):
{
if (++ii < argc)
{
if (iSrcPortsCount < (MAX_LISTEN_PORTS - 1))
{
iSrcPorts[iSrcPortsCount] = atoi(argv[ii]);
++iSrcPortsCount;
}
}
}
break;
case ('T'):
{
if (++ii < argc)
{
if (iDstPortsCount < (MAX_LISTEN_PORTS - 1))
{
iDstPorts[iDstPortsCount] = atoi(argv[ii]);
++iDstPortsCount;
}
}
}
break;
case ('s'):
{
if (++ii < argc)
{
__u32 spy_addr;
struct hostent *he;
he = gethostbyname(argv[ii]);
if (he == NULL)
spy_addr = inet_addr(argv[ii]);
else
spy_addr = *(__u32 *) he->h_addr_list[0];
spy_saddr = spy_addr;
}
}
break;
case ('t'):
{
if (++ii < argc)
{
__u32 spy_addr;
struct hostent *he;
he = gethostbyname(argv[ii]);
if (he == NULL)
spy_addr = inet_addr(argv[ii]);
else
spy_addr = *(__u32 *) he->h_addr_list[0];
spy_daddr = spy_addr;
}
}
break;
case ('o'):
{
if (++ii < argc)
iTimeout = atoi(argv[ii]);
}
break;
case ('c'):
{
if (++ii < argc)
iCapLenght = atoi(argv[ii]);
}
break;
case ('m'):
{
if (++ii < argc)
lMaxSniffedData = atol(argv[ii]);
}
break;
case ('f'):
{
if (++ii < argc)
strcpy(szDumpFile, argv[ii]);
}
break;
case ('r'):
{
iResolveAddr = 1;
}
break;
case ('b'):
{
iBinMode = 1;
}
break;
case ('R'):
{
iMatchMode = MATCH_OR;
}
break;
case ('A'):
{
iMatchMode = MATCH_AND;
}
break;
case ('h'):
default:
ShowUsage();
return (-1);
}
}
return (0);
}
static BOOL CtrlC_Handler(DWORD dwEvent)
{
++iStopSniff;
return (TRUE);
}
int __cdecl main(int argc, char *argv[])
{
int ii,
iPacketCount = 0,
iPacketSniffed = 0;
WORD wVersionRequested = MAKEWORD(2, 0);
ULONG NameLength = sizeof(Adapter.AdapterName);
PVOID pPacket;
ETHER_PACKET *pEthPkt = (ETHER_PACKET *) Adapter.PacketBuffer;
IP_HEADER *pIpHdr = (IP_HEADER *) ((char *) &pEthPkt->IP);
WSADATA wsaData;
if (WSAStartup(wVersionRequested, &wsaData) != 0)
{
_ftprintf(stderr, _T("Unable to find socket library\n"));
return (1);
}
if (ParseCmdLine(argc, argv) < 0)
{
WSACleanup();
return (1);
}
SZERO(Adapter);
PacketGetAdapterNames(Adapter.AdapterName, &NameLength);
Adapter.BufferSize = MAX_PACKET_SIZE;
if ((Adapter.hFile = PacketOpenAdapter(Adapter.AdapterName)) == NULL)
{
_ftprintf(stderr, _T("Unable to open adapter %s\n"), Adapter.AdapterName);
WSACleanup();
return (1);
}
PacketSetFilter(Adapter.hFile, NDIS_PACKET_TYPE_PROMISCUOUS);
if ((pPacket = PacketAllocatePacket(Adapter.hFile)) == NULL)
{
_ftprintf(stderr, _T("Unable to allocate packet\n"));
PacketCloseAdapter(Adapter.hFile);
WSACleanup();
return (1);
}
SetConsoleCtrlHandler((PHANDLER_ROUTINE) CtrlC_Handler, TRUE);
if (InitVictims(Victim, COUNTOF(Victim)) < 0)
{
PacketFreePacket(pPacket);
PacketCloseAdapter(Adapter.hFile);
WSACleanup();
return (1);
}
if (strlen(szDumpFile) > 0)
pDumpFile = fopen(szDumpFile, "wt");
else
pDumpFile = stdout;
while (!iStopSniff)
{
PacketInitPacket(pPacket, Adapter.PacketBuffer, Adapter.BufferSize);
PacketReceivePacket(Adapter.hFile, pPacket, TRUE, &Adapter.PacketLength);
++iPacketCount;
if (Adapter.PacketLength > (sizeof(ETH_HEADER) + sizeof(IP_HEADER) + sizeof(TCP_HEADER)))
{
int i_IPH_Size = pIpHdr->ihl * 4;
TCP_HEADER *pTcpHdr = (TCP_HEADER *) ((char *) pIpHdr + i_IPH_Size);
int i_TCPH_Size = pTcpHdr->doff * 4;
VICTIM *pVictim = FilterPacket(pIpHdr, pTcpHdr, Victim, COUNTOF(Victim));
if (pVictim != NULL)
{
int iDataSize = ((int) ntohs(pIpHdr->tot_len) -
i_IPH_Size - i_TCPH_Size);
BYTE *pPktData = (BYTE *) pTcpHdr + i_TCPH_Size;
++iPacketSniffed;
StoreData(iDataSize, (char *) pPktData, pVictim);
}
if ((lMaxSniffedData > 0) && (lSniffedData > lMaxSniffedData))
break;
}
}
for (ii = 0; ii < COUNTOF(Victim); ii++)
FlushVictim(&Victim[ii]);
FreeVictims(Victim, COUNTOF(Victim));
if (pDumpFile != stdout)
fclose(pDumpFile);
_ftprintf(stderr, _T("Received %d packets - %d sniffed\n"), iPacketCount, iPacketSniffed);
PacketFreePacket(pPacket);
PacketResetAdapter(Adapter.hFile);
PacketCloseAdapter(Adapter.hFile);
WSACleanup();
return (0);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -