📄 snifferdlg.cpp
字号:
case IPPROTO_TCP:
TCP_HDR* pTCPHeader;
pTCPHeader = (TCP_HDR *) &pData[headerLen];
ParseTCPPacket(source, destination, pTCPHeader, pData, dwSize - headerLen );
break;
default:
//TRACE(_T("Not a TCP packet"));
return false;
}
}
else
{
//TRACE( _T("IP version 6") );
return false;
}
/*
struct in_addr sa4 = {0};
char* pAddress = NULL;
// sa4.S_un.sin_family = AF_INET;
// sa4.sin_port = 0;
sa4.S_un.S_addr = pIPHeader->ip_srcaddr;
pAddress = inet_ntoa( sa4);
*/
return true;
}
catch(...)
{
return false;
}
}
bool CSnifferDlg::ParseTCPPacket(const CString& source, const CString& destination, TCP_HDR* pTCPHeader, char* pData, unsigned long len )
{
try
{
if ( len < sizeof(*pTCPHeader) )
return false;
len -= sizeof(*pTCPHeader);
pData += sizeof(*pTCPHeader);
unsigned int sourcePort, destPort;
sourcePort = htons(pTCPHeader->src_portno);
destPort = htons(pTCPHeader->dest_portno);
// if ( sourcePort != 25 && destPort != 25 )
// return false;
Session* pSide = NULL;
CString strError;
INT_PTR arrayIndex = -1;
for ( int i = 0 ; i < m_Array.GetSize(); i++ )
{
Session* pCur = m_Array.GetAt(i);
if ( pCur->sourceIP == source && pCur->sourcePort == sourcePort
&& pCur->destIP == destination && pCur->destPort == destPort)
{
pSide = pCur;
arrayIndex = i; // Save the position in the array
break;
}
}
const bool sideExist = (pSide != NULL );
const tcp_seq curSeq = ntohl(pTCPHeader->seq_num);
// if the packet is a SYN packet then don't count the gap
const USHORT flg = (ntohs(pTCPHeader->lenflags) & 0x3F);
if ( !pSide ) // A new session
{
// Only if the packet is a SYN packet then
if ( (flg & TH_SYN ) )
{
pSide = new Session();
pSide->sourceIP = source;
pSide->destIP = destination;
pSide->sourcePort = sourcePort;
pSide->destPort = destPort;
pSide->len = len;
pSide->ISN = curSeq;
pSide->pOtherSide = NULL;
arrayIndex = m_Array.Add( pSide );
strError = _T(" /*New session*/ ");
}
}
// Make sure the gap in sequences is less than 10 MB and is positive
if ( sideExist )
{
const long gap = curSeq - pSide->ISN;
pSide->len = len;
if ( (flg & TH_SYN) != TH_SYN )
{
if ( (flg & TH_RST ) || ( flg & TH_FIN) )
{
m_Array.RemoveAt( arrayIndex );
}
else
{
// Only if the size is greater than 0 do the checking
if ( len > 0 )
{
// ASSERT( gap >= 0 );
if ( gap < 0 )
strError += _T(" { Gap < 0 }");
// ASSERT ( gap <= 10 * 1024 * 1000 );
if ( gap > 10 * 1024 * 1000 )
strError += _T(" { Gap > 10 MB }");
}
}
}
else
pSide->ISN = curSeq;
}
// if ( sourcePort == 25 || destPort == 25 )
PrintPacket( source, destination, pTCPHeader, len, strError);
return true;
}
catch(...)
{
return false;
}
}
void CSnifferDlg::ConvertAddress( unsigned int address, CString& strAddress )
{
IN_ADDR ad;
ad.S_un.S_addr = address;
strAddress = inet_ntoa( ad );
}
void CSnifferDlg::PrintSession( Session* pSession )
{
}
void CSnifferDlg::PrintPacket( const CString& source, const CString& destination,TCP_HDR* pTCPHeader, DWORD dwSize, const CString& errors )
{
CString s, from, to, flags, sequence, ack ;
from = source;
to = destination;
unsigned int sourcePort, destPort;
sourcePort = htons(pTCPHeader->src_portno);
destPort = htons(pTCPHeader->dest_portno);
// if the packet is a SYN packet then don't count the gap
const USHORT flg = (ntohs(pTCPHeader->lenflags) & 0x3F);
if ( flg & TH_SYN )
{
if ( flags.GetLength() > 0 )
flags += _T(",");
flags += _T("SYN");
}
if ( flg & TH_RST )
{
if ( flags.GetLength() > 0 )
flags += _T(",");
flags += _T("RST");
}
if ( flg & TH_FIN )
{
if ( flags.GetLength() > 0 )
flags += _T(",");
flags += _T("FIN");
}
if ( flg & TH_ACK )
{
if ( flags.GetLength() > 0 )
flags += _T(",");
flags += _T("ACK");
}
if ( flg & TH_URG )
{
if ( flags.GetLength() > 0 )
flags += _T(",");
flags += _T("URG");
}
if ( flg & TH_PUSH )
{
if ( flags.GetLength() > 0 )
flags += _T(",");
flags += _T("PUSH");
}
if ( flg & TH_TAPI )
{
if ( flags.GetLength() > 0 )
flags += _T(",");
flags += _T("TAPI");
}
if ( flg & TH_NETDEV )
{
if ( flags.GetLength() > 0 )
flags += _T(",");
flags += _T("NETDEV");
}
sequence.Format(_T("%lu"),ntohl(pTCPHeader->seq_num));
ack.Format(_T("%lu"),ntohl(pTCPHeader->ack_num) );
s.Format(_T("%s - %s {%ld-%ld}, len: %ld, seq: %s,ack: %s, Flags: %s %s\r\n"), from, to, sourcePort, destPort, dwSize, sequence,ack, flags, errors);
m_Logger.Write( (LPCTSTR)s, s.GetLength() * sizeof(TCHAR) );
CString szSourcePort, szDestPort, szSize;
szSourcePort.Format( _T("%ld"), sourcePort );
szDestPort.Format( _T("%ld"), destPort );
szSize.Format( _T("%ld"), dwSize );
TVPacketItem packetItem(source, szSourcePort, destination, szDestPort, szSize, flags, sequence, ack);
InsertPacketToTV( packetItem );
}
bool CSnifferDlg::GetInterfaces(CStringArray& interfaces)
{
try
{
char Hostname[MAX_PATH];
HOSTENT *pHostEnt;
int nAdapter = 0;
struct sockaddr_in address;
gethostname( Hostname, sizeof( Hostname ));
pHostEnt = gethostbyname( Hostname );
while ( pHostEnt->h_addr_list[nAdapter] )
{
memcpy(&address.sin_addr,pHostEnt->h_addr_list[nAdapter], pHostEnt->h_length);
interfaces.Add(inet_ntoa(address.sin_addr));
nAdapter++;
}
return true;
}
catch(...)
{
return false;
}
}
void CSnifferDlg::OnSize(UINT nType, int cx, int cy)
{
CDialog::OnSize(nType, cx, cy);
ResizeForm();
}
void CSnifferDlg::ResizeForm(void)
{
if ( !IsWindowVisible() || !m_CmbInterfaces.IsWindowVisible() || !m_FrmInterfaces.IsWindowVisible() || !m_TVPackets.IsWindowVisible())
return;
CRect rect, dlgRect;
GetClientRect( &dlgRect );
rect = dlgRect;
rect.top = 100;
m_TVPackets.MoveWindow( &rect );
}
void CSnifferDlg::OnBnClickedStartsniffing()
{
m_CmbInterfaces.GetLBText( m_CmbInterfaces.GetCurSel(), m_SelInterface );
m_hThread = CreateThread(NULL, 0,SnifferThread,this,0,&m_dwThreadID);
}
ULONG WINAPI CSnifferDlg::SnifferThread(LPVOID pParam)
{
CSnifferDlg* pDlg = (CSnifferDlg*)pParam;
pDlg->StartSniffing();
return S_OK;
}
void CSnifferDlg::OnClose()
{
m_bExit = true;
DWORD dwValue = WaitForSingleObject( m_hThread, 5000);
if ( dwValue == WAIT_TIMEOUT )
TerminateThread( m_hThread,0);
CDialog::OnClose();
}
void CSnifferDlg::InsertPacketToTV(const TVPacketItem& packetItem)
{
const CString caption = packetItem.m_SourceIP + CString(_T(" - ")) + packetItem.m_DestIP;
HTREEITEM hItem = m_TVPackets.InsertItem( caption,0,0 );
m_TVPackets.SetItemData( hItem, DWORD_PTR(&packetItem) );
HTREEITEM hIPHeader = m_TVPackets.InsertItem(_T("IP Header"),1,1,hItem);
CString str;
str = GetNiceString(_T("Source IP:")) + packetItem.m_SourceIP;
m_TVPackets.InsertItem(str,2,2,hIPHeader);
str = GetNiceString(_T("Destination IP:")) + packetItem.m_DestIP;
m_TVPackets.InsertItem(str,2,2,hIPHeader);
HTREEITEM hTCPHeader = m_TVPackets.InsertItem(_T("TCP Header"),1,1,hItem);
str = GetNiceString(_T("Source Port:")) + packetItem.m_SourcePort;
m_TVPackets.InsertItem(str,2,2,hTCPHeader);
str = GetNiceString(_T("Destination Port:")) + packetItem.m_DestPort;
m_TVPackets.InsertItem(str,2,2,hTCPHeader);
str = GetNiceString(_T("Size:")) + packetItem.m_Size;
m_TVPackets.InsertItem(str,2,2,hTCPHeader);
str = GetNiceString(_T("Flags:")) + packetItem.m_Flags;
m_TVPackets.InsertItem(str,2,2,hTCPHeader);
str = GetNiceString(_T("Sequence:")) + packetItem.m_Sequence;
m_TVPackets.InsertItem(str,2,2,hTCPHeader);
str = GetNiceString(_T("Ack:")) + packetItem.m_Ack;
m_TVPackets.InsertItem(str,2,2,hTCPHeader);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -