⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 nidsdlg.cpp

📁 基于协议分析的网络入侵检测,在互联网上与人(或网站)通讯的时候
💻 CPP
📖 第 1 页 / 共 2 页
字号:
🔍
12 
		memset(RecvBuf,0,sizeof(RecvBuf));
		int ret = recv(sock, RecvBuf, BUFFER_SIZE, 0);
		if (ret > 0)
		{

			TRACE("%d %s",ret,RecvBuf);
			// 对数据包进行分析,并输出分析结果
			ip = *(IP*)RecvBuf;
			tcp = *(TCP*)(RecvBuf + 4 *(ip.HdrLen  & 0xF)); //ip.HdrLen  & 0xF 得到IP头长度,这个长度是32位字的个数
			TRACE("协议: %s\r\n",GetProtocolTxt(ip.Protocol));
			TRACE("IP源地址: %s\r\n",inet_ntoa(*(in_addr*)&ip.SrcAddr));
			TRACE("IP目标地址: %s\r\n",inet_ntoa(*(in_addr*)&ip.DstAddr));
			TRACE("TCP源端口号: %d\r\n", ntohs (tcp.SrcPort));  //需要ntohs()转换才能得到正常所要的端口号
			//The ntohs function converts a u_short from TCP/IP network byte order to host byte order (which is little-endian on Intel processors).
			TRACE("TCP目标端口号:%d\r\n", ntohs (tcp.DstPort));
			TRACE("数据包长度: %d\r\n\r\n\r\n",ntohs(ip.TotalLen));
			TRACE("Options: %d\r\n\r\n\r\n",ip.Options);
			TRACE("IP: %d\r\n\r\n\r\n",sizeof(IP));
//TRACE("TCP: %d\r\n\r\n\r\n",sizeof(TCP));
			//if(ret>44)
			//		TRACE("%s\r\n\r\n",RecvBuf+44);
			stIPData.len=ret;
			stIPData.buf=RecvBuf;
			ShowList();
			//SendMessage(hMainHandle,WM_START_DETECT,0,0);
			/*
			//strBuf.Format("%s",GetProtocolTxt(ip.Protocol));
			//m_ListCtrl.InsertItem(0,(LPCSTR)strBuf);
			m_ListCtrl.SetItemText(0,1,inet_ntoa(*(in_addr*)&ip.SrcAddr));
			m_ListCtrl.SetItemText(0,2,inet_ntoa(*(in_addr*)&ip.DstAddr);
			strBuf.Format("%d",ntohs (tcp.SrcPort));
			m_ListCtrl.SetItemText(0,3,strBuf);
			strBuf.Format("%d",ntohs(tcp.SrcPort));
			m_ListCtrl.SetItemText(0,4,strBuf);
			strBuf.Format("%d",ntohs(ip.TotalLen));
			m_ListCtrl.SetItemText(0,5,"");
			*/
            
		}
		else if (ret == 0)
		{
			printf ("the connection has been gracefully closed\r\n");
		}
	}
}
DWORD WINAPI ThreadStartDetectProc(LPVOID lpParameter)
{

	CNIDSDlg* pDlg=(CNIDSDlg*)lpParameter;
	pDlg->StartDetect();
	return TRUE;
}

void CNIDSDlg::ShowList()
{
	CString strBuf;
	int i,j;
	CString strTmp,strIP;
	char szProto[16]={0}; //截取输入协议
	char szSourceIP[32]={0};  //截取到源IP
	char szDestIP[32]={0};    //截取到目标IP
	char szSourcePort[16]={0}; //截取到的源端口
	char szDestPort[16]={0}; //截取到的目标端口
	char szWprot[5]={0}; //取得输入端口
	char szIP[32]={0}; //取得输入IP
	unsigned char *pIP;
	DWORD dwIP;

	ip = *(IP*)stIPData.buf;
	tcp = *(TCP*)(stIPData.buf + 4 *(ip.HdrLen  & 0xF)); //ip.HdrLen  & 0xF 得到IP头长度,这个长度是32位字的个数
	strcpy(szProto,GetProtocolTxt(ip.Protocol));
	strcpy(szSourceIP,inet_ntoa(*(in_addr*)&ip.SrcAddr));
	strcpy(szDestIP,inet_ntoa(*(in_addr*)&ip.DstAddr)); //需要ntohs()转换才能得到正常所要的端口号
	sprintf(szSourcePort,"%d", ntohs (tcp.SrcPort));		
			//The ntohs function converts a u_short from TCP/IP network byte order to host byte order (which is little-endian on Intel processors).
	sprintf(szDestPort,"%d",ntohs (tcp.DstPort));	
	if(!m_IP.IsBlank())
	{
		m_IP.GetAddress(dwIP);
		pIP=(unsigned char*)&dwIP;
		strIP.Format("%u.%u.%u.%u",*(pIP+3), *(pIP+2), *(pIP+1), *pIP);
	}
	else
	{
		strIP="";
	}
	strcpy(szIP,(LPCSTR)strIP);

	sprintf(szWprot,"%d",GetDlgItemInt(IDC_EDIT1));
	BOOL bProt=m_IsAllPort|(strcmp(szSourcePort,szWprot)==0)|
		(strcmp(szDestPort,szWprot)==0); //判断端口规则
	BOOL bIp=m_IsAllIp|(strcmp(szSourceIP,szIP)==0)|
		(strcmp(szDestIP,szIP)==0); //判断IP规则
	BOOL bProto=m_IsAllProto|(strcmp(szProto,m_szProto)==0); //判断协议规则
	if(!(bProt&&bIp&&bProto))
		return;
	CTime t=CTime::GetCurrentTime();   //取出当前时间
	ListCtrlDelPart();	

	m_ListCtrl.InsertItem(0,szProto);
	m_ListCtrl.SetItemText(0,1,szSourceIP);
	m_ListCtrl.SetItemText(0,2,szDestIP);
	m_ListCtrl.SetItemText(0,3,szSourcePort);
	m_ListCtrl.SetItemText(0,4,szDestPort);
	strBuf.Format("%d",ntohs(ip.TotalLen));
	m_ListCtrl.SetItemText(0,5,strBuf);
	strBuf.Format("%4d-%2d-%2d %d:%d:%d",t.GetYear(),t.GetDay(),t.GetMonth(),
		t.GetHour(),t.GetMinute(),t.GetSecond());
	m_ListCtrl.SetItemText(0,6,strBuf);
	strBuf="";
	if((m_checkTCP.GetCheck())&&(strcmp(szProto,"TCP")==0))
	{ 
		strBuf.Format("Seq=%d Ack=%d Flag=%d",tcp.SeqNum,tcp.AckNum,tcp.Flags);
		m_ListCtrl.SetItemText(0,7,strBuf);
	}
	else
	{
		for(i=0;i<stIPData.len;i++)
		{
			if(stIPData.buf[i]>=32 && stIPData.buf[i]<255)
				strTmp.Format("%c", (unsigned char)stIPData.buf[i]);
			else
				strTmp.Format(".");
			strBuf += strTmp;
		}
		m_ListCtrl.SetItemText(0,7,strBuf);
	}
	EventDetect(szSourcePort,szDestPort);

}
void CNIDSDlg::OnCloseDetect(WPARAM wParam, LPARAM lParam) 
{	
	AfxMessageBox("ok");
	//hThreadCloseDetect=NULL;
}

void CNIDSDlg::InitListCtrl()
{
	m_ListCtrl.InsertColumn(0,"  协议", LVCFMT_LEFT,60,0);
	m_ListCtrl.InsertColumn(1,"IP源地址",LVCFMT_CENTER,120,1);
	m_ListCtrl.InsertColumn(2,"IP目标地址",LVCFMT_CENTER,120,2);
	m_ListCtrl.InsertColumn(3,"TCP源端口号",LVCFMT_CENTER,80,3);
	m_ListCtrl.InsertColumn(4,"TCP目标端口号",LVCFMT_CENTER,90,4);
	m_ListCtrl.InsertColumn(5,"包长度",LVCFMT_CENTER,80,5);
	m_ListCtrl.InsertColumn(6,"时间",LVCFMT_CENTER,150,6);
	m_ListCtrl.InsertColumn(7,"包信息",LVCFMT_LEFT,900,7);
	m_ListCtrl.SetExtendedStyle(LVS_EX_GRIDLINES );
}

void CNIDSDlg::OnOK() 
{
	// TODO: Add extra validation here
	
	//CDialog::OnOK();
}

void CNIDSDlg::OnButtonexit() 
{
	// TODO: Add your control notification handler code here
	CDialog::OnOK();	
}

void CNIDSDlg::OnAllPort() 
{
	// TODO: Add your control notification handler code here
	m_IsAllPort=TRUE;
	GetDlgItem(IDC_EDIT1)->EnableWindow(FALSE);	
}

void CNIDSDlg::OnRadio2() 
{
	// TODO: Add your control notification handler code here
	m_IsAllPort=FALSE;
	GetDlgItem(IDC_EDIT1)->EnableWindow(TRUE);	
}

void CNIDSDlg::OnRadio3() 
{
	// TODO: Add your control notification handler code here
	m_IsAllIp=TRUE;
	GetDlgItem(IDC_IPADDRESS1)->EnableWindow(FALSE);	
}

void CNIDSDlg::OnRadio4() 
{
	// TODO: Add your control notification handler code here
	m_IsAllIp=FALSE;
	GetDlgItem(IDC_IPADDRESS1)->EnableWindow(TRUE);	
}

void CNIDSDlg::OnRadio5() 
{
	// TODO: Add your control notification handler code here
	m_IsAllProto=FALSE;
	strcpy(m_szProto,"TCP");	
}

void CNIDSDlg::OnRadio8() 
{
	// TODO: Add your control notification handler code here
	m_IsAllProto=TRUE;
}

void CNIDSDlg::OnRadio6() 
{
	// TODO: Add your control notification handler code here
	m_IsAllProto=FALSE;
	strcpy(m_szProto,"UDP");	
}

void CNIDSDlg::OnRadio7() 
{
	// TODO: Add your control notification handler code here
	m_IsAllProto=FALSE;
	strcpy(m_szProto,"ICMP");	
}

void CNIDSDlg::OnButton1() 
{
	// TODO: Add your control notification handler code here
	CString strBuf;
	GetDlgItem(IDC_EDIT2)->GetWindowText(strBuf);
	strBuf.TrimRight();strBuf.TrimRight();
	if(strBuf.GetLength()>0)
	{
		if(0!=m_List.FindString(-1,(LPCSTR)strBuf))
		{
			m_List.AddString((LPCSTR)strBuf);

		}
	}
}

void CNIDSDlg::OnDblclkList3() 
{
	// TODO: Add your control notification handler code here
	if(m_List.GetCurSel()>=0)
	{

		m_List.DeleteString(m_List.GetCurSel());
	}
}

void CNIDSDlg::OnButton2() 
{
	// TODO: Add your control notification handler code here
	m_ListCtrl.DeleteAllItems();
}

void CNIDSDlg::EventDetect(char *szSourcePort,char *szDestPort)
{
	if((LB_ERR!=m_List.FindString(-1,szSourcePort))||(LB_ERR!=m_List.FindString(-1,szDestPort)))
	{	
		Beep(100,10);
	}
}

void CNIDSDlg::OnChecktcp() 
{
	// TODO: Add your control notification handler code here
	
}

void CNIDSDlg::ListCtrlDelPart()
{
	int i,j;
	if(m_ListCtrl.GetItemCount( )>300)
	{
		j=m_ListCtrl.GetItemCount();
		for(i=j-1;i>100;i--)
		{
			m_ListCtrl.DeleteItem(i);
		}
	}
}

void CNIDSDlg::OnButton4() 
{
	// TODO: Add your control notification handler code here
	unsigned char *pIP;
	DWORD dwIP;
	CString strIP;
	int numberOfHost=1;   
	struct hostent *remoteHostent;   
	WSADATA   wsaData;
	if(!m_TurnIP.IsBlank())
	{
		m_TurnIP.GetAddress(dwIP);
		pIP=(unsigned char*)&dwIP;
		strIP.Format("%u.%u.%u.%u",*(pIP+3), *(pIP+2), *(pIP+1), *pIP);
	}
	m_edit3="";
	int iRet=WSAStartup(MAKEWORD(2,1),&wsaData);   
	if(iRet!=0)   
	{   
		//printf("WSAStartup   Error:%d\n",GetLastError());   
		return;   
	}   
	unsigned   long   nRemoteAddr=inet_addr((LPCSTR)strIP);   
	remoteHostent=   (struct   hostent*)malloc(   sizeof(struct   hostent   ));   
	//struct   in_addr   sa;   
	for(int i=0;i<numberOfHost;i++)   
	{   
		//获取远程机器名   
		//sa.s_addr=nRemoteAddr;   
		//TRACE("\nIpAddress:%s\n",inet_ntoa(sa));   
		remoteHostent=gethostbyaddr((char*)&nRemoteAddr,4,AF_INET);   
		if(remoteHostent)
		{
			TRACE("HostName:%s\n",remoteHostent->h_name);
			m_edit3=remoteHostent->h_name;
		}
		else   
			TRACE("gethostbyaddr Error:%d\n",GetLastError());
	}
	UpdateData(false);
}

void CNIDSDlg::OnButton5() 
{
	// TODO: Add your control notification handler code here
	WORD wVersion;
	WSADATA wsaData;
	SOCKET server;
	struct sockaddr_in ServAddr;
	HOSTENT *host_entry;
	char host_name[256]="smtp.126.com" ;
	char host_address[256];
	wVersion=MAKEWORD(1,1);
	WSAStartup(wVersion,&wsaData);
	UpdateData(true);
	host_entry=gethostbyname((LPCSTR)m_edit3);
	if(host_entry!=0)
	{
		m_TurnIP.SetAddress(host_entry->h_addr_list[0][0]&0x00ff,
		host_entry->h_addr_list[0][1]&0x00ff,
		host_entry->h_addr_list[0][2]&0x00ff,
		host_entry->h_addr_list[0][3]&0x00ff);
    }
}
12

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -