来源:https://www.xfocus.net/bbs/index.php?act=ST&f=3&t=50463
以下完整、简单的Sniffer代码代码是用SOCK_RAW写的.SP2已经不支持RAW
#include <winsock2.h>
#include <windows.h>
#include <ws2tcpip.h>
#include <stdio.h>
#include <stdlib.h>
#define MAX_HOSTNAME_LAN 255
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
#define MAX_ADDR_LEN 16
typedef struct tcpheader {
unsigned short int sport;
unsigned short int dport;
unsigned int th_seq;
unsigned int th_ack;
unsigned char th_x2:4;
unsigned char th_off:4;
unsigned char Flags;
unsigned short int th_win;
unsigned short int th_sum;
unsigned short int th_urp;
}TCP_HDR;
struct ipheader {
unsigned char ip_hl:4, ip_v:4; /* this means that each member is 4 bits */
unsigned char ip_tos;
unsigned short int ip_len;
unsigned short int ip_id;
unsigned short int ip_off;
unsigned char ip_ttl;
unsigned char ip_p;
unsigned short int ip_sum;
unsigned int ip_src;
unsigned int ip_dst;
}; /* total ip header length: 20 bytes (=160 bits) */
// Psuedo Header
typedef struct ps_hdr
{
unsigned int source_address; // Source Address => 4 Bytes
unsigned int dest_address; // Destination Address => 4 Bytes
unsigned char placeholder; // Place Holder => 1 Bytes
unsigned char protocol; // Protocol => 1 Bytes
unsigned short tcp_length; // TCP Length => + 2 Bytes
// = 12 Bytes
struct tcpheader tcp;
}PS_HDR;
typedef struct udphdr {
unsigned short sport;
unsigned short dport;
unsigned short len;
unsigned short cksum;
}UDP_HDR;
void hexdump(char *pointer)
{
if ((*(pointer)>0))
printf("\\x%2.2i",*(pointer));
else
printf("\\x%2.2i",(*(pointer))*(-1)+82);
}
void main()
{
SOCKET sock;
WSADATA wsd;
char RecvBuf[65535] = {0};
DWORD dwBytesRet;
int pCount=0;
unsigned int optval = 1; //the pointer , which shows us the payload begin
unsigned char *datatcp=NULL; //the pointer , which shows us the payload begin
unsigned char *dataudp=NULL;
int lentcp=0, lenudp;
WSAStartup(MAKEWORD(2,1),&wsd);
if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP))==SOCKET_ERROR)
{
exit(1);
}
char FAR name[MAX_HOSTNAME_LAN];
gethostname(name, MAX_HOSTNAME_LAN);
struct hostent FAR * pHostent;
pHostent = (struct hostent * )malloc(sizeof(struct hostent));
pHostent = gethostbyname(name);
SOCKADDR_IN sa;
sa.sin_family = AF_INET;
sa.sin_port = htons(6000);
memcpy(&sa.sin_addr.S_un.S_addr, pHostent->h_addr_list[0], pHostent->h_length);
bind(sock, (SOCKADDR *)&sa, sizeof(sa));
//if you don't have raw socket support (win 95/98/me/win2kuser) it calls the exit(1) function
if ((WSAGetLastError())==10013)
exit(1);
WSAIoctl(sock, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL);
struct udphdr *pUdpheader;
struct ipheader *pIpheader;
struct tcpheader *pTcpheader;
char szSourceIP[MAX_ADDR_LEN], szDestIP[MAX_ADDR_LEN];
SOCKADDR_IN saSource, saDest;
pIpheader = (struct ipheader *)RecvBuf;
pTcpheader = (struct tcpheader *)(RecvBuf+ sizeof(struct ipheader ));
pUdpheader = (struct udphdr *) (RecvBuf+ sizeof(struct ipheader ));
while (1)
{
memset(RecvBuf, 0, sizeof(RecvBuf));
recv(sock, RecvBuf, sizeof(RecvBuf), 0);
saSource.sin_addr.s_addr = pIpheader->ip_src;
strncpy(szSourceIP, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN);
//Check Dest IP
saDest.sin_addr.s_addr = pIpheader->ip_dst;
strncpy(szDestIP, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN);
lentcp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct tcpheader)));
lenudp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct udphdr)));
if( (pIpheader->ip_p)==IPPROTO_TCP&&lentcp!=0)
{
printf("*******************************************\n");
pCount++;
datatcp=(unsigned char *) RecvBuf+sizeof(struct ipheader)+sizeof(struct tcpheader);
printf("-TCP-\n");
printf("\nDestination address->%s\n",szDestIP);
printf("\nDestination port->%i\n",ntohs(pTcpheader->dport));
printf("datatcp address->%x\n",datatcp);
printf("size of ipheader->%i\n",sizeof(struct ipheader));
printf("size of tcpheader->%i\n",sizeof(struct tcpheader));
printf("size of the hole packet->%i\n",ntohs(pIpheader->ip_len));
printf("\nchar Packet%i []=\"",pCount,lentcp);
for (int i=0;i<lentcp;i++)
{
printf("\\x%.2x",*(datatcp+i)); //hexdump(datatcp+i);
if(i%10==0)
{
printf("\"");
printf("\n\"");
}
}
printf("\";\n\n\n");
for (int i2=0;i2<lentcp;i2++)
{
if( *(datatcp+i2)<=127&&*(datatcp+i2)>=20)
printf("%c",*(datatcp+i2));
else
printf(".");
}
printf("\n\n");
printf("*******************************************\n");
}
if( (pIpheader->ip_p)==IPPROTO_UDP&&lentcp!=0)
{
pCount++;
dataudp=(unsigned char *) RecvBuf+sizeof(struct ipheader)+sizeof(struct udphdr);
printf("-UDP-\n");
printf("\nDestination address->%s\n",szDestIP);
printf("\nDestination port->%d\n",ntohs(pTcpheader->dport));
printf("dataudp address->%x\n",dataudp);
printf("size of ipheader->%i\n",sizeof(struct ipheader));
printf("size of udpheader->%i\n",sizeof(struct udphdr));
printf("size of the hole packet->%i\n",ntohs(pIpheader->ip_len));
printf("\nchar Packet%i []=\"",pCount,lenudp);
for (int x=0;x<lenudp;x++)
{
printf("\\x%.2x",*(dataudp+x));
if (x%10==0)
{
printf("\"");
printf("\n\"");
}
}
printf("\";\n\n\n");
for (int x2=0;x2<lenudp;x2++)
{
if( *(dataudp+x2)<=127&&*(dataudp+x2)>=20)
printf("%c",*(dataudp+x2));
else
printf(".");
}
printf("\n\n");
printf("*******************************************\n");
}
}
下载raw.zip
要用"伪造数据包"的方法,来禁止一切TCP连接,用Winpcap改写的代码为:
#include <winsock2.h>
#include <windows.h>
#include <ws2tcpip.h>
#include <stdio.h>
#include <stdlib.h>
#pragma comment(lib,"ws2_32.lib")
#define MAX_HOSTNAME_LAN 255
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
#define MAX_ADDR_LEN 16
struct ipheader {
unsigned char ip_hl:4, ip_v:4; /* this means that each member is 4 bits */
unsigned char ip_tos;
unsigned short int ip_len;
unsigned short int ip_id;
unsigned short int ip_off;
unsigned char ip_ttl;
unsigned char ip_p;
unsigned short int ip_sum;
unsigned int ip_src;
unsigned int ip_dst;
}; /* total ip header length: 20 bytes (=160 bits) */
typedef struct tcpheader {
unsigned short int sport;
unsigned short int dport;
unsigned int th_seq;
unsigned int th_ack;
unsigned char th_x:4;
unsigned char th_off:4;
unsigned char Flags;
unsigned short int th_win;
unsigned short int th_sum;
unsigned short int th_urp;
}TCP_HDR;
typedef struct udphdr {
unsigned short sport;
unsigned short dport;
unsigned short len;
unsigned short cksum;
}UDP_HDR;
void main()
{
SOCKET sock;
WSADATA wsd;
DWORD dwBytesRet;
unsigned int optval = 1;
unsigned char *dataudp,*datatcp;
int i,pCount=0,lentcp, lenudp;
SOCKADDR_IN sa,saSource, saDest;
struct hostent FAR * pHostent;
char FAR name[MAX_HOSTNAME_LAN];
char szSourceIP[MAX_ADDR_LEN], szDestIP[MAX_ADDR_LEN],RecvBuf[65535] = {0};
struct udphdr *pUdpheader;
struct ipheader *pIpheader;
struct tcpheader *pTcpheader;
WSAStartup(MAKEWORD(2,1),&wsd);
if ((sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP))==SOCKET_ERROR)exit(1);
gethostname(name, MAX_HOSTNAME_LAN);
pHostent = gethostbyname(name);
sa.sin_family = AF_INET;
sa.sin_port = htons(6000);
memcpy(&sa.sin_addr.S_un.S_addr, pHostent->h_addr_list[0], pHostent->h_length);
bind(sock, (SOCKADDR *)&sa, sizeof(sa));
if ((WSAGetLastError())==10013)exit(1);
WSAIoctl(sock, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL);
pIpheader = (struct ipheader *)RecvBuf;
pTcpheader = (struct tcpheader *)(RecvBuf+ sizeof(struct ipheader ));
pUdpheader = (struct udphdr *) (RecvBuf+ sizeof(struct ipheader ));
while (1)
{
memset(RecvBuf, 0, sizeof(RecvBuf));
recv(sock, RecvBuf, sizeof(RecvBuf), 0);
saSource.sin_addr.s_addr = pIpheader->ip_src;
strncpy(szSourceIP, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN);
saDest.sin_addr.s_addr = pIpheader->ip_dst;
strncpy(szDestIP, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN);
lentcp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct tcpheader)));
lenudp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct udphdr)));
if((pIpheader->ip_p)==IPPROTO_TCP&&lentcp!=0)
{
printf("*******************************************\n");
pCount++;
datatcp=(unsigned char *) RecvBuf+sizeof(struct ipheader)+sizeof(struct tcpheader);
printf("-TCP-\n");
printf("\nDestination address->%s\n",szDestIP);
printf("\nDestination port->%i\n",ntohs(pTcpheader->dport));
printf("datatcp address->%x\n",datatcp);
printf("size of ipheader->%i\n",sizeof(struct ipheader));
printf("size of tcpheader->%i\n",sizeof(struct tcpheader));
printf("size of the hole packet->%i\n",ntohs(pIpheader->ip_len));
printf("\nchar Packet%i [%i]=\"",pCount,lentcp-1);
for (i=0;i<lentcp;i++)
{
printf("\\x%.2x",*(datatcp+i));
if (i%10==0)printf("\"\n\"");
}
printf("\";\n\n\n");
for (i=0;i<lentcp;i++)
{
if( *(datatcp+i)<=127&&*(datatcp+i)>=20)printf("%c",*(datatcp+i));
else printf(".");
}
printf("\n\n*******************************************\n");
}
if((pIpheader->ip_p)==IPPROTO_UDP&&lentcp!=0)
{
pCount++;
dataudp=(unsigned char *) RecvBuf+sizeof(struct ipheader)+sizeof(struct udphdr);
printf("-UDP-\n");
printf("\nDestination address->%s\n",szDestIP);
printf("\nDestination port->%d\n",ntohs(pTcpheader->dport));
printf("dataudp address->%x\n",dataudp);
printf("size of ipheader->%i\n",sizeof(struct ipheader));
printf("size of udpheader->%i\n",sizeof(struct udphdr));
printf("size of the hole packet->%i\n",ntohs(pIpheader->ip_len));
printf("\nchar Packet%i [%i]=\"",pCount,lenudp-1);
for (i=0;i<lenudp;i++)
{
printf("\\x%.2x",*(dataudp+i));
if (i%10==0)printf("\"\n\"");
}
printf("\";\n\n\n");
for (i=0;i<lenudp;i++)
{
if( *(dataudp+i)<=127&&*(dataudp+i)>=20)printf("%c",*(dataudp+i));
else printf(".");
}
printf("\n\n*******************************************\n");
}
}
}
