/******************************************************************
*
* windows下监测Tcp/Ip通信
*
* Author by Jefong 2005/08/08
*
* NETDUMP.C
*
******************************************************************/
#include <stdio.h>
#include <winsock2.h>
#include "iphead.h"
#define SRC_RIGHT
#if defined(SRC_RIGHT)
static char srcid[] = "@(#)netdump.c (Jefong : sjf331@21cn.com) 2005-8-8";
#endif /* author's right info */
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
char buf[2*32767];
int main()
{
SOCKADDR_IN addrin,addrin_svr;
PIPHDR ip;//IP header
PTCPHDR tcp;//TCP header
int sock, r, len;
char *data;
char ss[32], dd[32];
memset( &addrin, 0, sizeof(addrin) );
memset( &addrin_svr, 0, sizeof(addrin_svr) );
WSADATA wsadata;
WSAStartup(MAKEWORD(2,2),&wsadata);
if((sock = WSASocket(AF_INET,SOCK_RAW,IPPROTO_IP,NULL,0,WSA_FLAG_OVERLAPPED))
== INVALID_SOCKET)
{
printf("Create socket error!");
WSACleanup();
return 1;
}
addrin_svr.sin_family=AF_INET;
//addrin_svr.sin_port=htons((short)5555);
addrin_svr.sin_addr.s_addr=inet_addr("192.168.4.218");
int err=bind(sock,(struct sockaddr *)&addrin_svr,sizeof(addrin_svr));
if (err!=0) {
printf("Bind socket error!\n");
closesocket(sock);
WSACleanup();
return(2);
}
DWORD lpvBuffer = 1;
DWORD lpcbBytesReturned = 0 ;
WSAIoctl(sock, SIO_RCVALL, &lpvBuffer, sizeof(lpvBuffer),
NULL, 0, &lpcbBytesReturned, NULL, NULL);
for(;;) {
len = sizeof(addrin);
r = recvfrom(sock,(char *)buf,sizeof(buf),0,(struct sockaddr *)&addrin,&len);
if(r>=0)
{
buf[r] = 0;
ip = (struct iphdr *)buf;
tcp = (struct tcphdr *)(buf + sizeof(struct iphdr));
if(strcmp(inet_ntoa(*(struct in_addr*)&(ip->sourceip)),
"192.168.4.216")==0)
{
printf("PktSize: %d IPLEN %d PROT %d %s:%d-->%s:%d %d \n ",
r, ip->total_len,ip->protocol,
strcpy(ss, inet_ntoa(*(struct in_addr*)&(ip->sourceip))),
ntohs(tcp->th_sport),
strcpy(dd, inet_ntoa(*(struct in_addr*)&(ip->destip))),
ntohs(tcp->th_dport),tcp->th_urp);
data = buf+40;
printf("data = ");
int i;
for(i=0;i<(r-40);i++)
{
printf("0X%02X ",data[i]);
}
printf("\n[%s]",data);
printf("\n");
}
}
}
WSACleanup();
return 0;
}
//iphead.h
typedef struct ethdr
{
unsigned char eh_dst[6];
unsigned char eh_src[6];
unsigned short eh_type;
}ETHDR,*PETHDR;
typedef struct arphdr
{
unsigned short arp_hdr;
unsigned short arp_pro;
unsigned char arp_hln;
unsigned char arp_pln;
unsigned short arp_opt;
unsigned char arp_sha[6];
unsigned long arp_spa;
unsigned char arp_tha[6];
unsigned long arp_tpa;
}ARPHDR,*PARPHDR;
typedef struct iphdr
{
unsigned char h_lenver;
unsigned char tos;
unsigned short total_len;
unsigned short ident;
unsigned short frag_and_flags;
unsigned char ttl;
unsigned char protocol;
unsigned short checksum;
unsigned int sourceip;
unsigned int destip;
}IPHDR,*PIPHDR;
typedef struct psd
{
unsigned int saddr;
unsigned int daddr;
char mbz;
char ptcl;
unsigned short udpl;
}PSD,*PPSD;
typedef struct udphdr
{
unsigned short souceport;
unsigned short destport;
unsigned short length;
unsigned short checksum;
}UDPHDR,*PUDPHDR;
typedef struct tcphdr {
USHORT th_sport; //16位源端口
USHORT th_dport; //16位目的端口
unsigned int th_seq; //32位序列号
unsigned int th_ack; //32位确认号
unsigned char th_lenres; //4位首部长度/6位保留字
unsigned char th_flag; //6位标志位
USHORT th_win; //16位窗口大小
USHORT th_sum; //16位校验和
USHORT th_urp; //16位紧急数据偏移量
}TCPHDR,*PTCPHDR;
typedef struct dns
{
unsigned short id;
unsigned short flags;
unsigned short quests;
unsigned short answers;
unsigned short author;
unsigned short addition;
}DNS,*PDNS;
typedef struct query
{
unsigned short type;
unsigned short classes;
}QUERY,*PQUERY;
typedef struct response
{
unsigned short name;
unsigned short type;
unsigned short classes;
unsigned int ttl;
unsigned short length;
unsigned int addr;
}RESPONSE,*PRESPONSE;
