raw socket 三部曲:
socket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);
socket.Bind(new IPEndPoint(IPAddress.Parse(IP), 0));
同步下:rcv_size = socket.Receive(buffer);
异步下:socket.Begin***
实现过程不难,难点是捕获后对数据报的分析,过滤的工作。
ps:网络层ip数据报格式如下:ip header+××header(如TCP header) + Data
今天存在问题如下:嗅觉不灵敏,不知道是设置不对还是raw socket效果本身就是这样,等待考究……
今天研究到此结束,待续……
附代码:
RawSocket.cs
using
System;
using
System.Collections.Generic;
using
System.Text;
using
System.Net;
using
System.Net.Sockets;
using
System.Runtime.InteropServices;
namespace
RawSocket
...
{
/// <summary>
/// @author segment
/// @author segment
/// </summary>
[StructLayout(LayoutKind.Explicit)]
public struct IpHeader
...{
[FieldOffset(0)]
public byte ip_verlen; // IP version and IP Header length
[FieldOffset(1)]
public byte ip_tos; // Type of service
[FieldOffset(2)]
public ushort ip_totallength; // total length of the packet
[FieldOffset(4)]
public ushort ip_id; // unique identifier
[FieldOffset(6)]
public ushort ip_offset; // flags and offset
[FieldOffset(8)]
public byte ip_ttl; // Time To Live
[FieldOffset(9)]
public byte ip_protocol; // protocol (TCP, UDP etc)
[FieldOffset(10)]
public ushort ip_checksum; //IP Header checksum
[FieldOffset(12)]
public uint ip_srcaddr; //Source address
[FieldOffset(16)]
public uint ip_destaddr;//Destination Address
}
class RawSocket
...{
Socket socket;
String IP = "218.20.242.189";
private String StandardIP(uint ip)
...{
byte[] b_ip = new byte[4];
b_ip[0] = (byte)(ip & 0x000000ff);
b_ip[1] = (byte)((ip & 0x0000ff00) >> 8);
b_ip[2] = (byte)((ip & 0x00ff0000)>>16);
b_ip[3] = (byte)((ip & 0xff000000)>>24);
return b_ip[0].ToString() + "." + b_ip[1].ToString() + "." + b_ip[2].ToString() + "." + b_ip[3].ToString();
}
unsafe private void ParseReceive(byte[]buffer,int size)
...{
if (buffer == null) return;
fixed (byte*pbuffer = buffer)
...{
IpHeader* ip_header = (IpHeader*)pbuffer;
int protocol = ip_header->ip_protocol;
uint ip_srcaddr = ip_header->ip_srcaddr, ip_destaddr = ip_header->ip_destaddr, header_len = 0;
string out_string = "";
short src_port = 0, dst_port = 0;
IPAddress tmp_ip;
string from_ip="", to_ip="";
from_ip = ip_header->ip_srcaddr.ToString();
switch (protocol)
...{
case 1: out_string = "ICMP:"; break;
case 2: out_string = "IGMP:"; break;
case 6:
out_string = "TCP:";
break;
case 17: out_string = "UDP:";
break;
default: out_string = "UNKNOWN"; break;
}
// System.Console.WriteLine(out_string + "from ip:" + IPAddress.Parse(from_ip).ToString() + " to ip:" + IPAddress.Parse(to_ip).ToString());
System.Console.WriteLine(out_string + "src:" + StandardIP(ip_srcaddr) + "dest:" + StandardIP(ip_destaddr));
}
}
public void ShutDown()
...{
if(socket != null)
...{
try
...{
socket.Shutdown(SocketShutdown.Both);
socket.Close();
}
catch(Exception)
...{
System.Console.WriteLine("关闭socket错误!");
}
}
}
public void Run()
...{
System.Console.WriteLine("Raw Socket running...");
socket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);
byte[] buffer = new byte[4096];
int rcv_size = 0;
// socket.Blocking = false;
socket.Bind(new IPEndPoint(IPAddress.Parse(IP), 0));
while (true)
...{
System.Console.WriteLine("开始新一次循环");
try
...{
//socket.BeginReceive(buffer, 0, 10, SocketFlags.None, Callback, null);
rcv_size = socket.Receive(buffer);
ParseReceive(buffer, rcv_size);
}
catch (Exception e)
...{
System.Console.WriteLine("异常:" + e.Message);
return;
}
//System.Threading.Thread.Sleep(500);
//System.Console.WriteLine("接收到:" + rcv_size.ToString());
}
}
~RawSocket()
...{
ShutDown();
}
}
}
[StructLayout(LayoutKind.Explicit)] public struct IpHeader ...{ [FieldOffset(0)] public byte ip_verlen; // IP version and IP Header length [FieldOffset(1)] public byte ip_tos; // Type of service [FieldOffset(2)] public ushort ip_totallength; // total length of the packet [FieldOffset(4)] public ushort ip_id; // unique identifier [FieldOffset(6)] public ushort ip_offset; // flags and offset [FieldOffset(8)] public byte ip_ttl; // Time To Live [FieldOffset(9)] public byte ip_protocol; // protocol (TCP, UDP etc) [FieldOffset(10)] public ushort ip_checksum; //IP Header checksum [FieldOffset(12)] public uint ip_srcaddr; //Source address [FieldOffset(16)] public uint ip_destaddr;//Destination Address } class RawSocket ...{ Socket socket; String IP = "218.20.242.189"; private String StandardIP(uint ip) ...{ byte[] b_ip = new byte[4]; b_ip[0] = (byte)(ip & 0x000000ff); b_ip[1] = (byte)((ip & 0x0000ff00) >> 8); b_ip[2] = (byte)((ip & 0x00ff0000)>>16); b_ip[3] = (byte)((ip & 0xff000000)>>24); return b_ip[0].ToString() + "." + b_ip[1].ToString() + "." + b_ip[2].ToString() + "." + b_ip[3].ToString(); } unsafe private void ParseReceive(byte[]buffer,int size) ...{ if (buffer == null) return; fixed (byte*pbuffer = buffer) ...{ IpHeader* ip_header = (IpHeader*)pbuffer; int protocol = ip_header->ip_protocol; uint ip_srcaddr = ip_header->ip_srcaddr, ip_destaddr = ip_header->ip_destaddr, header_len = 0; string out_string = ""; short src_port = 0, dst_port = 0; IPAddress tmp_ip; string from_ip="", to_ip=""; from_ip = ip_header->ip_srcaddr.ToString(); switch (protocol) ...{ case 1: out_string = "ICMP:"; break; case 2: out_string = "IGMP:"; break; case 6: out_string = "TCP:"; break; case 17: out_string = "UDP:"; break; default: out_string = "UNKNOWN"; break; }// System.Console.WriteLine(out_string + "from ip:" + IPAddress.Parse(from_ip).ToString() + " to ip:" + IPAddress.Parse(to_ip).ToString()); System.Console.WriteLine(out_string + "src:" + StandardIP(ip_srcaddr) + "dest:" + StandardIP(ip_destaddr)); } } public void ShutDown() ...{ if(socket != null) ...{ try ...{ socket.Shutdown(SocketShutdown.Both); socket.Close(); } catch(Exception) ...{ System.Console.WriteLine("关闭socket错误!"); } } } public void Run() ...{ System.Console.WriteLine("Raw Socket running..."); socket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP); byte[] buffer = new byte[4096]; int rcv_size = 0; // socket.Blocking = false; socket.Bind(new IPEndPoint(IPAddress.Parse(IP), 0)); while (true) ...{ System.Console.WriteLine("开始新一次循环"); try ...{ //socket.BeginReceive(buffer, 0, 10, SocketFlags.None, Callback, null); rcv_size = socket.Receive(buffer); ParseReceive(buffer, rcv_size); } catch (Exception e) ...{ System.Console.WriteLine("异常:" + e.Message); return; } //System.Threading.Thread.Sleep(500); //System.Console.WriteLine("接收到:" + rcv_size.ToString()); } } ~RawSocket() ...{ ShutDown(); } }}
使用方法:
public
static
void
Main(String[] args)
...
{ RawSocket socket = new RawSocket(); socket.Run(); }
扫一扫
4387
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
