这是最近的一段代码。
也没有什么好说的,简单的socket编程,设置网卡为混杂模式,接受所有封包,并打印所有封包的基本信息,及内容。
#include<stdio.h>
#include<winsock2.h>
#include<string.h>
#include<windows.h>
#include<mstcpip.h>
#pragma comment(lib,"ws2_32.lib")
#define RECVPORT 7000 //绑定的接包端口号
struct iphdr
{
unsigned char head;
unsigned char tos;
unsigned short length; //IP包头定义
unsigned short flags;
unsigned short offset;
unsigned char ttl;
unsigned char protc;
unsigned short checksum;
unsigned int sourceip;
unsigned int destip;
};
struct udphdr
{
unsigned int sourceport;
unsigned int destport;
unsigned int length; //UDP包头定义
unsigned int checksum;
};
struct tcphdr
{
USHORT sourceport;
USHORT destport;
unsigned int seq;
unsigned int ack; //TCP包头定义
unsigned char offset;
unsigned char flags;
USHORT win;
USHORT checksum;
USHORT urg;
};
FILE *f;
char orig[100],*p,end;
char type[20]={0},version[20]={0},plat[20]={0},ttl[20]={0},win[20]={0},df[20]={0},tos[20]={0};
int i=0,j=0;
int ttli,dfi,tosi,winb,wine;
bool winf=false;
int solve(char *buff) //解包函数定义
{
struct iphdr *ip;
struct tcphdr *tcp;
struct udphdr *udp;
struct sockaddr_in test1,test2;
BYTE *datat=NULL,*datau=NULL;
BYTE test;
ip=(struct iphdr*)buff; //取IP头
tcp=(struct tcphdr*)(buff+((ip->head)&0xf)*sizeof(unsigned int)); //取TCP头
udp=(struct udphdr*)(buff+((ip->head)&0xf)*sizeof(unsigned int)); //取UDP头
test1.sin_addr.s_addr=ip->sourceip;
test2.sin_addr.s_addr=ip->destip;
datat=((BYTE *)tcp)+(tcp->offset>>4)*4;
datau=(BYTE *)udp;
printf("从:%s,",inet_ntoa(test1.sin_addr));
printf("到:%s\n",inet_ntoa(test2.sin_addr));
switch(ip->protc)
{
case 1:printf("Proto ICMP,");break;
case 2:printf("Proto IGMP,");break;
case 6:printf("Proto TCP,");break;
case 8:printf("Proto EGP,");break;
case 9:printf("Proto IGP,");break;
case 17:printf("Proto UDP,");break;
case 41:printf("Proto IPv6,");break;
case 89:printf("Proto OSPF,");break;
default:printf("Proto error,");break;
}
if(ip->protc==6)
{
int port=0;
port=ntohs(tcp->sourceport);
printf("从TCP端口:%d,到TCP端口:%d,SEQ:%d,ACK:%d\n",ntohs(tcp->sourceport),ntohs(tcp->destport),ntohl(tcp->seq),ntohl(tcp->ack));
switch(port)
{
case 21:printf("这是一个ftp协议数据包\n");break;
case 80:printf("这是一个HTTP协议数据包\n");break;
case 110:printf("这是一个pop3协议数据包\n");break;
case 25:printf("这是一个SMTP协议数据包\n ");break;
}
printf("FLAGS:");
if(tcp->flags&0x20)
printf("URG ");
if(tcp->flags&0x10)
printf("ACK ");
if(tcp->flags&0x8) //对TCP命令,输出标志位
printf("PSH ");
if(tcp->flags&0x4)
printf("RST ");
if(tcp->flags&0x2)
printf("SYN ");
if(tcp->flags&0x1)
printf("FIN ");
printf("data:%s\n",datat);
}
else if(ip->protc==17)
{
printf("从UDP端口:%d,到UDP端口:%d,\nDATA:%s",ntohs(udp->sourceport),ntohs(udp->destport),datau);
}
printf("TTL:%d\n",ip->ttl);
printf("\n");
return 0;
}
int main()
{
WSADATA ws;
long lresult;
SOCKET sock;
struct sockaddr_in myaddress; //定义主函数变量
struct hostent *host;
char name[100],buffer[65535],k;
int err1,err2,err3,i;
printf("输入ENTER键开始\n");
k=getchar();
lresult=WSAStartup(MAKEWORD(2,2),&ws);
if(lresult<0)
printf("error!");
myaddress.sin_family=AF_INET;
myaddress.sin_port=htons(RECVPORT); //初始化
gethostname(name,sizeof(name));
host=gethostbyname(name);
memcpy(&myaddress.sin_addr,host->h_addr_list[0],host->h_length);
sock=socket(AF_INET,SOCK_RAW,IPPROTO_IP);
err2=bind(sock,(PSOCKADDR)&myaddress,sizeof(myaddress)); //绑定端口
if(err2<0)
{
printf("BIND ERROR!");
exit(1);
}
DWORD inbuffer=1;
DWORD outbuffer[10];
DWORD returned=0;
err1=WSAIoctl(sock,SIO_RCVALL,&inbuffer,sizeof(inbuffer),&outbuffer,sizeof(outbuffer),&returned,NULL,NULL);
if(err1<0)
{
printf("IO OPTION SET ERROR!"); //设置端口为接收所有包模式
exit(1);
}
for(i=1;i<=30;i++)
{
memset(buffer,0,sizeof(buffer));//清空接收缓冲区
err3=recv(sock,buffer,sizeof(buffer),0); //接包
if(err3<0)
{
printf("RECEIVE ERROR!");
exit(1);
}
solve(buffer); //定义解包函数解包
}
return 0;
}
菜鸟言论,仅供娱乐。
扫一扫
667
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
