網(wǎng)絡(luò)上的數(shù)據(jù)報(bào)偵聽 - 武林網(wǎng)_第1頁
網(wǎng)絡(luò)上的數(shù)據(jù)報(bào)偵聽 - 武林網(wǎng)_第2頁
網(wǎng)絡(luò)上的數(shù)據(jù)報(bào)偵聽 - 武林網(wǎng)_第3頁
網(wǎng)絡(luò)上的數(shù)據(jù)報(bào)偵聽 - 武林網(wǎng)_第4頁
網(wǎng)絡(luò)上的數(shù)據(jù)報(bào)偵聽 - 武林網(wǎng)_第5頁
已閱讀5頁,還剩5頁未讀 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

網(wǎng)絡(luò)上的數(shù)據(jù)報(bào)偵聽-武林網(wǎng)#includemath.h#includestdio.h#includestring.h#includeWinsock2.h#includemstcpip.h#defineSTATUS_FAILED0xFFFF//定義異常出錯(cuò)代碼#defineMAX_PACK_LEN65535//接收的最大IP報(bào)文#defineMAX_ADDR_LEN16//點(diǎn)分十進(jìn)制地址的最大長(zhǎng)度#defineMAX_PROTO_TEXT_LEN16//子協(xié)議名稱(如"TCP")最大長(zhǎng)度#defineMAX_PROTO_NUM12//子協(xié)議數(shù)量#defineMAX_HOSTNAME_LAN255//最大主機(jī)名長(zhǎng)度#defineCMD_PARAM_HELPtruetypedefstruct_iphdr{unsignedcharh_lenver;//4位首部長(zhǎng)度+4位IP版本號(hào)unsignedchartos;//8位服務(wù)類型TOSunsignedshorttotal_len;//16位總長(zhǎng)度〔字節(jié)〕unsignedshortident;//16位標(biāo)識(shí)unsignedshortfrag_and_flags;//3位標(biāo)志位unsignedcharttl;//8位生存時(shí)間TTLunsignedcharproto;//8位協(xié)議(TCP,UDP或其他)unsignedshortchecksum;//16位IP首部校驗(yàn)和unsignedintsourceIP;//32位源IP地址unsignedintdestIP;//32位目的IP地址}IP_HEADER;typedefstruct_tcphdr//定義TCP首部{USHORTth_sport;//16位源端口USHORTth_dport;//16位目的端口unsignedintth_seq;//32位序列號(hào)unsignedintth_ack;//32位確認(rèn)號(hào)unsignedcharth_lenres;//4位首部長(zhǎng)度/6位保存字unsignedcharth_flag;//6位標(biāo)志位USHORTth_win;//16位窗口大小USHORTth_sum;//16位校驗(yàn)和USHORTth_urp;//16位緊急數(shù)據(jù)偏移量}TCP_HEADER;typedefstruct_udphdr//定義UDP首部{unsignedshortuh_sport;//16位源端口unsignedshortuh_dport;//16位目的端口unsignedshortuh_len;//16位長(zhǎng)度unsignedshortuh_sum;//16位校驗(yàn)和}UDP_HEADER;typedefstruct_icmphdr//定義ICMP首部{BYTEi_type;//8位類型BYTEi_code;//8位代碼USHORTi_cksum;//16位校驗(yàn)和USHORTi_id;//辨別號(hào)〔一般用進(jìn)程號(hào)作為辨別號(hào)〕USHORTi_seq;//報(bào)文序列號(hào)ULONGtimestamp;//時(shí)間戳}ICMP_HEADER;typedefstruct_protomap//定義子協(xié)議映射表{intProtoNum;charProtoText[MAX_PROTO_TEXT_LEN];}PROTOMAP;PROTOMAPProtoMap[MAX_PROTO_NUM]={//為子協(xié)議映射表賦值{IPPROTO_IP,"IP"},{IPPROTO_ICMP,"ICMP"},{IPPROTO_IGMP,"IGMP"},{IPPROTO_GGP,"GGP"},{IPPROTO_TCP,"TCP"},{IPPROTO_PUP,"PUP"},{IPPROTO_UDP,"UDP"},{IPPROTO_IDP,"IDP"},{IPPROTO_ND,"NP"},{IPPROTO_RAW,"RAW"},{IPPROTO_MAX,"MAX"},{NULL,""}};SOCKETSockRaw;charTcpFlag[6]={'F','S','R','P','A','U'};//定義TCP標(biāo)志位boolParamTcp=false;//-t關(guān)注TCP報(bào)文boolParamUdp=false;//-u關(guān)注UDP報(bào)文boolParamIcmp=false;//-i關(guān)注ICMP報(bào)文boolParamDecode=false;//-d對(duì)協(xié)議進(jìn)行解碼char*strFromIpFilter=NULL;//源IP地址過濾char*strDestIpFilter=NULL;//目的地址過濾char*strSensitive=NULL;//敏感字符串intiPortFilter=0;//端口過濾intiProtocol,iTTL;charszProtocol[MAX_PROTO_TEXT_LEN];charszSourceIP[MAX_ADDR_LEN],szDestIP[MAX_ADDR_LEN];intDecodeIpPack(char*,int);//IP解包函數(shù)intDecodeTcpPack(char*,int);//TCP解包函數(shù)intDecodeUdpPack(char*,int);//UDP解包函數(shù)intDecodeIcmpPack(char*,int);//ICMP解包函數(shù)voidCheckSockError(int,char*);//出錯(cuò)處理函數(shù)char*CheckProtocol(int);//協(xié)議檢查voidusage(void);//使用講明boolGetCmdLine(int,char**);//命令行參數(shù)處理voidmain(intargc,char**argv){intiErrorCode;charRecvBuf[MAX_PACK_LEN]={0};usage();if(GetCmdLine(argc,argv)==CMD_PARAM_HELP)exit(0);//初始化SOCKETWSADATAwsaData;iErrorCode=WSAStartup(MAKEWORD(2,1),&wsaData);CheckSockError(iErrorCode,"WSAStartup");SockRaw=socket(AF_INET,SOCK_RAW,IPPROTO_IP);CheckSockError(SockRaw,"socket");//獲取本機(jī)IP地址charFARname[MAX_HOSTNAME_LAN];iErrorCode=gethostname(name,MAX_HOSTNAME_LAN);CheckSockError(iErrorCode,"gethostname");structhostentFAR*pHostent;pHostent=(structhostent*)malloc(sizeof(structhostent));pHostent=gethostbyname(name);SOCKADDR_INsa;sa.sin_family=AF_INET;sa.sin_port=htons(6000);memcpy(&sa.sin_addr.S_un.S_addr,pHostent-h_addr_list[0],pHostent-h_length);free(pHostent);iErrorCode=bind(SockRaw,(PSOCKADDR)&sa,sizeof(sa));CheckSockError(iErrorCode,"bind");//設(shè)置SOCK_RAW為SIO_RCVALL,以便接收所有的IP包DWORDdwBufferLen[10];DWORDdwBufferInLen=1;DWORDdwBytesReturned=0;iErrorCode=WSAIoctl(SockRaw,SIO_RCVALL,&dwBufferInLen,sizeof(dwBufferInLen),&dwBufferLen,sizeof(dwBufferLen),&dwBytesReturned,NULL,NULL);CheckSockError(iErrorCode,"Ioctl");//偵聽I(yíng)P報(bào)文while(1){memset(RecvBuf,0,sizeof(RecvBuf));iErrorCode=recv(SockRaw,RecvBuf,sizeof(RecvBuf),0);CheckSockError(iErrorCode,"recv");iErrorCode=DecodeIpPack(RecvBuf,iErrorCode);CheckSockError(iErrorCode,"Decode");}}//IP解包程序intDecodeIpPack(char*buf,intiBufSize){IP_HEADER*pIpheader;SOCKADDR_INsaSource,saDest;pIpheader=(IP_HEADER*)buf;//協(xié)議甄別iProtocol=pIpheader-proto;strncpy(szProtocol,CheckProtocol(iProtocol),MAX_PROTO_TEXT_LEN);if((iProtocol==IPPROTO_TCP)&&(!ParamTcp))returntrue;if((iProtocol==IPPROTO_UDP)&&(!ParamUdp))returntrue;if((iProtocol==IPPROTO_ICMP)&&(!ParamIcmp))returntrue;//源地址saSource.sin_addr.s_addr=pIpheader-sourceIP;strncpy(szSourceIP,inet_ntoa(saSource.sin_addr),MAX_ADDR_LEN);if(strFromIpFilter)if(strcmp(strFromIpFilter,szSourceIP))returntrue;//目的地址saDest.sin_addr.s_addr=pIpheader-destIP;strncpy(szDestIP,inet_ntoa(saDest.sin_addr),MAX_ADDR_LEN);if(strDestIpFilter)if(strcmp(strDestIpFilter,szDestIP))returntrue;iTTL=pIpheader-//計(jì)算IP首部的長(zhǎng)度intiIphLen=sizeof(unsignedlong)*(pIpheader-h_lenver//根據(jù)協(xié)議類型分別調(diào)用相應(yīng)的函數(shù)switch(iProtocol){caseIPPROTO_TCP:DecodeTcpPack(buf+iIphLen,iBufSize);break;caseIPPROTO_UDP:DecodeUdpPack(buf+iIphLen,iBufSize);break;caseIPPROTO_ICMP:DecodeIcmpPack(buf+iIphLen,iBufSize);break;default:break;}//printf("");returntrue;}//協(xié)議辨別程序char*CheckProtocol(intiProtocol){for(inti=0;iMAX_PROTO_NUM;i++)if(ProtoMap.ProtoNum==iProtocol)returnProtoMap.ProtoText;return"";}//TCP解包程序intDecodeTcpPack(char*TcpBuf,intiBufSize){TCP_HEADER*pTcpHeader;inti;intiSourcePort,iDestPort;pTcpHeader=(TCP_HEADER*)TcpBuf;//計(jì)算TCP首部長(zhǎng)度intTcpHeaderLen=pTcpHeader-th_lenres4;TcpHeaderLen*=sizeof(unsignedlong);char*TcpData=TcpBuf+TcpHeaderLen;//假如過濾敏感字符串則判定能否包含if(strSensitive)if((strstr(TcpData,strSensitive))==NULL)returntrue;//對(duì)端口進(jìn)行過濾iSourcePort=ntohs(pTcpHeader-th_sport);iDestPort=ntohs(pTcpHeader-th_dport);if((iPortFilter)&&(iSourcePort!=iPortFilter)&&(iDestPort!=iPortFilter))returntrue;//輸出printf("%s",szProtocol);printf("%15s:%5d-%15s:%5d",szSourceIP,iSourcePort,szDestIP,iDestPort);printf("TTL=%3d",iTTL);//判定TCP標(biāo)志位unsignedcharFlagMask=1;for(i=0;ii++){if((pTcpHeader-th_flag)&FlagMask)printf("%c",TcpFlag);elseprintf("-");FlagMask=FlagMask1;}printf("bytes=%4d",iBufSize);printf("");//對(duì)于長(zhǎng)度大于40字節(jié)的包進(jìn)行數(shù)據(jù)分析(IP_HEADER+TCP_HEADER=40)if((ParamDecode)&&(iBufSize40)){//分析TCP數(shù)據(jù)段if((!strSensitive)||(strstr(TcpData,strSensitive))){printf("[DATA]");printf("%s",TcpData);printf("[DATAEND]");}}returntrue;}//UDP解包程序intDecodeUdpPack(char*UdpBuf,intiBufSize){UDP_HEADER*pUdpHeader;pUdpHeader=(UDP_HEADER*)UdpBuf;intiSourcePort=ntohs(pUdpHeader-uh_sport);intiDestPort=ntohs(pUdpHeader-uh_dport);//對(duì)端口進(jìn)行過濾if(iPortFilter)if((iSourcePort!=iPortFilter)&&(iDestPort!=iPortFilter))returntrue;printf("%s",szProtocol);printf("%15s:%5d-%15s:%5d",szSourceIP,iSourcePort,szDestIP,iDestPort);printf("TTL=%3d",iTTL);printf("Len=%4d",ntohs(pUdpHeader-uh_len));printf("bytes=%4d",iBufSize);printf("");//對(duì)于長(zhǎng)度大于28字節(jié)的包進(jìn)行數(shù)據(jù)分析(IP_HEADER+UDP_HEADER28)if((ParamDecode)&&(iBufSize28)){printf("[DATA]");//UDP首部長(zhǎng)度為8char*UdpData=UdpBuf+8;//分析UDP數(shù)據(jù)段for(unsignedinti=0;i(iBufSize-sizeof(UDP_HEADER));i++){if(!(i%8))printf("");if((UdpData33)&&(UdpData122))printf("%3c[%3x]",UdpData,UdpData);elseprintf("[%3x]",abs(UdpData));}printf("[DATAEND]");}returntrue;}//ICMP解包程序intDecodeIcmpPack(char*IcmpBuf,intiBufSize){ICMP_HEADER*pIcmpHeader;pIcmpHeader=(ICMP_HEADER*)IcmpBuf;intiIcmpType=pIcmpHeader-i_type;intiIcmpCode=pIcmpHeader-i_code;//對(duì)類型進(jìn)行過濾if((iPortFilter)&&(iIcmpType!=iPortFilter))returntrue;printf("%s",szProtocol);//printf("%15sType%d-%15sCode%d",szSourceIP,iIcmpType,szDestIP,iIcmpCode);printf("%15s-%15s",szSourceIP,szDestIP);printf("TTL=%3d",iTTL);printf("Type%2d,%d",iIcmpType,iIcmpCode);printf("bytes=%4d",iBufSize);printf("");//對(duì)于包含數(shù)據(jù)段的包進(jìn)行數(shù)據(jù)分析if((ParamDecode)&&(iBufSize28)){char*IcmpData=IcmpBuf+4;//分析ICMP數(shù)據(jù)段printf("[DATA]");for(unsignedinti=0;i(iBufSize-sizeof(ICMP_HEADER));i++){if(!(i%8))printf("");if((IcmpData33)&&(IcmpData122))printf("%3c[%3x]",IcmpData,IcmpData);elseprintf("[%3x]",abs(IcmpData));}printf("[DATAEND]");}returntrue;}//命令行參數(shù)處理boolGetCmdLine(intargc,char**argv){if(argc2)returnCMD_PARAM_HELP;for(inti=1;iargc;i++){if(argv[0]!='/')returnCMD_PARAM_HELP;elseswitch(argv[1]){case't':case'T':ParamTcp=true;break;case'u':case'U':ParamUdp=true;break;case'i':case'I':ParamIcmp=true;break;case'p':case'P':ParamDecode=true;break;case'f':case'F':{strFromIpFilter=(char*)malloc(16*sizeof(char));memset(strFromIpFilter,0,16*sizeof(char));strcpy(strFromIpFilter,argv+3);break;}case'd':case'D':{strDestIpFilter=(char*)malloc(16*sizeof(char));memset(strDestIpFilter,0,16*sizeof(char));strcpy(strDestIpFilter,argv+3);break;}case's':case'S':{strSensitive=(char*)malloc(255*sizeof(char));memset(strSensitive,0,255*sizeof(char));strcpy(strSensitive,argv+3);break;}case'o':case'O':{iPortFilter=atoi(argv+3);break;}}}printf("WillSniffer");if(ParamTcp)printf("TCP");if(ParamUdp)printf("UDP");if(ParamIcmp)printf("ICMP");if(strFromIpFilter)printf("FromIp:%s",strFro

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

評(píng)論

0/150

提交評(píng)論