socket抓包程序实验报告.docx
《socket抓包程序实验报告.docx》由会员分享,可在线阅读,更多相关《socket抓包程序实验报告.docx(18页珍藏版)》请在冰豆网上搜索。
socket抓包程序实验报告
《网络编程与协议分析》课程设计报告
一、课设题目:
局域网数据包抓取与分析软件
二、课设要求:
1)抓取本地主机所在局域网子网内的所有数据包
2)分析并显示所抓取数据包的IP头部各字段的信息
3)分析并显示所抓取数据包的封装在IP数据包内的协议头部字段信息(TCP、UDP、ICMP等)
4)生成日志信息,以文本文档形式保存
三、部分代码
1)初始化套接字
BOOLCTestDlg:
:
SockInit()
{
WSADATAwsa;
if(WSAStartup(MAKEWORD(2,2),&wsa)!
=0)
{
AfxMessageBox("WSAStartupfail!
");
}
m_sock=socket(AF_INET,SOCK_RAW,0);
if(m_sock==INVALID_SOCKET)
{
AfxMessageBox("socketfail!
");
}
SOCKADDR_INaddr;
addr.sin_family=AF_INET;
addr.sin_port=htons(5000);
structhostentFAR*pHostent;
charFARname[25];
gethostname(name,25);
pHostent=gethostbyname(name);
memcpy(&addr.sin_addr.S_un.S_addr,pHostent->h_addr_list[0],pHostent->h_len);
if(bind(m_sock,(SOCKADDR*)&addr,sizeof(addr))!
=0)
{
AfxMessageBox("bindfail!
");
}
DWORDdwBytesRet;
unsignedintoptval=1;
intpCount=0;
if(INVALID_SOCKET==(WSAIoctl(m_sock,SIO_RCVALL,&optval,sizeof(optval),NULL,0,&dwBytesRet,NULL,NULL)))
{
AfxMessageBox("WSAIoctlFail!
");
returnfalse;
}
returntrue;
}
2)初始化表格
BOOLCTestDlg:
:
ListInit()
{
DWORDdwStyle=GetWindowLong(m_List.m_hWnd,GWL_STYLE);
SetWindowLong(m_List.m_hWnd,GWL_STYLE,dwStyle|LVS_REPO);
DWORDdwStyles=m_List.GetExStyle();
dwStyles&=~LVS_EX_CHECKBOXES;
m_List.SetExtendedStyle(dwStyles|LVS_EX_FULLROWSELECT|LVXGRIDLINES);
m_List.InsertColumn(1,"版本",LVCFMT_CENTER,40,0);
m_List.InsertColumn(2,"头部长度",LVCFMT_CENTER,60,1);
m_List.InsertColumn(3,"服务类型",LVCFMT_CENTER,60,2);
m_List.InsertColumn(4,"总长度",LVCFMT_CENTER,50,3);
m_List.InsertColumn(5,"标识符",LVCFMT_CENTER,50,4);
m_List.InsertColumn(6,"标志位",LVCFMT_CENTER,50,5);
m_List.InsertColumn(7,"片偏移",LVCFMT_CENTER,50,6);
m_List.InsertColumn(8,"生存周期",LVCFMT_CENTER,60,7);
m_List.InsertColumn(9,"协议",LVCFMT_CENTER,40,8);
m_List.InsertColumn(10,"首部校验和",LVCFMT_CENTER,80,9);
m_List.InsertColumn(11,"源地址",LVCFMT_CENTER,100,10);
m_List.InsertColumn(12,"目的IP地址",LVCFMT_CENTER,100,11);
returntrue;
}
3)ip,tcp,udp,icmp头部定义
structiphead
{
unsignedcharip_EdiAndLen;//版本&首部长度
unsignedcharip_Serve;//服务类型
unsignedshortintip_Len;//总长度
unsignedshortintip_Sign;//标识
unsignedshortintip_MarkAndMove;//标识&片偏移
unsignedcharip_Ttl;//生存时间
unsignedcharip_Protocol;//上层协议
unsignedshortintip_Sum;//首部校验和
unsignedintip_SoIp;//源ip
unsignedintip_DeIp;//目的ip
};
structtcphead
{
unsignedshorttcp_SoPort;//16位的源端口
unsignedshorttcp_DePort;//16位的目的端口
unsignedinttcp_Seq;//32位的序列号
unsignedinttcp_Ack;//32位的确认号
unsignedchartcp_LenAndRes;//4位的首部长度和4位的保留字
unsignedchartcp_Flag;//2位的保留字和6位的标志位
unsignedshorttcp_Win;//16位的窗口大小
unsignedshorttcp_Wum;//16位校验和
unsignedshorttcp_Mov;//16位的紧急数据偏移量
};
structudphead
{
unsignedshortudp_SoPort;//源端口
unsignedshortudp_DePort;//目的端口
unsignedshortudp_Len;//总长度
unsignedshortudp_Sum;//校验和
};
structicmphead
{
unsignedcharicmp_Type;//类型
unsignedcharicmp_Code;//代码
unsignedshorticmp_Sum;//16位检验和
};
4)“开始”按钮事件
voidCTestDlg:
:
OnStart()
{
//TODO:
Addyourcontrolnotificationhandlercodehere
DWORDcode;
if(!
GetExitCodeThread(m_thr,&code)||(code!
=STILL_ACTIVE))
{
alldata*recvdata=newalldata;
recvdata->lis=&m_List;
recvdata->sock=m_sock;
m_thr=CreateThread(NULL,0,RecvProc,(LPVOID)recvdata,0,NULL);
CloseHandle(m_thr);
}
else
{
m_List.DeleteAllItems();
ResumeThread(m_thr);
}
GetDlgItem(IDC_STOP)->EnableWindow(TRUE);
GetDlgItem(IDC_START)->EnableWindow(FALSE);
GetDlgItem(IDC_STOP)->SetFocus();
}
5)数据包抓取与初步处理
DWORDWINAPICTestDlg:
:
RecvProc(LPVOIDlpParameter)
{
SOCKETsock=((alldata*)lpParameter)->sock;
CListCtrl*lis=(CListCtrl*)(((alldata*)lpParameter)->lis);
structiphead*ih;
SOCKADDR_INtem;
charRecvBuf[65535]={0};
charsoip[16];
chardeip[16];
charbuf[100];
inti=0;
while
(1)
{
if(inta=recv(sock,ddat[++count].buff,sizeof(ddat[count].buff),0)<=0)
continue;
ih=(structiphead*)(ddat[count].buff);
tem.sin_addr.s_addr=ih->ip_SoIp;
strncpy(soip,inet_ntoa(tem.sin_addr),16);
tem.sin_addr.s_addr=ih->ip_DeIp;
strncpy(deip,inet_ntoa(tem.sin_addr),16);
lis->InsertItem(i,"fdgfg");
sprintf(buf,"%d",ih->ip_EdiAndLen>>4);
lis->SetItemText(i,0,buf);
sprintf(buf,"%d",ih->ip_EdiAndLen&0xf);
lis->SetItemText(i,1,buf);
sprintf(buf,"%d",ih->ip_Serve);
lis->SetItemText(i,2,buf);
sprintf(buf,"%d",ih->ip_Len);
lis->SetItemText(i,3,buf);
sprintf(buf,"%d",ih->ip_Sign);
lis->SetItemText(i,4,buf);
sprintf(buf,"%d",ih->ip_MarkAndMove>>13);
lis->SetItemText(i,5,buf);
sprintf(buf,"%d",ih->ip_MarkAndMove&0x1fff);
lis->SetItemText(i,6,buf);
sprintf(buf,"%d",ih->ip_Ttl);
lis->SetItemText(i,7,buf);
switch((int)ih->ip_Protocol)
{
case1:
sprintf(buf,"%s","ICMP");break;
case2:
sprintf(buf,"%s","IGMP");break;
case6:
sprintf(buf,"%s","TCP");break;
case8:
sprintf(buf,"%s","EGP");break;
case9:
sprintf(buf,"%s","IGP");break;
case17:
sprintf(buf,"%s","UDP");break;
case41:
sprintf(buf,"%s","IPv6");break;
case89:
sprintf(buf,"%s","OSPF");break;
default:
sprintf(buf,"%s","Error");
}
lis->SetItemText(i,8,buf);
sprintf(buf,"%d",ih->ip_Sum);
lis->SetItemText(i,9,buf);
sprintf(buf,"%s",soip);
lis->SetItemText(i,10,buf);
sprintf(buf,"%s",deip);
lis->SetItemText(i,11,buf);
i++;
Sleep(100);
}
returntrue;
}
6)表格单击事件
voidCTestDlg:
:
OnClickList1(NMHDR*pNMHDR,LRESULT*pResult)
{
//TODO:
Addyourcontrolnotificationhandlercodehere
NM_LISTVIEW*pNMListView=(NM_LISTVIEW*)pNMHDR;
CStringbuf;
chartem[100];
inti;
if(pNMListView->iItem!
=-1)
{
i=pNMListView->iItem;
CStringstrtemp;
CNewDlgnewdlg;
iphead*iph=(iphead*)(ddat[i].buff);
tcpheadth=*((tcphead*)(ddat[i].buff+(iph->ip_EdiAndLen&0xf)*4));
udpheaduh=*((udphead*)(ddat[i].buff+(iph->ip_EdiAndLen&0xf)*4));
icmpheadih=*((icmphead*)(ddat[i].buff+(iph->ip_EdiAndLen&0xf)*4));
switch((int)iph->ip_Protocol)
{
case6:
sprintf(tem,"源端口:
%d\r\n",th.tcp_SoPort);
buf+=tem;
sprintf(tem,"目的端口:
%d\r\n",th.tcp_DePort);
buf+=tem;
sprintf(tem,"序列号:
%d\r\n",th.tcp_Seq);
buf+=tem;
sprintf(tem,"确认号:
%d\r\n",th.tcp_Ack);
buf+=tem;
sprintf(tem,"数据偏移:
%d\r\n",th.tcp_LenAndRes>>4);
buf+=tem;
sprintf(tem,"保留:
%d\r\n",th.tcp_LenAndRes&0xf);
buf+=tem;
sprintf(tem,"标志:
%d\r\n",th.tcp_Flag&0x3f);
buf+=tem;
sprintf(tem,"窗口:
%d\r\n",th.tcp_Win);
buf+=tem;
sprintf(tem,"校验和:
%d\r\n",th.tcp_Wum);
buf+=tem;
sprintf(tem,"紧急指针:
%d\r\n",th.tcp_Mov);
buf+=tem;
newdlg.m_data=buf;
break;
case17:
sprintf(tem,"源端口:
%d\r\r\n",uh.udp_SoPort);
buf+=tem;
sprintf(tem,"目的端口:
%d\r\n",uh.udp_DePort);
buf+=tem;
sprintf(tem,"长度:
%d\r\n",uh.udp_Len);
buf+=tem;
sprintf(tem,"校验和:
%d\r\n",uh.udp_Sum);
buf+=tem;
newdlg.m_data=buf;
break;
case1:
sprintf(tem,"类型:
%d\r\n",ih.icmp_Type);
buf+=tem;
sprintf(tem,"代码:
%d\r\n",ih.icmp_Code);
buf+=tem;
sprintf(tem,"校验和:
%d\r\n",ih.icmp_Sum);
buf+=tem;
newdlg.m_data=buf;
break;
default:
AfxMessageBox("NoData!
");
newdlg.m_data="";
}
newdlg.DoModal();
}
*pResult=0;
}
7)“停止”按钮事件
voidCTestDlg:
:
OnStop()
{
//TODO:
Addyourcontrolnotificationhandlercodehere
SuspendThread(m_thr);
DWORDcode;
CStringstrDate;
CStringstrBuf;
intindex=m_List.GetItemCount();
inti,j=0;
GetExitCodeThread(m_thr,&code);
if(code!
=STILL_ACTIVE)
{
AfxMessageBox("程序初始化失败!
\n请检查配置后重新运行!
");
}
else
{
CTimettime=CTime:
:
GetCurrentTime();
strDate.Format("%d-%d-%d-",ttime.GetYear(),ttime.GetMonth(),ttime.GeD
ay());
strDate+=ttime.Format("%H-%M-%S");
ofstreamoutfile("history\\"+strDate+".log");
outfile<<<<<<<<<<<<<while(j{
for(i=0;i<12;i++)
{
strBuf=m_List.GetItemText(j,i);
switch(i)
{
case0:
outfile<break;
case1:
outfile<break;
case2:
outfile<break;
case3:
outfile<break;
case4:
outfile<break;
case5:
outfile<break;
case6:
outfile<break;
case7:
outfile<break;
case8:
outfile<break;
case9:
outfile<break;
case10:
outfile<break;
case11:
outfile<outfile<j++;
break;
}
}
}
outfile.close();
AfxMessageBox("数据已写入日志文件!
");
}
GetDlgItem(IDC_STOP)->EnableWindow(FALSE);
GetDlgItem(IDC_START)->EnableWindow(TRUE);
GetDlgItem(IDC_START)->SetFocus();
}
四、程序截图
“开始”
“停止”
TCP
UDP
ICMP
五、课设小结
(自己写)
升级会员 