基于Raw Socket的嗅探器设计与实现选座题目及资料Word文档下载推荐.docx
《基于Raw Socket的嗅探器设计与实现选座题目及资料Word文档下载推荐.docx》由会员分享,可在线阅读,更多相关《基于Raw Socket的嗅探器设计与实现选座题目及资料Word文档下载推荐.docx(11页珍藏版)》请在冰豆网上搜索。
boolflag=ture;
addrLocal为本地地址:
SOCKADDR_INaddrLocal;
dwValue为输入输出参数,为1时执行,0时取消:
DWORDdwValue=1;
TCPheaderstructure:
1632bit
|--------------------------------|--------------------------------|
|Sourceport|Destinationport|
|Sequencenumber|
|Acknowledgementnumber|
|Offset|Resrvd|U|A|P|R|S|F|Window|
|Checksum|Urgentpointer|
|Option+Padding|
|Data|
五.实现Sniffer
用BCB6写的一个SimpleSniffer的代码,仅供参考.
(需要在工程文件里加入WS2_32.LIB这个文件)
//*************************************************************************//
//*CPPFile:
WMain.cpp
//*SimpleSnifferbyshadowstar
//*
#include<
vcl.h>
#pragmahdrstop
winsock2.h>
ws2tcpip.h>
mstcpip.h>
netmon.h>
#include"
WMain.h"
//---------------------------------------------------------------------------
#pragmapackage(smart_init)
#pragmaresource"
*.dfm"
TMainForm*MainForm;
__fastcallTMainForm:
:
TMainForm(TComponent*Owner)
TForm(Owner)
{
WSADATAWSAData;
BOOLflag=true;
intnTimeout=1000;
charLocalName[16];
structhostent*pHost;
//检查Winsock版本号
if(WSAStartup(MAKEWORD(2,2),&
WSAData)!
=0)
throwException("
WSAStartuperror!
"
);
//初始化RawSocket
if((sock=socket(AF_INET,SOCK_RAW,IPPROTO_RAW))==INVALID_SOCKET)
socketsetuperror!
//设置IP头操作选项
if(setsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char*)&
flag,sizeof(flag))==SOCKET_ERROR)
setsockoptIP_HDRINCLerror!
//获取本机名
if(gethostname((char*)LocalName,sizeof(LocalName)-1)==SOCKET_ERROR)
gethostnameerror!
//获取本地IP地址
if((pHost=gethostbyname((char*)LocalName))==NULL)
gethostbynameerror!
addr_in.sin_addr=*(in_addr*)pHost->
h_addr_list[0];
//IP
addr_in.sin_family=AF_INET;
addr_in.sin_port=htons(57274);
//把sock绑定到本地地址上
if(bind(sock,(PSOCKADDR)&
addr_in,sizeof(addr_in))==SOCKET_ERROR)
binderror!
iSortDirection=1;
}
~TMainForm()
WSACleanup();
void__fastcallTMainForm:
btnCtrlClick(TObject*Sender)
TListItem*Item;
DWORDdwValue;
intnIndex=0;
if(btnCtrl->
Caption=="
&
Start"
)
dwValue=1;
//设置SOCK_RAW为SIO_RCVALL,以便接收所有的IP包
if(ioctlsocket(sock,SIO_RCVALL,&
dwValue)!
ioctlsocketSIO_RCVALLerror!
bStop=false;
btnCtrl->
Caption="
Stop"
;
lsvPacket->
Items->
Clear();
else
dwValue=0;
bStop=true;
//设置SOCK_RAW为SIO_RCVALL,停止接收
WSAIoctlSIO_RCVALLerror!
while(!
bStop)
if(recv(sock,RecvBuf,BUFFER_SIZE,0)>
0)
nIndex++;
ip=*(IP*)RecvBuf;
tcp=*(TCP*)(RecvBuf+(ip.HdrLen&
IP_HDRLEN_MASK));
Item=lsvPacket->
Add();
Item->
Caption=nIndex;
SubItems->
Add(GetProtocolTxt(ip.Protocol));
Add(inet_ntoa(*(in_addr*)&
ip.SrcAddr));
ip.DstAddr));
Add(tcp.SrcPort);
Add(tcp.DstPort);
Add(ntohs(ip.TotalLen));
Application->
ProcessMessages();
AnsiString__fastcallTMainForm:
GetProtocolTxt(intProtocol)
switch(Protocol)
caseIPPROTO_ICMP:
//1/*controlmessageprotocol*/
returnPROTOCOL_STRING_ICMP_TXT;
caseIPPROTO_TCP:
//6/*tcp*/
returnPROTOCOL_STRING_TCP_TXT;
caseIPPROTO_UDP:
//17/*userdatagramprotocol*/
returnPROTOCOL_STRING_UDP_TXT;
default:
returnPROTOCOL_STRING_UNKNOWN_TXT;
//*HeaderFile:
WMain.hforWMain.cppclassTMainForm
#ifndefWMainH
#defineWMainH
#defineBUFFER_SIZE65535
Classes.hpp>
Controls.hpp>
StdCtrls.hpp>
Forms.hpp>
ComCtrls.hpp>
ExtCtrls.hpp>
netmon.h"
classTMainForm:
publicTForm
__published:
//IDE-managedComponents
TPanel*Panel1;
TButton*btnCtrl;
TListView*lsvPacket;
TLabel*Label1;
void__fastcallbtnCtrlClick(TObject*Sender);
void__fastcalllsvPacketColumnClick(TObject*Sender,
TListColumn*Column);
void__fastcalllsvPacketCompare(TObject*Sender,TListItem*Item1,
TListItem*Item2,intData,int&
Compare);
void__fastcallLabel1Click(TObject*Sender);
private:
//Userdeclarations
AnsiString__fastcallGetProtocolTxt(intProtocol);
public:
SOCKETsock;
SOCKADDR_INaddr_in;
IPip;
TCPtcp;
PSUHDRpsdHeader;
charRecvBuf[BUFFER_SIZE];
boolbStop;
intiSortDirection;
intiColumnToSort;
__fastcallTMainForm(TComponent*Owner);
__fastcall~TMainForm();
};
externPACKAGETMainForm*MainForm;
#endif
IP,TCP头及一些宏定义用了netmon.h的头,这个文件在BCB6的include目录下可以找得到,其中与本程序相关内容如下:
netmon.h
//
//IPPacketStructure
typedefstruct_IP
union
BYTEVersion;
BYTEHdrLen;
BYTEServiceType;
WORDTotalLen;
WORDID;
WORDFlags;
WORDFragOff;
BYTETimeToLive;
BYTEProtocol;
WORDHdrChksum;
DWORDSrcAddr;
DWORDDstAddr;
BYTEOptions[0];
}IP;
typedefIP*LPIP;
typedefIPUNALIGNED*ULPIP;
//TCPPacketStructure
typedefstruct_TCP
WORDSrcPort;
WORDDstPort;
DWORDSeqNum;
DWORDAckNum;
BYTEDataOff;
BYTEFlags;
WORDWindow;
WORDChksum;
WORDUrgPtr;
}TCP;
typedefTCP*LPTCP;
typedefTCPUNALIGNED*ULPTCP;
//upperprotocols
#definePROTOCOL_STRING_ICMP_TXT"
ICMP"
#definePROTOCOL_STRING_TCP_TXT"
TCP"
#definePROTOCOL_STRING_UDP_TXT"
UDP"
#definePROTOCOL_STRING_SPX_TXT"
SPX"
#definePROTOCOL_STRING_NCP_TXT"
NCP"
#definePROTOCOL_STRING_UNKNOW_TXT"
UNKNOW"
这个文件也有人声称没有.
mstcpip.h
//Copyright(c)MicrosoftCorporation.Allrightsreserved.
#if_MSC_VER>
1000
#pragmaonce
/*ArgumentstructureforSIO_KEEPALIVE_VALS*/
structtcp_keepalive{
u_longonoff;
u_longkeepalivetime;
u_longkeepaliveinterval;
//NewWSAIoctlOptions
#defineSIO_RCVALL_WSAIOW(IOC_VENDOR,1)
#defineSIO_RCVALL_MCAST_WSAIOW(IOC_VENDOR,2)
#defineSIO_RCVALL_IGMPMCAST_WSAIOW(IOC_VENDOR,3)
#defineSIO_KEEPALIVE_VALS_WSAIOW(IOC_VENDOR,4)
#defineSIO_ABSORB_RTRALERT_WSAIOW(IOC_VENDOR,5)
#defineSIO_UCAST_IF_WSAIOW(IOC_VENDOR,6)
#defineSIO_LIMIT_BROADCASTS_WSAIOW(IOC_VENDOR,7)
#defineSIO_INDEX_BIND_WSAIOW(IOC_VENDOR,8)
#defineSIO_INDEX_MCASTIF_WSAIOW(IOC_VENDOR,9)
#defineSIO_INDEX_ADD_MCAST_WSAIOW(IOC_VENDOR,10)
#defineSIO_INDEX_DEL_MCAST_WSAIOW(IOC_VENDOR,11)
//ValuesforusewithSIO_RCVALL*options
#defineRCVALL_OFF0
#defineRCVALL_ON1
#defineRCVALL_SOCKETLEVELONLY2
六.小结
优点:
实现简单,不需要做驱动程序就可实现抓包.
缺点:
数据包头不含帧信息,不能接收到与IP同层的其它数据包,如ARP,RARP;
没有对数据包进行进一步的分析。