1、 bool flag = ture;addrLocal 为本地地址: SOCKADDR_IN addrLocal;dwValue 为输入输出参数, 为 1 时执行, 0 时取消: DWORD dwValue = 1;TCP header structure:16 32 bit |-|-| | Source port | Destination port | | Sequence number | | Acknowledgement number | | Offset | Resrvd |U|A|P|R|S|F| Window | | Checksum | Urgent pointer | |
2、Option + Padding | | Data | 五. 实现 Sniffer 用 BCB6 写的一个 Simple Sniffer 的代码, 仅供参考. (需要在工程文件里加入WS2_32.LIB这个文件) /*/ /* CPP File: WMain.cpp /* Simple Sniffer by shadowstar /* #include #pragma hdrstop winsock2.hws2tcpip.hmstcpip.hnetmon.h#include WMain.h/- #pragma package(smart_init) #pragma resource *.dfm
3、TMainForm *MainForm;_fastcall TMainForm:TMainForm(TComponent* Owner) TForm(Owner) WSADATA WSAData;BOOL flag = true;int nTimeout = 1000;char LocalName16;struct hostent *pHost;/检查 Winsock 版本号 if (WSAStartup(MAKEWORD(2, 2), &WSAData) != 0) throw Exception(WSAStartup error!);/初始化 Raw Socket if (sock = s
4、ocket(AF_INET, SOCK_RAW, IPPROTO_RAW) = INVALID_SOCKET) socket setup error!/设置IP头操作选项 if (setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char*)&flag, sizeof(flag) = SOCKET_ERROR) setsockopt IP_HDRINCL error!/获取本机名 if (gethostname(char*)LocalName, sizeof(LocalName)-1) = SOCKET_ERROR) gethostname error!/获取
5、本地 IP 地址 if (pHost = gethostbyname(char*)LocalName) = NULL) gethostbyname error!addr_in.sin_addr = *(in_addr *)pHost-h_addr_list0; /IP addr_in.sin_family = AF_INET;addr_in.sin_port = htons(57274);/把 sock 绑定到本地地址上 if (bind(sock, (PSOCKADDR)&addr_in, sizeof(addr_in) = SOCKET_ERROR) bind error!iSortDir
6、ection = 1; TMainForm() WSACleanup();void _fastcall TMainForm:btnCtrlClick(TObject *Sender) TListItem *Item;DWORD dwValue;int nIndex = 0;if (btnCtrl-Caption = &Start) dwValue = 1;/设置 SOCK_RAW 为SIO_RCVALL,以便接收所有的IP包 if (ioctlsocket(sock, SIO_RCVALL, &dwValue) !ioctlsocket SIO_RCVALL error!bStop = fal
7、se;btnCtrl-Caption = Stop;lsvPacket-Items-Clear();else dwValue = 0;bStop = true;/设置SOCK_RAW为SIO_RCVALL,停止接收 WSAIoctl SIO_RCVALL error!while (!bStop) if (recv(sock, RecvBuf, BUFFER_SIZE, 0) 0) nIndex+;ip = *(IP*)RecvBuf;tcp = *(TCP*)(RecvBuf + (ip.HdrLen & IP_HDRLEN_MASK);Item = lsvPacket-Add();Item-
8、Caption = nIndex;SubItems-Add(GetProtocolTxt(ip.Protocol);Add(inet_ntoa(*(in_addr*)&ip.SrcAddr);ip.DstAddr);Add(tcp.SrcPort);Add(tcp.DstPort);Add(ntohs(ip.TotalLen);Application-ProcessMessages();AnsiString _fastcall TMainForm:GetProtocolTxt(int Protocol) switch (Protocol) case IPPROTO_ICMP : /1 /* c
9、ontrol message protocol */ return PROTOCOL_STRING_ICMP_TXT;case IPPROTO_TCP : /6 /* tcp */ return PROTOCOL_STRING_TCP_TXT;case IPPROTO_UDP : /17 /* user datagram protocol */ return PROTOCOL_STRING_UDP_TXT;default :return PROTOCOL_STRING_UNKNOWN_TXT;/* Header File: WMain.h for WMain.cpp class TMainFo
10、rm #ifndef WMainH #define WMainH #define BUFFER_SIZE 65535 Classes.hppControls.hppStdCtrls.hppForms.hppComCtrls.hppExtCtrls.hppnetmon.hclass TMainForm : public TForm _published: / IDE-managed Components TPanel *Panel1;TButton *btnCtrl;TListView *lsvPacket;TLabel *Label1;void _fastcall btnCtrlClick(T
11、Object *Sender);void _fastcall lsvPacketColumnClick(TObject *Sender, TListColumn *Column);void _fastcall lsvPacketCompare(TObject *Sender, TListItem *Item1, TListItem *Item2, int Data, int &Compare);void _fastcall Label1Click(TObject *Sender);private: / User declarations AnsiString _fastcall GetProt
12、ocolTxt(int Protocol);public:SOCKET sock;SOCKADDR_IN addr_in;IP ip;TCP tcp;PSUHDR psdHeader;char RecvBufBUFFER_SIZE;bool bStop;int iSortDirection;int iColumnToSort;_fastcall TMainForm(TComponent* Owner);_fastcall TMainForm();extern PACKAGE TMainForm *MainForm;#endif IP, TCP 头及一些宏定义用了 netmon.h 的头, 这个
13、文件在 BCB6 的 include 目录下可以找得到, 其中与本程序相关内容如下: netmon.h / / IP Packet Structure typedef struct _IP union BYTE Version;BYTE HdrLen;BYTE ServiceType;WORD TotalLen;WORD ID;WORD Flags;WORD FragOff;BYTE TimeToLive;BYTE Protocol;WORD HdrChksum;DWORD SrcAddr;DWORD DstAddr;BYTE Options0; IP;typedef IP * LPIP;ty
14、pedef IP UNALIGNED * ULPIP;/ TCP Packet Structure typedef struct _TCP WORD SrcPort;WORD DstPort;DWORD SeqNum;DWORD AckNum;BYTE DataOff;BYTE Flags;WORD Window;WORD Chksum;WORD UrgPtr; TCP;typedef TCP *LPTCP;typedef TCP UNALIGNED * ULPTCP;/ upper protocols #define PROTOCOL_STRING_ICMP_TXT ICMP#define
15、PROTOCOL_STRING_TCP_TXT TCP#define PROTOCOL_STRING_UDP_TXT UDP#define PROTOCOL_STRING_SPX_TXT SPX#define PROTOCOL_STRING_NCP_TXT NCP#define PROTOCOL_STRING_UNKNOW_TXT UNKNOW这个文件也有人声称没有. mstcpip.h / Copyright (c) Microsoft Corporation. All rights reserved. #if _MSC_VER 1000 #pragma once /* Argument s
16、tructure for SIO_KEEPALIVE_VALS */ struct tcp_keepalive u_long onoff;u_long keepalivetime;u_long keepaliveinterval;/ New WSAIoctl Options #define SIO_RCVALL _WSAIOW(IOC_VENDOR,1) #define SIO_RCVALL_MCAST _WSAIOW(IOC_VENDOR,2) #define SIO_RCVALL_IGMPMCAST _WSAIOW(IOC_VENDOR,3) #define SIO_KEEPALIVE_V
17、ALS _WSAIOW(IOC_VENDOR,4) #define SIO_ABSORB_RTRALERT _WSAIOW(IOC_VENDOR,5) #define SIO_UCAST_IF _WSAIOW(IOC_VENDOR,6) #define SIO_LIMIT_BROADCASTS _WSAIOW(IOC_VENDOR,7) #define SIO_INDEX_BIND _WSAIOW(IOC_VENDOR,8) #define SIO_INDEX_MCASTIF _WSAIOW(IOC_VENDOR,9) #define SIO_INDEX_ADD_MCAST _WSAIOW(IOC_VENDOR,10) #define SIO_INDEX_DEL_MCAST _WSAIOW(IOC_VENDOR,11) / Values for use with SIO_RCVALL* options #define RCVALL_OFF 0 #define RCVALL_ON 1 #define RCVALL_SOCKETLEVELONLY 2 六. 小结 优点: 实现简单, 不需要做驱动程序就可实现抓包. 缺点: 数据包头不含帧信息, 不能接收到与 IP 同层的其它数据包, 如 ARP, RARP;没有对数据包进行进一步的分析。
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1
升级会员 