原始套接字的简单tcp包嗅探
2016-03-11 21:08
387 查看
原始套接字
sock_raw = socket(AF_INET , SOCK_RAW , IPPROTO_TCP); while(1) { data_size = recvfrom(sock_raw , buffer , 65536 , 0 , &saddr , &saddr_size); }
/* * main.cpp * * Created on: Mar 11, 2016 */ #include <sys/types.h> #include <sys/socket.h> #include <arpa/inet.h> #include <netinet/ip_icmp.h> #include <netinet/udp.h> #include <netinet/tcp.h> #include <netinet/ip.h> #include <stdio.h> #include <stdlib.h> #include <errno.h> #include <string.h> #include <unistd.h> FILE* logfile; int sockfd; int tcp=0,udp=0,icmp=0,others=0,igmp=0,total=0,i,j; struct sockaddr_in source,dest; void process_packet(unsigned char* buffer , int size); void print_ip_header(unsigned char* , int); void print_tcp_packet(unsigned char* , int); void print_udp_packet(unsigned char * , int); void print_icmp_packet(unsigned char* , int); void PrintData (unsigned char* , int); int main() { struct sockaddr addr; int datasize; socklen_t saddr_size = sizeof(addr); unsigned char* buffer = (unsigned char*)malloc(65536); logfile = fopen("log.txt","w"); if(logfile == NULL) printf("unable to create file\n"); printf("Starting.....\n"); sockfd = socket(AF_INET, SOCK_RAW,IPPROTO_TCP); if(sockfd < 0) { fprintf(stderr,"open socket error: ",strerror(errno)); } while(1) { datasize = recvfrom(sockfd, buffer, 65536,0 ,&addr,&saddr_size ); if(datasize < 0) { printf("Recvfrom error, failed to get packets\n"); return -1; } process_packet(buffer,datasize); //not work?????????????? //fprintf(logfile,"%s\n",buffer); } close(sockfd); fclose(logfile); printf("Finished"); return 0; } void process_packet(unsigned char* buffer , int size) { struct iphdr *iph = (struct iphdr*)buffer; total++; switch(iph->protocol) { case 1: ++icmp; //print_icmp_packet(buffer,size); break; case 2: ++igmp; break; case 6: ++tcp; print_tcp_packet(buffer , size); break; case 17: ++udp; print_udp_packet(buffer , size); break; default: ++others; break; } printf("TCP : %d UDP : %d ICMP : %d IGMP : %d Others : %d Total : %d\r", tcp,udp,icmp,igmp,others,total); } void print_ip_header(unsigned char* Buffer, int size) { unsigned short iphdrlen; struct iphdr *iph = (struct iphdr *)Buffer; iphdrlen = iph->ihl*4; memset(&source, 0, sizeof(source)); source.sin_addr.s_addr = iph->saddr; memset(&dest, 0, sizeof(dest)); dest.sin_addr.s_addr = iph->daddr; fprintf(logfile, "\n"); fprintf(logfile, "IP Header\n"); fprintf(logfile, " |-IP Version : %d\n", (unsigned int) iph->version); fprintf(logfile, " |-IP Header Length : %d DWORDS or %d Bytes\n", (unsigned int) iph->ihl, ((unsigned int) (iph->ihl)) * 4); fprintf(logfile, " |-Type Of Service : %d\n", (unsigned int) iph->tos); fprintf(logfile, " |-IP Total Length : %d Bytes(Size of Packet)\n", ntohs(iph->tot_len)); fprintf(logfile, " |-Identification : %d\n", ntohs(iph->id)); //fprintf(logfile," |-Reserved ZERO Field : %d\n",(unsigned int)iphdr->ip_reserved_zero); //fprintf(logfile," |-Dont Fragment Field : %d\n",(unsigned int)iphdr->ip_dont_fragment); //fprintf(logfile," |-More Fragment Field : %d\n",(unsigned int)iphdr->ip_more_fragment); fprintf(logfile, " |-TTL : %d\n", (unsigned int) iph->ttl); fprintf(logfile, " |-Protocol : %d\n", (unsigned int) iph->protocol); fprintf(logfile, " |-Checksum : %d\n", ntohs(iph->check)); fprintf(logfile, " |-Source IP : %s\n", inet_ntoa(source.sin_addr)); fprintf(logfile, " |-Destination IP : %s\n", inet_ntoa(dest.sin_addr)); } void print_tcp_packet(unsigned char* Buffer, int Size) { unsigned short iphdrlen; struct iphdr *iph = (struct iphdr *)Buffer; iphdrlen = iph->ihl*4; struct tcphdr *tcph=(struct tcphdr*)(Buffer + iphdrlen); fprintf(logfile,"\n\n***********************TCP Packet*************************\n"); print_ip_header(Buffer,Size); fprintf(logfile,"\n"); fprintf(logfile,"TCP Header\n"); fprintf(logfile," |-Source Port : %u\n",ntohs(tcph->source)); fprintf(logfile," |-Destination Port : %u\n",ntohs(tcph->dest)); fprintf(logfile," |-Sequence Number : %u\n",ntohl(tcph->seq)); fprintf(logfile," |-Acknowledge Number : %u\n",ntohl(tcph->ack_seq)); fprintf(logfile," |-Header Length : %d DWORDS or %d BYTES\n" ,(unsigned int)tcph->doff,(unsigned int)tcph->doff*4); //fprintf(logfile," |-CWR Flag : %d\n",(unsigned int)tcph->cwr); //fprintf(logfile," |-ECN Flag : %d\n",(unsigned int)tcph->ece); fprintf(logfile," |-Urgent Flag : %d\n",(unsigned int)tcph->urg); fprintf(logfile," |-Acknowledgement Flag : %d\n",(unsigned int)tcph->ack); fprintf(logfile," |-Push Flag : %d\n",(unsigned int)tcph->psh); fprintf(logfile," |-Reset Flag : %d\n",(unsigned int)tcph->rst); fprintf(logfile," |-Synchronise Flag : %d\n",(unsigned int)tcph->syn); fprintf(logfile," |-Finish Flag : %d\n",(unsigned int)tcph->fin); fprintf(logfile," |-Window : %d\n",ntohs(tcph->window)); fprintf(logfile," |-Checksum : %d\n",ntohs(tcph->check)); fprintf(logfile," |-Urgent Pointer : %d\n",tcph->urg_ptr); fprintf(logfile,"\n"); fprintf(logfile," DATA Dump "); fprintf(logfile,"\n"); fprintf(logfile,"IP Header\n"); PrintData(Buffer,iphdrlen); fprintf(logfile,"TCP Header\n"); PrintData(Buffer+iphdrlen,tcph->doff*4); fprintf(logfile,"Data Payload\n"); PrintData(Buffer + iphdrlen + tcph->doff*4 , (Size - tcph->doff*4-iph->ihl*4) ); fprintf(logfile,"\n###########################################################"); } void print_udp_packet(unsigned char *Buffer , int Size) { unsigned short iphdrlen; struct iphdr *iph = (struct iphdr *)Buffer; iphdrlen = iph->ihl*4; struct udphdr *udph = (struct udphdr*)(Buffer + iphdrlen); fprintf(logfile,"\n\n***********************UDP Packet*************************\n"); print_ip_header(Buffer,Size); fprintf(logfile,"\nUDP Header\n"); fprintf(logfile," |-Source Port : %d\n" , ntohs(udph->source)); fprintf(logfile," |-Destination Port : %d\n" , ntohs(udph->dest)); fprintf(logfile," |-UDP Length : %d\n" , ntohs(udph->len)); fprintf(logfile," |-UDP Checksum : %d\n" , ntohs(udph->check)); fprintf(logfile,"\n"); fprintf(logfile,"IP Header\n"); PrintData(Buffer , iphdrlen); fprintf(logfile,"UDP Header\n"); PrintData(Buffer+iphdrlen , sizeof udph); fprintf(logfile,"Data Payload\n"); PrintData(Buffer + iphdrlen + sizeof udph ,( Size - sizeof udph - iph->ihl * 4 )); fprintf(logfile,"\n###########################################################"); } void print_icmp_packet(unsigned char* Buffer , int Size) { unsigned short iphdrlen; struct iphdr *iph = (struct iphdr *)Buffer; iphdrlen = iph->ihl*4; struct icmphdr *icmph = (struct icmphdr *)(Buffer + iphdrlen); fprintf(logfile,"\n\n***********************ICMP Packet*************************\n"); print_ip_header(Buffer , Size); fprintf(logfile,"\n"); fprintf(logfile,"ICMP Header\n"); fprintf(logfile," |-Type : %d",(unsigned int)(icmph->type)); if((unsigned int)(icmph->type) == 11) fprintf(logfile," (TTL Expired)\n"); else if((unsigned int)(icmph->type) == ICMP_ECHOREPLY) fprintf(logfile," (ICMP Echo Reply)\n"); fprintf(logfile," |-Code : %d\n",(unsigned int)(icmph->code)); fprintf(logfile," |-Checksum : %d\n",ntohs(icmph->checksum)); //fprintf(logfile," |-ID : %d\n",ntohs(icmph->id)); //fprintf(logfile," |-Sequence : %d\n",ntohs(icmph->sequence)); fprintf(logfile,"\n"); fprintf(logfile,"IP Header\n"); PrintData(Buffer,iphdrlen); fprintf(logfile,"UDP Header\n"); PrintData(Buffer + iphdrlen , sizeof icmph); fprintf(logfile,"Data Payload\n"); PrintData(Buffer + iphdrlen + sizeof icmph , (Size - sizeof icmph - iph->ihl * 4)); fprintf(logfile,"\n###########################################################"); } void PrintData (unsigned char* data , int Size) { for(i=0 ; i < Size ; i++) { if( i!=0 && i%16==0) //if one line of hex printing is complete... { fprintf(logfile," "); for(j=i-16 ; j<i ; j++) { if(data[j]>=32 && data[j]<=128) fprintf(logfile,"%c",(unsigned char)data[j]); //if its a number or alphabet else fprintf(logfile,"."); //otherwise print a dot } fprintf(logfile,"\n"); } if(i%16==0) fprintf(logfile," "); fprintf(logfile," %02X",(unsigned int)data[i]); if( i==Size-1) //print the last spaces { for(j=0;j<15-i%16;j++) fprintf(logfile," "); //extra spaces fprintf(logfile," "); for(j=i-i%16 ; j<=i ; j++) { if(data[j]>=32 && data[j]<=128) fprintf(logfile,"%c",(unsigned char)data[j]); else fprintf(logfile,"."); } fprintf(logfile,"\n"); } } }
***********************TCP Packet************************* IP Header |-IP Version : 4 |-IP Header Length : 5 DWORDS or 20 Bytes |-Type Of Service : 0 |-IP Total Length : 129 Bytes(Size of Packet) |-Identification : 7322 |-TTL : 51 |-Protocol : 6 |-Checksum : 11872 |-Source IP : 107.224.156.181 |-Destination IP : 10.85.23.12 TCP Header |-Source Port : 44 |-Destination Port : 51139 |-Sequence Number : 2867594165 |-Acknowledge Number : 3874566180 |-Header Length : 8 DWORDS or 32 BYTES |-Urgent Flag : 0 |-Acknowledgement Flag : 1 |-Push Flag : 1 |-Reset Flag : 0 |-Synchronise Flag : 0 |-Finish Flag : 0 |-Window : 151 |-Checksum : 38077 |-Urgent Pointer : 0 DATA Dump IP Header 45 00 00 81 1C 9A 40 00 33 06 2E 60 68 E0 9C B5 E.....@.3..`h... 0A 55 EC 92 .U.. TCP Header 01 BB C7 C3 AA EC 03 B5 E6 F1 30 24 80 18 00 97 ..........0$... 94 BD 00 00 01 01 08 0A 93 2C E2 18 00 A8 A8 AB .........,...... Data Payload 47 CA D2 84 49 64 01 1F 2C 26 5D 3E 58 44 00 82 G...Id..,&]>XD.. 19 BD DA 27 FB 54 C1 2A 7C 3A 6B 19 87 D2 06 36 ...'.T.*|:k....6 86 B3 0D 70 A0 63 C2 F4 D7 6F E1 CE 2B F2 AC D6 ...p.c...o..+... F0 FE DB 6C CD DE 17 B9 AD A7 52 8A D0 A9 AB 64 ...l......R....d 7C 4B 42 92 BC 9B A7 E7 B4 5D 30 82 0A |KB......]0.. ###########################################################
进一步
相关文章推荐
- DDoS攻击 TCP UDP ICMP
- HAProxy+httpd+tomcat(五)
- 【通知】本博客迁移到 http://sparkyuan.me/
- 浅谈HTTP中Get与Post的区别
- C++容器类(来自yeahask的博客http://blog.sina.com.cn/yeahask )
- 【网络流24题】最长不下降子序列问题
- 计算机网络原理大纲思维导图
- 有关HTTPS和S-HTTP
- TCP/IP 体系结构
- git push 出错result=56, HTTP code = 200
- 计算机网络,物理层,初步理解
- 【网络流24题】最小路径覆盖问题
- TCP协议的滑动窗口协议以及流量控制
- HttpClient4.5教程-第三章-HTTP状态管理
- 一步一步自学HttpClient
- 爬虫训练营-基础之概述
- 修改HttpServletRequest的中的参数值
- Android开发请求网络方式详解
- VS中使用marquee文本超链接时url路径转http路径的一个方法
- linux下Python网络编程框架-Twisted安装