原始套接字的IPv4的抓包程序

TAG:

//sniffer.h

#ifndef _H_SINIFERR_H_ 
#define _H_SINIFERR_H_ 
 
#include <winsock2.h> 
 
typedef struct IP_HEADER 
{ 
    u_char hl:4, /*头部长度,是little-endian，所以hl在前*/ 
            version:4; /*版本*/ 
    u_char tos; /*服务类型*/ 
    u_short length; /*包长*/ 
    u_short id;   /*标识*/ 
    u_short fragment; /*分段*/ 
    u_char TTL; /*生存期*/ 
    u_char protocol; /*下一个头的协议*/ 
    u_short chksum; /*检验和*/ 
    IN_ADDR source; /*源地址*/ 
    IN_ADDR dest; /*目的地址*/ 
 
}IP_HEADER; 
 
char* IPv4_Protocal[103]={ 
   "Reserved",   //0   Reserved                              [JBP] 
   "ICMP",    //1   Internet Control Message       [RFC792,JBP] 
   "IGMP",    //2   Internet Group Management     [RFC1112,JBP] 
   "GGP",    //3   Gateway-to-Gateway              [RFC823,MB] 
   "IP",    //4   IP in IP (encasulation)               [JBP] 
   "ST",    //5   Stream                 [RFC1190,IEN119,JWF] 
   "TCP",    //6   Transmission Control           [RFC793,JBP] 
   "UCL",    //7   UCL                                    [PK] 
   "EGP",    //8   Exterior Gateway Protocol     [RFC888,DLM1] 
   "IGP",    //9   any private interior gateway          [JBP] 
   "BBN-RCC-MON", //10 BBN RCC Monitoring                    [SGC] 
   "NVP-II",   //11 Network Voice Protocol         [RFC741,SC3] 
   "PUP",    //12 PUP                             [PUP,XEROX] 
   "ARGUS",   //13 ARGUS                                [RWS4] 
   "EMCON",   //14 EMCON                                 [BN7] 
   "XNET",    //15 Cross Net Debugger            [IEN158,JFH2] 
   "CHAOS",   //16 Chaos                                 [NC3] 
   "UDP",    //17 User Datagram                  [RFC768,JBP] 
   "MUX",    //18 Multiplexing                    [IEN90,JBP] 
   "DCN-MEAS",   //19 DCN Measurement Subsystems           [DLM1] 
   "HMP",    //20 Host Monitoring                [RFC869,RH6] 
   "PRM",    //21 Packet Radio Measurement              [ZSU] 
   "XNS-IDP",   //22 XEROX NS IDP               [ETHERNET,XEROX] 
   "TRUNK-1",   //23 Trunk-1                              [BWB6] 
   "TRUNK-2",   //24 Trunk-2                              [BWB6] 
   "LEAF-1",   //25 Leaf-1                               [BWB6] 
   "LEAF-2",   //26 Leaf-2                               [BWB6] 
   "RDP",    //27 Reliable Data Protocol         [RFC908,RH6] 
   "IRTP",    //28 Internet Reliable Transaction [RFC938,TXM] 
   "ISO-TP4",   //29 ISO Transport Protocol Class 4 [RFC905,RC77] 
   "NETBLT",   //30 Bulk Data Transfer Protocol    [RFC969,DDC1] 
   "MFE-NSP",   //31 MFE Network Services Protocol [MFENET,BCH2] 
   "MERIT-INP", //32 MERIT Internodal Protocol             [HWB] 
   "SEP",    //33 Sequential Exchange Protocol        [JC120] 
   "3PC",    //34 Third Party Connect Protocol         [SAF3] 
   "IDPR",    //35 Inter-Domain Policy Routing Protocol [MXS1] 
   "XTP",    //36 XTP                                   [GXC] 
   "DDP",    //37 Datagram Delivery Protocol            [WXC] 
   "IDPR-CMTP", //38 IDPR Control Message Transport Proto [MXS1] 
   "TP++",    //39 TP++ Transport Protocol               [DXF] 
   "IL",    //40 IL Transport Protocol                [DXP2] 
   "SIP",    //41 Simple Internet Protocol              [SXD] 
   "SDRP",    //42 Source Demand Routing Protocol       [DXE1] 
   "SIP-SR",   //43 SIP Source Route                      [SXD] 
   "SIP-FRAG",   //44 SIP Fragment                          [SXD] 
   "IDRP",    //45 Inter-Domain Routing Protocol   [Sue Hares] 
   "RSVP",    //46 Reservation Protocol           [Bob Braden] 
   "GRE",    //47 General Routing Encapsulation     [Tony Li] 
   "MHRP",    //48 Mobile Host Routing Protocol[David Johnson] 
   "BNA",    //49 BNA                          [Gary Salamon] 
   "SIPP-ESP",   //50 SIPP Encap Security Payload [Steve Deering] 
   "SIPP-AH",   //51 SIPP Authentication Header [Steve Deering] 
   "I-NLSP",   //52 Integrated Net Layer Security TUBA [GLENN] 
   "SWIPE",   //53 IP with Encryption                    [JI6] 
   "NHRP",    //54 NBMA Next Hop Resolution Protocol 
   "Unassigned",   //55 Unassigned                            [JBP] 
   "Unassigned",   //56 Unassigned 
   "Unassigned",   //57 Unassigned 
   "ICMPv6",       //58 ICMPv6 
   "Unassigned",   //59 Unassigned 
   "Unassigned",   //60 Unassigned 
   "61",           //61 any host internal protocol            [JBP] 
   "CFTP",    //62 CFTP                            [CFTP,HCF2] 
   "63",           //63 any local network                     [JBP] 
   "SAT-EXPAK", //64 SATNET and Backroom EXPAK             [SHB] 
   "KRYPTOLAN", //65 Kryptolan                            [PXL1] 
   "RVD",    //66 MIT Remote Virtual Disk Protocol      [MBG] 
   "IPPC",    //67 Internet Pluribus Packet Core         [SHB] 
   "68",           //68 any distributed file system           [JBP] 
   "SAT-MON",   //69 SATNET Monitoring                     [SHB] 
   "VISA",    //70 VISA Protocol                        [GXT1] 
   "IPCV",    //71 Internet Packet Core Utility          [SHB] 
   "CPNX",    //72 Computer Protocol Network Executive [DXM2] 
   "CPHB",    //73 Computer Protocol Heart Beat         [DXM2] 
   "WSN",    //74 Wang Span Network                     [VXD] 
   "PVP",    //75 Packet Video Protocol                 [SC3] 
   "BR-SAT-MON", //76 Backroom SATNET Monitoring            [SHB] 
   "SUN-ND",   //77 SUN ND PROTOCOL-Temporary             [WM3] 
   "WB-MON",   //78 WIDEBAND Monitoring                   [SHB] 
   "WB-EXPAK",   //79 WIDEBAND EXPAK                        [SHB] 
   "ISO-IP",   //80 ISO Internet Protocol                 [MTR] 
   "VMTP",    //81 VMTP                                 [DRC3] 
   "SECURE-VMTP", //82 SECURE-VMTP                          [DRC3] 
   "VINES",   //83 VINES                                 [BXH] 
   "TTP",    //84 TTP                                   [JXS] 
   "NSFNET-IGP", //85 NSFNET-IGP                            [HWB] 
   "DGP",    //86 Dissimilar Gateway Protocol     [DGP,ML109] 
   "TCF",    //87 TCF                                  [GAL5] 
   "IGRP",    //88 IGRP                            [CISCO,GXS] 
   "OSPFIGP",   //89 OSPFIGP                      [RFC1583,JTM4] 
   "Sprite-RPC", //90 Sprite RPC Protocol            [SPRITE,BXW] 
   "LARP",    //91 Locus Address Resolution Protocol     [BXH] 
   "MTP",    //92 Multicast Transport Protocol          [SXA] 
   "AX.25",   //93 AX.25 Frames                         [BK29] 
   "IPIP",    //94 IP-within-IP Encapsulation Protocol   [JI6] 
   "MICP",    //95 Mobile Internetworking Control Pro.   [JI6] 
   "SCC-SP",   //96 Semaphore Communications Sec. Pro.    [HXH] 
   "ETHERIP",   //97 Ethernet-within-IP Encapsulation     [RXH1] 
   "ENCAP",   //98 Encapsulation Header         [RFC1241,RXB3] 
   "99",    //99 any private encryption scheme         [JBP] 
   "GMTP",    //100 GMTP                                 [RXB5] 
   "Unassigned", //101 Unassigned                            [JBP] 
   "Reserved"}; //102 Reserved                              [JBP]*/ 
 
#endif

////main.c

#include "sniffer.h" 
#include <stdio.h> 
#include <string.h> 
#include <Mstcpip.h>//#define   SIO_RCVALL _WSAIOW(IOC_VENDOR,1) 
 
int main() 
{ 
    char        hostname[100];//主机名 
    HOSTENT     *local;//本地主机信息 
 
    //创建socket的相关数据 
    WSADATA     WsaData; 
    WORD        wVersionRequested; 
    SOCKET      Sock; 
    SOCKADDR_IN SockAddr; 
 
    //设置套接字模式的相关数据 
    DWORD       dwInBuffer=1; 
    DWORD       dwBytesReturned=0; 
 
    char        Buffer[65536];//接受数据缓冲区 
    IP_HEADER   *IpHdr;//IP包头 
    int         Ret;//返回值 
    int         Cnt=0;//计数器 
 
 
    u_short     off; 
    u_char      Version;//版本 
    u_char      IHL;//报头长度 
    u_char      TypeOfSev;//服务类型 
    u_short     TotalLen;//总长度 
    u_short     Identification;//标识 
    u_short     Flag; 
    u_short     FragmentOffset;//偏移 
    u_char      TimeToLive;//生存期 
    u_char      Protocal;//协议 
    u_short     HeaderChk;//检验和 
    char        SrcAddr[16];//源地址 
    char        DesAddr[16];//目的地址 
    FILE        *File=NULL; 
   
    //初始化socket库 
    wVersionRequested=MAKEWORD(2,2); 
    Ret=WSAStartup(wVersionRequested,&WsaData); 
    if(Ret!=0) 
    { 
printf("初始化socket库失败：%d\n",WSAGetLastError()); 
goto over; 
    } 
    else 
printf("初始化socket库成功!\n"); 
 
    printf("\n====================================\n"); 
    //获取主机名 
    if (gethostname(hostname, sizeof(hostname)) == SOCKET_ERROR) 
    { 
printf("获取主机名出错 : %d",WSAGetLastError()); 
return -1; 
    } 
    else 
printf("主机名:%s \n",hostname); 
 
    //获取本地主机IP 
    local=gethostbyname(hostname); 
    if(local==NULL) 
    { 
printf("获取主机IP出错 : %d\n",WSAGetLastError()); 
return -1; 
    } 
    else 
    { 
printf("获取主机IP有: \n"); 
for(Ret=0;local->h_addr_list[Ret]!=0;Ret++) 
     printf("IP%d:%s\n",Ret,inet_ntoa( *(IN_ADDR*)local->h_addr_list[Ret]));     
    } 
    printf("====================================\n\n"); 
 
    Sock=socket(AF_INET,SOCK_RAW,IPPROTO_IP);//创建原始套接字 
    if(Sock==INVALID_SOCKET) 
    { 
printf("创建RAW socket失败：%d\n",WSAGetLastError()); 
goto over; 
    } 
    else 
printf("创建RAW socket成功!\n"); 
 
    //SockAddr.sin_addr.S_un.S_addr=inet_addr("192.168.7.190");
//htonl(INADDR_ANY);//设置接受数据的IP 
    //设置要监听的IP 
    memcpy(&SockAddr.sin_addr.S_un.S_addr,local->h_addr_list[0],
sizeof(SockAddr.sin_addr.S_un.S_addr)); 
    SockAddr.sin_family=AF_INET; 
    SockAddr.sin_port=htons(10000); 
 
    Ret=bind(Sock,(PSOCKADDR_IN)&SockAddr,sizeof(SockAddr)); 
    if(Ret!=0) 
    { 
printf("绑定socket失败：%d\n",WSAGetLastError()); 
goto over; 
    } 
    else 
printf("绑定socket成功!\n"); 
 
    Ret=WSAIoctl(Sock,SIO_RCVALL,&dwInBuffer,sizeof(dwInBuffer)
,NULL,0,&dwBytesReturned,NULL,NULL); 
    if(Ret!=0) 
    { 
printf("设置socket失败!：%d\n",WSAGetLastError()); 
goto over; 
    } 
    else 
printf("设置socket成功!\n"); 
    
 
    File=fopen("Output.txt","a+"); 
    if(File==NULL) 
goto over; 
    
    while(1) 
    { 
Ret=recv(Sock,Buffer,65535,0); 
if(Ret>0) 
{ 
     Cnt++; 
     IpHdr=(IP_HEADER*)Buffer; 
 
     Version=IpHdr->version; 
 
     IHL=IpHdr->hl; 
 
     TypeOfSev=IpHdr->tos; 
 
     TotalLen=ntohs(IpHdr->length); 
 
     Identification=ntohs(IpHdr->id); 
 
     off=ntohs(IpHdr->fragment); 
     off&=0XE000; 
     Flag=off>>13; 
 
     off=ntohs(IpHdr->fragment); 
     off&=0X1FFF; 
     FragmentOffset=off; 
 
     TimeToLive=IpHdr->TTL; 
 
     Protocal=IpHdr->protocol; 
     if(Protocal>102) 
   Protocal=102; 
 
     HeaderChk=ntohs(IpHdr->chksum); 
 
     memset(SrcAddr,0,16); 
     memset(DesAddr,0,16); 
     strcpy(SrcAddr,inet_ntoa(IpHdr->source)); 
     strcpy(DesAddr,inet_ntoa(IpHdr->dest)); 
    
     printf("\n=================%d================\n",Cnt); 
     printf("          版本:IPv%d\n",Version); 
     printf("      头部长度:%d\n",IHL); 
     printf("      服务类型:%d\n",TypeOfSev); 
     printf("          包长:%d\n",TotalLen); 
     printf("          标识:%d\n",Identification); 
     printf("          标志:%d\n",Flag); 
     printf("          分段:%d\n",FragmentOffset); 
     printf("        生存期:%d\n",TimeToLive); 
     printf("下一个头的协议:%s\n",IPv4_Protocal[Protocal]); 
     printf("        检验和:%d\n",HeaderChk); 
     printf("        源地址:%s\n",SrcAddr); 
     printf("      目的地址:%s\n",DesAddr); 
     printf("====================================\n"); 
     if(Protocal==6||Protocal==17) 
     { 
   fprintf(File,"\n=================%d================\n",Cnt); 
   fprintf(File,"          版本:IPv%d\n",Version); 
   fprintf(File,"      头部长度:%d\n",IHL); 
   fprintf(File,"      服务类型:%d\n",TypeOfSev); 
   fprintf(File,"          包长:%d\n",TotalLen); 
   fprintf(File,"          标识:%d\n",Identification); 
   fprintf(File,"          标志:%d\n",Flag); 
   fprintf(File,"          分段:%d\n",FragmentOffset); 
   fprintf(File,"        生存期:%d\n",TimeToLive); 
   fprintf(File,"下一个头的协议:%s\n",IPv4_Protocal[Protocal]); 
   fprintf(File,"        检验和:%d\n",HeaderChk); 
   fprintf(File,"        源地址:%s\n",SrcAddr); 
   fprintf(File,"      目的地址:%s\n",DesAddr); 
   fprintf(File,"====================================\n"); 
     } 
} 
    } 
 
over: 
    if(Sock) 
       closesocket(Sock); 
    if(File) 
fclose(File); 
    WSACleanup(); 
 
    return 0; 
}

(chenjily)

IPv4与IPv6协议分片重组的区别	网络聊天程序(基于消息的异步套接字编程)
基本UDP套接口编程	setsockopt函数和udp固定端口发送
Open C 套接字:getsockopt, setsockopt 用法小结	Netlink 套接字

搜索

热门标签:

原始套接字的IPv4的抓包程序