请误码如何才能抓取本机的数据包？

// RAWSOCK01.cpp : Defines the entry point for the console application.
//#include "stdafx.h"
#include <winsock2.h>
#include <Ws2tcpip.h>
#include <stdio.h>
//#include <mstcpip.h>
#include <stdlib.h>
#define SIO_RCVALL            _WSAIOW(IOC_VENDOR,1)
#define SIO_RCVALL_MCAST      _WSAIOW(IOC_VENDOR,2)
#define SIO_RCVALL_IGMPMCAST  _WSAIOW(IOC_VENDOR,3)
#define SIO_KEEPALIVE_VALS    _WSAIOW(IOC_VENDOR,4)
#define SIO_ABSORB_RTRALERT   _WSAIOW(IOC_VENDOR,5)
#define SIO_UCAST_IF          _WSAIOW(IOC_VENDOR,6)
#define SIO_LIMIT_BROADCASTS  _WSAIOW(IOC_VENDOR,7)
#define SIO_INDEX_BIND        _WSAIOW(IOC_VENDOR,8)
#define SIO_INDEX_MCASTIF     _WSAIOW(IOC_VENDOR,9)
#define SIO_INDEX_ADD_MCAST   _WSAIOW(IOC_VENDOR,10)
#define SIO_INDEX_DEL_MCAST   _WSAIOW(IOC_VENDOR,11)
#define SEQ 0x28376839 #define SYN_DEST_IP "192.168.0.250"//被攻击的IP #define FAKE_IP "10.168.150.1" //伪装IP的起始值，本程序的伪装IP覆盖一个B类网段 #define STATUS_FAILED 0xFFFF //错误返回值
typedef struct _PROTN2T
{
int  proto ;
char *pprototext ;
}PROTN2T ;
#define PROTO_NUM  11
PROTN2T aOfProto [ PROTO_NUM + 1] =
{
{ IPPROTO_IP   , "IP" },
{ IPPROTO_ICMP , "ICMP" },
{ IPPROTO_IGMP , "IGMP" },
{ IPPROTO_GGP  , "GGP" },
{ IPPROTO_TCP  , "TCP" },
{ IPPROTO_PUP  , "PUP" },
{ IPPROTO_UDP  , "UDP" },
{ IPPROTO_IDP  , "IDP" },
{ IPPROTO_ND   , "NP"  },
{ IPPROTO_RAW  , "RAW" },
{ IPPROTO_MAX  , "MAX" },
{ NULL , "" }
} ;  typedef struct _iphdr //定义IP首部 {

unsigned char h_verlen; //4位首部长度,4位IP版本号

unsigned char tos; //8位服务类型TOS

unsigned short total_len; //16位总长度（字节）

unsigned short ident; //16位标识

unsigned short frag_and_flags; //3位标志位

unsigned char ttl; //8位生存时间 TTL

unsigned char proto; //8位协议 (TCP, UDP 或其他)

unsigned short checksum; //16位IP首部校验和

unsigned int sourceIP; //32位源IP地址

unsigned int destIP; //32位目的IP地址

}IP_HEADER; struct //定义TCP伪首部 {

unsigned long saddr; //源地址

unsigned long daddr; //目的地址

char mbz;

char ptcl; //协议类型

unsigned short tcpl; //TCP长度

}psd_header; typedef struct _tcphdr //定义TCP首部 {

USHORT th_sport; //16位源端口

USHORT th_dport; //16位目的端口

unsigned int th_seq; //32位序列号

unsigned int th_ack; //32位确认号

unsigned char th_lenres; //4位首部长度/6位保留字

unsigned char th_flag; //6位标志位

USHORT th_win; //16位窗口大小

USHORT th_sum; //16位校验和

USHORT th_urp; //16位紧急数据偏移量

}TCP_HEADER; //CheckSum:计算校验和的子函数 USHORT checksum(USHORT *buffer, int size) {

unsigned long cksum=0;

while(size >1) {

cksum+=*buffer++;

size -=sizeof(USHORT);

}

if(size ) {

cksum += *(UCHAR*)buffer;

}

cksum = (cksum >> 16) + (cksum & 0xffff);

cksum += (cksum >>16);

return (USHORT)(~cksum);

} char *get_proto_name( unsigned char proto )
{
BOOL bFound = FALSE ;
for( int i = 0 ; i < PROTO_NUM ; i++ )
{
if( aOfProto[i].proto == proto )
{
bFound = TRUE ;
break ;
}
}
if( bFound )
return aOfProto[i].pprototext ;
return aOfProto[PROTO_NUM].pprototext ;
}// SynFlood主函数 int main() {

int datasize,ErrorCode,counter,flag,FakeIpNet,FakeIpHost;

int TimeOut=200,SendSEQ=0;

char SendBuf[128]={0};

char RecvBuf[65535]={0};

WSADATA wsaData;

SOCKET SockRaw=(SOCKET)NULL;

struct sockaddr_in DestAddr;

IP_HEADER ip_header;

TCP_HEADER tcp_header;

//初始化SOCK_RAW

if((ErrorCode=WSAStartup(MAKEWORD(2,1),&wsaData))!=0){

fprintf(stderr,"WSAStartup failed: %d\n",ErrorCode);

ExitProcess(STATUS_FAILED);

}
printf("Start Listen!\n\n"); SockRaw=WSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED);

if (SockRaw==INVALID_SOCKET){

fprintf(stderr,"WSASocket() failed: %d\n",WSAGetLastError());

ExitProcess(STATUS_FAILED);

}

flag=TRUE;

//设置IP_HDRINCL以自己填充IP首部

ErrorCode=setsockopt(SockRaw,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(int));

if (ErrorCode==SOCKET_ERROR) printf("Set IP_HDRINCL Error!\n");

__try{

//设置发送超时

unsigned long dwBufferInLen=1;
unsigned long dwBufferLen=1;
unsigned long dwBytesReturned=1;
char  buf [1000] , *bufwork ;
MSG   msg ;
int   iRet ;
DWORD dwErr ;
char  *pSource , *pDest ;
_iphdr *pIpHeader ;
in_addr ina ;
char   szSource [16] , szDest[16] , szErr [ 50 ];
char *pLastBuf = NULL ;
ErrorCode=setsockopt(SockRaw,SOL_SOCKET,SO_SNDTIMEO,(char*)&TimeOut,sizeof(TimeOut));

if(ErrorCode==SOCKET_ERROR){

fprintf(stderr,"Failed to set send TimeOut: %d\n",WSAGetLastError());

__leave;

}

memset(&DestAddr,0,sizeof(DestAddr));

DestAddr.sin_family=AF_INET;

DestAddr.sin_addr.s_addr=inet_addr("192.168.0.1");

if (bind(SockRaw,(PSOCKADDR)&DestAddr, sizeof(DestAddr)) == SOCKET_ERROR)
{

fprintf(stderr,"WSASocket() failed: %d\n",WSAGetLastError());
closesocket( SockRaw ) ;
return 0;
}

if(SOCKET_ERROR != WSAIoctl( SockRaw, SIO_RCVALL , &dwBufferInLen, sizeof(dwBufferInLen),
&dwBufferLen, sizeof(dwBufferLen),
&dwBytesReturned , NULL , NULL ))
{
//printf("Start Listen!\n\n");

while(1){

iRet = recv( SockRaw , buf , sizeof(buf) , 0 ) ;
if( iRet == SOCKET_ERROR )
{
fprintf(stderr,"WSASocket() failed: %d\n",WSAGetLastError());
continue ;
}else if( *buf ){

bufwork   = buf ;
         pIpHeader = ( _iphdr *)bufwork ;
WORD iLen = ntohs(pIpHeader->total_len) ;
//printf("%d.%d.%d.%d",*(c),*(c+1) %256,*(c+2) %256,*(c+3) %256);
ina.S_un.S_addr = pIpHeader->sourceIP ;
pSource = inet_ntoa( ina ) ;
strcpy( szSource , pSource ) ;
ina.S_un.S_addr = pIpHeader->destIP ;
pDest = inet_ntoa( ina ) ;
strcpy( szDest , pDest ) ;

//printf("[%s]%s:%d==>%s:%d < %d >\n\n", get_proto_name( pIpHeader->proto),szSource,szDest,pIpHeader->total_len);
printf("[%s]%20s==>%20s < %u >\n\n", get_proto_name( pIpHeader->proto),szSource,szDest,pIpHeader->total_len);

Sleep(50) ;

}

}

//填充IP首部
}

}//End of try

__finally {

if (SockRaw != INVALID_SOCKET) closesocket(SockRaw);

WSACleanup();

}

return 0;

}
本软件是一个网络管理软件！
1)它能够管理整个局域网硬件情况（cpu 、硬盘、内存、网卡）；
2)能够监测你的机器是否有木马；
3)sniff功能（截获网楼全部的数据流以共分析）
4)可以管理某台机器是否被访问!
5)监控你自己的机器内存、cpu使用情况，如果达到极限，报警（要有音响）
6)统计网络数据流量
7)远程关机、重器、以及注销
8)如果远程机器的cpu的温度升高到警戒线，就主动（不用巡测了）传回主台，并报警。
9)对远程计算机进行对时，并召回远程计算机的系统时间！
10)在主台还可以对远程机器的cpu进行降温处理！
11)增加了对网内是否有sniff功能的软件的监测！
下再地址：http://www.zgtcc.com/upload/files/xinxi/F:XBakX20030305XNetAdminXNetAdminXLib.zip.zip

调试易

请误码如何才能抓取本机的数据包？

解决方案 »