??
我想看里面的数据,包括源ip、目的ip、端口号。
我想看里面的数据,包括源ip、目的ip、端口号。
解决方案 »
- CHtmlView编程中,如何获取网页准备加载的事件?我用OnBeforeNavigate2()事件函数发现,当打开有多个Frame框架的网页(比如tieba.
- 谁有IFS DDK(文件驱动程序开发) for xP/2003的下载地址??
- IE控件的刷新问题
- 如何在picture控件之上加多个不同的鼠标识别点?
- 别人用atl写的dll让我来测试,怎么搞啊?
- 请问_bstr_t类型的变量,当为空的时候是NULL吗?
- VB 制作的控件可以给 VC 、Delphi 用吗?
- 如何取得可变参数的个数, 如func1(int a, ...)
- 请问用两个日期型变量怎样算出相差的天数
- VC 做截面是不是除了对话框以外都得用 Create()?
- 打印预览中如何捕捉用户点击了“关闭”按钮?
- 请教几个动态生成的问题?谢谢
//#include "stdafx.h"
#include <winsock2.h>
#include <Ws2tcpip.h>
#include <stdio.h>
//#include <mstcpip.h>
#include <stdlib.h>
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
#define SIO_RCVALL_MCAST _WSAIOW(IOC_VENDOR,2)
#define SIO_RCVALL_IGMPMCAST _WSAIOW(IOC_VENDOR,3)
#define SIO_KEEPALIVE_VALS _WSAIOW(IOC_VENDOR,4)
#define SIO_ABSORB_RTRALERT _WSAIOW(IOC_VENDOR,5)
#define SIO_UCAST_IF _WSAIOW(IOC_VENDOR,6)
#define SIO_LIMIT_BROADCASTS _WSAIOW(IOC_VENDOR,7)
#define SIO_INDEX_BIND _WSAIOW(IOC_VENDOR,8)
#define SIO_INDEX_MCASTIF _WSAIOW(IOC_VENDOR,9)
#define SIO_INDEX_ADD_MCAST _WSAIOW(IOC_VENDOR,10)
#define SIO_INDEX_DEL_MCAST _WSAIOW(IOC_VENDOR,11)
#define SEQ 0x28376839 #define SYN_DEST_IP "192.168.0.250"//被攻击的IP #define FAKE_IP "10.168.150.1" //伪装IP的起始值,本程序的伪装IP覆盖一个B类网段 #define STATUS_FAILED 0xFFFF //错误返回值
typedef struct _PROTN2T
{
int proto ;
char *pprototext ;
}PROTN2T ;
#define PROTO_NUM 11
PROTN2T aOfProto [ PROTO_NUM + 1] =
{
{ IPPROTO_IP , "IP" },
{ IPPROTO_ICMP , "ICMP" },
{ IPPROTO_IGMP , "IGMP" },
{ IPPROTO_GGP , "GGP" },
{ IPPROTO_TCP , "TCP" },
{ IPPROTO_PUP , "PUP" },
{ IPPROTO_UDP , "UDP" },
{ IPPROTO_IDP , "IDP" },
{ IPPROTO_ND , "NP" },
{ IPPROTO_RAW , "RAW" },
{ IPPROTO_MAX , "MAX" },
{ NULL , "" }
} ; typedef struct _iphdr //定义IP首部 {
unsigned char h_verlen; //4位首部长度,4位IP版本号
unsigned char tos; //8位服务类型TOS
unsigned short total_len; //16位总长度(字节)
unsigned short ident; //16位标识
unsigned short frag_and_flags; //3位标志位
unsigned char ttl; //8位生存时间 TTL
unsigned char proto; //8位协议 (TCP, UDP 或其他)
unsigned short checksum; //16位IP首部校验和
unsigned int sourceIP; //32位源IP地址
unsigned int destIP; //32位目的IP地址
}IP_HEADER; struct //定义TCP伪首部 {
unsigned long saddr; //源地址
unsigned long daddr; //目的地址
char mbz;
char ptcl; //协议类型
unsigned short tcpl; //TCP长度
}psd_header; typedef struct _tcphdr //定义TCP首部 {
USHORT th_sport; //16位源端口
USHORT th_dport; //16位目的端口
unsigned int th_seq; //32位序列号
unsigned int th_ack; //32位确认号
unsigned char th_lenres; //4位首部长度/6位保留字
unsigned char th_flag; //6位标志位
USHORT th_win; //16位窗口大小
USHORT th_sum; //16位校验和
USHORT th_urp; //16位紧急数据偏移量
}TCP_HEADER; //CheckSum:计算校验和的子函数 USHORT checksum(USHORT *buffer, int size) {
unsigned long cksum=0;
while(size >1) {
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size ) {
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
} char *get_proto_name( unsigned char proto )
{
BOOL bFound = FALSE ;
for( int i = 0 ; i < PROTO_NUM ; i++ )
{
if( aOfProto[i].proto == proto )
{
bFound = TRUE ;
break ;
}
}
if( bFound )
return aOfProto[i].pprototext ;
return aOfProto[PROTO_NUM].pprototext ;
}// SynFlood主函数 int main() {
int datasize,ErrorCode,counter,flag,FakeIpNet,FakeIpHost;
int TimeOut=200,SendSEQ=0;
char SendBuf[128]={0};
char RecvBuf[65535]={0};
WSADATA wsaData;
SOCKET SockRaw=(SOCKET)NULL;
struct sockaddr_in DestAddr;
IP_HEADER ip_header;
TCP_HEADER tcp_header;
//初始化SOCK_RAW
if((ErrorCode=WSAStartup(MAKEWORD(2,1),&wsaData))!=0){
fprintf(stderr,"WSAStartup failed: %d\n",ErrorCode);
ExitProcess(STATUS_FAILED);
}
printf("Start Listen!\n\n"); SockRaw=WSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED);
if (SockRaw==INVALID_SOCKET){
fprintf(stderr,"WSASocket() failed: %d\n",WSAGetLastError());
ExitProcess(STATUS_FAILED);
}
flag=TRUE;
//设置IP_HDRINCL以自己填充IP首部
ErrorCode=setsockopt(SockRaw,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(int));
if (ErrorCode==SOCKET_ERROR) printf("Set IP_HDRINCL Error!\n");
__try{
//设置发送超时
unsigned long dwBufferInLen=1;
unsigned long dwBufferLen=1;
unsigned long dwBytesReturned=1;
char buf [1000] , *bufwork ;
MSG msg ;
int iRet ;
DWORD dwErr ;
char *pSource , *pDest ;
_iphdr *pIpHeader ;
in_addr ina ;
char szSource [16] , szDest[16] , szErr [ 50 ];
char *pLastBuf = NULL ;
ErrorCode=setsockopt(SockRaw,SOL_SOCKET,SO_SNDTIMEO,(char*)&TimeOut,sizeof(TimeOut));
if(ErrorCode==SOCKET_ERROR){
fprintf(stderr,"Failed to set send TimeOut: %d\n",WSAGetLastError());
__leave;
}
memset(&DestAddr,0,sizeof(DestAddr));
DestAddr.sin_family=AF_INET;
DestAddr.sin_addr.s_addr=inet_addr("192.168.0.1");
if (bind(SockRaw,(PSOCKADDR)&DestAddr, sizeof(DestAddr)) == SOCKET_ERROR)
{
fprintf(stderr,"WSASocket() failed: %d\n",WSAGetLastError());
closesocket( SockRaw ) ;
return 0;
}
if(SOCKET_ERROR != WSAIoctl( SockRaw, SIO_RCVALL , &dwBufferInLen, sizeof(dwBufferInLen),
&dwBufferLen, sizeof(dwBufferLen),
&dwBytesReturned , NULL , NULL ))
{
//printf("Start Listen!\n\n");
while(1){
iRet = recv( SockRaw , buf , sizeof(buf) , 0 ) ;
if( iRet == SOCKET_ERROR )
{
fprintf(stderr,"WSASocket() failed: %d\n",WSAGetLastError());
continue ;
}else if( *buf ){
bufwork = buf ;
pIpHeader = ( _iphdr *)bufwork ;
WORD iLen = ntohs(pIpHeader->total_len) ;
//printf("%d.%d.%d.%d",*(c),*(c+1) %256,*(c+2) %256,*(c+3) %256);
ina.S_un.S_addr = pIpHeader->sourceIP ;
pSource = inet_ntoa( ina ) ;
strcpy( szSource , pSource ) ;
ina.S_un.S_addr = pIpHeader->destIP ;
pDest = inet_ntoa( ina ) ;
strcpy( szDest , pDest ) ;
//printf("[%s]%s:%d==>%s:%d < %d >\n\n", get_proto_name( pIpHeader->proto),szSource,szDest,pIpHeader->total_len);
printf("[%s]%20s==>%20s < %u >\n\n", get_proto_name( pIpHeader->proto),szSource,szDest,pIpHeader->total_len);
Sleep(50) ;
}
}
//填充IP首部
}
}//End of try
__finally {
if (SockRaw != INVALID_SOCKET) closesocket(SockRaw);
WSACleanup();
}
return 0;
}
1)它能够管理整个局域网硬件情况(cpu 、硬盘、内存、网卡);
2)能够监测你的机器是否有木马;
3)sniff功能(截获网楼全部的数据流以共分析)
4)可以管理某台机器是否被访问!
5)监控你自己的机器内存、cpu使用情况,如果达到极限,报警(要有音响)
6)统计网络数据流量
7)远程关机、重器、以及注销
8)如果远程机器的cpu的温度升高到警戒线,就主动(不用巡测了)传回主台,并报警。
9)对远程计算机进行对时,并召回远程计算机的系统时间!
10)在主台还可以对远程机器的cpu进行降温处理!
11)增加了对网内是否有sniff功能的软件的监测!
下再地址:http://www.zgtcc.com/upload/files/xinxi/F:XBakX20030305XNetAdminXNetAdminXLib.zip.zip