在windows2000下,怎么监听所有到本地的TCP包? 用SOCK_RAW IPPROTO_IP得到的是所有IP包,如果自己整理出TCP包太费事,想直接用IPPORTO_TCP监听所有TCP包,该如何实现呢?哪位大侠能不能把关键代码写一下啊。 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 http://vip.6to23.com/NowCan1/code/guniffer.zip 用Winpcap行不行?或是用原始套接字监听所有IP包,自己写解包代码 对哦,在程序中间根据IP包中间的协议类型,获取其中的tcp的 在linux下利用linux的log作过这些东西,在win2000下就没有了 csdn的“软件 ”栏目中的C/C++源码中有这方面的源码,但不适合于win98 raw socket 98用不了,使用SPI,抓上层的包足够了 int main(int argc, char ** argv){ SOCKET s; struct sockaddr_in addr; char msg[MAX_MSG_LENGTH]; UINT bRcvAll; UINT length; WSADATA wsd; WSABUF wsbuf; DWORD dwNumSend, dwFlags; long srcipaddr = 0; long destipaddr = 0; int nRecvlen; int timestamp; if (WSAStartup(MAKEWORD(2, 2), &wsd) != 0) { printf("WSAStartup() failed!\n"); return -1; } bRcvAll = TRUE; addr.sin_addr.S_un.S_addr = inet_addr("192.168.0.106");// addr.sin_port = htons(80); addr.sin_family = AF_INET; s = socket(AF_INET, SOCK_RAW, IPPROTO_IP); if (s == INVALID_SOCKET) { printf("socket() failed; %d\n", WSAGetLastError()); return -1; } if (bind(s, (LPSOCKADDR)(&addr), sizeof(addr)) == SOCKET_ERROR) { printf("bind() failed; %d\n", WSAGetLastError()); return -1; } //Enables a socket to receive all IP packets on the network, //Once the socket is bound and the ioctl set, calls to the //WSARecv or recv functions return IP datagrams passing through the given interface. if (WSAIoctl(s, SIO_RCVALL, &bRcvAll, sizeof(bRcvAll), NULL, 0, &length, NULL, NULL) == SOCKET_ERROR) { printf("WSAIoctl() failed; %d\n", WSAGetLastError()); return -1; } dwFlags = 0; wsbuf.buf = msg; wsbuf.len = MAX_MSG_LENGTH; srcipaddr = inet_addr("192.168.0.106"); destipaddr = inet_addr("192.168.0.1"); timestamp = atoi("80") * 10; srcipaddr = htonl(srcipaddr); destipaddr = htonl(destipaddr); while (1) { if (timestamp != 0) Sleep(timestamp); nRecvlen = WSARecv(s, &wsbuf, 1, &dwNumSend, &dwFlags, NULL, NULL); if (nRecvlen != SOCKET_ERROR) { DecodeIPHeader(&wsbuf, srcipaddr, 0, destipaddr, 0); } } if (closesocket(s) == SOCKET_ERROR) { printf("closesocket() failed; %d\n", WSAGetLastError()); } if (WSACleanup() == SOCKET_ERROR) { printf("WSACleanup() failed; %d\n", WSAGetLastError()); return -1; }}int DecodeIPHeader(WSABUF *wsabuf, unsigned int srcip, unsigned short srcport, unsigned int destip, unsigned short destport){ BYTE *hdr = (BYTE *)wsabuf->buf, *nexthdr = NULL; unsigned short shortval; SOCKADDR_IN srcaddr, destaddr; unsigned short ip_version, ip_hdr_len, ip_tos, ip_total_len, ip_id, ip_flags, ip_ttl, ip_frag_offset, ip_proto, ip_hdr_chksum, ip_src_port, ip_dest_port; unsigned int ip_src, ip_dest; BOOL bPrint = TRUE; ip_version = HI_WORD(*hdr); ip_hdr_len = LO_WORD(*hdr) * 4; nexthdr = (BYTE *)(wsabuf->buf + ip_hdr_len); hdr++; ip_tos = *hdr; hdr++; memcpy(&shortval, hdr, 2); ip_total_len = ntohs(shortval); hdr += 2; memcpy(&shortval, hdr, 2); ip_id = ntohs(shortval); hdr += 2; ip_flags = ((*hdr) >> 5); memcpy(&shortval, hdr, 2); ip_frag_offset = ((ntohs(shortval)) & 0x1FFF); hdr+=2; ip_ttl = *hdr; hdr++; ip_proto = *hdr; hdr++; memcpy(&shortval, hdr, 2); ip_hdr_chksum = ntohs(shortval); hdr += 2; memcpy(&srcaddr.sin_addr.s_addr, hdr, 4); ip_src = ntohl(srcaddr.sin_addr.s_addr); hdr += 4; memcpy(&destaddr.sin_addr.s_addr, hdr, 4); ip_dest = ntohl(destaddr.sin_addr.s_addr); hdr += 4; // // If packet is UDP, TCP, or IGMP read ahead and // get the port values. // if (((ip_proto == 2) || (ip_proto == 6) || (ip_proto == 17))) { memcpy(&ip_src_port, nexthdr, 2); ip_src_port = ntohs(ip_src_port); memcpy(&ip_dest_port, nexthdr+2, 2); ip_dest_port = ntohs(ip_dest_port);// if ((srcip == ip_src) ||// (srcport == ip_src_port) ||// (destip == ip_dest) ||// (destport == ip_dest_port))// {// bPrint = TRUE;// }// else// {// bPrint = FALSE;// } } if (srcip == ip_src || destip == ip_dest || srcip == 0 || destip == 0) { bPrint = TRUE; } else { bPrint = FALSE; } // Print IP Hdr // if (bPrint) { printf("IP HEADER\n"); printf(" IP Version: %-10d | IP Header Len: %2d bytes | IP TOS: %X%X (hex)\n", ip_version, ip_hdr_len, HI_WORD(ip_tos), LO_WORD(ip_tos)); printf(" IP Total Len: %-05d bytes | Identification: 0x%08X | IP Flags: %X (hex)\n", ip_total_len, ip_id, ip_flags); printf(" Frag Offset: 0x%08X | TTL: %-10d | Protocol: %-10s \n", ip_frag_offset, ip_ttl, szProto[ip_proto]); printf(" Hdr Checksum: 0x%08X\n", ip_hdr_chksum); printf(" Src Addr: %-15s\n", inet_ntoa(srcaddr.sin_addr)); printf(" Dest Addr: %-15s\n", inet_ntoa(destaddr.sin_addr)); } else return ip_hdr_len; if (!bPrint) return ip_hdr_len; switch (ip_proto) { case 2: // IGMP DecodeIGMPHeader(wsabuf, ip_hdr_len); break; case 6: // TCP DecodeTCPHeader(wsabuf, ip_hdr_len); break; case 17: // UDP DecodeUDPHeader(wsabuf, ip_hdr_len); break; default: printf(" No decoder installed for protocol\n"); break; } printf("\n"); return ip_hdr_len;} http://www.csdn.net/Develop/article/15/15919.shtm如果需要更详细的代码也可以提供 NowCan: 最近捡到一本《防火墙与网络封包截获技术》,正在研究中。Xfilter1.0就是用SPI做的。 kingzai() :书好像附带有光盘?方便不方便把光盘里的代码提供一下看看:) http://www.csdn.net/Develop/article/15/15919.shtm 就用RAW_SOCKET,然后分析HEADER, 是TCP的才拿出来(还可以按目的地址或原地址分类).我就是这么做的,用来监视和PROXY的通信. snsins: 完全可以,正想和老兄讨教几招那,你的E-MAIL告诉我,我发给你 kingzai() :不敢:)[email protected] vc6.0获得web数据问题 为什么COM的书这么少了? 关于ping 的问题(网络高手请进) 在学windows SDK.用什么编译工具 关于线程的问题求解,在不同的线程类中访问同一变量 vc++6 中,Release 下编译器优化选项问题: inside ATL 源代码?? 回车!!!快答快有分!!! MFC是开源的吗? 关于OpenCV中ProjectPoint2()的问题 Palm 编程 与 如何实现多任务或者多线程,(up有分) 关于 DataTimePicker ,请指教。
或是用原始套接字监听所有IP包,自己写解包代码
{
SOCKET s;
struct sockaddr_in addr;
char msg[MAX_MSG_LENGTH];
UINT bRcvAll;
UINT length;
WSADATA wsd;
WSABUF wsbuf;
DWORD dwNumSend,
dwFlags;
long srcipaddr = 0;
long destipaddr = 0;
int nRecvlen;
int timestamp;
if (WSAStartup(MAKEWORD(2, 2), &wsd) != 0)
{
printf("WSAStartup() failed!\n");
return -1;
}
bRcvAll = TRUE;
addr.sin_addr.S_un.S_addr = inet_addr("192.168.0.106");//
addr.sin_port = htons(80);
addr.sin_family = AF_INET;
s = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
if (s == INVALID_SOCKET)
{
printf("socket() failed; %d\n", WSAGetLastError());
return -1;
}
if (bind(s, (LPSOCKADDR)(&addr), sizeof(addr)) == SOCKET_ERROR)
{
printf("bind() failed; %d\n", WSAGetLastError());
return -1;
} //Enables a socket to receive all IP packets on the network,
//Once the socket is bound and the ioctl set, calls to the
//WSARecv or recv functions return IP datagrams passing through the given interface. if (WSAIoctl(s, SIO_RCVALL, &bRcvAll, sizeof(bRcvAll), NULL, 0,
&length, NULL, NULL) == SOCKET_ERROR)
{
printf("WSAIoctl() failed; %d\n", WSAGetLastError());
return -1;
}
dwFlags = 0;
wsbuf.buf = msg;
wsbuf.len = MAX_MSG_LENGTH; srcipaddr = inet_addr("192.168.0.106"); destipaddr = inet_addr("192.168.0.1"); timestamp = atoi("80") * 10;
srcipaddr = htonl(srcipaddr);
destipaddr = htonl(destipaddr); while (1)
{
if (timestamp != 0)
Sleep(timestamp);
nRecvlen = WSARecv(s, &wsbuf, 1, &dwNumSend, &dwFlags, NULL, NULL);
if (nRecvlen != SOCKET_ERROR)
{
DecodeIPHeader(&wsbuf, srcipaddr, 0, destipaddr, 0); } }
if (closesocket(s) == SOCKET_ERROR)
{
printf("closesocket() failed; %d\n", WSAGetLastError());
}
if (WSACleanup() == SOCKET_ERROR)
{
printf("WSACleanup() failed; %d\n", WSAGetLastError());
return -1;
}
}
int DecodeIPHeader(WSABUF *wsabuf, unsigned int srcip, unsigned short srcport,
unsigned int destip, unsigned short destport)
{
BYTE *hdr = (BYTE *)wsabuf->buf,
*nexthdr = NULL;
unsigned short shortval;
SOCKADDR_IN srcaddr,
destaddr;
unsigned short ip_version,
ip_hdr_len,
ip_tos,
ip_total_len,
ip_id,
ip_flags,
ip_ttl,
ip_frag_offset,
ip_proto,
ip_hdr_chksum,
ip_src_port,
ip_dest_port;
unsigned int ip_src,
ip_dest;
BOOL bPrint = TRUE;
ip_version = HI_WORD(*hdr);
ip_hdr_len = LO_WORD(*hdr) * 4;
nexthdr = (BYTE *)(wsabuf->buf + ip_hdr_len);
hdr++; ip_tos = *hdr;
hdr++; memcpy(&shortval, hdr, 2);
ip_total_len = ntohs(shortval);
hdr += 2; memcpy(&shortval, hdr, 2);
ip_id = ntohs(shortval);
hdr += 2; ip_flags = ((*hdr) >> 5); memcpy(&shortval, hdr, 2);
ip_frag_offset = ((ntohs(shortval)) & 0x1FFF);
hdr+=2; ip_ttl = *hdr;
hdr++; ip_proto = *hdr;
hdr++; memcpy(&shortval, hdr, 2);
ip_hdr_chksum = ntohs(shortval);
hdr += 2; memcpy(&srcaddr.sin_addr.s_addr, hdr, 4);
ip_src = ntohl(srcaddr.sin_addr.s_addr);
hdr += 4; memcpy(&destaddr.sin_addr.s_addr, hdr, 4);
ip_dest = ntohl(destaddr.sin_addr.s_addr);
hdr += 4;
//
// If packet is UDP, TCP, or IGMP read ahead and
// get the port values.
//
if (((ip_proto == 2) ||
(ip_proto == 6) ||
(ip_proto == 17)))
{
memcpy(&ip_src_port, nexthdr, 2);
ip_src_port = ntohs(ip_src_port);
memcpy(&ip_dest_port, nexthdr+2, 2);
ip_dest_port = ntohs(ip_dest_port);// if ((srcip == ip_src) ||
// (srcport == ip_src_port) ||
// (destip == ip_dest) ||
// (destport == ip_dest_port))
// {
// bPrint = TRUE;
// }
// else
// {
// bPrint = FALSE;
// }
}
if (srcip == ip_src || destip == ip_dest || srcip == 0 || destip == 0)
{
bPrint = TRUE;
}
else
{
bPrint = FALSE;
} // Print IP Hdr
//
if (bPrint)
{
printf("IP HEADER\n");
printf(" IP Version: %-10d | IP Header Len: %2d bytes | IP TOS: %X%X (hex)\n",
ip_version, ip_hdr_len, HI_WORD(ip_tos), LO_WORD(ip_tos));
printf(" IP Total Len: %-05d bytes | Identification: 0x%08X | IP Flags: %X (hex)\n",
ip_total_len, ip_id, ip_flags);
printf(" Frag Offset: 0x%08X | TTL: %-10d | Protocol: %-10s \n",
ip_frag_offset, ip_ttl, szProto[ip_proto]);
printf(" Hdr Checksum: 0x%08X\n", ip_hdr_chksum);
printf(" Src Addr: %-15s\n", inet_ntoa(srcaddr.sin_addr));
printf(" Dest Addr: %-15s\n", inet_ntoa(destaddr.sin_addr));
}
else
return ip_hdr_len; if (!bPrint)
return ip_hdr_len; switch (ip_proto)
{
case 2: // IGMP
DecodeIGMPHeader(wsabuf, ip_hdr_len);
break;
case 6: // TCP
DecodeTCPHeader(wsabuf, ip_hdr_len);
break;
case 17: // UDP
DecodeUDPHeader(wsabuf, ip_hdr_len);
break;
default:
printf(" No decoder installed for protocol\n");
break;
}
printf("\n"); return ip_hdr_len;
}
最近捡到一本《防火墙与网络封包截获技术》,正在研究中。Xfilter1.0就是用SPI做的。
书好像附带有光盘?
方便不方便把光盘里的代码提供一下看看:)
完全可以,正想和老兄讨教几招那,你的E-MAIL告诉我,我发给你
不敢:)
[email protected]