Home > Others

Complete and simple sniffer code written by a VC

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Source: https://www.xfocus.net/bbs/index.php? Act = sT & F = 3 & t = 50463

The following complete and simple sniffer code is written using sock_raw. sp2 does not support raw

# Include <winsock2.h>
# Include <windows. h>
# Include <ws2tcpip. h>
# Include <stdio. h>
# Include <stdlib. h>

# Define max_hostname_lan 255
# Define sio_rcvall _ wsaiow (ioc_vendor, 1)
# Define max_addr_len 16

Typedef struct tcpheader {
Unsigned short int sport;
Unsigned short int dport;
Unsigned int th_seq;
Unsigned int th_ack;
Unsigned char th_x2: 4;
Unsigned char th_off: 4;
Unsigned char flags;
Unsigned short int th_win;
Unsigned short int th_sum;
Unsigned short int th_urp;
} Tcp_hdr;

Struct ipheader {
Unsigned char ip_hl: 4, ip_v: 4;/* This means that each member is 4 bits */
Unsigned char ip_tos;
Unsigned short int ip_len;
Unsigned short int ip_id;
Unsigned short int ip_off;
Unsigned char ip_ttl;
Unsigned char ip_p;
Unsigned short int ip_sum;
Unsigned int ip_src;
Unsigned int ip_dst;
};/* Total IP header length: 20 bytes (= 160 bits )*/

// Psuedo Header

Typedef struct ps_hdr
{
Unsigned int source_address; // source address => 4 bytes
Unsigned int dest_address; // Destination Address => 4 bytes
Unsigned char placeholder; // place holder => 1 bytes
Unsigned char protocol; // protocol => 1 bytes
Unsigned short tcp_length; // TCP length => + 2 bytes
// = 12 bytes
Struct tcpheader TCP;

} Ps_hdr;

Typedef struct udphdr {
Unsigned short sport;
Unsigned short dport;
Unsigned short Len;
Unsigned short cksum;
} Udp_hdr;

Void hexdump (char * pointer)
{
If (* (pointer)> 0 ))
Printf ("// X % 2.2i", * (pointer ));
Else
Printf ("// X % 2.2i", (* (pointer) * (-1) + 82 );
}

Void main ()
{
Socket sock;
Wsadata WSD;
Char recvbuf [65535] = {0 };
DWORD dwbytesret;
Int pcount = 0;
Unsigned int optval = 1; // the pointer, which shows us the payload begin
Unsigned char * datatcp = NULL; // the pointer, which shows us the payload begin
Unsigned char * dataudp = NULL;
Int lentcp = 0, lenudp;

Wsastartup (makeword (2, 1), & WSD );

If (sock = socket (af_inet, sock_raw, ipproto_ip) = socket_error)
{
Exit (1 );
}

Char far name [max_hostname_lan];
Gethostname (name, max_hostname_lan );

Struct hostent far * phostent;
Phostent = (struct hostent *) malloc (sizeof (struct hostent ));
Phostent = gethostbyname (name );

Sockaddr_in SA;
SA. sin_family = af_inet;
SA. sin_port = htons (6000 );

Memcpy (& SA. sin_addr.s_un.s_addr, phostent-> h_addr_list [0], phostent-> h_length );

BIND (sock, (sockaddr *) & SA, sizeof (SA ));
// If you don't have raw socket support (WIN 95/98/ME/win2kuser) It CILS the exit (1) Function
If (wsagetlasterror () = 10013)
Exit (1 );

Wsaioctl (sock, sio_rcvall, & optval, sizeof (optval), null, 0, & dwbytesret, null, null );

Struct udphdr * pudpheader;
Struct ipheader * pipheader;
Struct tcpheader * ptcpheader;
Char szsourceip [max_addr_len], szdestip [max_addr_len];
Sockaddr_in sasource, sadest;
Pipheader = (struct ipheader *) recvbuf;
Ptcpheader = (struct tcpheader *) (recvbuf + sizeof (struct ipheader ));
Pudpheader = (struct udphdr *) (recvbuf + sizeof (struct ipheader ));

While (1)
{

Memset (recvbuf, 0, sizeof (recvbuf ));
Recv (sock, recvbuf, sizeof (recvbuf), 0 );
Sasource. sin_addr.s_addr = pipheader-> ip_src;
Strncpy (szsourceip, inet_ntoa (sasource. sin_addr), max_addr_len );
// Check DEST IP
Sadest. sin_addr.s_addr = pipheader-> ip_dst;
Strncpy (szdestip, inet_ntoa (sadest. sin_addr), max_addr_len );

Lentcp = (ntohs (pipheader-> ip_len)-(sizeof (struct ipheader) + sizeof (struct tcpheader )));
Lenudp = (ntohs (pipheader-> ip_len)-(sizeof (struct ipheader) + sizeof (struct udphdr )));

If (pipheader-> ip_p) = ipproto_tcp & lentcp! = 0)
{

Printf ("************************************* * *****/N ");
Pcount ++;
Datatcp = (unsigned char *) recvbuf + sizeof (struct ipheader) + sizeof (struct tcpheader );
Printf ("-TCP-/N ");
Printf ("/ndestination address-> % s/n", szdestip );
Printf ("/ndestination port-> % I/N", ntohs (ptcpheader-> dport ));
Printf ("datatcp address-> % x/N", datatcp );
Printf ("size of ipheader-> % I/N", sizeof (struct ipheader ));
Printf ("size of tcpheader-> % I/N", sizeof (struct tcpheader ));
Printf ("size of the hole packet-> % I/N", ntohs (pipheader-> ip_len ));
Printf ("/nchar packet % I [] =/" ", pcount, lentcp );
For (INT I = 0; I <lentcp; I ++)
{
Printf ("// X %. 2x", * (datatcp + I); // hexdump (datatcp + I );
If (I % 10 = 0)
{
Printf ("/"");
Printf ("/n /"");
}

}
Printf ("/";/n ");
For (INT I2 = 0; I2 <lentcp; I2 ++)
{
If (* (datatcp + I2) <= 127 & * (datatcp + I2)> = 20)
Printf ("% C", * (datatcp + I2 ));
Else
Printf (".");
}
Printf ("/n ");
Printf ("************************************* * *****/N ");
}

If (pipheader-> ip_p) = ipproto_udp & lentcp! = 0)
{
Pcount ++;
Dataudp = (unsigned char *) recvbuf + sizeof (struct ipheader) + sizeof (struct udphdr );
Printf ("-UDP-/N ");
Printf ("/ndestination address-> % s/n", szdestip );
Printf ("/ndestination port-> % d/N", ntohs (ptcpheader-> dport ));
Printf ("dataudp address-> % x/N", dataudp );
Printf ("size of ipheader-> % I/N", sizeof (struct ipheader ));
Printf ("size of udpheader-> % I/N", sizeof (struct udphdr ));
Printf ("size of the hole packet-> % I/N", ntohs (pipheader-> ip_len ));
Printf ("/nchar packet % I [] =/" ", pcount, lenudp );
For (INT x = 0; x <lenudp; X ++)
{
Printf ("// X %. 2x", * (dataudp + x ));
If (X % 10 = 0)
{
Printf ("/"");
Printf ("/n /"");
}
}
Printf ("/";/n ");
For (INT X2 = 0; X2 <lenudp; x2 ++)
{
If (* (dataudp + x2) <= 127 & * (dataudp + x2)> = 20)
Printf ("% C", * (dataudp + x2 ));
Else
Printf (".");
}
Printf ("/n ");
Printf ("************************************* * *****/N ");
}
}

Download raw.zip

Use the "counterfeit data packet" method to disable all TCP connections. The Code rewritten with Winpcap is:

# Include <winsock2.h>
# Include <windows. h>
# Include <ws2tcpip. h>
# Include <stdio. h>
# Include <stdlib. h>
# Pragma comment (Lib, "ws2_32.lib ")
# Define max_hostname_lan 255
# Define sio_rcvall _ wsaiow (ioc_vendor, 1)
# Define max_addr_len 16
Struct ipheader {
Unsigned char ip_hl: 4, ip_v: 4;/* This means that each member is 4 bits */
Unsigned char ip_tos;
Unsigned short int ip_len;
Unsigned short int ip_id;
Unsigned short int ip_off;
Unsigned char ip_ttl;
Unsigned char ip_p;
Unsigned short int ip_sum;
Unsigned int ip_src;
Unsigned int ip_dst;
};/* Total IP header length: 20 bytes (= 160 bits )*/
Typedef struct tcpheader {
Unsigned short int sport;
Unsigned short int dport;
Unsigned int th_seq;
Unsigned int th_ack;
Unsigned char th_x: 4;
Unsigned char th_off: 4;
Unsigned char flags;
Unsigned short int th_win;
Unsigned short int th_sum;
Unsigned short int th_urp;
} Tcp_hdr;
Typedef struct udphdr {
Unsigned short sport;
Unsigned short dport;
Unsigned short Len;
Unsigned short cksum;
} Udp_hdr;
Void main ()
{
Socket sock;
Wsadata WSD;
DWORD dwbytesret;
Unsigned int optval = 1;
Unsigned char * dataudp, * datatcp;
Int I, pcount = 0, lentcp, lenudp;
Sockaddr_in SA, sasource, sadest;
Struct hostent far * phostent;
Char far name [max_hostname_lan];
Char szsourceip [max_addr_len], szdestip [max_addr_len], recvbuf [65535] = {0 };
Struct udphdr * pudpheader;
Struct ipheader * pipheader;
Struct tcpheader * ptcpheader;
Wsastartup (makeword (2, 1), & WSD );
If (sock = socket (af_inet, sock_raw, ipproto_ip) = socket_error) Exit (1 );
Gethostname (name, max_hostname_lan );
Phostent = gethostbyname (name );
SA. sin_family = af_inet;
SA. sin_port = htons (6000 );
Memcpy (& SA. sin_addr.s_un.s_addr, phostent-> h_addr_list [0], phostent-> h_length );
BIND (sock, (sockaddr *) & SA, sizeof (SA ));
If (wsagetlasterror () = 10013) Exit (1 );
Wsaioctl (sock, sio_rcvall, & optval, sizeof (optval), null, 0, & dwbytesret, null, null );
Pipheader = (struct ipheader *) recvbuf;
Ptcpheader = (struct tcpheader *) (recvbuf + sizeof (struct ipheader ));
Pudpheader = (struct udphdr *) (recvbuf + sizeof (struct ipheader ));
While (1)
{
Memset (recvbuf, 0, sizeof (recvbuf ));
Recv (sock, recvbuf, sizeof (recvbuf), 0 );
Sasource. sin_addr.s_addr = pipheader-> ip_src;
Strncpy (szsourceip, inet_ntoa (sasource. sin_addr), max_addr_len );
Sadest. sin_addr.s_addr = pipheader-> ip_dst;
Strncpy (szdestip, inet_ntoa (sadest. sin_addr), max_addr_len );
Lentcp = (ntohs (pipheader-> ip_len)-(sizeof (struct ipheader) + sizeof (struct tcpheader )));
Lenudp = (ntohs (pipheader-> ip_len)-(sizeof (struct ipheader) + sizeof (struct udphdr )));
If (pipheader-> ip_p) = ipproto_tcp & lentcp! = 0)
{
Printf ("************************************* * *****/N ");
Pcount ++;
Datatcp = (unsigned char *) recvbuf + sizeof (struct ipheader) + sizeof (struct tcpheader );
Printf ("-TCP-/N ");
Printf ("/ndestination address-> % s/n", szdestip );
Printf ("/ndestination port-> % I/N", ntohs (ptcpheader-> dport ));
Printf ("datatcp address-> % x/N", datatcp );
Printf ("size of ipheader-> % I/N", sizeof (struct ipheader ));
Printf ("size of tcpheader-> % I/N", sizeof (struct tcpheader ));
Printf ("size of the hole packet-> % I/N", ntohs (pipheader-> ip_len ));
Printf ("/nchar packet % I [% I] =/" ", pcount, lentcp-1 );
For (I = 0; I <lentcp; I ++)
{
Printf ("// X %. 2x", * (datatcp + I ));
If (I % 10 = 0) printf ("/"/n /"");
}
Printf ("/";/n ");
For (I = 0; I <lentcp; I ++)
{
If (* (datatcp + I) <= 127 & * (datatcp + I)> = 20) printf ("% C", * (datatcp + I ));
Else printf (".");
}
Printf ("/n ********************************* * *********/N ");
}
If (pipheader-> ip_p) = ipproto_udp & lentcp! = 0)
{
Pcount ++;
Dataudp = (unsigned char *) recvbuf + sizeof (struct ipheader) + sizeof (struct udphdr );
Printf ("-UDP-/N ");
Printf ("/ndestination address-> % s/n", szdestip );
Printf ("/ndestination port-> % d/N", ntohs (ptcpheader-> dport ));
Printf ("dataudp address-> % x/N", dataudp );
Printf ("size of ipheader-> % I/N", sizeof (struct ipheader ));
Printf ("size of udpheader-> % I/N", sizeof (struct udphdr ));
Printf ("size of the hole packet-> % I/N", ntohs (pipheader-> ip_len ));
Printf ("/nchar packet % I [% I] =/" ", pcount, lenudp-1 );
For (I = 0; I <lenudp; I ++)
{
Printf ("// X %. 2x", * (dataudp + I ));
If (I % 10 = 0) printf ("/"/n /"");
}
Printf ("/";/n ");
For (I = 0; I <lenudp; I ++)
{
If (* (dataudp + I) <= 127 & * (dataudp + I)> = 20) printf ("% C", * (dataudp + I ));
Else printf (".");
}
Printf ("/n ********************************* * *********/N ");
}
}
}

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More