VC ++ implements network sniffing

# Include <stdio. h>
# Include <winsock2.h>
# Include <ws2tcpip. h>

# Pragma comment (Lib, "ws2_32.lib ")

# Define sio_rcvall _ wsaiow (ioc_vendor, 1)

Struct iphead
{
Unsigned char h_len: 4; // 4-bit Header Length + 4-bit IP version number
Unsigned char Ver: 4;
Unsigned char TOS; // an 8-bit service type TOS
Unsigned short total_len; // The total length of 16 bits (in bytes)
Unsigned short ident; // 16-bit ID
Unsigned short frag_and_flags; // 3-Bit Flag
Unsigned char TTL; // 8-bit TTL
Unsigned char proto; // 8-bit protocol (TCP, UDP, or other)
Unsigned short checksum; // 16-bit IP header checksum
Unsigned int sourceip; // 32-bit source IP address
Unsigned int destip; // 32-bit destination IP address
};

Struct tcphead // define the TCP Header
{
Ushort th_sport; // 16-bit Source Port
Ushort th_dport; // 16-bit destination port
Unsigned int th_seq; // 32-bit serial number
Unsigned int th_ack; // 32-bit confirmation number
Unsigned char th_lenres; // 4-bit header length/6-bit reserved words
Unsigned char th_flag; // 6-digit flag
Ushort th_win; // 16-bit window size
Ushort th_sum; // 16-bit checksum
Ushort th_urp; // 16-bit emergency data offset
};

Char * phostlist [10]; // lists the host Nic arrays.

DWORD _ stdcall listen (void * P)
{
Socket S;
Struct sockaddr_in ADDR;
Int itimeout = 1000;
Int ret;
Char cbuf [1500]; // receives data buffer
Struct iphead * piphd; // defines the IP header structure.
Struct tcphead * ptcphd; // defines the TCP Header Structure
 
S = socket (af_inet, sock_raw, ipproto_raw); // create an original socket
Setsockopt (S, sol_socket, so_rcvtimeo, (char *) & itimeout, sizeof (itimeout ));

memset (& ADDR, 0, sizeof (ADDR);
ADDR. sin_family = af_inet;
ADDR. sin_addr.s_un.s_addr = inet_addr (char *) P);
ADDR. sin_port = htons (6000); // set the local port number
BIND (S, (struct sockaddr *) & ADDR, sizeof (ADDR )); // bind the port
// set sock_raw to sio_rcvall to receive all IP packets
DWORD dwin = 1;
DWORD dwout [10];
DWORD dwret;
wsaioctl (S, sio_rcvall, & dwin, sizeof (dwin), & dwout, sizeof (dwout), & dwret, null, null );

For (;;)
{
Ret = Recv (S, cbuf, sizeof (cbuf), 0); // receives data
If (ret = socket_error)
{
If (wsagetlasterror () = wsaetimedout) continue;
Closesocket (s );
Return 0;
}

Piphd = (struct iphead *) cbuf; // address for retrieving IP header data
Int iiphlen = sizeof (unsigned long) * (piphd-> h_len & 0xf );
Ptcphd = (struct tcphead *) (cbuf + iiphlen); // get the address of the TCP header data

Printf ("from: % S/T port % d/T", inet_ntoa (* (struct in_addr *) & piphd-> sourceip), ntohs (ptcphd-> th_sport ));
Printf ("to: % S/T port % d", inet_ntoa (* (struct in_addr *) & piphd-> destip), ntohs (ptcphd-> th_dport ));

Switch (piphd-> PROTO) // determine the packet protocol type based on the protocol of the IP Header
{
Case 1:
Printf ("ICMP/N ");
Break;
Case 2:
Printf ("IGMP/N ");
Break;
Case 6:
Printf ("TCP/N ");
Break;
Case 17:
Printf ("UDP/N ");
Break;
Default:
Printf ("unknow: % d/N", piphd-> PROTO );
}
}

Return 1;
}

Void main ()
{
// Initialize sock
Wsadata WSA;
Int I = 0;
DWORD dwtid;
Char chname [128];
Hostent * Host;

Wsastartup (makeword (2, 1), & WSA );
Gethostname (chname, sizeof (chname ));
Host = gethostbyname (chname );
While (host-> h_addr_list [I]! = NULL) // obtain the serial numbers of all NICs to enable a listening thread for each Nic
{
Phostlist [I] = (char *) malloc (16 );
Sprintf (phostlist [I], "% s", inet_ntoa (* (struct in_addr *) Host-> h_addr_list [I]);
Printf ("bind to % s/n", phostlist [I]);
Createthread (null, 0, listen, phostlist [I], 0, & dwtid );
I ++;
}

For (;) // create a listening thread for each Nic and use a loop to prevent the main thread from exiting
{
Sleep (10 );
}
}