gusucode.com > VC++ 截包源码-源码程序 > VC++ 截包源码-源码程序\code\GetMes.cpp
#define RCVALL_ON 1
#define MAX_ADDR_LEN 16 //点分十进制地址的最大长度
#define MAX_PROTO_TEXT_LEN 16 //子协议名称(如"TCP")最大长度
#define WINSOCK_VERSION MAKEWORD(2, 2)
#pragma comment(lib, "Ws2_32.lib")
#include <stdio.h>
#include <winsock2.h>
//#include<filename.h>
#include "mstcpip.h"
#include <conio.h>
// Download by http://www.NewXing.com
typedef struct iphdr //定义IP首部
{
unsigned char h_lenver; //4位首部长度+4位IP版本号
unsigned char tos; //8位服务类型TOS
unsigned short total_len; //16位总长度(字节)
unsigned short ident; //16位标识
unsigned short frag_and_flags; //3位标志位
unsigned char ttl; //8位生存时间 TTL
unsigned char proto; //8位协议 (TCP, UDP 或其他)
unsigned short checksum; //16位IP首部校验和
unsigned int sourceIP; //32位源IP地址
unsigned int destIP; //32位目的IP地址
}IPHeader;
typedef struct _tcphdr //定义TCP首部
{
USHORT th_sport; //16位源端口
USHORT th_dport; //16位目的端口
unsigned int th_seq; //32位序列号
unsigned int th_ack; //32位确认号
unsigned char th_lenres; //4位首部长度/6位保留字
unsigned char th_flag; //6位标志位
USHORT th_win; //16位窗口大小
USHORT th_sum; //16位校验和
USHORT th_urp; //16位紧急数据偏移量
}TCP_HEADER;
// Download by http://www.NewXing.com
typedef struct _udphdr //定义UDP首部
{
unsigned short uh_sport; //16位源端口
unsigned short uh_dport; //16位目的端口
unsigned short uh_len; //16位长度
unsigned short uh_sum; //16位校验和
}UDP_HEADER;
// Download by http://www.NewXing.com
typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号(一般用进程号作为识别号)
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER;
int iTTL,iLEN,iBYTES;
char szSourceIP[MAX_ADDR_LEN], szDestIP[MAX_ADDR_LEN];
int iSourcePort,iDestPort;
int fflag=0;//file flag
#define PACKAGE_SIZE sizeof(IPHeader)+1000
void HandleError(char *func);
//functions
int DecodeTcpPack(char *, int,FILE *); //TCP解包函数
int DecodeUdpPack(char *, int,FILE *); //UDP解包函数
int DecodeIcmpPack(char *, int,FILE *); //ICMP解包函数
//MAIN
int main(int argc, char *argv[])
{
sockaddr_in saSource,saDest;
WSAData wsaData;
char buf[PACKAGE_SIZE];
WSAStartup(WINSOCK_VERSION, &wsaData);
SOCKET sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
if(sock == SOCKET_ERROR)
{
HandleError("socket");
WSACleanup();
return -1;
}
//获取本机IP地址
struct sockaddr_in addr;
memset(&addr, 0, sizeof(addr));
//addr.sin_addr.S_un.S_addr = inet_addr("192.168.1.101");
char name[256];
PHOSTENT hostinfo;
if( gethostname ( name, sizeof(name)) == 0)
{
if((hostinfo = gethostbyname(name)) != NULL)
{
memcpy(&(addr.sin_addr.S_un.S_addr) , (struct in_addr *)*hostinfo->h_addr_list , sizeof((struct in_addr *)*hostinfo->h_addr_list ));
}
}
addr.sin_family = AF_INET;
if(bind(sock, (struct sockaddr*)&addr, sizeof(addr)) == SOCKET_ERROR)//bind
{
HandleError("bind");
}
//设置SOCK_RAW为SIO_RCVALL,以便接收所有的IP包
int on = RCVALL_ON;
DWORD num;
if(WSAIoctl(sock, SIO_RCVALL, &on, sizeof(on), NULL, 0, &num, NULL, NULL) == SOCKET_ERROR)
{
HandleError("wsaIoctl set");
}
struct sockaddr_in from;
int fromlen;
int size;
FILE *fp;
if((fp=fopen("log.txt","w+"))==NULL)
{
printf("open file errer,can't save list to file");
fflag=1;
}
//侦听IP报文
while(!kbhit())
{
memset(buf, 0, sizeof(num));
memset(&from, 0, sizeof(from));
fromlen = sizeof(from);
size=recvfrom(sock, buf, PACKAGE_SIZE, 0, (struct sockaddr*)&from, &fromlen);
if(size == SOCKET_ERROR)
{
if(WSAGetLastError() == WSAEMSGSIZE)
{
HandleError("recvfrom");
continue;
}
}
IPHeader *iph=(IPHeader *)buf;
/**/
//源地址
saSource.sin_addr.s_addr = iph->sourceIP;
strncpy(szSourceIP, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN);
//目的地址
saDest.sin_addr.s_addr = iph->destIP;
strncpy(szDestIP, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN);
iTTL = iph->ttl;
//计算IP首部的长度
int IpHeadLen = 4 * (iph->h_lenver & 0xf);
//根据协议类型分别调用相应的函数
switch(iph->proto)
{
case IPPROTO_ICMP:
DecodeIcmpPack(buf+IpHeadLen, size,fp);
break;
case IPPROTO_IGMP:
printf("IGMP ");
printf("%15s: ->%15s: ", szSourceIP, szDestIP);
printf("%d",size);
printf("%s\n", buf);
break;
case IPPROTO_TCP:
DecodeTcpPack((buf+IpHeadLen),size,fp);
break;
case IPPROTO_UDP:
DecodeUdpPack(buf+IpHeadLen, size,fp);
break;
default:
printf("unknown datagram from %s\n", inet_ntoa(from.sin_addr));
printf("%s\n", buf);
break;
}//end switch
// Sleep(200);
}//end while
fclose(fp);
closesocket(sock);
WSACleanup();
printf("Stopped!\n");
getch();
return 0;
}//end of main
//TCP解包程序
int DecodeTcpPack(char * TcpBuf, int iBufSize,FILE *fp)
{
unsigned char FlagMask;FlagMask = 1;
int i;
TCP_HEADER *tcph;
tcph = (TCP_HEADER*)TcpBuf;
//计算TCP首部长度
int TcpHeadLen = tcph->th_lenres>>4;
TcpHeadLen *= sizeof(unsigned long);
char *TcpData=TcpBuf+TcpHeadLen;
iSourcePort = ntohs(tcph->th_sport);
iDestPort = ntohs(tcph->th_dport);
//输出
printf("TCP ");
printf("%15s:%5d ->%15s:%5d ", szSourceIP, iSourcePort, szDestIP, iDestPort);
printf("TTL=%3d ", iTTL);
if(fflag==1)
//判断TCP标志位
for( i=0; i<6; i++ )
{
if((tcph->th_flag) & FlagMask)
printf("1");
else printf("0");
FlagMask=FlagMask<<1;
}
printf(" bytes=%4d", iBufSize);
printf("\n");
if(fflag=1)//写入文件
fprintf(fp,"TCP %15s:%5d ->%15s:%5d TTL=%3d ------ bytes=%4d\n"
,szSourceIP, iSourcePort, szDestIP, iDestPort, iTTL,iBufSize);
return 0;
}
//UDP解包程序
int DecodeUdpPack(char * UdpBuf, int iBufSize,FILE *fp)
{
UDP_HEADER *udph;
udph = (UDP_HEADER*)UdpBuf;
iSourcePort = ntohs(udph->uh_sport);
iDestPort = ntohs(udph->uh_dport);
//输出
printf("UDP ");
printf("%15s:%5d ->%15s:%5d ", szSourceIP, iSourcePort, szDestIP, iDestPort);
printf("TTL=%3d ", iTTL);
printf("Len=%4d ", ntohs(udph->uh_len));
printf("bytes=%4d", iBufSize);
printf("\n");
if(fflag=1)//写入文件
fprintf(fp,"UDP %15s:%5d ->%15s:%5d TTL=%3d Len=%4d bytes=%4d\n"
,szSourceIP, iSourcePort, szDestIP, iDestPort, iTTL, ntohs(udph->uh_len), iBufSize);
return 0;
}
//ICMP解包程序
int DecodeIcmpPack(char * IcmpBuf, int iBufSize,FILE *fp)
{
ICMP_HEADER * icmph;
icmph = (ICMP_HEADER * )IcmpBuf;
int iIcmpType = icmph->i_type;
int iIcmpCode = icmph->i_code;
//输出
printf("ICMP ");
printf("%15s ->%15s ", szSourceIP, szDestIP);
printf("TTL=%3d ", iTTL);
printf("Type%2d,%d ",iIcmpType,iIcmpCode);
printf("bytes=%4d", iBufSize);
printf("\n");
if(fflag=1)//写入文件
fprintf(fp,"ICMP %15s ->%15s TTL=%3d Type%2d,%d bytes=%4d"
, szSourceIP, szDestIP, iTTL,iIcmpType,iIcmpCode, iBufSize);
return 0;
}
void HandleError(char *func)
{
char info[65]= {0};
_snprintf(info, 64, "%s: %d\n", func, WSAGetLastError());
printf(info);
}