| #include
#include
#pragma comment(lib, "ws2_32.lib")
#define SIO_RCVALL _WSAIOW
(IOC_VENDOR,1)//0x80000000|0x18000000|0x00000001
struct _SYSTEMTIME currenttime;
//获取系统时间的线程,同时获取开机到现在时间的毫秒数,
//存放在2个全局变量中,供其他线程使用
DWORD WINAPI GetTime()
{
while(TRUE)
{GetLocalTime(¤ttime);
Sleep(1);
}
}
//******************************************************************
//使用原始套接字实现监听的线程
//******************************************************************
DWORD WINAPI Sniffer( void )
{WSADATA wsd;
if(WSAStartup(MAKEWORD(2, 2), &wsd) != 0)
{
MessageBox(NULL, "初始化winsock环境失败!", "PFW", 0);
return -1;
}
SOCKETSnifferSocket;
structsockaddr_in sa;
charsniffmem[50];
inti = 0;
DWORD flag = 0;
char MyIpFmr[] = "%d.%d.%d.%d";
char szHostName[128] = {';\0';};
struct hostent * host_entry;
char MyIp[25];
flag = SnifferSocket = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
if ( flag == INVALID_SOCKET )
{
MessageBox(NULL, "创建嗅探套接字失败", "PFW", 0);
return -1;
}
memset(&sa , 0 , sizeof (struct sockaddr_in) );
gethostname(szHostName, sizeof(szHostName));
host_entry = gethostbyname(szHostName);
if(host_entry != NULL)
strcpy(MyIp, inet_ntoa(*((struct in_addr *)host_entry-
>h_addr_list[0])));
else
{
MessageBox(NULL, "获取本机ip失败", "PFW", 0);
return -1;
}
sa.sin_addr.s_addr = inet_addr(MyIp);
sa.sin_family = AF_INET;
sa.sin_port = htons(7000);
flag = bind(SnifferSocket , (struct sockaddr *)&sa , sizeof(sa)
) ;
if( flag == SOCKET_ERROR )
{
MessageBox(NULL, "绑定ip错误!", "PFW", 0);
return -1;
}
DWORD outbuf[10];
DWORD contrlflag = 1 ;
DWORD dwBytesReturned = 0 ;
flag = WSAIoctl(
SnifferSocket,
SIO_RCVALL,
&contrlflag,
sizeof(contrlflag),
&outbuf,
sizeof( outbuf ),
&dwBytesReturned ,
NULL ,
NULL);
if( flag == SOCKET_ERROR )
{
MessageBox(NULL, "设置套接字错误!", "PFW", 0);
return -1;
}
char ProType[15];
char ProFmr[] = "%s(%d)";
char Pro0[] = "IP";
char Pro1[] = "ICMP";
char Pro2[] = "IGMP";
char Pro6[] = "TCP";
char Pro17[] = "UDP";
char Pro255[]= "RAW";
char TimeFmr[]="时间: %d:%d:%d\n";
char TimeOut[15];
char IpFmr[]= "%d.%d.%d.%d:%d";
char sourceip[25];
char destip[25];
char MyIpTemp[25];
unsigned short int sourceport=0;
unsigned short int destport=0;
int overflag = 0;
DWORD dwResult=0;
while(TRUE)
{
memset(sniffmem,0,50);
memset(ProType,0,15);
memset(sourceip,0,25);
memset(destip,0,25);
memset(MyIpTemp,0,25);
flag = recv( SnifferSocket , sniffmem , sizeof
(sniffmem) , 0 ) ;
wsprintf(TimeOut , TimeFmr , currenttime.wHour,
currenttime.wMinute ,
currenttime.wSecond);
wsprintf( MyIpTemp , MyIpFmr ,(unsigned char)sniffmem
[16], (unsigned char)sniffmem[17],
(unsigned char)sniffmem[18], (unsigned char)sniffmem[19]);
if(inet_addr(MyIpTemp) != inet_addr(MyIp) )
continue;
else
{
printf( "%s" , TimeOut);
sourceport = (unsigned char)sniffmem[20];
sourceport *= 0x100;
sourceport += (unsigned char)sniffmem[21];
destport = (unsigned char)sniffmem[22];
destport *= 0x100;
destport += (unsigned char)sniffmem[23];
wsprintf(sourceip,IpFmr,(unsigned char)
sniffmem[12] , (unsigned char)sniffmem[13],
(unsigned char)sniffmem[14],(unsigned char)sniffmem[15],
sourceport);
wsprintf(destip,IpFmr, (unsigned char)
sniffmem[12+4] , (unsigned char)sniffmem[13+4],
(unsigned char)sniffmem[14+4],(unsigned char)sniffmem[15+4],
destport);
printf("%s\t--->\t%s\n",sourceip,destip);
if(sniffmem[9] == 6)
wsprintf( ProType , ProFmr , Pro6 , 6 );
else if(sniffmem[9] == 17)
wsprintf( ProType , ProFmr , Pro17 , 17 );
else if(sniffmem[9] == 1)
wsprintf( ProType , ProFmr , Pro1 , 1 );
else if(sniffmem[9] == 0)
wsprintf( ProType , ProFmr , Pro0 , 0 );
else if(sniffmem[9] == 255)
wsprintf( ProType , ProFmr , Pro255 , 255 );
else if(sniffmem[9] == 2)
wsprintf( ProType , ProFmr , Pro2 , 2 );
else
wsprintf( ProType , ProFmr , "Unknown" ,
sniffmem[9] );
printf("协议类型: %s\n",ProType);
if( (unsigned char)sniffmem[33] == 18 )
printf( "一个SYN包!\n" );
}
}
closesocket(SnifferSocket);
return 0;
}
int main(void)
{
HANDLE ret = CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)
GetTime,NULL,0,NULL);
ret = CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)
Sniffer,NULL,0,NULL);
WaitForSingleObject(ret, INFINITE);
return 0;
} |
