init

init

PacketStruct.h

@@ -0,0 +1,100 @@
+#ifndef _PACKETSTRUCT_H
+#define _PACKETSTRUCT_H
+
+
+#pragma pack(1)
+
+
+/*以太网帧头格式结构体 14个字节*/
+typedef struct ether_header
+{
+	unsigned char ether_dhost[6];// 目的MAC地址
+	unsigned char ether_shost[6];// 源MAC地址
+	unsigned short ether_type;// eh_type的值需要考察上一层的协议，如果为ip则为0×0800
+}ETHERHEADER, *PETHERHEADER;
+
+/*以ARP字段结构体 28个字节*/
+typedef struct arp_header
+{
+	unsigned short arp_hrd;
+	unsigned short arp_pro;
+	unsigned char arp_hln;
+	unsigned char arp_pln;
+	unsigned short arp_op;
+	unsigned char arp_sourha[6];
+	unsigned long arp_sourpa;
+	unsigned char arp_destha[6];
+	unsigned long arp_destpa;
+}ARPHEADER, *PARPHEADER;
+
+/*ARP报文结构体 42个字节*/
+typedef struct arp_packet
+{
+	ETHERHEADER etherHeader;
+	ARPHEADER   arpHeader;
+}ARPPACKET, *PARPPACKET;
+
+
+// ipv4_pro字段：
+#define PROTOCOL_ICMP   0x01
+#define PROTOCOL_IGMP   0x02
+#define PROTOCOL_TCP    0x06
+#define PROTOCOL_UDP    0x11
+
+/*IPv4报头结构体 20个字节*/
+typedef struct ipv4_header
+{
+	unsigned char ipv4_ver_hl;// Version(4 bits) + Internet Header Length(4 bits)长度按4字节对齐
+	unsigned char ipv4_stype; // 服务类型
+	unsigned short ipv4_plen;// 总长度（包含IP数据头，TCP数据头以及数据）
+	unsigned short ipv4_pidentify;// ID定义单独IP
+	unsigned short ipv4_flag_offset;// 标志位偏移量
+	unsigned char ipv4_ttl; // 生存时间
+	unsigned char ipv4_pro;// 协议类型
+	unsigned short ipv4_crc;// 校验和
+	unsigned long  ipv4_sourpa;// 源IP地址
+	unsigned long  ipv4_destpa;// 目的IP地址
+}IPV4HEADER, *PIPV4HEADER;
+
+
+/*IPv6报头结构体 40个字节*/
+typedef struct ipv6_header
+{
+	unsigned char ipv6_ver_hl;
+	unsigned char ipv6_priority;
+	unsigned short ipv6_lable;
+	unsigned short ipv6_plen;
+	unsigned char  ipv6_nextheader;
+	unsigned char  ipv6_limits;
+	unsigned char ipv6_sourpa[16];
+	unsigned char ipv6_destpa[16];
+}IPV6HEADER, *PIPV6HEADER;
+
+/*TCP报头结构体 20个字节*/
+typedef struct tcp_header
+{
+	unsigned short tcp_sourport;//源端口
+	unsigned short tcp_destport;//目的端口
+	unsigned long  tcp_seqnu;//序列号
+	unsigned long  tcp_acknu;//确认号
+	unsigned char  tcp_hlen; //4位首部长度
+	unsigned char  tcp_reserved;//标志位
+	unsigned short tcp_window;//窗口大小
+	unsigned short tcp_chksum;//检验和
+	unsigned short tcp_urgpoint;//紧急指针
+}TCPHEADER, *PTCPHEADER;
+
+/*UDP报头结构体 8个字节*/
+typedef struct udp_header
+{
+	unsigned short udp_sourport;// 源端口 
+	unsigned short udp_destport;// 目的端口
+	unsigned short udp_hlen;// 长度
+	unsigned short udp_crc;// 校验和
+}UDPHEADER, *PUDPHEADER;
+
+
+#pragma pack()
+
+
+#endif

RawSocket.sln

@@ -0,0 +1,22 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.40629.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "RawSocket", "RawSocket.vcxproj", "{28B55222-A3F0-4832-BD05-A8D482CF9EBD}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{28B55222-A3F0-4832-BD05-A8D482CF9EBD}.Debug|Win32.ActiveCfg = Debug|Win32
+		{28B55222-A3F0-4832-BD05-A8D482CF9EBD}.Debug|Win32.Build.0 = Debug|Win32
+		{28B55222-A3F0-4832-BD05-A8D482CF9EBD}.Release|Win32.ActiveCfg = Release|Win32
+		{28B55222-A3F0-4832-BD05-A8D482CF9EBD}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

RawSocket.vcxproj

@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{28B55222-A3F0-4832-BD05-A8D482CF9EBD}</ProjectGuid>
+    <RootNamespace>RawSocket</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v120_xp</PlatformToolset>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v120_xp</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup />
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_WINSOCK_DEPRECATED_NO_WARNINGS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="main.cpp" />
+    <ClCompile Include="rawsocket.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="PacketStruct.h" />
+    <ClInclude Include="rawsocket.h" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

RawSocket.vcxproj.filters

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="源文件">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="头文件">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="资源文件">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="rawsocket.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+    <ClCompile Include="main.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="rawsocket.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+    <ClInclude Include="PacketStruct.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+  </ItemGroup>
+</Project>

RecvInfo.txt

@@ -0,0 +1,89 @@
+[RECV] 132bytes
+45 00 00 84 07 D4 00 00    40 11 00 00 7F 00 00 01    
+7F 00 00 01 30 39 0D 05    00 70 CD E5 31 31 31 31    
+31 31 31 31 31 31 31 31    31 31 31 31 31 31 00 00    
+02 00 00 00 00 00 00 00    00 00 00 00 4C FC 18 00    
+00 00 00 00 90 FE 18 00    A2 75 3C 76 00 00 00 00    
+00 00 00 00 70 0A 00 00    FF FF FF FF 63 6F 41 00    
+02 00 00 00 70 E0 42 00    AE 75 3C 76 00 00 00 00    
+00 00 00 00 54 0A 42 76    01 00 00 00 00 7F 00 00    
+00 00 00 00 
+[UDP]
+Protocol:UDP  From:192.168.189.132:137 -->To:192.168.189.2:137
+82 aa 40 00 00 01 00 00   00 00 00 01 20 46 48 45   
+4a 45 4f 43 4e 44 4a 46   47 46 42 45 43 45 4a 44   
+42 46 41 45 4f 45 47 44   4a 45 45 43 41 00 00 20   
+00 01 c0 0c 00 20 00 01   00 04 93 e0 00 06 60 00   
+c0 a8 bd 84 
+[UDP]
+Protocol:UDP  From:192.168.189.1:137 -->To:192.168.189.255:137
+85 94 01 10 00 01 00 00   00 00 00 00 20 46 45 45   
+44 45 50 45 4f 45 47 44   43 43 4f 45 47 43 4f 44   
+44 44 47 44 41 43 4f 45   44 45 4f 41 41 00 00 20   
+00 01 
+[UDP]
+Protocol:UDP  From:192.168.189.1:137 -->To:192.168.189.255:137
+85 94 01 10 00 01 00 00   00 00 00 00 20 46 45 45   
+44 45 50 45 4f 45 47 44   43 43 4f 45 47 43 4f 44   
+44 44 47 44 41 43 4f 45   44 45 4f 41 41 00 00 20   
+00 01 
+[UDP]
+Protocol:UDP  From:192.168.189.1:137 -->To:192.168.189.255:137
+85 97 01 10 00 01 00 00   00 00 00 00 20 46 45 45   
+44 45 50 45 4f 45 47 44   43 43 4f 45 47 43 4f 44   
+44 44 47 44 41 43 4f 45   44 45 4f 41 41 00 00 20   
+00 01 
+[UDP]
+Protocol:UDP  From:192.168.189.1:137 -->To:192.168.189.255:137
+85 97 01 10 00 01 00 00   00 00 00 00 20 46 45 45   
+44 45 50 45 4f 45 47 44   43 43 4f 45 47 43 4f 44   
+44 44 47 44 41 43 4f 45   44 45 4f 41 41 00 00 20   
+00 01 
+[UDP]
+Protocol:UDP  From:192.168.189.1:137 -->To:192.168.189.255:137
+85 94 01 10 00 01 00 00   00 00 00 00 20 46 45 45   
+44 45 50 45 4f 45 47 44   43 43 4f 45 47 43 4f 44   
+44 44 47 44 41 43 4f 45   44 45 4f 41 41 00 00 20   
+00 01 
+[UDP]
+Protocol:UDP  From:192.168.189.1:137 -->To:192.168.189.255:137
+85 94 01 10 00 01 00 00   00 00 00 00 20 46 45 45   
+44 45 50 45 4f 45 47 44   43 43 4f 45 47 43 4f 44   
+44 44 47 44 41 43 4f 45   44 45 4f 41 41 00 00 20   
+00 01 
+[UDP]
+Protocol:UDP  From:192.168.189.1:137 -->To:192.168.189.255:137
+85 97 01 10 00 01 00 00   00 00 00 00 20 46 45 45   
+44 45 50 45 4f 45 47 44   43 43 4f 45 47 43 4f 44   
+44 44 47 44 41 43 4f 45   44 45 4f 41 41 00 00 20   
+00 01 
+[UDP]
+Protocol:UDP  From:192.168.189.1:137 -->To:192.168.189.255:137
+85 97 01 10 00 01 00 00   00 00 00 00 20 46 45 45   
+44 45 50 45 4f 45 47 44   43 43 4f 45 47 43 4f 44   
+44 44 47 44 41 43 4f 45   44 45 4f 41 41 00 00 20   
+00 01 
+[UDP]
+Protocol:UDP  From:192.168.189.1:137 -->To:192.168.189.255:137
+85 94 01 10 00 01 00 00   00 00 00 00 20 46 45 45   
+44 45 50 45 4f 45 47 44   43 43 4f 45 47 43 4f 44   
+44 44 47 44 41 43 4f 45   44 45 4f 41 41 00 00 20   
+00 01 
+[UDP]
+Protocol:UDP  From:192.168.189.1:137 -->To:192.168.189.255:137
+85 94 01 10 00 01 00 00   00 00 00 00 20 46 45 45   
+44 45 50 45 4f 45 47 44   43 43 4f 45 47 43 4f 44   
+44 44 47 44 41 43 4f 45   44 45 4f 41 41 00 00 20   
+00 01 
+[UDP]
+Protocol:UDP  From:192.168.189.1:137 -->To:192.168.189.255:137
+85 97 01 10 00 01 00 00   00 00 00 00 20 46 45 45   
+44 45 50 45 4f 45 47 44   43 43 4f 45 47 43 4f 44   
+44 44 47 44 41 43 4f 45   44 45 4f 41 41 00 00 20   
+00 01 
+[UDP]
+Protocol:UDP  From:192.168.189.1:137 -->To:192.168.189.255:137
+85 97 01 10 00 01 00 00   00 00 00 00 20 46 45 45   
+44 45 50 45 4f 45 47 44   43 43 4f 45 47 43 4f 44   
+44 44 47 44 41 43 4f 45   44 45 4f 41 41 00 00 20   
+00 01 

Release/RecvInfo.txt

@@ -0,0 +1,79 @@
+[UDP]
+Protocol:UDP  From:10.210.104.233:4015 -->To:111.161.88.49:8000
+02 37 0f 03 44 37 d7 2c   13 16 54 04 00 00 00 01   
+01 01 00 00 68 21 00 00   00 00 00 00 00 00 54 ff   
+4a 5c 35 e2 51 52 67 46   37 27 be 5e 0f 84 f8 05   
+0d 4d 0d ec 26 c6 e2 64   cd 1a 0d ae eb e4 c3 0b   
+e2 a3 68 42 4e 73 03 
+[UDP]
+Protocol:UDP  From:10.210.104.233:4015 -->To:111.161.88.49:8000
+02 37 0f 00 58 6c b1 2c   13 16 54 02 00 00 00 01   
+01 01 00 00 68 21 44 cf   25 31 f2 2a a8 37 69 02   
+e7 b2 16 84 e6 2e 03 
+[UDP]
+Protocol:UDP  From:111.161.88.49:8000 -->To:10.210.104.233:4015
+02 37 0f 00 58 6c b1 2c   13 16 54 00 00 00 13 d9   
+90 c2 f7 93 3f 6f 96 74   07 20 5f 28 fc 44 41 54   
+f4 75 8b 07 5b 15 d9 b8   7f 9f 24 c8 d8 38 03 
+[UDP]
+Protocol:UDP  From:10.210.104.233:4015 -->To:111.161.88.49:8000
+02 37 0f 03 44 37 d7 2c   13 16 54 04 00 00 00 01   
+01 01 00 00 68 21 00 00   00 00 00 00 00 00 54 ff   
+4a 5c 35 e2 51 52 67 46   37 27 be 5e 0f 84 f8 05   
+0d 4d 0d ec 26 c6 e2 64   cd 1a 0d ae eb e4 c3 0b   
+e2 a3 68 42 4e 73 03 
+[UDP]
+Protocol:UDP  From:10.210.104.233:4019 -->To:123.151.13.27:8000
+02 37 0f 03 44 18 5c 2e   c7 42 01 04 00 00 00 01   
+01 01 00 00 68 21 00 00   00 00 00 00 00 00 d1 36   
+2c 49 9d 51 ad 8f 9c c0   7c a3 04 fe 34 d7 49 2c   
+c7 f9 44 2b 70 98 fa 07   4e 95 6d 6f 3a 65 23 58   
+51 17 7a fa 08 05 03 
+[UDP]
+Protocol:UDP  From:111.161.88.49:8000 -->To:10.210.104.233:4015
+02 37 0f 00 81 53 c2 2c   13 16 54 00 00 00 90 f3   
+aa 39 c3 4a fb 56 41 55   11 7c 84 e7 24 88 b3 05   
+07 ec 08 01 86 e9 b8 aa   34 38 0d ee a1 02 6b 5c   
+cf b8 2a 9a aa 0a 45 58   df 88 56 b4 e5 19 f0 69   
+c2 71 1c 36 33 00 53 10   76 91 ad 86 5d c8 03 
+[UDP]
+Protocol:UDP  From:10.210.104.233:4019 -->To:123.151.13.27:8000
+02 37 0f 03 44 18 5c 2e   c7 42 01 04 00 00 00 01   
+01 01 00 00 68 21 00 00   00 00 00 00 00 00 d1 36   
+2c 49 9d 51 ad 8f 9c c0   7c a3 04 fe 34 d7 49 2c   
+c7 f9 44 2b 70 98 fa 07   4e 95 6d 6f 3a 65 23 58   
+51 17 7a fa 08 05 03 
+[UDP]
+Protocol:UDP  From:10.210.104.233:4015 -->To:111.161.88.49:8000
+02 37 0f 03 44 37 d7 2c   13 16 54 04 00 00 00 01   
+01 01 00 00 68 21 00 00   00 00 00 00 00 00 54 ff   
+4a 5c 35 e2 51 52 67 46   37 27 be 5e 0f 84 f8 05   
+0d 4d 0d ec 26 c6 e2 64   cd 1a 0d ae eb e4 c3 0b   
+e2 a3 68 42 4e 73 03 
+[UDP]
+Protocol:UDP  From:10.210.104.233:4019 -->To:123.151.13.27:8000
+02 37 0f 00 58 58 3f 2e   c7 42 01 02 00 00 00 01   
+01 01 00 00 68 21 8f 95   b8 b5 e3 db 2b 17 fb 81   
+e0 16 8c c2 d2 47 03 
+[UDP]
+Protocol:UDP  From:123.151.13.27:8000 -->To:10.210.104.233:4019
+02 37 0f 00 58 58 3f 2e   c7 42 01 00 00 00 5a 49   
+f5 06 61 36 47 4c 28 c5   ee be c9 9b 8e 7c 42 fb   
+f7 14 9f 28 7d 01 ed 86   b6 8e f2 58 85 90 03 
+[UDP]
+Protocol:UDP  From:10.210.104.233:4019 -->To:123.151.13.27:8000
+02 37 0f 03 44 18 5c 2e   c7 42 01 04 00 00 00 01   
+01 01 00 00 68 21 00 00   00 00 00 00 00 00 d1 36   
+2c 49 9d 51 ad 8f 9c c0   7c a3 04 fe 34 d7 49 2c   
+c7 f9 44 2b 70 98 fa 07   4e 95 6d 6f 3a 65 23 58   
+51 17 7a fa 08 05 03 
+[UDP]
+Protocol:UDP  From:10.210.104.233:4015 -->To:111.161.88.49:8000
+02 37 0f 00 0d 39 3a 2c   13 16 54 02 00 00 00 01   
+01 01 00 00 68 21 9c 6f   00 66 a2 71 85 cf c5 ee   
+11 e6 ae f6 7c be 6c 46   28 fc 9c e1 7e 26 25 44   
+b0 03 d6 85 9c 49 03 
+[UDP]
+Protocol:UDP  From:111.161.88.49:8000 -->To:10.210.104.233:4015
+02 37 0f 00 0d 39 3a 2c   13 16 54 00 00 00 1f ac   
+4b 61 4f a2 33 dd 6a b1   88 d7 d5 2e 12 5e 03 

main.cpp

@@ -0,0 +1,32 @@
+#include "rawsocket.h"
+
+
+
+UINT RecvThreadProc(LPVOID lpVoid)
+{
+	ReceivePacket();
+
+	return 0;
+}
+
+
+int main()
+{
+	printf("***************** Welcome To World Of Demon *****************\n");
+	printf("    使用说明：\n");
+	printf("        1. 请输入数字，请根据IP地址来选择对应的网卡进行嗅探\n");
+	printf("        2. 在抓包的过程中，你可以按“回车键”结束嗅探\n");
+	printf("*************************************************************\n\n\n");
+
+	InitRawSocket();
+	
+	::CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)RecvThreadProc, NULL, 0, NULL);
+
+	getchar();
+
+	ExitRawSocket();
+
+	system("pause");
+
+	return 0;
+}

rawsocket.cpp

@@ -0,0 +1,385 @@
+#include "rawsocket.h"
+
+
+// 全局变量
+SOCKET g_RawSocket = 0;
+HOSTIP g_HostIp;
+BOOL g_bStopRecv = FALSE;
+
+
+// 函数定义
+void ShowError(char *lpszText)
+{
+	char szErr[MAX_PATH] = {0};
+	::wsprintf(szErr, "%s Error!\nError Code Is:%d\n", lpszText, ::GetLastError());
+	::MessageBox(NULL, szErr, "ERROR", MB_OK | MB_ICONERROR);
+}
+
+
+BOOL InitRawSocket()
+{
+	// 设置版本
+	WSADATA wsaData = {0};
+	if(0 != WSAStartup(MAKEWORD(2, 2), &wsaData))
+	{
+		ShowError("WSAStartup");
+		return FALSE;
+	}
+	// 创建原始套接字
+	// ！！！Windows上没办法用Raw Socket抓MAC层的数据包，只能抓到IP层及以上的数据包！！！
+	g_RawSocket = socket(AF_INET, SOCK_RAW, IPPROTO_IP);       // 注意此处的设置!!!
+//	g_RawSocket = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
+	if (INVALID_SOCKET == g_RawSocket)
+	{
+		WSACleanup();
+		ShowError("socket");
+		return FALSE;
+	}
+	// 绑定到接口
+	// 获取本机名
+	char szHostName[MAX_PATH] = {0};
+	if (SOCKET_ERROR == ::gethostname(szHostName, MAX_PATH))
+	{
+		closesocket(g_RawSocket);
+		WSACleanup();
+		ShowError("gethostname");
+		return FALSE;
+	}
+	// 根据本机名获取本机IP地址
+	hostent *lpHostent =  ::gethostbyname(szHostName);
+	if(NULL == lpHostent)
+	{
+		closesocket(g_RawSocket);
+		WSACleanup();
+		ShowError("gethostbyname");
+		return FALSE;
+	}
+	// IP地址转换并保存IP地址
+	g_HostIp.iLen = 0;
+	::lstrcpy(g_HostIp.szIPArray[g_HostIp.iLen], "127.0.0.1");
+	g_HostIp.iLen++;
+	char *lpszHostIP = NULL;
+	while (NULL != (lpHostent->h_addr_list[(g_HostIp.iLen - 1)]))
+	{
+		lpszHostIP = inet_ntoa(*(in_addr *)lpHostent->h_addr_list[(g_HostIp.iLen - 1)]);
+		::lstrcpy(g_HostIp.szIPArray[g_HostIp.iLen], lpszHostIP);
+		g_HostIp.iLen++;
+	}
+	// 选择IP地址对应的网卡来嗅探
+	printf("Choose A IP Address To Sniff:\n");
+	for (int i = 0; i < g_HostIp.iLen; i++)
+	{
+		printf("\tIP %d:%s\n", i, g_HostIp.szIPArray[i]);
+	}
+	printf("Input A Number: ");
+	int iChoose = 0;
+	scanf("%d", &iChoose);
+	getchar();
+	if ((0 > iChoose) || (iChoose >= g_HostIp.iLen))
+	{
+		printf("Choose Error!\nExit Now!!!\n");
+		system("pause");
+		exit(0);
+	}
+	printf("Sniffing...\n");
+
+	if ((0 <= iChoose) && (iChoose < g_HostIp.iLen))
+	{
+		lpszHostIP = g_HostIp.szIPArray[iChoose];
+	}
+//	::MessageBox(NULL, lpszHostIP, "HOST IP", MB_OK);
+	// 构造地址结构
+	sockaddr_in SockAddr = {0};
+	RtlZeroMemory(&SockAddr, sizeof(sockaddr_in));
+	SockAddr.sin_addr.S_un.S_addr = inet_addr(lpszHostIP);
+	SockAddr.sin_family = AF_INET;
+	SockAddr.sin_port = htons(0);
+	// 绑定
+	if (SOCKET_ERROR == ::bind(g_RawSocket, (sockaddr *)(&SockAddr), sizeof(sockaddr_in)))
+	{
+		closesocket(g_RawSocket);
+		WSACleanup();
+		ShowError("bind");
+		return FALSE;
+	}
+	// 设置混杂模式，这样才能捕获所有的数据包
+	DWORD dwSetVal = 1;
+	if (SOCKET_ERROR == ioctlsocket(g_RawSocket, SIO_RCVALL, &dwSetVal))
+	{
+		closesocket(g_RawSocket);
+		WSACleanup();
+		ShowError("ioctlsocket");
+		return FALSE;
+	}
+
+	return TRUE;
+}
+
+
+BOOL ReceivePacket()
+{
+	sockaddr_in RecvAddr = { 0 };
+	int iRecvBytes = 0;
+	int iRecvAddrLen = sizeof(sockaddr_in);
+	DWORD dwBufSize = 12000;
+	BYTE *lpRecvBuf = new BYTE[dwBufSize];
+	int i = 0;
+	g_bStopRecv = TRUE;
+	// 接收
+	while (g_bStopRecv)
+	{
+		RtlZeroMemory(&RecvAddr, iRecvAddrLen);
+		iRecvBytes = recvfrom(g_RawSocket, (char *)lpRecvBuf, dwBufSize, 0, (sockaddr *)(&RecvAddr), &iRecvAddrLen);
+		if (0 < iRecvBytes)
+		{
+			// 接收到数据包
+			// 分析数据包
+			AnalyseRecvPacket(lpRecvBuf);
+		}
+	}
+
+	// 释放内存
+	delete[]lpRecvBuf;
+	lpRecvBuf = NULL;
+
+	return TRUE;
+}
+
+
+BOOL ReceivePacket_Print()
+{
+	sockaddr_in RecvAddr = { 0 };
+	int iRecvBytes = 0;
+	int iRecvAddrLen = sizeof(sockaddr_in);
+	DWORD dwBufSize = 12000;
+	BYTE *lpRecvBuf = new BYTE[dwBufSize];
+	int i = 0;
+	g_bStopRecv = TRUE;
+	// 接收
+	char szTemp[10] = {0};
+	FILE *fp = fopen("RecvInfo.txt", "w+");
+
+	while (g_bStopRecv)
+	{
+		RtlZeroMemory(&RecvAddr, iRecvAddrLen);
+		iRecvBytes = recvfrom(g_RawSocket, (char *)lpRecvBuf, dwBufSize, 0, (sockaddr *)(&RecvAddr), &iRecvAddrLen);
+		if (0 < iRecvBytes)
+		{
+			// 接收到信息
+			printf("[RECV] %dbytes\n", iRecvBytes);
+
+			::wsprintf(szTemp, "[RECV] %dbytes\n", iRecvBytes);
+			fputs(szTemp, fp);
+			for (i = 0; i < iRecvBytes; i++)
+			{
+				if (!g_bStopRecv)
+				{
+					break;
+				}
+				if ((0 == (i % 8)) && (0 != i))
+				{
+					printf("  ");
+
+					::wsprintf(szTemp, "%s", "   ");
+					fputs(szTemp, fp);
+				}
+				if ((0 == (i % 16)) && (0 != i))
+				{
+					printf("\n");
+
+					::wsprintf(szTemp, "%s", "\n");
+					fputs(szTemp, fp);
+				}
+				printf("%02x ", lpRecvBuf[i]);
+				
+				::wsprintf(szTemp, "%02X ", lpRecvBuf[i]);
+				fputs(szTemp, fp);
+
+			}
+			printf("\n");
+
+			::wsprintf(szTemp, "%s", "\n");
+			fputs(szTemp, fp);
+		}
+	}
+
+	fclose(fp);
+	// 释放内存
+	delete[]lpRecvBuf;
+	lpRecvBuf = NULL;
+
+
+	return TRUE;
+}
+
+
+void MyPrintf(const char * _Format, ...)
+{
+	char szTemp[MAX_PATH] = {0};
+	// 第1步，定义这个指向参数列表的变量
+	va_list arg_ptr;		
+	// 第2步，把上面这个变量初始化，让它指向参数列表
+	va_start(arg_ptr, _Format);		
+	// 第3步，获取arg_ptr指向的当前参数
+	vsprintf(szTemp, _Format, arg_ptr);
+	// 第4步，清理工作
+	va_end(arg_ptr);
+
+	// 显示
+	printf("%s", szTemp);
+	// 保存到文件
+	SaveToFile("RecvInfo.txt", szTemp);
+}
+
+
+void SaveToFile(char *lpszFileName, char *lpBuf)
+{
+	FILE *fp = fopen(lpszFileName, "a+");
+	if(NULL == fp)
+	{
+		return ;
+	}
+
+	fputs(lpBuf, fp);
+
+	fclose(fp);
+}
+
+
+BOOL ExitRawSocket()
+{
+	g_bStopRecv = FALSE;
+	Sleep(500);
+	closesocket(g_RawSocket);
+	WSACleanup();
+
+	return TRUE;
+}
+
+
+void AnalyseRecvPacket(BYTE *lpBuf)
+{
+/*
+	！！！Windows上没办法用Raw Socket抓MAC层的数据包，只能抓到IP层及以上的数据包！！！
+	注意：
+	数据包的字节顺序转换问题！！！
+	//这里要将网络字节序转换为本地字节序
+*/
+	//分析IP协议
+	PIPV4HEADER ip = (PIPV4HEADER)lpBuf;
+	//分析IP包的协议类型
+	switch (ip->ipv4_pro)
+	{
+	case IPPROTO_ICMP:
+	{
+		MyPrintf("[ICMP]\n");
+		AnalyseRecvPacket_All(lpBuf);
+		break;
+	}
+	case IPPROTO_IGMP:
+	{
+		MyPrintf("[IGMP]\n");
+		AnalyseRecvPacket_All(lpBuf);
+		break;
+	}
+	case IPPROTO_TCP:
+	{
+		//分析tcp协议
+		MyPrintf("[TCP]\n");
+		AnalyseRecvPacket_TCP(lpBuf);
+		break;
+	}
+	case IPPROTO_UDP:
+	{
+		//分析udp协议
+		MyPrintf("[UDP]\n");
+		AnalyseRecvPacket_UDP(lpBuf);
+		break;
+	}
+	default:
+	{
+		MyPrintf("[OTHER IP]\n");
+		AnalyseRecvPacket_All(lpBuf);
+		break;
+	}
+	}
+}
+
+
+void AnalyseRecvPacket_All(BYTE *lpBuf)
+{
+	struct sockaddr_in saddr, daddr;
+	PIPV4HEADER ip = (PIPV4HEADER)lpBuf;
+	saddr.sin_addr.s_addr = ip->ipv4_sourpa;
+	daddr.sin_addr.s_addr = ip->ipv4_destpa;
+
+	MyPrintf("From:%s --> ", inet_ntoa(saddr.sin_addr));
+	MyPrintf("To:%s\n", inet_ntoa(daddr.sin_addr));
+}
+
+
+void AnalyseRecvPacket_UDP(BYTE *lpBuf)
+{
+	struct sockaddr_in saddr, daddr;
+	PIPV4HEADER ip = (PIPV4HEADER)lpBuf;
+	PUDPHEADER udp = (PUDPHEADER)(lpBuf + (ip->ipv4_ver_hl & 0x0F) * 4);
+	int hlen = (int)((ip->ipv4_ver_hl & 0x0F) * 4 + sizeof(UDPHEADER));
+	int dlen = (int)(ntohs(udp->udp_hlen) - 8);
+//	int dlen = (int)(udp->udp_hlen - 8);
+	saddr.sin_addr.s_addr = ip->ipv4_sourpa;
+	daddr.sin_addr.s_addr = ip->ipv4_destpa;
+	MyPrintf("Protocol:UDP  ");
+	MyPrintf("From:%s:%d -->", inet_ntoa(saddr.sin_addr), ntohs(udp->udp_sourport));
+	MyPrintf("To:%s:%d\n", inet_ntoa(daddr.sin_addr), ntohs(udp->udp_destport));
+	
+	PrintData((lpBuf + hlen), dlen, 0);
+}
+
+
+void AnalyseRecvPacket_TCP(BYTE *lpBuf)
+{
+	struct sockaddr_in saddr, daddr;
+	PIPV4HEADER ip = (PIPV4HEADER)lpBuf;
+	PTCPHEADER tcp = (PTCPHEADER)(lpBuf + (ip->ipv4_ver_hl & 0x0F) * 4);
+	int hlen = (ip->ipv4_ver_hl & 0x0F) * 4 + tcp->tcp_hlen * 4;
+	int dlen = ntohs(ip->ipv4_plen) - hlen;    //这里要将网络字节序转换为本地字节序
+	saddr.sin_addr.s_addr = ip->ipv4_sourpa;
+	daddr.sin_addr.s_addr = ip->ipv4_destpa;
+	
+	MyPrintf("Protocol:TCP  ");
+	MyPrintf("From:%s:%d --> ", inet_ntoa(saddr.sin_addr), ntohs(tcp->tcp_sourport));
+	MyPrintf("To:%s:%d  ", inet_ntoa(daddr.sin_addr), ntohs(tcp->tcp_destport));
+	MyPrintf("ack:%u  syn:%u length=%d\n", tcp->tcp_acknu, tcp->tcp_seqnu, dlen);
+
+	PrintData((lpBuf + hlen), dlen, 0);
+}
+
+
+void PrintData(BYTE *lpBuf, int iLen, int iPrintType)
+{
+	if (0 == iPrintType)   // 16进制
+	{
+		for (int i = 0; i < iLen; i++)
+		{
+			if ((0 == (i % 8)) && (0 != i))
+			{
+				MyPrintf("  ");
+			}
+			if ((0 == (i % 16)) && (0 != i))
+			{
+				MyPrintf("\n");
+			}
+			MyPrintf("%02x ", lpBuf[i]);
+
+		}
+		MyPrintf("\n");
+	}
+	else if (1 == iPrintType) // ASCII编码
+	{
+		for (int i = 0; i < iLen; i++)
+		{
+			MyPrintf("%c", lpBuf[i]);
+		}
+		MyPrintf("\n");
+	}
+}

rawsocket.h

@@ -0,0 +1,43 @@
+#ifndef _RAWSOCKET_H_
+#define _RAWSOCKET_H_
+
+/*
+	注意：
+	头文件.h只声明变量和函数，不要在头文件里定义变量或函数，要不然#ifndef .. #define ...#endif 没有用哦^_^
+*/
+
+#include <stdio.h>
+#include <WinSock2.h>
+#include <ws2tcpip.h>
+#include <mstcpip.h>
+#include "PacketStruct.h"
+#pragma comment(lib, "ws2_32.lib")
+#include <stdarg.h>     // 不定参数函数需要的头文件
+
+
+
+typedef struct _HOSTIP
+{
+	int iLen;
+	char szIPArray[10][50];
+}HOSTIP;
+
+extern SOCKET g_RawSocket;
+extern HOSTIP g_HostIp;
+extern BOOL g_bStopRecv;
+
+void ShowError(char *lpszText);
+BOOL InitRawSocket();
+BOOL ReceivePacket();
+BOOL ReceivePacket_Print();
+BOOL ExitRawSocket();
+void AnalyseRecvPacket(BYTE *lpBuf);
+void AnalyseRecvPacket_All(BYTE *lpBuf);
+void AnalyseRecvPacket_UDP(BYTE *lpBuf);
+void AnalyseRecvPacket_TCP(BYTE *lpBuf);
+void PrintData(BYTE *lpBuf, int iLen, int iPrintType);
+void MyPrintf(const char * _Format, ...);                     // 不定长参数函数
+void SaveToFile(char *lpszFileName, char *lpBuf);
+
+
+#endif