原始套接字
sock_raw = socket(AF_INET , SOCK_RAW , IPPROTO_TCP);
while(1)
{
data_size = recvfrom(sock_raw , buffer , 65536 , 0 , &saddr , &saddr_size);
}
下面的代码只处理TCP包,只处理进入系统的包,不处理发出去的包,不准确,只是一个实验而已。
更精确的使用 libpcap
/*
* main.cpp
*
* Created on: Mar 11, 2016
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/ip_icmp.h>
#include <netinet/udp.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <unistd.h>
FILE* logfile;
int sockfd;
int tcp=0,udp=0,icmp=0,others=0,igmp=0,total=0,i,j;
struct sockaddr_in source,dest;
void process_packet(unsigned char* buffer , int size);
void print_ip_header(unsigned char* , int);
void print_tcp_packet(unsigned char* , int);
void print_udp_packet(unsigned char * , int);
void print_icmp_packet(unsigned char* , int);
void PrintData (unsigned char* , int);
int main()
{
struct sockaddr addr;
int datasize;
socklen_t saddr_size = sizeof(addr);
unsigned char* buffer = (unsigned char*)malloc(65536);
logfile = fopen("log.txt","w");
if(logfile == NULL) printf("unable to create file
");
printf("Starting.....
");
sockfd = socket(AF_INET, SOCK_RAW,IPPROTO_TCP);
if(sockfd < 0)
{
fprintf(stderr,"open socket error: ",strerror(errno));
}
while(1)
{
datasize = recvfrom(sockfd, buffer, 65536,0 ,&addr,&saddr_size );
if(datasize < 0)
{
printf("Recvfrom error, failed to get packets
");
return -1;
}
process_packet(buffer,datasize);
//not work??????????????
//fprintf(logfile,"%s
",buffer);
}
close(sockfd);
fclose(logfile);
printf("Finished");
return 0;
}
void process_packet(unsigned char* buffer , int size)
{
struct iphdr *iph = (struct iphdr*)buffer;
total++;
switch(iph->protocol)
{
case 1:
++icmp;
//print_icmp_packet(buffer,size);
break;
case 2:
++igmp;
break;
case 6:
++tcp;
print_tcp_packet(buffer , size);
break;
case 17:
++udp;
print_udp_packet(buffer , size);
break;
default:
++others;
break;
}
printf("TCP : %d UDP : %d ICMP : %d IGMP : %d Others : %d Total : %d
",
tcp,udp,icmp,igmp,others,total);
}
void print_ip_header(unsigned char* Buffer, int size)
{
unsigned short iphdrlen;
struct iphdr *iph = (struct iphdr *)Buffer;
iphdrlen = iph->ihl*4;
memset(&source, 0, sizeof(source));
source.sin_addr.s_addr = iph->saddr;
memset(&dest, 0, sizeof(dest));
dest.sin_addr.s_addr = iph->daddr;
fprintf(logfile, "
");
fprintf(logfile, "IP Header
");
fprintf(logfile, " |-IP Version : %d
",
(unsigned int) iph->version);
fprintf(logfile, " |-IP Header Length : %d DWORDS or %d Bytes
",
(unsigned int) iph->ihl, ((unsigned int) (iph->ihl)) * 4);
fprintf(logfile, " |-Type Of Service : %d
", (unsigned int) iph->tos);
fprintf(logfile, " |-IP Total Length : %d Bytes(Size of Packet)
",
ntohs(iph->tot_len));
fprintf(logfile, " |-Identification : %d
", ntohs(iph->id));
//fprintf(logfile," |-Reserved ZERO Field : %d
",(unsigned int)iphdr->ip_reserved_zero);
//fprintf(logfile," |-Dont Fragment Field : %d
",(unsigned int)iphdr->ip_dont_fragment);
//fprintf(logfile," |-More Fragment Field : %d
",(unsigned int)iphdr->ip_more_fragment);
fprintf(logfile, " |-TTL : %d
", (unsigned int) iph->ttl);
fprintf(logfile, " |-Protocol : %d
", (unsigned int) iph->protocol);
fprintf(logfile, " |-Checksum : %d
", ntohs(iph->check));
fprintf(logfile, " |-Source IP : %s
",
inet_ntoa(source.sin_addr));
fprintf(logfile, " |-Destination IP : %s
", inet_ntoa(dest.sin_addr));
}
void print_tcp_packet(unsigned char* Buffer, int Size)
{
unsigned short iphdrlen;
struct iphdr *iph = (struct iphdr *)Buffer;
iphdrlen = iph->ihl*4;
struct tcphdr *tcph=(struct tcphdr*)(Buffer + iphdrlen);
fprintf(logfile,"
***********************TCP Packet*************************
");
print_ip_header(Buffer,Size);
fprintf(logfile,"
");
fprintf(logfile,"TCP Header
");
fprintf(logfile," |-Source Port : %u
",ntohs(tcph->source));
fprintf(logfile," |-Destination Port : %u
",ntohs(tcph->dest));
fprintf(logfile," |-Sequence Number : %u
",ntohl(tcph->seq));
fprintf(logfile," |-Acknowledge Number : %u
",ntohl(tcph->ack_seq));
fprintf(logfile," |-Header Length : %d DWORDS or %d BYTES
" ,(unsigned int)tcph->doff,(unsigned int)tcph->doff*4);
//fprintf(logfile," |-CWR Flag : %d
",(unsigned int)tcph->cwr);
//fprintf(logfile," |-ECN Flag : %d
",(unsigned int)tcph->ece);
fprintf(logfile," |-Urgent Flag : %d
",(unsigned int)tcph->urg);
fprintf(logfile," |-Acknowledgement Flag : %d
",(unsigned int)tcph->ack);
fprintf(logfile," |-Push Flag : %d
",(unsigned int)tcph->psh);
fprintf(logfile," |-Reset Flag : %d
",(unsigned int)tcph->rst);
fprintf(logfile," |-Synchronise Flag : %d
",(unsigned int)tcph->syn);
fprintf(logfile," |-Finish Flag : %d
",(unsigned int)tcph->fin);
fprintf(logfile," |-Window : %d
",ntohs(tcph->window));
fprintf(logfile," |-Checksum : %d
",ntohs(tcph->check));
fprintf(logfile," |-Urgent Pointer : %d
",tcph->urg_ptr);
fprintf(logfile,"
");
fprintf(logfile," DATA Dump ");
fprintf(logfile,"
");
fprintf(logfile,"IP Header
");
PrintData(Buffer,iphdrlen);
fprintf(logfile,"TCP Header
");
PrintData(Buffer+iphdrlen,tcph->doff*4);
fprintf(logfile,"Data Payload
");
PrintData(Buffer + iphdrlen + tcph->doff*4 , (Size - tcph->doff*4-iph->ihl*4) );
fprintf(logfile,"
###########################################################");
}
void print_udp_packet(unsigned char *Buffer , int Size)
{
unsigned short iphdrlen;
struct iphdr *iph = (struct iphdr *)Buffer;
iphdrlen = iph->ihl*4;
struct udphdr *udph = (struct udphdr*)(Buffer + iphdrlen);
fprintf(logfile,"
***********************UDP Packet*************************
");
print_ip_header(Buffer,Size);
fprintf(logfile,"
UDP Header
");
fprintf(logfile," |-Source Port : %d
" , ntohs(udph->source));
fprintf(logfile," |-Destination Port : %d
" , ntohs(udph->dest));
fprintf(logfile," |-UDP Length : %d
" , ntohs(udph->len));
fprintf(logfile," |-UDP Checksum : %d
" , ntohs(udph->check));
fprintf(logfile,"
");
fprintf(logfile,"IP Header
");
PrintData(Buffer , iphdrlen);
fprintf(logfile,"UDP Header
");
PrintData(Buffer+iphdrlen , sizeof udph);
fprintf(logfile,"Data Payload
");
PrintData(Buffer + iphdrlen + sizeof udph ,( Size - sizeof udph - iph->ihl * 4 ));
fprintf(logfile,"
###########################################################");
}
void print_icmp_packet(unsigned char* Buffer , int Size)
{
unsigned short iphdrlen;
struct iphdr *iph = (struct iphdr *)Buffer;
iphdrlen = iph->ihl*4;
struct icmphdr *icmph = (struct icmphdr *)(Buffer + iphdrlen);
fprintf(logfile,"
***********************ICMP Packet*************************
");
print_ip_header(Buffer , Size);
fprintf(logfile,"
");
fprintf(logfile,"ICMP Header
");
fprintf(logfile," |-Type : %d",(unsigned int)(icmph->type));
if((unsigned int)(icmph->type) == 11)
fprintf(logfile," (TTL Expired)
");
else if((unsigned int)(icmph->type) == ICMP_ECHOREPLY)
fprintf(logfile," (ICMP Echo Reply)
");
fprintf(logfile," |-Code : %d
",(unsigned int)(icmph->code));
fprintf(logfile," |-Checksum : %d
",ntohs(icmph->checksum));
//fprintf(logfile," |-ID : %d
",ntohs(icmph->id));
//fprintf(logfile," |-Sequence : %d
",ntohs(icmph->sequence));
fprintf(logfile,"
");
fprintf(logfile,"IP Header
");
PrintData(Buffer,iphdrlen);
fprintf(logfile,"UDP Header
");
PrintData(Buffer + iphdrlen , sizeof icmph);
fprintf(logfile,"Data Payload
");
PrintData(Buffer + iphdrlen + sizeof icmph , (Size - sizeof icmph - iph->ihl * 4));
fprintf(logfile,"
###########################################################");
}
void PrintData (unsigned char* data , int Size)
{
for(i=0 ; i < Size ; i++)
{
if( i!=0 && i%16==0) //if one line of hex printing is complete...
{
fprintf(logfile," ");
for(j=i-16 ; j<i ; j++)
{
if(data[j]>=32 && data[j]<=128)
fprintf(logfile,"%c",(unsigned char)data[j]); //if its a number or alphabet
else fprintf(logfile,"."); //otherwise print a dot
}
fprintf(logfile,"
");
}
if(i%16==0) fprintf(logfile," ");
fprintf(logfile," %02X",(unsigned int)data[i]);
if( i==Size-1) //print the last spaces
{
for(j=0;j<15-i%16;j++) fprintf(logfile," "); //extra spaces
fprintf(logfile," ");
for(j=i-i%16 ; j<=i ; j++)
{
if(data[j]>=32 && data[j]<=128) fprintf(logfile,"%c",(unsigned char)data[j]);
else fprintf(logfile,".");
}
fprintf(logfile,"
");
}
}
}
***********************TCP Packet*************************
IP Header
|-IP Version : 4
|-IP Header Length : 5 DWORDS or 20 Bytes
|-Type Of Service : 0
|-IP Total Length : 129 Bytes(Size of Packet)
|-Identification : 7322
|-TTL : 51
|-Protocol : 6
|-Checksum : 11872
|-Source IP : 107.224.156.181
|-Destination IP : 10.85.23.12
TCP Header
|-Source Port : 44
|-Destination Port : 51139
|-Sequence Number : 2867594165
|-Acknowledge Number : 3874566180
|-Header Length : 8 DWORDS or 32 BYTES
|-Urgent Flag : 0
|-Acknowledgement Flag : 1
|-Push Flag : 1
|-Reset Flag : 0
|-Synchronise Flag : 0
|-Finish Flag : 0
|-Window : 151
|-Checksum : 38077
|-Urgent Pointer : 0
DATA Dump
IP Header
45 00 00 81 1C 9A 40 00 33 06 2E 60 68 E0 9C B5 E.....@.3..`h...
0A 55 EC 92 .U..
TCP Header
01 BB C7 C3 AA EC 03 B5 E6 F1 30 24 80 18 00 97 ..........0$...
94 BD 00 00 01 01 08 0A 93 2C E2 18 00 A8 A8 AB .........,......
Data Payload
47 CA D2 84 49 64 01 1F 2C 26 5D 3E 58 44 00 82 G...Id..,&]>XD..
19 BD DA 27 FB 54 C1 2A 7C 3A 6B 19 87 D2 06 36 ...'.T.*|:k....6
86 B3 0D 70 A0 63 C2 F4 D7 6F E1 CE 2B F2 AC D6 ...p.c...o..+...
F0 FE DB 6C CD DE 17 B9 AD A7 52 8A D0 A9 AB 64 ...l......R....d
7C 4B 42 92 BC 9B A7 E7 B4 5D 30 82 0A |KB......]0..
###########################################################