WIN2K命令行Sniffer的源码[2]|中文方案文档站(提供各类方案下载,WORD文档下载,范文,案例等)

sockaddr_in sasource, sadest;
pipheader = (ip_header *)buf;
//check proto
iprotocol = pipheader->proto;
strncpy(szprotocol, checkprotocol(iprotocol), max_proto_text_len);
if((iprotocol==ipproto_tcp) && (!paramtcp)) return true;
if((iprotocol==ipproto_udp) && (!paramudp)) return true;
if((iprotocol==ipproto_icmp) && (!paramicmp)) return true;
//check source ip
sasource.sin_addr.s_addr = pipheader->sourceip;
strncpy(szsourceip, inet_ntoa(sasource.sin_addr), max_addr_len);
if (strfromipfilter)
if (strcmp(strfromipfilter,szsourceip)) return true;
//check dest ip
sadest.sin_addr.s_addr = pipheader->destip;
strncpy(szdestip, inet_ntoa(sadest.sin_addr), max_addr_len);
if (strdestipfilter)
if (strcmp(strdestipfilter,szdestip)) return true;
ittl = pipheader->ttl;
//output
printf("%s ", szprotocol);
printf("%s->%s ", szsourceip, szdestip);
printf("bytes=%d ttl=%d ",ibufsize,ittl);
//calculate ip header length
int iiphlen = sizeof(unsigned long) * (pipheader->h_lenver & 0xf);
//decode sub protocol:tcp, udp, icmp, etc
switch(iprotocol)
{
case ipproto_tcp :decodetcppack(buf+iiphlen);break;
case ipproto_udp :decodeudppack(buf+iiphlen);break;
case ipproto_icmp :decodeicmppack(buf+iiphlen);break;
default :break;
}
//printf("\n");
return true;
}

//sock错误处理程序
void checksockerror(int ierrorcode, char *perrormsg)
{
if(ierrorcode==socket_error)
{
printf("%s error:%d\n", perrormsg, getlasterror());
closesocket(sockraw);
exit(0);
}

}

//协议识别程序
char * checkprotocol(int iprotocol)
{
for(int i=0; i<max_proto_num; i++)
if(protomap[i].protonum==iprotocol)
return protomap[i].prototext;
return "";
}

//tcp解包程序
int decodetcppack(char * tcpbuf)
{
tcp_header * ptcpheader;
int i;
ptcpheader = (tcp_header * )tcpbuf;
printf("port:%d->%d ", ntohs(ptcpheader->th_sport),ntohs(ptcpheader->th_dport));
unsigned char flagmask = 1;
for( i=0; i<6; i++ )
{
if((ptcpheader->th_flag) & flagmask) printf("%c",tcpflag[i]);
else printf("-");
flagmask=flagmask<<1;
}
printf("\n");
return true;
}

//udp解包程序
int decodeudppack(char * udpbuf)
{
udp_header *pudpheader;
pudpheader = (udp_header * )udpbuf;
printf("port:%d->%d ", ntohs(pudpheader->uh_sport), ntohs(pudpheader->uh_dport));
printf("len=%d\n", ntohs(pudpheader->uh_len));
return true;
}

//icmp解包程序
int decodeicmppack(char * icmpbuf)
{
icmp_header *picmpheader;
picmpheader = (icmp_header * )icmpbuf;
printf("type:%d,%d ", picmpheader->i_type,picmpheader->i_code);
printf("id=%d seq=%d\n", picmpheader->i_id, picmpheader->i_seq);
return true;
}

//命令行参数处理
bool getcmdline(int argc, char ** argv)
{
if (argc<2) return cmd_param_help;
for(int i=1;i<argc;i++)
{
if(argv[i][0]!='/') return cmd_param_help;
else switch (argv[i][1])
{
case 't':
case 't': paramtcp=true; break;
case 'u':
case 'u': paramudp=true; break;
case 'i':
case 'i': paramicmp=true; break;
case 'p':
case 'p': paramdecode=true; break;
case 'f':
case 'f':
{
strfromipfilter=(char*)malloc(16*sizeof(char));
memset(strfromipfilter,0,16*sizeof(char));
strcpy(strfromipfilter,argv[i]+3);
break;
}
case 'd':
case 'd':
{
strdestipfilter=(char*)malloc(16*sizeof(char));
memset(strdestipfilter,0,16*sizeof(char));
strcpy(strdestipfilter,argv[i]+3);
break;
}
}
}
printf("\nwill sniffer");
if(paramtcp) printf(" tcp");
if(paramudp) printf(" udp");
if(paramicmp) printf(" icmp");
if(strfromipfilter) printf(" fromip:%s",strfromipfilter);
if(strdestipfilter) printf(" destip:%s",strdestipfilter);
printf("\n\tctrl+c to quit\nstart:\n");
return (!cmd_param_help);
}

//使用说明
void usage(void)
{
printf("guniffer\n");
printf("\tsinffer for win2k by shotgun (ver 0.2)\n");
printf("\tshotgun@xici.net\n");
printf("\thttp://it.xici.net\n");
printf("\thttp://www.patching.net\n\n");
printf("usage:\n");
printf("\t/t　　　　　output tcp　packets\n");
printf("\t/u　　　　　output udp　packets\n");
printf("\t/i　　　　　output icmp packets\n");
printf("\t/p　　　　　decode packets (default off)\n");
printf("\t/f: fromip　output packets fromip=fromip (default all)\n");
printf("\t/d: destip　output packets destip=destip (default all)");
printf("\nexample:\n");
printf("\tguniffer.exe /d>ippack.log\n");
printf("\tguniffer.exe /t /u /f:192.168.15.231\n");

WIN2K命令行Sniffer的源码[2]

[入库：2005年8月18日] [更新：2007年3月25日]