定义异常出错代码

1、/ 定义异常出错代码/ 接收的最大/ 点分十进制/ 最大主机名长度/ 定义 IP 首部/4/16/16/3 位标志位/8/16#include "stdafx.h"#include "stdio.h"#include "string.h"#include "mstcpip.h"#include "Winsock2.h" #pragma comment（lib,"WS2_32.lib"）#define STATUS_FAILED 0xFFFF#define MAX_PACK_L

2、EN 65535IP 报文#define MAX_ADDR_LEN 16地址的最大长度#define MAX_HOSTNAME_LAN 255typedef struct _iphdrunsigned char h_lenver;位首部长度 +4 位 IP 版本号 unsigned char tos;/8 位服务类型 TOSunsigned short total_len;位总长度（字节）unsigned short ident;位标识unsigned short frag_and_flags; unsigned char ttl;/8 位生存时间 TTL unsigned char prot

3、o;位协议（TCP或其他）unsigned short checksum;位 IP 首部校验和unsigned int sourceIP;位源 IP 地址 unsigned int destIP;/ 定义 TCP 首/4/6位目的 IP 地址 IP_HEADER;typedef struct _tcphdr部USHORT th_sport;/16 位源端口USHORT th_dport;/16 位目的端口 unsigned int th_seq; unsigned int th_ack; unsigned char th_lenres;位首部长度 /6 位保留字 unsigned char t

4、h_flag;位标志位USHORT th_win;/16 位窗口大小USHORT th_sum;/16 位校验和USHORT th_urp;/16 位紧急数据偏移量 TCP_HEADER;SOCKET SockRaw;char* TcpFlag6= / 定 义 TCP 标志位"FIN ",/FIN: 表示发送端已经没有数据要求传输了，希望释放连接"SYN ",/SYN:标志位用来建立连接，让连接双方同步序列号。如果SYN= 1而ACK=0 则表示该数据包为连接请求，如果 SYN=1而 ACK=侧表示接受连接。"RST ",/RST:用

5、来复位一个连接。RST标志置位的数据包称为复位包。一般情况下, 如果TCP收到的一个分段明显不是属于该主机上的任何一个连接,则向远端发送一个复位包。"PSH ",/PSH: 如果置位,接收端应尽快把数据传送给应用层。"ACK ",/ACK: 为确认标志位。如果为 1,表示包中的确认号时有效的。否则,包中 的确认号无效。"URG "/URG: 为紧急数据标志。如果它为 紧急数据指针有效。;bool ParamTcp =true;报文char *strFromIpFilter=NULL;过滤char *strDestIpFilter=NU

6、LL;滤1,表示本数据包中包含紧急数据。此时/ -t 关注 TCP/ 源 IP 地址/ 目的地址过/Referrenceint DecodeIpPack(char *,int);int DecodeTcpPack(char *); void CheckSockError(int,char*); void usage(void);bool GetCmdLine(int, char *);/void main(int argc, char * argv)int iErrorCode;char RecvBufMAX_PACK_LEN = 0 ; usage();if(GetCmdLine(argc,

7、 argv)=true) exit(0);/ 初始化 SOCKETWSADATA wsaData;iErrorCode = WSAStartup(MAKEWORD(2,1),&wsaData); CheckSockError(iErrorCode, "WSAStartup");SockRaw = socket(AF_INET , SOCK_RAW , IPPROTO_IP); CheckSockError(SockRaw, "socket");/ 获取本机 IP 地址char FAR nameMAX_HOSTNAME_LAN;iErrorCode

8、 = gethostname(name, MAX_HOSTNAME_LAN);CheckSockError(iErrorCode, "gethostname");struct hostent FAR * pHostent;pHostent = (struct hostent * )malloc(sizeof(struct hostent);pHostent = gethostbyname(name);SOCKADDR_IN sa;sa.sin_family = AF_INET;sa.sin_port = htons(6000);memcpy(&sa.sin_addr

9、.S_un.S_addr, pHostent->h_addr_list0, pHostent->h_length);iErrorCode = bind(SockRaw, (PSOCKADDR)&sa, sizeof(sa); CheckSockError(iErrorCode, "bind");/设置SOCK_RA为SIO_RCVAL，以便接收所有的IP包DWORD dwBufferLen10 ;DWORD dwBufferInLen = 1 ;DWORD dwBytesReturned = 0 ; iErrorCode=WSAIoctl(SockRaw

10、,SIO_RCVALL, &dwBufferInLen, sizeof(dwBufferInLen), &dwBufferLen, sizeof(dwBufferLen), &dwBytesReturned, NULL, NULL );CheckSockError(iErrorCode, "Ioctl");/ 侦听 IP 报文while(true)memset(RecvBuf, 0, sizeof(RecvBuf);iErrorCode = recv(SockRaw, RecvBuf, sizeof(RecvBuf), 0);CheckSockErr

11、or(iErrorCode, "recv");iErrorCode = DecodeIpPack(RecvBuf, iErrorCode);CheckSockError(iErrorCode, "Decode");/IP 解包程序int DecodeIpPack(char *buf, int iBufSize)IP_HEADER *pIpheader;int iProtocol, iTTL;char szProtocol4;char szSourceIPMAX_ADDR_LEN, szDestIPMAX_ADDR_LEN;SOCKADDR_IN saSo

12、urce, saDest;pIpheader = (IP_HEADER *)buf;/Check ProtoiProtocol = pIpheader->proto;strncpy(szProtocol, "TCP", 4);if(iProtocol=IPPROTO_TCP)/Check Source IPsaSource.sin_addr.s_addr = pIpheader->sourceIP;strncpy(szSourceIP, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN); if (strFromIpFilte

13、r)if (strcmp(strFromIpFilter,szSourceIP)return true;/Check Dest IPsaDest.sin_addr.s_addr = pIpheader->destIP;strncpy(szDestIP, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN);if (strDestIpFilter)if (strcmp(strDestIpFilter,szDestIP)return true;/TTLiTTL = pIpheader->ttl;/Outputprintf("%s ",

14、szProtocol);printf("%s->%s ", szSourceIP, szDestIP);printf("bytes=%d TTL=%d ",iBufSize,iTTL);/Calculate IP Header Lengthint iIphLen = sizeof(unsigned long) * (pIpheader->h_lenver & 0xf);/Decode Sub Protocol:TCP DecodeTcpPack(buf+iIphLen);return true;/SOCK 错误处理程序void Che

15、ckSockError(int iErrorCode, char *pErrorMsg)if(iErrorCode=SOCKET_ERROR) printf("%s Error:%dn", pErrorMsg, GetLastError(); closesocket(SockRaw);exit(0);/TCP 解包程序int DecodeTcpPack(char * TcpBuf)TCP_HEADER * pTcpHeader;pTcpHeader = (TCP_HEADER * )TcpBuf; printf("Port:%d->%d ", nt

16、ohs(pTcpHeader->th_sport),ntohs(pTcpHeader->th_dport);unsigned char FlagMask = 1;int HdrLen = (pTcpHeader->th_lenres)>>2; printf("n%s",(BYTE *)pTcpHeader)+HdrLen);for( int i=0; i<6; i+ ) if(pTcpHeader->th_flag) & FlagMask) printf("%s",TcpFlagi);else print

17、f(" ");FlagMask=FlagMask<<1; printf("n"); return true;/ 命令行参数处理bool GetCmdLine(int argc, char * argv)for(int i=1;i<argc;i+)if(argvi0!='/')return true;elseswitch (argvi1)case 'f':case 'F': strFromIpFilter=(char*)malloc(16*sizeof(char); memset(strFr

18、omIpFilter,0,16*sizeof(char); strcpy(strFromIpFilter,argvi+3); break;case 'd':case 'D': strDestIpFilter=(char*)malloc(16*sizeof(char); memset(strDestIpFilter,0,16*sizeof(char); strcpy(strDestIpFilter,argvi+3); break;case '?':return true;break;default:break;printf("nWill Sniffer"