- 论坛徽章:
- 0
|
原帖由 huayd 于 2007-10-9 23:08 发表 ![]()
RT
谢谢。
别人写的,我收藏的,别说我DB
- #include<netdb.h>
- #include<sys/socket.h>
- #include<stdio.h>
- #include<netinet/in.h>
- #include<sys/time.h>
- #include<arpa/inet.h>
- #include<error.h>
- #include<string.h>
- #include<unistd.h>
- #include<time.h>
- #include<stdlib.h>
- #include<sys/types.h>
- #define MAXDATALEN 4096
- int main(int argc,char **argv)
- {
- struct _USERINFO{
- char sourceip[100];
- char sourceport[100];
- char destip[100];
- char destport[100];
- char SnifferDataPath[100];
- int LogData;
- };
- struct _RESULT {
- char protocol[20];
- char sip[100];
- char dip[100];
- short sport;
- short dport;
- short totalen;
- };
- struct tcphdr{
- unsigned short sport;
- unsigned short dport;
- unsigned int seq;
- unsigned int ack;
- unsigned char hdlen;
- unsigned char flag;
- unsigned short window;
- unsigned short chksum;
- unsigned short urgp;
- };
- struct iphdr{
- unsigned char hdlen_v;
- unsigned char tos;
- unsigned short totalen;
- unsigned short id;
- unsigned short fl_fr;
- unsigned char ttl;
- unsigned char proto;
- unsigned short chksum;
- unsigned int saddr;
- unsigned int daddr;
- };
- struct udphdr{
- unsigned short sport;
- unsigned short dport;
- unsigned short len;
- unsigned short chksum;
- };
- struct icmphdr{
- unsigned char type;
- unsigned char code;
- unsigned short chksum;
- };
- char *GetLocalIp();
- int BornRawSocket();
- struct _USERINFO sniffuserinfo;
- struct _RESULT result;
- int sockfd,i,fromlen,size=0;
- FILE *file;
- struct sockaddr from;
- char *srcip,*destip,*srcport,*destport,data[MAXDATALEN];
- struct iphdr *buffip;
- struct tcphdr *bufftcp;
- struct icmphdr *bufficmp;
- struct udphdr *buffudp;
- char *wday[]={"Sun","Mon","Tue","Wed","Thu","Fri","Sat"};
- time_t timep;
- struct tm *p;
- struct in_addr addr;
- short _sport,_dport;
- srcip=(char *)(malloc(100));
- destip=(char *)(malloc(100));
- srcport=(char *)(malloc(100));
- destport=(char *)(malloc(100));
- strcmp(sniffuserinfo.sourceip,"*");
- strcmp(sniffuserinfo.sourceport,"*");
- strcmp(sniffuserinfo.destip,"*");
- strcmp(sniffuserinfo.destport,"*");
- strcmp(sniffuserinfo.SnifferDataPath,"none");
- sniffuserinfo.LogData=0;
- for(i=1;i<argc;i++){
- if(strcmp(argv[i],"-si")==0) strcpy(sniffuserinfo.sourceip,argv[++i]);
- if(strcmp(argv[i],"-sp")==0) strcpy(sniffuserinfo.sourceport,argv[++i]);
- if(strcmp(argv[i],"-di")==0) strcpy(sniffuserinfo.destip,argv[++i]);
- if(strcmp(argv[i],"-dp")==0) strcpy(sniffuserinfo.destport,argv[++i]);
- if(strcmp(argv[i],"-o")==0){
- strcpy(sniffuserinfo.SnifferDataPath,argv[++i]);
- sniffuserinfo.LogData=1;
- }
- }
- if(!strcmp(sniffuserinfo.sourceip,"*"))
- strcpy(sniffuserinfo.sourceip,"all");
- if(!strcmp(sniffuserinfo.sourceport,"*"))
- strcpy(sniffuserinfo.sourceport,"all");
- else _sport=atoi(sniffuserinfo.sourceport);
- if(!strcmp(sniffuserinfo.destip,"*"))
- strcpy(sniffuserinfo.destip,"all");
- if(!strcmp(sniffuserinfo.destport,"*"))
- strcpy(sniffuserinfo.destport,"all");
- else _dport=atoi(sniffuserinfo.destport);
- if((sockfd=BornRawSocket())<=0)
- return 0;
- if(sniffuserinfo.LogData)
- {
- if((file=fopen("sniffuserinfo.sourceport","wt"))==NULL)
- {printf("\ncan not open file!\n\n");
- return 0;
- }
- }
- while(1)
- {bzero(&from,sizeof(from));
- fromlen=sizeof(from);
- if((size=recv(sockfd,data,sizeof(data),0))==-1)
- continue;
- time(&timep);
- p=localtime(&timep);
- buffip=(struct iphdt *)(data);
- addr.s_addr=buffip->saddr;
- strcpy(result.sip,inet_ntoa(addr));
- addr.s_addr=buffip->daddr;
- strcpy(result.dip,inet_ntoa(addr));
- if(strcmp(sniffuserinfo.sourceip,"all")!=0)
- if(strcmp(result.sip,sniffuserinfo.sourceip)!=0)
- continue;
- if(strcmp(sniffuserinfo.destip,"all")!=0)
- if(strcmp(result.dip,sniffuserinfo.destip)!=0)
- continue;
- result.totalen=buffip->totalen;
- switch(buffip->proto)
- {
- case 6: strcpy(result.protocol,"TCP");
- bufftcp=(struct tcphdr *)(data+20);
- result.sport=ntohs(bufftcp->sport);
- result.dport=ntohs(bufftcp->dport);
- if(strcmp(sniffuserinfo.sourceip,"all")!=0)
- if(_sport!=result.sport)
- break;
- if(strcmp(sniffuserinfo.destip,"all")!=0)
- if(_dport!=result.dport)
- break;
- fprintf(file,"%d-%d-%d %s%d:%d:%2d %-6s%-17s%-6d----> %-17s%-6d%5d Bytes\n",(1900+p->tm_year),( 1+p->tm_mon),( p->tm_mday),wday[p->tm_wday],p->tm_hour, p->tm_min, p->tm_sec,result.protocol,result.sip,result.sport,result.dip,result.dport,(result.totalen*4-20));
- break;
- case 17: strcpy(result.protocol,"UDP");
- buffudp=(struct udphdr *)(data+20);
- result.sport=ntohs(buffudp->sport);
- result.dport=ntohs(buffudp->dport);
- if(strcmp(sniffuserinfo.sourceport,"all")!=0)
- if(_sport!=result.sport)
- break;
- if(strcmp(sniffuserinfo.destport,"all")!=0)
- if(_dport!=result.dport)
- break;
- fprintf(file,"%d-%d-%d %s%d:%d:%2d %-6s%-17s%-6d----> %-17s%-6d%5d Bytes\n",(1900+p->tm_year),( 1+p->tm_mon), (p->tm_mday),wday[p->tm_wday],p->tm_hour, p->tm_min, p->tm_sec,result.protocol,result.sip,result.sport,result.dip,result.dport,(result.totalen*4-20));
- break;
- case 1: strcpy(result.protocol,"ICMP");
- bufficmp=(struct icmphdr *)(data+20);
- result.sport=0;
- result.dport=0;
- if(strcmp(sniffuserinfo.sourceport,"all")!=0)
- if(_sport!=result.sport)
- break;
- if(strcmp(sniffuserinfo.destport,"all")!=0)
- if(_dport!=result.dport)
- break;
- fprintf(file,"%d-%d-%d %s%d:%d:%2d %-6s%-17s%-6d----> %-17s%-6d%5d Bytes\n",(1900+p->tm_year),( 1+p->tm_mon),( p->tm_mday),wday[p->tm_wday],p->tm_hour, p->tm_min, p->tm_sec,result.protocol,result.sip,result.sport,result.dip,result.dport,(result.totalen*4-20));
- break;
- default : break;
- }
- }
- fclose(file);
- }
- int BornRawSocket()
- {
- int Socket;
- int rcvtimeout=5000;
- struct sockaddr_in localaddr;
- struct timeval _time,*ptime;
- _time.tv_sec=10;
- _time.tv_usec=0;
- ptime=&_time;
- Socket=socket(PF_INET,SOCK_RAW,IPPROTO_RAW);
- if(Socket<=0)
- {printf("socket error");
- return 0;
- }
- localaddr.sin_family=AF_INET;
- localaddr.sin_port=htons(6000);
- localaddr.sin_addr.s_addr=inet_addr(GetLocalIp());
- if(bind(Socket,(const struct sockaddr *)&localaddr,sizeof(localaddr))==-1)
- {
- printf("bind error");
- return 0;
- }
- return Socket;
- }
- char *GetLocalIp(){
- struct hostent *hp = NULL;
-
- char szName[255] = {0};
- char *pLocalIP = NULL;
-
- if (gethostname(szName, sizeof(szName)) == -1)
- {
- printf("gethostname error");
- return 0;
- }
-
- hp = gethostbyname(szName);
- if (NULL == hp)
- {
- printf("gethostbyname error");
- return 0;
- }
- pLocalIP = inet_ntoa(*(struct in_addr *)*(hp->h_addr_list));
- return pLocalIP;
- }
|
[ 本帖最后由 ruoyisiyu 于 2007-10-10 08:48 编辑 ] |
|
免费注册
发表于 2007-10-09 23:08
