www.pudn.com > sniffer.rar > tcpip2.cpp
#include
#include
#include "Winsock2.h"
//#include "ws2tcpip.h"
void decode_ip(unsigned char *);
void decode_tcp(unsigned char *,int);
void decode_udp(unsigned char *);
void exchange(USHORT &dx);
void decode_getid(unsigned char *ppa,int );
void decode_ICMP(unsigned char *pa);
void decode_IGMP(unsigned char *pa);
char FocusStr_UserName[]={"username="};
char FocusStr_Password[]={"password="};
typedef struct _iphdr
{
unsigned char h_lenver; //4位首部长度+4位IP版本号 (1 0x0100 0101 4 5
unsigned char tos; //8位服务类型TOS (2 0
unsigned short total_len; //16位总长度(字节) (34 xx xx
unsigned short ident; //16位标识 (56 xx xx
unsigned short frag_and_flags; //3位标志位 (78 40/0 0
unsigned char ttl; //8位生存时间 TTL (9 xx
unsigned char proto; //8位协议 (TCP, UDP 或其他) (10 1/6/11 上层协议 1=ICMP,2=IGMP,6=TCP,17=UDP
unsigned short checksum; //16位IP首部校验和 (11,12
unsigned int sourceIP; //32位源IP地址 (13-16
unsigned int destIP; //32位目的IP地址 (17-20
}IP_HEADER;
typedef struct _tcphdr //定义TCP首部
{
USHORT th_sport; //16位源端口
USHORT th_dport; //16位目的端口
unsigned int th_seq; //32
unsigned int th_ack; //32
unsigned char th_lenres; //4位首部长度/6位保留字
unsigned char th_flag; //6位标志位
USHORT th_win; //16位窗口大小
USHORT th_sum; //16位校验和
USHORT th_urp; //16位紧急数据偏移量 (20
}TCP_HEADER;
typedef struct _udphdr //定义UDP首部 (8)
{
unsigned short uh_sport;
unsigned short uh_dport;
unsigned short uh_len;
unsigned short uh_sum;
} UDP_HEADER;
typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号(一般用进程号作为识别号)
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER;
typedef struct _igmphdr
{
UCHAR i_code; //4位版本 4位类型
UCHAR i_nv; //没用
USHORT i_cksum; //16位校验和
ULONG i_addr; //32位组地址
}IGMP_HEADER;
void decode_ip(unsigned char *a) //分析IP包,判断IP包中的上层协议类型TCP UDP IGMP ICMP
{
IP_HEADER p;
memcpy(&p,a,sizeof(IP_HEADER));
p.sourceIP=htons(p.sourceIP);
p.destIP=htons(p.destIP);
p.total_len=htons(p.total_len);
p.ident=htons(p.ident);
unsigned char *pa=a+sizeof(IP_HEADER);
printf("IPv%x: ",p.h_lenver>>4);
// printf("%x%x ",p.sourceIP);
printf("%d.%d.%d.%d=>",a[12],a[13],a[14],a[15]); //sIP
printf("%d.%d.%d.%d ",a[16],a[17],a[18],a[19]); //dIP
printf("length:%d ",p.total_len); //包长度
switch(p.proto)
{
case 6: //tcp
decode_tcp(pa,(p.total_len-20));
break;
case 17: //udp
decode_udp(pa);
break;
case 1: //ICMP
decode_ICMP(pa);
break;
case 2: //IGMP
decode_IGMP(pa);
break;
default: //有待分析的类型,2f
printf("unkonwn packet**************%x\n",p.proto);
break;
}
}
void decode_tcp(unsigned char *pa,int n) //分析TCP包
{
int i=0;
TCP_HEADER p;
memcpy(&p,pa,sizeof(TCP_HEADER));
exchange(p.th_dport);
exchange(p.th_sport);
printf("TCP: ");
unsigned char temp; //分析ACK,SYN
for(i=2;i<8;i++)
{
temp=p.th_flag;
temp=temp<",p.th_sport); //分析端口
printf("%d TCP\n",p.th_dport);
unsigned char *ppa=pa+sizeof(TCP_HEADER);
decode_getid(ppa,(n-20));
}
void decode_udp(unsigned char *pa) //分析UDP包
{
UDP_HEADER p;
memcpy(&p,pa,sizeof(UDP_HEADER));
exchange(p.uh_dport);
exchange(p.uh_sport);
exchange(p.uh_len);
printf("UDP: ");
printf("%d",p.uh_len);
printf("端口:%d=>",p.uh_sport); //分析端口
printf("%d UDP\n",p.uh_dport);
}
void decode_getid(unsigned char *ppa,int n) //检索关键词
{
char *pa=(char*)ppa;
char *p=pa;
int i;
p=strstr(pa,FocusStr_UserName);
if(p!=NULL)
{
char *m=strstr(p,"&");
int x=m-p;
printf("**************************\n");
for(i=0;i>8)|(dx<<8);
}