|
阅读:1802回复:5
大夏:关于WIN 2K RAW SOCKET 的问题!
公司要写个sniffit 的程序。
但是要监听的是IPX协议包,W2K 的RAW SOCKET 可以监听网络包,对IPX的包好象没有办法吧? 该如何解决这个问题呢? 一定要用到NDIS 吗? |
|
|
|
沙发#
发布于:2001-10-17 23:33
你发来的文件的ntsniff\ntsniff.c的main函数!我加了点注释!
希望你能完成你的项目~~ int __cdecl main(int argc, char *argv[]) { int ii, iPacketCount = 0, iPacketSniffed = 0; WORD wVersionRequested = MAKEWORD(2, 0); ULONG NameLength = sizeof(Adapter.AdapterName); PVOID pPacket; ETHER_PACKET *pEthPkt = (ETHER_PACKET *) Adapter.PacketBuffer; IP_HEADER *pIpHdr = (IP_HEADER *) ((char *) &pEthPkt->IP); WSADATA wsaData; if (WSAStartup(wVersionRequested, &wsaData) != 0)//启动winsock!! { _ftprintf(stderr, _T("Unable to find socket library\n")); return (1); } if (ParseCmdLine(argc, argv) < 0)//检查参数!其中ShowUsage函数是显示参数! { WSACleanup(); return (1); } SZERO(Adapter);// 这个宏是这么定义的:memset(&(s), 0, sizeof(s)) PacketGetAdapterNames(Adapter.AdapterName/*返回在此*/, &NameLength);//读取注册表取得适配器名 Adapter.BufferSize = MAX_PACKET_SIZE;//设置缓冲区大小 if ((Adapter.hFile = PacketOpenAdapter(Adapter.AdapterName)) == NULL)//打开适配器 { _ftprintf(stderr, _T("Unable to open adapter %s\n"), Adapter.AdapterName); WSACleanup(); return (1); } PacketSetFilter(Adapter.hFile, NDIS_PACKET_TYPE_PROMISCUOUS);//设置网卡为混杂模式 if ((pPacket = PacketAllocatePacket(Adapter.hFile)) == NULL)//分配数据包缓冲区 ‘ { _ftprintf(stderr, _T("Unable to allocate packet\n")); PacketCloseAdapter(Adapter.hFile); WSACleanup(); return (1); } SetConsoleCtrlHandler((PHANDLER_ROUTINE) CtrlC_Handler, TRUE);//设置ctrl+c控制 if (InitVictims(Victim, COUNTOF(Victim)) < 0) { PacketFreePacket(pPacket);//释放packet缓冲 PacketCloseAdapter(Adapter.hFile);//关闭网卡句柄! WSACleanup(); return (1); } if (strlen(szDumpFile) > 0) pDumpFile = fopen(szDumpFile, "wt");//要写dump的文件句柄!截获的包在这文件里! else pDumpFile = stdout; while (!iStopSniff) { PacketInitPacket(pPacket, Adapter.PacketBuffer, Adapter.BufferSize);//初始化包的缓冲!为存放收来的包做准备!packet32.h里有定义!去看看! PacketReceivePacket(Adapter.hFile, pPacket/*包和包的长度都在这个结构体里*/, TRUE, &Adapter.PacketLength);//收包! ++iPacketCount; //后面的就是分解包和关闭工作了~~想必看到这该知道要做什么了!! if (Adapter.PacketLength >= (sizeof(ETH_HEADER) + sizeof(IP_HEADER) + sizeof(TCP_HEADER))) { int i_IPH_Size = pIpHdr->ihl * 4; TCP_HEADER *pTcpHdr = (TCP_HEADER *) ((char *) pIpHdr + i_IPH_Size); int i_TCPH_Size = pTcpHdr->doff * 4; VICTIM *pVictim = FilterPacket(pIpHdr, pTcpHdr, Victim, COUNTOF(Victim)); if (pVictim != NULL) { int iDataSize = ((int) ntohs(pIpHdr->tot_len) - i_IPH_Size - i_TCPH_Size); BYTE *pPktData = (BYTE *) pTcpHdr + i_TCPH_Size; ++iPacketSniffed; StoreData(iDataSize, (char *) pPktData, pVictim); } if ((lMaxSniffedData > 0) && (lSniffedData > lMaxSniffedData)) break; } } for (ii = 0; ii < COUNTOF(Victim); ii++) FlushVictim(&Victim[ii]); FreeVictims(Victim, COUNTOF(Victim)); if (pDumpFile != stdout) fclose(pDumpFile); _ftprintf(stderr, _T("Received %d packets - %d sniffed\n"), iPacketCount, iPacketSniffed); PacketFreePacket(pPacket); PacketResetAdapter(Adapter.hFile); PacketCloseAdapter(Adapter.hFile); WSACleanup(); return (0); } |
|
|
|
板凳#
发布于:2001-10-17 23:33
你发来的文件的ntsniff\ntsniff.c的main函数!我加了点注释!
希望你能完成你的项目~~我得去睡了! int __cdecl main(int argc, char *argv[]) { int ii, iPacketCount = 0, iPacketSniffed = 0; WORD wVersionRequested = MAKEWORD(2, 0); ULONG NameLength = sizeof(Adapter.AdapterName); PVOID pPacket; ETHER_PACKET *pEthPkt = (ETHER_PACKET *) Adapter.PacketBuffer; IP_HEADER *pIpHdr = (IP_HEADER *) ((char *) &pEthPkt->IP); WSADATA wsaData; if (WSAStartup(wVersionRequested, &wsaData) != 0)//启动winsock!! { _ftprintf(stderr, _T("Unable to find socket library\n")); return (1); } if (ParseCmdLine(argc, argv) < 0)//检查参数!其中ShowUsage函数是显示参数! { WSACleanup(); return (1); } SZERO(Adapter);// 这个宏是这么定义的:memset(&(s), 0, sizeof(s)) PacketGetAdapterNames(Adapter.AdapterName/*返回在此*/, &NameLength);//读取注册表取得适配器名 Adapter.BufferSize = MAX_PACKET_SIZE;//设置缓冲区大小 if ((Adapter.hFile = PacketOpenAdapter(Adapter.AdapterName)) == NULL)//打开适配器 { _ftprintf(stderr, _T("Unable to open adapter %s\n"), Adapter.AdapterName); WSACleanup(); return (1); } PacketSetFilter(Adapter.hFile, NDIS_PACKET_TYPE_PROMISCUOUS);//设置网卡为混杂模式 if ((pPacket = PacketAllocatePacket(Adapter.hFile)) == NULL)//分配数据包缓冲区 ‘ { _ftprintf(stderr, _T("Unable to allocate packet\n")); PacketCloseAdapter(Adapter.hFile); WSACleanup(); return (1); } SetConsoleCtrlHandler((PHANDLER_ROUTINE) CtrlC_Handler, TRUE);//设置ctrl+c控制 if (InitVictims(Victim, COUNTOF(Victim)) < 0) { PacketFreePacket(pPacket);//释放packet缓冲 PacketCloseAdapter(Adapter.hFile);//关闭网卡句柄! WSACleanup(); return (1); } if (strlen(szDumpFile) > 0) pDumpFile = fopen(szDumpFile, "wt");//要写dump的文件句柄!截获的包在这文件里! else pDumpFile = stdout; while (!iStopSniff) { PacketInitPacket(pPacket, Adapter.PacketBuffer, Adapter.BufferSize);//初始化包的缓冲!为存放收来的包做准备!packet32.h里有定义!去看看! PacketReceivePacket(Adapter.hFile, pPacket/*包和包的长度都在这个结构体里*/, TRUE, &Adapter.PacketLength);//收包! ++iPacketCount; //后面的就是分解包和关闭工作了~~想必看到这该知道要做什么了!! if (Adapter.PacketLength >= (sizeof(ETH_HEADER) + sizeof(IP_HEADER) + sizeof(TCP_HEADER))) { int i_IPH_Size = pIpHdr->ihl * 4; TCP_HEADER *pTcpHdr = (TCP_HEADER *) ((char *) pIpHdr + i_IPH_Size); int i_TCPH_Size = pTcpHdr->doff * 4; VICTIM *pVictim = FilterPacket(pIpHdr, pTcpHdr, Victim, COUNTOF(Victim)); if (pVictim != NULL) { int iDataSize = ((int) ntohs(pIpHdr->tot_len) - i_IPH_Size - i_TCPH_Size); BYTE *pPktData = (BYTE *) pTcpHdr + i_TCPH_Size; ++iPacketSniffed; StoreData(iDataSize, (char *) pPktData, pVictim); } if ((lMaxSniffedData > 0) && (lSniffedData > lMaxSniffedData)) break; } } for (ii = 0; ii < COUNTOF(Victim); ii++) FlushVictim(&Victim[ii]); FreeVictims(Victim, COUNTOF(Victim)); if (pDumpFile != stdout) fclose(pDumpFile); _ftprintf(stderr, _T("Received %d packets - %d sniffed\n"), iPacketCount, iPacketSniffed); PacketFreePacket(pPacket); PacketResetAdapter(Adapter.hFile); PacketCloseAdapter(Adapter.hFile); WSACleanup(); return (0); } |
|
|
|
地板#
发布于:2001-10-17 23:36
按错所以多发了一篇重复的!!呵呵~~打瞌睡了!
|
|
|
|
地下室#
发布于:2001-10-18 09:23
老弟,
辛苦,辛苦!! 啥时候来我这,叫一声,一定招呼你吃顿好的。 我再好好看看你写的注释和代码。 谢了! |
|
|
|
5楼#
发布于:2001-10-18 10:20
给分给分~~~哈哈!我还没拿过分呢!
|
|
|