socket网络编程实验——数据包的抓包分析一直不是太懂,一位大神同学帮忙写了部分代码,不过还是有点弄不懂,求指点!!!!怎么把代码补全,实现抓包分析呢?谢谢!!B
socket网络编程实验——数据包的抓包分析
一直不是太懂,一位大神同学帮忙写了部分代码,不过还是有点弄不懂,求指点!!!!
怎么把代码补全,实现抓包分析呢?谢谢!!
BOOL CTestDlg::SockInit()
{
WSADATA wsa;
if(WSAStartup(MAKEWORD(2,2),&wsa)!=0)
{
AfxMessageBox("WSAStartup fail!");
}
m_sock=socket(AF_INET,SOCK_RAW,0);
if(m_sock==INVALID_SOCKET)
{
AfxMessageBox("socket fail!");
}
SOCKADDR_IN addr;
addr.sin_family=AF_INET;
addr.sin_port=htons(5000);
struct hostent FAR * pHostent;
char FAR name[25];
gethostname(name, 25);
pHostent = gethostbyname(name);
memcpy(&addr.sin_addr.S_un.S_addr,pHostent->h_addr_list[0],pHostent->h_len);
if(bind(m_sock,(SOCKADDR *)&addr,sizeof(addr))!=0)
{
AfxMessageBox("bind fail!");
}
DWORD dwBytesRet;
unsigned int optval = 1;
int pCount=0;
if(INVALID_SOCKET==(WSAIoctl(m_sock,SIO_RCVALL,&optval,sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL)))
{
AfxMessageBox("WSAIoctl Fail!");
return false;
}
return true;
}
//2)初始化表格
BOOL CTestDlg::ListInit()
{
DWORD dwStyle = GetWindowLong(m_List.m_hWnd, GWL_STYLE);
SetWindowLong(m_List.m_hWnd,GWL_STYLE,dwStyle|LVS_REPO);
DWORD dwStyles = m_List.GetExStyle();
dwStyles &= ~LVS_EX_CHECKBOXES;
m_List.SetExtendedStyle(dwStyles|LVS_EX_FULLROWSELECT|LVXGRIDLINES);
m_List.InsertColumn(1,"版本",LVCFMT_CENTER,40,0);
m_List.InsertColumn(2,"头部长度",LVCFMT_CENTER,60,1);
m_List.InsertColumn(3,"服务类型",LVCFMT_CENTER,60,2);
m_List.InsertColumn(4,"总长度",LVCFMT_CENTER,50,3);
m_List.InsertColumn(5,"标识符",LVCFMT_CENTER,50,4);
m_List.InsertColumn(6,"标志位",LVCFMT_CENTER,50,5);
m_List.InsertColumn(7,"片偏移",LVCFMT_CENTER,50,6);
m_List.InsertColumn(8,"生存周期",LVCFMT_CENTER,60,7);
m_List.InsertColumn(9,"协议",LVCFMT_CENTER,40,8);
m_List.InsertColumn(10,"首部校验和",LVCFMT_CENTER,80,9);
m_List.InsertColumn(11,"源地址",LVCFMT_CENTER,100,10);
m_List.InsertColumn(12,"目的IP地址",LVCFMT_CENTER,100,11);
return true;
}
//3)ip,tcp,udp,icmp头部定义
struct iphead
{
unsigned char ip_EdiAndLen; //版本&首部长度
unsigned char ip_Serve; //服务类型
unsigned short int ip_Len; //总长度
unsigned short int ip_Sign; //标识
unsigned short int ip_MarkAndMove; //标识&片偏移
unsigned char ip_Ttl; //生存时间
unsigned char ip_Protocol; //上层协议
unsigned short int ip_Sum; //首部校验和
unsigned int ip_SoIp; //源ip
unsigned int ip_DeIp; //目的ip
};
struct tcphead
{
unsigned short tcp_SoPort; //16位的源端口
unsigned short tcp_DePort; //16位的目的端口
unsigned int tcp_Seq; //32位的序列号
unsigned int tcp_Ack; //32位的确认号
unsigned char tcp_LenAndRes; //4位的首部长度和4位的保留字
unsigned char tcp_Flag; //2位的保留字和6位的标志位
unsigned short tcp_Win; //16位的窗口大小
unsigned short tcp_Wum; //16位校验和
unsigned short tcp_Mov; //16位的紧急数据偏移量
};
struct udphead
{
unsigned short udp_SoPort; //源端口
unsigned short udp_DePort; //目的端口
unsigned short udp_Len; //总长度
unsigned short udp_Sum; //校验和
};
struct icmphead
{
unsigned char icmp_Type; //类型
unsigned char icmp_Code; //代码
unsigned short icmp_Sum; //16位检验和
};
//4)"开始"按钮事件
void CTestDlg::OnStart()
{
// TODO: Add your control notification handler code here
DWORD code;
if (!GetExitCodeThread(m_thr,&code) || (code != STILL_ACTIVE))
{
alldata * recvdata=new alldata;
recvdata->lis=&m_List;
recvdata->sock=m_sock;
m_thr=CreateThread(NULL,0,RecvProc,(LPVOID)recvdata,0,NULL);
CloseHandle(m_thr);
}
else
{
m_List.DeleteAllItems();
ResumeThread(m_thr);
}
GetDlgItem(IDC_STOP)->EnableWindow(TRUE);
GetDlgItem(IDC_START)->EnableWindow(FALSE);
GetDlgItem(IDC_STOP)->SetFocus();
}
//5)数据包抓取与初步处理
DWORD WINAPI CTestDlg::RecvProc(LPVOID lpParameter)
{
SOCKET sock=((alldata*)lpParameter)->sock;
CListCtrl * lis=(CListCtrl *)(((alldata*)lpParameter)->lis);
struct iphead *ih;
SOCKADDR_IN tem;
char RecvBuf[65535] = {0};
char soip[16];
char deip[16];
char buf[100];
int i=0;
while(1)
{
if(int a=recv(sock,ddat[++count].buff,sizeof(ddat[count].buff),0)<=0)
continue;
ih=(struct iphead *)(ddat[count].buff);
tem.sin_addr.s_addr=ih->ip_SoIp;
strncpy(soip,inet_ntoa(tem.sin_addr),16);
tem.sin_addr.s_addr=ih->ip_DeIp;
strncpy(deip,inet_ntoa(tem.sin_addr),16);
lis->InsertItem(i, "fdgfg");
sprintf(buf,"%d",ih->ip_EdiAndLen>>4);
lis->SetItemText(i,0,buf);
sprintf(buf,"%d",ih->ip_EdiAndLen&0xf);
lis->SetItemText(i,1,buf);
sprintf(buf,"%d",ih->ip_Serve);
lis->SetItemText(i,2,buf);
sprintf(buf,"%d",ih->ip_Len);
lis->SetItemText(i,3,buf);
sprintf(buf,"%d",ih->ip_Sign);
lis->SetItemText(i,4,buf);
sprintf(buf,"%d",ih->ip_MarkAndMove >>13);
lis->SetItemText(i,5,buf);
sprintf(buf,"%d",ih->ip_MarkAndMove&0x1fff);
lis->SetItemText(i,6,buf);
sprintf(buf,"%d",ih->ip_Ttl);
lis->SetItemText(i,7,buf);
switch((int)ih->ip_Protocol)
{
case 1:sprintf(buf,"%s","ICMP");break;
case 2:sprintf(buf,"%s","IGMP");break;
case 6:sprintf(buf,"%s","TCP");break;
case 8:sprintf(buf,"%s","EGP");break;
case 9:sprintf(buf,"%s","IGP");break;
case 17:sprintf(buf,"%s","UDP");break;
case 41:sprintf(buf,"%s","IPv6");break;
case 89:sprintf(buf,"%s","OSPF");break;
default:sprintf(buf,"%s","Error");
}
lis->SetItemText(i,8,buf);
sprintf(buf,"%d",ih->ip_Sum);
lis->SetItemText(i,9,buf);
sprintf(buf,"%s",soip);
lis->SetItemText(i,10,buf);
sprintf(buf,"%s",deip);
lis->SetItemText(i,11,buf);
i++;
Sleep(100);
}
return true;
}
//6)表格单击事件
void CTestDlg::OnClickList1(NMHDR* pNMHDR, LRESULT* pResult)
{
// TODO: Add your control notification handler code here
NM_LISTVIEW* pNMListView = (NM_LISTVIEW*)pNMHDR;
CString buf;
char tem[100];
int i;
if(pNMListView->iItem != -1)
{
i=pNMListView->iItem;
CString strtemp;
CNewDlg newdlg;
iphead *iph=(iphead *)(ddat[i].buff);
tcphead th=*((tcphead *)(ddat[i].buff+(iph->ip_EdiAndLen&0xf)*4));
udphead uh=*((udphead *)(ddat[i].buff+(iph->ip_EdiAndLen&0xf)*4));
icmphead ih=*((icmphead *)(ddat[i].buff+(iph->ip_EdiAndLen&0xf)*4));
switch((int)iph->ip_Protocol)
{
case 6:
sprintf(tem,"源端口:%d\r\n",th.tcp_SoPort);
buf+=tem;
sprintf(tem,"目的端口:%d\r\n",th.tcp_DePort);
buf+=tem;
sprintf(tem,"序列号:%d\r\n",th.tcp_Seq);
buf+=tem;
sprintf(tem,"确认号:%d\r\n",th.tcp_Ack);
buf+=tem;
sprintf(tem,"数据偏移:%d\r\n",th.tcp_LenAndRes>>4);
buf+=tem;
sprintf(tem,"保留:%d\r\n",th.tcp_LenAndRes&0xf);
buf+=tem;
sprintf(tem,"标志:%d\r\n",th.tcp_Flag&0x3f);
buf+=tem;
sprintf(tem,"窗口:%d\r\n",th.tcp_Win);
buf+=tem;
sprintf(tem,"校验和:%d\r\n",th.tcp_Wum);
buf+=tem;
sprintf(tem,"紧急指针:%d\r\n",th.tcp_Mov);
buf+=tem;
newdlg.m_data=buf;
break;
case 17:
sprintf(tem,"源端口:%d\r\r\n",uh.udp_SoPort);
buf+=tem;
sprintf(tem,"目的端口:%d\r\n",uh.udp_DePort);
buf+=tem;
sprintf(tem,"长度:%d\r\n",uh.udp_Len);
buf+=tem;
sprintf(tem,"校验和:%d\r\n",uh.udp_Sum);
buf+=tem;
newdlg.m_data=buf;
break;
case 1:
sprintf(tem,"类型:%d\r\n",ih.icmp_Type);
buf+=tem;
sprintf(tem,"代码:%d\r\n",ih.icmp_Code);
buf+=tem;
sprintf(tem,"校验和:%d\r\n",ih.icmp_Sum);
buf+=tem;
newdlg.m_data=buf;
break;
default:
AfxMessageBox("No Data!");
newdlg.m_data="";
}
newdlg.DoModal();
}
*pResult = 0;
}
//7)"停止"按钮事件
void CTestDlg::OnStop()
{
// TODO: Add your control notification handler code here
SuspendThread(m_thr);
DWORD code;
CString strDate;
CString strBuf;
int index = m_List.GetItemCount();
int i,j = 0;
GetExitCodeThread(m_thr,&code);
if (code != STILL_ACTIVE)
{
AfxMessageBox("程序初始化失败!\n请检查配置后重新运行!");
}
else
{
CTime ttime = CTime::GetCurrentTime();
strDate.Format("%d-%d-%d-",ttime.GetYear(),ttime.GetMonth(),ttime.GeD
ay());
strDate += ttime.Format("%H-%M-%S");
ofstream outfile("history\\" + strDate + ".log");
outfile<
< < < < < < < < < < < <
while (j < index)
{
for (i = 0;i < 12;i++)
{
strBuf = m_List.GetItemText(j,i);
switch(i)
{
case 0:
outfile< break;
case 1:
outfile< break;
case 2:
outfile< break;
case 3:
outfile< break;
case 4:
outfile< break;
case 5:
outfile< break;
case 6:
outfile< break;
case 7:
outfile< break;
case 8:
outfile< break;
case 9:
outfile< break;
case 10:
outfile< break;
case 11:
outfile< outfile< j++;
break;
}
}
}
outfile.close();
AfxMessageBox("数据已写入日志文件!");
}
GetDlgItem(IDC_STOP)->EnableWindow(FALSE);
GetDlgItem(IDC_START)->EnableWindow(TRUE);
GetDlgItem(IDC_START)->SetFocus();
}
7 个解决方案
研究下wireshark的源码就可以了。
Wireshark是目前全世界最广泛的网络数据包分析软件之一。在GNU GPL通用许可证的保障范围底下,用户可以以免费的代价取得软件与其代码,并拥有针对其源代码修改及定制化的权利。
这个是一个基于窗口的socket抓包编程,就是程序还不完整,我希望大家可以帮忙看看,怎么才可以实现基于窗口的编程呢?
非常感谢~~
京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有