?
hi leute ich schrieb folgenden code, welcher traffic snifft und tcpheader und payload ausgiebt, nun meine frage , ist es möglich nur packete auszugeben die das wort "pass" enthalten ;=), habe es mit strstr und strncmp versucht , aber meine vermutung ist das diese funktion einfach zulangsam ist...
danke im voraus
/*
You Have to link it with WS2_32.lib
I have this code successfully compiled and tested under win2k and vc6++
This code is my first try with raw sockets under windows!
This code based on
->http://blacksun.box.sk/tutorials/format.php3?file=part3.html
->http://www.somethinginteresting.org/poorsniff/
->And Linsniffer
comments to ich@delikon.de or visit me at www.delikon.de
The output looks like this
************PACKETstart************
192.168.0.113->194.6*.*.*
TTL=128
Flags=6144
destport=110
sourceport=1279
-----------DATAstart---------
PASS ******
-----------DATAend---------
***************PACKETend************
The Flags are in this example only numbers, i don't have time to write a function which can
convert it. So do it you self :=)
fin 256
syn 512
rst 1024
psh 2048
ack 4096
urg 8192
P.S If in a packet are two flags like fin and syn the number is (256+512)=768
mhh thats all i think.
*/
#include "head.h"
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
#define MAX_ADDR_LEN 16
#define MAX_HOSTNAME_LAN 255
char Pass[65];
char Pass2[65];
/*Under Construction ;=)
void flag (int f)
{
if (f ==256)
printf("Fin");
if (f == 512)
printf("Syn");
if (f == 1024)
printf("Rst");
if (f == 2048)
printf("Psh");
if (f == 4096)
printf("Ack");
if (f == 8192)
printf("Urg");
else
{}
}
*/
//Thanks too Mike Edulla for Linsniffer
void print_data(int datalen, char *data)
{
int t=0;
for(int i=38;i != datalen;i++)
{
if(data[i] == 13)
{
printf("\n");
t=0;
}
if(isprint(data[i]))
{
sprintf(Pass,"%c", data[i]);
t++;
printf("%s",Pass);
}
if(t > 75)
{
t=0;
printf("\n");
}
}
}
typedef struct _iphdr
{
unsigned char h_lenver;
unsigned char tos;
unsigned short total_len;
unsigned short ident;
unsigned short frag_and_flags;
unsigned char ttl;
unsigned char proto;
unsigned short checksum;
unsigned int sourceIP;
unsigned int destIP;
}IP_HDR;
typedef struct tcpheader {
unsigned short int sport;
unsigned short int dport;
unsigned int th_seq;
unsigned int th_ack;
unsigned char th_x2:4;
unsigned char th_off:4;
unsigned char Flags;
unsigned short int th_win;
unsigned short int th_sum;
unsigned short int th_urp;
}TCP_HDR;
void RecvPacket();
int filterpacket(char *buf);
char output[500];
void main()
{
RecvPacket();
}
void RecvPacket()
{
SOCKET sock;
WSADATA wsd;
char RecvBuf[65535] = {0};
DWORD dwBytesRet;
unsigned int optval = 1;
WSAStartup(MAKEWORD(2,1),&wsd);
sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
char FAR name[MAX_HOSTNAME_LAN];
gethostname(name, MAX_HOSTNAME_LAN);
struct hostent FAR * pHostent;
pHostent = (struct hostent * )malloc(sizeof(struct hostent));
pHostent = gethostbyname(name);
SOCKADDR_IN sa;
sa.sin_family = AF_INET;
sa.sin_port = htons(6000);
memcpy(&sa.sin_addr.S_un.S_addr, pHostent->h_addr_list[0], pHostent->h_length);
bind(sock, (SOCKADDR *)&sa, sizeof(sa));
WSAIoctl(sock, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL);
while (1)
{
memset(RecvBuf, 0, sizeof(RecvBuf));
recv(sock, RecvBuf, sizeof(RecvBuf), 0);
// Filter the Packet
IP_HDR *pIpheader;
TCP_HDR *pTcpheader;
char szSourceIP[MAX_ADDR_LEN], szDestIP[MAX_ADDR_LEN];
SOCKADDR_IN saSource, saDest;
pIpheader = (IP_HDR *)RecvBuf;
pTcpheader = (TCP_HDR *)(RecvBuf+ sizeof(IP_HDR));
//Check Source IP
saSource.sin_addr.s_addr = pIpheader->sourceIP;
strncpy(szSourceIP, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN);
//Check Dest IP
saDest.sin_addr.s_addr = pIpheader->destIP;
strncpy(szDestIP, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN);
printf("\n************PACKETstart************\n");
printf("%s->%s\n", szSourceIP, szDestIP);
printf("TTL=%d\n",pIpheader->ttl);
printf("Flags=%d\n",htons(pTcpheader->Flags));
printf("destport=%d\nsourceport=%d\n", ntohs(pTcpheader->dport),ntohs(pTcpheader->sport));
printf("\n\n\n-----------DATAstart---------\n");
print_data(13+(htons(pIpheader->total_len))-sizeof(pIpheader)-sizeof(pTcpheader), RecvBuf);
printf("\n-----------DATAend---------\n");
printf("\n\n***************PACKETend************\n");
}
}
