荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: bstone (Back to real world!), 信区: Hacker
标 题: 窥视器程序
发信站: BBS 荔园晨风站 (Thu Mar 30 17:19:24 2000), 站内信件
发信人: AngelFalls (Happiness Forever), 信区: Security
标 题: 窥视器程序
发信站: 武汉白云黄鹤站 (Wed Mar 29 18:18:11 2000), 站内信件
#include <netdb.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <net/if_packet.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <signal.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/if_ether.h>
#include <string.h>
#include <arpa/inet.h>
#include <net/if_arp.h>
#include <netinet/ip_icmp.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <unistd.h>
#define ETH_H_LEN 6
#define ETH_H_LEN 6
#define IP_HLEN 4
struct arp_hdr{
u_char dst_addr[ETH_H_LEN];
u_char src_addr[ETH_H_LEN];
u_short frame_type;
u_short hw_type;
u_short proto_type;
u_char hw_addr_len;
u_char proto_addr_len;
u_short op;
u_char snd_hw_addr[ETH_H_LEN];
u_char snd_ip_addr[IP_HLEN];
u_char rcv_hw_addr[ETH_H_LEN];
u_char rcv_ip_addr[IP_HLEN];
};
struct icmp_hdr{
u_int8_t type;
u_int8_t code;
u_int16_t checksum;
u_int16_t id;
u_int16_t id;
u_int16_t sequence;
};
int sock_pak;
struct ifreq ifr_old;
char *hw_addr(u_char str_hw[ETH_H_LEN], char *result)
{
sprintf(result, "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x", str_hw[0], str_hw[1],
str_hw[2], str_hw[3], str_hw[4], str_hw[5]);
return result;
}
char *ip_flag(u_int16_t flag, char *str_frag)
{
char dont_frag[5], more_frag[5];
flag = ntohs(flag);
if( IP_DF & flag )
strcpy(dont_frag, "Yes");
else
strcpy(dont_frag, "No");
if( IP_MF & flag )
strcpy(more_frag, "Yes");
else
strcpy(more_frag, "No");
sprintf(str_frag, "Don't frag : %s, More frag : %s", dont_frag,
more_frag);
return str_frag;
}
char *ip_proto(u_int8_t proto, char *str_proto)
{
switch( proto )
{
case 1:
strcpy(str_proto, "ICMP");
break;
case 2:
strcpy(str_proto, "IGMP");
break;
case 6:
strcpy(str_proto, "TCP");
break;
break;
case 17:
strcpy(str_proto, "UDP");
break;
default:
sprintf(str_proto, "%.2x", proto);
break;
}
return str_proto;
}
void dealICMP(u_char *pack, int n)
{
struct icmp_hdr *icmp;
icmp = (struct icmp_hdr*)(pack + sizeof(struct ethhdr) + sizeof(struct p
hdr));
printf("\nICMP Header Analysis:\n");
switch(icmp->type)
{
case ICMP_ECHOREPLY:
printf("type : ICMP_ECHOREPLY, ");
break;
case ICMP_DEST_UNREACH:
case ICMP_DEST_UNREACH:
printf("type : ICMP_DEST_UNREACH, ");
break;
case ICMP_SOURCE_QUENCH:
printf("type : ICMP_SOURCE_QUENCH, ");
break;
case ICMP_REDIRECT:
printf("type : ICMP_REDIRECT, ");
break;
case ICMP_ECHO:
printf("type : ICMP_ECHO, ");
break;
case ICMP_TIME_EXCEEDED:
printf("type : ICMP_TIME_EXCEEDED, ");
break;
case ICMP_PARAMETERPROB:
printf("type : ICMP_PARAMETERPROB, ");
break;
case ICMP_TIMESTAMP:
printf("type : ICMP_TIMESTAMP, ");
break;
case ICMP_TIMESTAMPREPLY:
printf("type : ICMP_TIMESTAMPREPLY, ");
printf("type : ICMP_TIMESTAMPREPLY, ");
break;
case ICMP_INFO_REQUEST:
printf("type : ICMP_INFO_REQUEST, ");
break;
case ICMP_INFO_REPLY:
printf("type : ICMP_INFO_REPLY, ");
break;
case ICMP_ADDRESS:
printf("type : ICMP_ADDRESS, ");
break;
case ICMP_ADDRESSREPLY:
printf("type : ICMP_ADDRESSREPLY, ");
break;
default:
printf("type : %.2x, ", icmp->type);
break;
}
printf("Code : %d, Id : %d, Sequence : %d\n", icmp->code, ntohs(icmp->i)
,
ntohs(icmp->sequence));
}
printf("type : ICMP_TIMESTAMPREPLY, ");
break;
case ICMP_INFO_REQUEST:
printf("type : ICMP_INFO_REQUEST, ");
break;
case ICMP_INFO_REPLY:
printf("type : ICMP_INFO_REPLY, ");
break;
case ICMP_ADDRESS:
printf("type : ICMP_ADDRESS, ");
break;
case ICMP_ADDRESSREPLY:
printf("type : ICMP_ADDRESSREPLY, ");
break;
default:
printf("type : %.2x, ", icmp->type);
break;
}
printf("Code : %d, Id : %d, Sequence : %d\n", icmp->code, ntohs(icmp->i)
,
ntohs(icmp->sequence));
}
void dealIGMP(u_char *pack, int n)
{
}
void dealTCP(u_char *pack, int n)
{
struct tcphdr *thdr;
thdr = (struct tcphdr*)(pack + sizeof(struct ethhdr) + sizeof(struct ipd
r));
printf("\nTCP Header Analysis:\n");
printf("Src Port : %d, Dst Port : %d, Seq : %d, ACK_Seq : %d\n",
ntohs(thdr->source), ntohs(thdr->dest),
ntohl(thdr->seq), ntohl(thdr->ack_seq));
printf("HLen : %d, Fin : %d, SYN : %d, RST : %d, PSH : %d, ACK : %d, UR
: %d\n",
thdr->doff, thdr->fin, thdr->syn, thdr->rst,
thdr->psh, thdr->ack, thdr->urg);
}
void dealUDP(u_char *pack, int n)
{
struct udphdr *uhdr;
struct udphdr *uhdr;
printf("\nUDP Header Analysis:\n");
uhdr = (struct udphdr*)(pack + sizeof(struct ethhdr) + sizeof(struct ipd
r));
printf("Src Port : %d, Dst Port : %d, Message Length : %d\n",
ntohs(uhdr->source), ntohs(uhdr->dest), ntohs(uhdr->len));
}
void leave(int signo)
{
ifr_old.ifr_flags &= ~IFF_PROMISC;
if( ioctl(sock_pak, SIOCSIFFLAGS, &ifr_old) < 0 )
{
perror("Restore IFF_PROMISC");
exit(-1);
}
setuid(getuid());
exit(0);
}
int main(int argc, char *argv[])
{
struct ifreq ifr;
ifr_old = ifr;
ifr.ifr_flags |= IFF_PROMISC;
if( ioctl(sock_pak, SIOCSIFFLAGS, &ifr) < 0 )
{
perror("Ioctl SIOCSIFFLAGS");
exit(-1);
}
signal(SIGINT, leave);
signal(SIGTERM, leave);
for(i=0; i<80; i++)
printf("+");
printf("\nSnoopy's nose begins to work now!\n");
for(i=0; i<80; i++)
printf("+");
printf("\n\n");
while(1)
{
sa_len = sizeof(sa_from);
bzero(&sa_from, sa_len);
if ( (n = recvfrom(sock_pak, recvbuf, sizeof(recvbuf), 0, &sa_fo
if ( (n = recvfrom(sock_pak, recvbuf, sizeof(recvbuf), 0, &sa_fo
m, &sa_len)) < 0)
perror("Recvfrom");
recvbuf[n] = 0;
ehdr = (struct ethhdr *)recvbuf;
for(i=0; i<80; i++)
printf("*");
if( ntohs(ehdr->h_proto) == 0x0800 ) //IP datagram
{
printf("\nIPv4 datagram from %s to %s\n", hw_addr(ehdr-h
_source, str_hw1),
hw_addr(ehdr->h_dest, str_hw2));
printf("\nIP Header Analysis:\n");
ip_hdr = (struct iphdr*)(recvbuf + sizeof(struct ethhdr)
;
printf("Ver : 4, HLen : %d, Type Of Service : %d, TotalL
ength : %d\n",
ip_hdr->ihl, ip_hdr->tos, ntohs(ip_hdr->tot_len)
;
printf("Id : %d, %s\n", ntohs(ip_hdr->id), ip_flag(ip_hr
->frag_off, str_flag));
dst_addr.s_addr = ip_hdr->daddr;
dst_addr.s_addr = ip_hdr->daddr;
src_addr.s_addr = ip_hdr->saddr;
strcpy( str_src, inet_ntoa(src_addr));
strcpy( str_dst, inet_ntop(AF_INET, &dst_addr, str_flag
sizeof(str_flag)));
printf("Src IP : %s, Dst IP : %s, Protocol : %s\n",
str_src, str_dst, ip_proto(ip_hdr->protocol, st_
flag));
switch( ip_hdr->protocol )
{
case 1:
dealICMP(recvbuf, n);
break;
case 2:
dealIGMP(recvbuf, n);
break;
case 6:
dealTCP(recvbuf, n);
break;
case 17:
dealUDP(recvbuf, n);
break;
default:
default:
break;
}
}
else if( ntohs(ehdr->h_proto) == 0x0806 ) //ARP datagram
{
printf("\nARP datagram from %s to %s\n", hw_addr(ehdr->_
source, str_hw1),
hw_addr(ehdr->h_dest, str_hw2));
ahdr = (struct arp_hdr*)recvbuf;
printf("HW type : %d, Proto : %d, HW Addr Len : %d, Proo
Addr Len : %d\n",
ntohs(ahdr->hw_type), ntohs(ahdr->proto_type),
ahdr->hw_addr_len, ahdr->proto_addr_len);
switch( ntohs(ahdr->op) )
{
case 1:
printf("Operation : ARP Request\n");
break;
case 2:
printf("Operation : ARP Reply\n");
break;
case 3:
case 3:
printf("Operation : RARP Request\n");
break;
case 4:
printf("Operation : RARP Reply\n");
break;
default:
printf("Operation : %d\n", ntohs(ahdr->p
));
break;
}
printf("Sender HW : %s, Receiver HW : %s\n",
hw_addr(ahdr->snd_hw_addr, str_hw1),
hw_addr(ahdr->rcv_hw_addr, str_hw2));
memcpy(&dst_addr, ahdr->rcv_ip_addr, IP_HLEN);
memcpy(&src_addr, ahdr->snd_ip_addr, IP_HLEN);
strcpy( str_src, inet_ntoa(src_addr));
strcpy( str_dst, inet_ntop(AF_INET, &dst_addr, str_flag
sizeof(str_flag)));
printf("Sender IP : %s, Receiver IP : %s\n", str_src, sr
_dst);
}
else
else
{
printf("\n? datagram from %s to %s type %.4x\n", hw_add(
ehdr->h_source, str_hw1),
hw_addr(ehdr->h_dest, str_hw2), htons(ehdr->h_po
to));
}
for(i=0; i<80; i++)
printf("-");
printf("\n\n");
}
return 0;
}
--
Wish your sky be sunny,
Wish your heart be happy,
Wish your body be healthy,
Wish U never be lazy.
:) :> ;) ;> :-) :-> ;-) ;->
※ 来源:.武汉白云黄鹤站 bbs.whnet.edu.cn.[FROM: 202.106.16.45]
--
☆ 来源:.BBS 荔园晨风站 bbs.szu.edu.cn.[FROM: bbs@192.168.28.106]
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店