kostart123
r00tnb
采纳率50%
2016-02-28 12:41

为什么我编的抓包程序抓的TCP包源地址都是本机地址啊,下面是源码,新手求大神指点!!

53
已采纳

#include
#include
#include

using namespace std;

#define SIO_RCVALL _WSAIOW(IOC_VENDOR, 1)
#define MAXLEN 65535
//定义IP报头
typedef struct _iph
{
unsigned char ver_len;
unsigned char ser;
unsigned short datalen;
unsigned short ident;
unsigned short flag;
unsigned char ttl;
unsigned char proto;
unsigned short checksum;
unsigned int sourceIP;
unsigned int destIP;
}iph;

//定义TCP报头
typedef struct _tcph
{
unsigned short sourceport;
unsigned short destport;
unsigned int linum;
unsigned int trnum;
unsigned char flag;
unsigned char baoliu;
unsigned char ident;
unsigned short win;
unsigned short checksum;
unsigned short jinji;
}tcph;

//定义ICMP报头
typedef struct _icmphdr //定义 ICMP 报头(回送与或回送响应)
{

unsigned char i_type;//8 位类型
unsigned char i_code; //8 位代码

unsigned short i_cksum; //16 位校验和

unsigned short i_id; //识别号(一般用进程号作为识别号)

unsigned short i_seq; //报文序列号

unsigned int timestamp;//时间戳

}icmph;

void main()
{
//加载套接字库
WSAData data;
if(::WSAStartup(MAKEWORD(2,0),&data))
{
cout<<"winsock库加载失败!"<<endl;
return;
}

//创建原始套接字
SOCKET sock;
sockaddr_in addr;
sock=::socket(AF_INET,SOCK_RAW,IPPROTO_IP);
if(INVALID_SOCKET==sock)
{
    cout<<"sock初始化失败!"<<endl;
    return;
}

//获得本机一个IP地址
char name[30]="";
::gethostname(name,30);
hostent *h=::gethostbyname(name);
::memcpy(&addr.sin_addr.S_un.S_addr,h->h_addr_list[h->h_length-1],h->h_length);
addr.sin_family=AF_INET;
addr.sin_port=htons(0);

//绑定地址
if(SOCKET_ERROR==::bind(sock,(SOCKADDR*)&addr,sizeof(addr)))
{
    cout<<"sock绑定失败!!"<<endl;
    return;
}

//设置网卡为混杂模式
u_long mk=1;
if(SOCKET_ERROR==::ioctlsocket(sock,SIO_RCVALL,&mk))
{
    cout<<"网卡的混杂模式设置失败!错误号:"<<::WSAGetLastError()<<endl;
    return;
}

cout<<"协议   源地址           目的地址    数据长度    TTL"<<endl;

char buf[MAXLEN]="";
iph *iphead;
tcph *tcphead=(tcph*)(buf+sizeof(iph));
icmph *icmphead=(icmph*)(buf+sizeof(iph));
int i=0;
sockaddr_in add;

//接收IP包
while(i<100)
{
    if(SOCKET_ERROR==::recv(sock,buf,MAXLEN,0))
    {
        cout<<"接收发生错误!!"<<endl;
        return;
    }
    iphead=(iph*)buf;
    if(iphead->proto==6)                    //TCP
    {
        add.sin_addr.S_un.S_addr=iphead->sourceIP;
        cout<<"TCP  "<<inet_ntoa(add.sin_addr)<<':'<<ntohs(tcphead->sourceport)<<"  ";
        add.sin_addr.S_un.S_addr=iphead->destIP;
        cout<<inet_ntoa(add.sin_addr)<<':'<<ntohs(tcphead->destport)<<" "<<ntohs(iphead->datalen)<<"        "<<(int)iphead->ttl<<endl;
    }
    if(iphead->proto==1)                    //ICMP
    {
        add.sin_addr.S_un.S_addr=iphead->sourceIP;
        cout<<"ICMP  "<<inet_ntoa(add.sin_addr)<<"   ";
        add.sin_addr.S_un.S_addr=iphead->destIP;
        cout<<inet_ntoa(add.sin_addr)<<"  ";
        char *p=buf+sizeof(iph)+sizeof(icmph)-4;
        cout<<p<<endl;
    }
    memset(buf,0,MAXLEN);
}

}


  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • mengyin521 M醉清风Y 5年前

    先看下 《SOCKET 网络编程》吧!
    把套接字 地址 监听 绑定 阻塞 这些都搞明白了 你就清楚了!

    点赞 评论 复制链接分享