晨风资讯网
新闻资讯网络冲浪网页设计网络编程图形图像数据库网络媒体服务器网络安全网站运营软件教程黑客认证Wap技术
教程搜索
 教程搜索:
  首页 > 网络安全 > 其他相关 > 正文  

网络协议分析软件的编写
日期:2006-1-21 15:45:57 来源:网络 作者:无名 浏览:

if (ctlp->len < sizeof (long))
err("getmsg:  control portion length < sizeof (long):  %d", ctlp->len);
}

expecting(prim, dlp)
int prim;
union DL_primitives *dlp;
{
if (dlp->dl_primitive != (u_long)prim) {
err("unexpected dlprim error\n");
exit(1);
}
}
strioctl(fd, cmd, timout, len, dp)
int fd;
int cmd;
int timout;
int len;
char *dp;
{
struct strioctl sioc;
int rc;

sioc.ic_cmd = cmd;
sioc.ic_timout = timout;
sioc.ic_len = len;
sioc.ic_dp = dp;
rc = ioctl(fd, I_STR, &sioc);

if (rc < 0)
return (rc);
else
return (sioc.ic_len);
}
dlattachreq(fd, ppa)
int fd;
u_long ppa;
{
dl_attach_req_t attach_req;
struct strbuf ctl;
int flags;

attach_req.dl_primitive = DL_ATTACH_REQ;
attach_req.dl_ppa = ppa;

ctl.maxlen = 0;
ctl.len = sizeof (attach_req);
ctl.buf = (char *) &attach_req;

flags = 0;

if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0)
syserr("dlattachreq:  putmsg");
}

dlokack(fd, bufp)
int fd;
char *bufp;
{
union DL_primitives *dlp;
struct strbuf ctl;
int flags;

ctl.maxlen = MAXDLBUF;
ctl.len = 0;
ctl.buf = bufp;

strgetmsg(fd, &ctl, (struct strbuf*)NULL, &flags, "dlokack");

dlp = (union DL_primitives *) ctl.buf;

expecting(DL_OK_ACK, dlp);

if (ctl.len < sizeof (dl_ok_ack_t))
err("dlokack:  response ctl.len too short:  %d", ctl.len);

if (flags != RS_HIPRI)
err("dlokack:  DL_OK_ACK was not M_PCPROTO");

if (ctl.len < sizeof (dl_ok_ack_t))
err("dlokack:  short response ctl.len:  %d", ctl.len);
}


dlbindreq(fd, sap, max_conind, service_mode, conn_mgmt, xidtest)
int fd;
u_long sap;
u_long max_conind;
u_long service_mode;
u_long conn_mgmt;
u_long xidtest;
{
dl_bind_req_t bind_req;
struct strbuf ctl;
int flags;

bind_req.dl_primitive = DL_BIND_REQ;
bind_req.dl_sap = sap;
bind_req.dl_max_conind = max_conind;
bind_req.dl_service_mode = service_mode;
bind_req.dl_conn_mgmt = conn_mgmt;
bind_req.dl_xidtest_flg = xidtest;

ctl.maxlen = 0;
ctl.len = sizeof (bind_req);
ctl.buf = (char *) &bind_req;

flags = 0;

if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0)
syserr("dlbindreq:  putmsg");
}

dlbindack(fd, bufp)
int fd;
char *bufp;
{
union DL_primitives *dlp;
struct strbuf ctl;
int flags;

ctl.maxlen = MAXDLBUF;
ctl.len = 0;
ctl.buf = bufp;

strgetmsg(fd, &ctl, (struct strbuf*)NULL, &flags, "dlbindack");

dlp = (union DL_primitives *) ctl.buf;

expecting(DL_BIND_ACK, dlp);

if (flags != RS_HIPRI)
err("dlbindack:  DL_OK_ACK was not M_PCPROTO");

if (ctl.len < sizeof (dl_bind_ack_t))
err("dlbindack:  short response ctl.len:  %d", ctl.len);
}

dlpromisconreq(fd, level)
int fd;
u_long level;
{
dl_promiscon_req_t promiscon_req;
struct strbuf ctl;
int flags;

promiscon_req.dl_primitive = DL_PROMISCON_REQ;
promiscon_req.dl_level = level;

ctl.maxlen = 0;
ctl.len = sizeof (promiscon_req);
ctl.buf = (char *) &promiscon_req;

flags = 0;

if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0)
syserr("dlpromiscon:  putmsg");

}

syserr(s)
char *s;
{
(void) perror(s);
exit(1);
}

 


void filter(cp, pktlen)
register char *cp;
register u_int pktlen;
{
register struct ip     *ip;
register struct tcphdr *tcph;
register struct ether_header *eth;
char *head=cp;
static long line_count=0;

u_short EtherType=ntohs(((struct ether_header *)cp)->ether_type);
 
  if(EtherType < 0x600) {
    EtherType = *(u_short *)(cp + SZETH + 6);
    cp+=8; pktlen-=8;
  }
  eth=(struct ether_header*)cp;
  fprintf(LOG,"%-5d",++line_count);
  if(EtherType == ETHERTYPE_IP)
  {
  ip=(struct ip *)(cp+SZETH);
 

  Mac_info(e->ether_shost);
  fprintf(LOG,"(");
  Ip_info(&ip->ip_src);
 
  fprintf(LOG,")");
  fprintf(LOG,"--->");
  Mac_info(e->ether_dhost);
  fprintf(LOG,"(");
  Ip_info(&ip->ip_dst);
 
  fprintf(LOG,")");
  fprintf(LOG,"\n");
 
 
 
  }
  else if(EtherType == ARP_PROTO)
  {
     cp+=SZETH;
     struct ether_arp *arp=(struct ether_arp *)cp;
     switch(ntohs(arp->ea_hdr.ar_op))
     {
       case ARPOP_REQUEST:
           fprintf(LOG,"arp request:who has ");
           arp_ip_info(arp->arp_tpa);
           fprintf(LOG," tells ");
           arp_ip_info(arp->arp_spa);
           fprintf(LOG,"\n");
           break;
       case ARPOP_REPLY:
           fprintf(LOG,"arp reply: ");
           arp_ip_info(arp->arp_spa);
           fprintf(LOG," is at  ");
           Mac_info((struct ether_addr*)&arp->arp_sha);
           fprintf(LOG,"\n");
           break;
       
      }        
      //打印出arp数据报的内容
     
   }

 

}

do_it()
{
long buf[MAXDLBUF];
char *device;
int ppa;
int fd;

struct strbuf data;
int flags;
int i;
int c;
int offset;
int len;
struct timeval t;
u_int chunksize = 16 * 1024;
struct sb_hdr *bp;
char *p, *limp;

int mrwtmp;

device = "/dev/bge";
ppa = 0;
sap= 0x0806;


if ((fd = open(device, 2)) < 0)
syserr(device);

dlattachreq(fd, ppa);
dlokack(fd, buf);


if (promisc) {
dlpromisconreq(fd, DL_PROMISC_PHYS);          
dlokack(fd, buf);
}


dlbindreq(fd, sap, 0, DL_CLDLS, 0, 0);
dlbindack(fd, buf);
     

if (strioctl(fd, DLIOCRAW, -1, 0, NULL) < 0)
syserr("DLIOCRAW");

if (bufmod) {
if (ioctl(fd, I_PUSH, "bufmod") < 0)
syserr("push bufmod");

t.tv_sec = 0;
t.tv_usec = 500000;
if (strioctl(fd, SBIOCSTIME, -1, sizeof (struct timeval),
&t) < 0)
syserr("SBIOCSTIME");
if (strioctl(fd, SBIOCSCHUNK, -1, sizeof (u_int),
&chunksize) < 0)
syserr("SBIOCSCHUNK");
}


if (ioctl(fd, I_FLUSH, FLUSHR) < 0)
syserr("I_FLUSH");

       if(1){
data.buf = (char *) databuf;
data.maxlen = MAXDLBUF;
data.len = 0;

     
while (((mrwtmp=getmsg(fd, NULL, &data, &flags))==0) ||
(mrwtmp==MOREDATA) || (mrwtmp=MORECTL)) {
p = data.buf;
limp = p + data.len;
filter(data.buf, data.len);
data.len = 0;
}
printf("finished getmsg() = %i\n",mrwtmp);
            }
       
}


int main(argc, argv)
int argc;
char **argv;
{
   char   cbuf[BUFSIZ];
   struct ifconf ifc;
   int    s,
          ac=1,
          backg=0;

   ProgName=argv[0];


   device=NIT_DEV;
   while((ac<argc) && (argv[ac][0] == '-')) {
      register char ch = argv[ac++][1];
      switch(toupper(ch)) {
           case 'I': device=argv[ac++];
                     break;
           case 'O': if(!(LOG=fopen((LogName=argv[ac++]),"a")))
                        Zexit(1,"Output file cant be opened\n");
                     break;
           case 's':
                     sap=atoi(argv[ac++]);
                     break;
           default : fprintf(ERR,
                       "Usage: %s  [-s]  [-i interface] [-o file]\n",
                           ProgName);
fprintf(ERR," -d int    set new data limit (128 default)\n");
fprintf(ERR," -o <file> output to <file>\n");
                     exit(1);
      }
   }

   fprintf(ERR,"Using logical device %s [%s]\n",device,NIT_DEV);
   fprintf(ERR,"Output to %s.%s%s",(LOG)?LogName:"stdout",
           (debug)?" (debug)":"",(backg)?" Backgrounding ":"\n");

   if(!LOG)
       LOG=stdout;

   signal(SIGINT, death);
   signal(SIGTERM,death);
   signal(SIGKILL,death);
   signal(SIGQUIT,death);

   if(backg && debug) {
        fprintf(ERR,"[Cannot bg with debug on]\n");
        backg=0;
   }

   fprintf(LOG,"\nLog started at => %s [pid %d]\n",NOWtm(),getpid());
   fflush(LOG);

   do_it();
}

 

编译运行:
#gcc -lsocket -lsnl -o sniffer sniffer.c
#./sniffer
同时在另一个终端上运行ping 192.168.1.10

Using logical device /dev/bge [/dev/bge]
Output to stdout.

Log started at => Tue Jul 12 18:13:44 [pid 948]
1    arp request:who has 192.168.1.22 tells 192.168.1.10
2    arp request:who has 192.168.1.22 tells 192.168.1.10
3    arp request:who has 192.168.1.22 tells 192.168.1.10
4    arp request:who has 192.168.1.22 tells 192.168.1.10
5    arp request:who has 192.168.1.22 tells 192.168.1.10

本新闻共2

本教程共2页,当前在第2页  1  2  
上一篇: 网管维护局域网技巧大汇总 下一篇:

网上保障个人隐私信息的十大原则
返回列表 打印此页 加入收藏 资讯论坛 关闭窗口 点击复制本页地址,发送给QQ/MSN好友
关于我们 - 联系我们 - 版权声明 - 帮助(?) - 广告服务 - 友情链接 - 服务项目 - 人才招聘
2003-2008 版权所有 © 晨风资讯网 未经授权禁止复制或建立镜像
CopyRight 2003-2008 www.Net118.com,All Rights Reserved.Design By ChenFeng Network Studio