程序9 利用原始套接字捕获并解析TCP数据包

/* *程序8.

*程序名：AnalyzeIPv4_WINSOCK.CPP

*本程序通过使用Winsock2原始套接字捕获局域网内TCP数据报，并解析TCP包头 */

#include #include #include

#pragma comment(lib,\

#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)

//IPv4包头结构体

typedef struct ip_header {

//TCP包头结构体

typedef struct tcp_header {

//全局变量

SOCKET m_Socket;

//函数声明

void InitWinsock2(); //初始化Winsock2 void BindSocket(); //绑定套接字

WORD SourPort; //源端口号 WORD DestPort; //目的端口号 DWORD SeqNo; //序号 DWORD AckNo; //确认序号

BYTE HLen; //首部长度（保留位） BYTE Flag; //标识（保留位） WORD Window; //窗口大小 WORD ChkSum; //校验和 WORD UrgPtr; //紧急指针

unsigned char ver_ihl; //Version (4 bits) + Internet header length (4 bits) unsigned char tos; //Type of service unsigned short tlen; //Total length unsigned short identification; //Identification

unsigned short flags_fo; //Flags (3 bits) + Fragment offset (13 bits) unsigned char proto; //Protocol

unsigned short crc; //Header checksum u_char ip_src[4]; //Source address u_char ip_dst[4]; //Destination address

unsigned char ttl; //Time to live

}IPHEADER,*PIPHEADER;//IPv4包头结构体

}TCPHEADER,*PTCPHEADER;

void RecieveTCP(); //捕获TCP数据报

int main(int argc, char *argv[]) {

printf(\ printf(\捕获TCP数据报，并解析TCP包头\\n\ }

//初始化WinSock2 void InitWinsock2() { WSADATA wsaData; }

//对网络进行监听 void BindSocket() {

//建立套接字

m_Socket=WSASocket(AF_INET,SOCK_RAW,IPPROTO_IP,NULL,0,WSA_FLAG_Oif(m_Socket==INVALID_SOCKET) return; //绑定套接字

SOCKET_ADDRESS_LIST *slist=NULL; char buffer[2048]; DWORD dwBytesRet;

SOCKADDR_IN m_SockAddr; DWORD dwVal=1;

version=MAKEWORD(2,2);

ret=WSAStartup(version,&wsaData); if(ret!=0) { }

printf(\return ;

WORD version; int ret;

printf(\级硕士研究生 方松茂 编\\n\

printf(\

InitWinsock2(); BindSocket();

closesocket(m_Socket); WSACleanup(); return 0;

RecieveTCP();

VERLAPPED);

}

if(WSAIoctl(m_Socket,SIO_ADDRESS_LIST_QUERY,NULL,0,&buffer,2048,&dwBy

return ;

tesRet,NULL,NULL)==SOCKET_ERROR)

slist=(SOCKET_ADDRESS_LIST*)buffer; m_SockAddr.sin_addr.s_addr=((SOCKADDR_IN m_SockAddr.sin_family=AF_INET; m_SockAddr.sin_port=htons(0);

if(::bind(m_Socket,(SOCKADDR*)&m_SockAddr,sizeof(m_SockAddr))==SOCKE

return ;

if(slist->iAddressCount<=0) return ;

*)slist->Address[0].lpSockaddr)->sin_addr.s_addr;

T_ERROR)

if(WSAIoctl(m_Socket,SIO_RCVALL,&dwVal,sizeof(dwVal),NULL,0,&dwBytesRet,

NULL,NULL)==SOCKET_ERROR) return;

void RecieveTCP() { TCP

printf(\源端口:%d \ printf(\目的端口:%d \

//源端口号 //目的端口号

DWORD dwFlags; DWORD dwBytesRead; WSABUF wbuf; char buff1[0x1500]; wbuf.len=0x1500; wbuf.buf=buff1; unsigned char *buf; PIPHEADER ip_header; PTCPHEADER tcp_header;

while(1) {

dwFlags=0;

WSARecv(m_Socket,&wbuf,1,&dwBytesRead,&dwFlags,NULL,NULL); WSABUF *pBuf=(WSABUF*)&wbuf;

buf=(UCHAR*)GlobalAlloc(GPTR,pBuf->len); buf=(unsigned char *)pBuf->buf; ip_header=(PIPHEADER)buf; if(ip_header->proto==6)

//捕获数据报

tcp_header=(PTCPHEADER)(buf+sizeof(IPHEADER));

{ //IPv4包头中Proto字段值为6表示上层数据包为

//序号 //头长度 printf(\序号:%ld \ printf(\确认序号:%ld \ printf(\头长度:%d \\n\ printf(\保留位:%d

//确认序号

\保留位 //码源比特 //窗口大小 //TCP校验和 //紧急指针

}

}

printf(\码源比特:%d \ printf(\窗口大小:%d \ printf(\校验和:%d \ printf(\紧急指针:%d\\n\ printf(\

}