sniff教程-网络通信专区

sniff教程

作者：协议分析网编辑：王炯 2007-07-03 00:00

/*
by:sunwear
http://blog.csdn.net/sunwear
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <netdb.h>
#include <net/if.h>
#include <linux/if_ether.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netinet/ip_tcp.h>
#include "spoof.c"

#define ERROR -1
#define ETHHDRSIZE 14

#ifdef SYSV
#define bcopy(s1,s2,len) memcpy(s2,s1,len)
#endif

char buffcmp[255];

unsigned long host2ip(char *serv)
{
   struct sockaddr_in sinn;
   struct hostent     *hent;

if ((hent = gethostbyname(serv)) == NULL) {
     herror("gethostbyname");
     exit(ERROR);
}

bzero((char *)&sinn, sizeof(sinn));
bcopy(hent->h_addr, (char *)&sinn.sin_addr, hent->h_length);
return sinn.sin_addr.s_addr;
}

char *Lookit(char *buff, char *file)
{
FILE *fd;
bzero(buffcmp, 255);

if ((fd = fopen(file, "r")) == NULL) {
     perror("fopen");
     exit(ERROR);
}

while (!feof(fd)){
     fscanf(fd, "%s", buffcmp);
     if(strstr(buff, (char *)&buffcmp)) {
       fclose(fd);
       return((char *)&buffcmp);

     }
}
fclose(fd);
return NULL;
}

void main(int argc, char **argv)
{

int s;
int i, x;

struct ifreq ifr;
struct iphdr *ip;
struct tcphdr *tcp;

char *data;
char *BANWORD;
char buffer[4000];

printf("sunwear\n");

if(argc < 3) {
     printf(" usage: %s <device> <banwordlist>\n", argv[1]);
     exit(ERROR);
}

   /*************************** TCP-IP STUFF   *****************************/
ip   = (struct iphdr *)(buffer+ETHHDRSIZE);
tcp = (struct tcphdr *)(buffer+ETHHDRSIZE+IPHDRSIZE);
data = (char *)(buffer+ETHHDRSIZE+IPHDRSIZE+TCPHDRSIZE);

bzero(buffer, sizeof(buffer));
/************************** INTERFACE STUFF ***************************/

strcpy(ifr.ifr_name, argv[1]);
if ((s = socket(AF_INET, SOCK_PACKET,IPPROTO_EGP)) == ERROR) {
     perror("socket");
     exit(ERROR);
}

if(ioctl(s, SIOCGIFFLAGS, &ifr) == ERROR) {
       perror("ioctl");
       close(s);
       exit(ERROR);
}

ifr.ifr_flags |= IFF_PROMISC;
if(ioctl(s, SIOCSIFFLAGS, &ifr) == ERROR) {
        perror("ioctl");
        close(s);
        exit(ERROR);
}

while(1) {

    if ((x = read(s, buffer, 400)) == ERROR) {
       perror("read");
       close(s);
       exit(ERROR);
    }

    if(ip->protocol == 6)
       if((BANWORD = Lookit(data, argv[2])) != NULL) {
            printf("BANWORD !!!\033[05m\033[01m\033[31m%s\033[0m!!!\n",
               BANWORD);
            printf("%s:%d->",
        (char *)inet_ntoa(ip->saddr), ntohs(tcp->th_sport));
            printf("%s:%d",
        (char *)inet_ntoa(ip->daddr), ntohs(tcp->th_dport));
            printf("-->");

            for(i=0; i < ntohs(ip->tot_len)-IPHDRSIZE-TCPHDRSIZE; i++)
            printf("%c", *(data + i));
            printf("<--\n");
       }
}
}

文章转载地址：http://www.cnpaf.net/Class/hack/05121820345185650161.htm

关注我们