中南大學(xué)網(wǎng)絡(luò)安全課外實(shí)驗(yàn)報(bào)告嗅探與欺騙_第1頁
中南大學(xué)網(wǎng)絡(luò)安全課外實(shí)驗(yàn)報(bào)告嗅探與欺騙_第2頁
中南大學(xué)網(wǎng)絡(luò)安全課外實(shí)驗(yàn)報(bào)告嗅探與欺騙_第3頁
中南大學(xué)網(wǎng)絡(luò)安全課外實(shí)驗(yàn)報(bào)告嗅探與欺騙_第4頁
中南大學(xué)網(wǎng)絡(luò)安全課外實(shí)驗(yàn)報(bào)告嗅探與欺騙_第5頁
已閱讀5頁,還剩23頁未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡介

中南大學(xué)CENTRALSOUTHUNIVERSITY《SEEDPROJECT》實(shí)驗(yàn)報(bào)告學(xué)生姓名孫毅學(xué)號(hào)0906140106指導(dǎo)教師王偉平學(xué)院信息科學(xué)與工程專業(yè)班級(jí)信息安全1401成時(shí)間2016.12目錄TOC\o"1-3"\h\u一、實(shí)驗(yàn)原理 1二、實(shí)驗(yàn)器材 1三、實(shí)驗(yàn)步驟及運(yùn)行結(jié)果 1Task1.編寫嗅探程序 1Task2.包欺騙 3Task3:綜合使用 4四、附件 4Task1 5Task2 13Task3 17Sniffing_Spoofing實(shí)驗(yàn)原理Sniffing就是一種能將本地網(wǎng)卡狀態(tài)設(shè)成‘混雜’狀態(tài)的模式,當(dāng)網(wǎng)卡處于這種“混雜”方式時(shí),該網(wǎng)卡具備“廣播地址”,它對(duì)遇到的每一個(gè)幀都產(chǎn)生一個(gè)硬件中斷以便提醒操作系統(tǒng)處理流經(jīng)該物理媒體上的每一個(gè)報(bào)文包。(絕大多數(shù)的網(wǎng)卡具備置成混雜模式的能力)一般來說,sniffing和poofing會(huì)聯(lián)合起來使用。當(dāng)攻擊者嗅探到關(guān)鍵信息時(shí),通常會(huì)使用poofing技術(shù)來構(gòu)造數(shù)據(jù)包來劫持會(huì)話或者去獲取更多信息,通常會(huì)造成很大的危害。Poofing技術(shù)就是攻擊者自己構(gòu)造數(shù)據(jù)包的ip/tcp數(shù)據(jù)包幀頭部數(shù)據(jù)來達(dá)到自己的目的。本次實(shí)驗(yàn)就是基于以上原理,在linux下模擬整個(gè)過程。實(shí)驗(yàn)器材1.Ubuntu12.04。2.Wireshark等常用捕包工具。實(shí)驗(yàn)步驟及運(yùn)行結(jié)果Task1.編寫嗅探程序嗅探程序可以很容易地使用pcap庫。利用PCAP,嗅探器的任務(wù)變得在pcap庫調(diào)用一系列簡單的程序。在序列結(jié)束時(shí),數(shù)據(jù)包將被放置在緩沖區(qū)中,以進(jìn)一步處理,只要它們被捕獲。所有的數(shù)據(jù)包捕獲的細(xì)節(jié)由pcap庫處理。TimCarstens寫了一個(gè)教程如何使用pcap庫寫的嗅探程序。1:深入理解并可以編寫嗅探程序。2:編寫過濾器。請(qǐng)為您的嗅探程序捕捉每個(gè)寫過濾表達(dá)式如下。在你的實(shí)驗(yàn)報(bào)告,你需要包括screendumps顯示應(yīng)用這些過濾器的結(jié)果。?捕獲ICMP數(shù)據(jù)包。?捕獲TCP數(shù)據(jù)包有一個(gè)目的端口范圍從端口10-100。運(yùn)行結(jié)果如下:在程序中預(yù)設(shè)捕獲10個(gè)數(shù)據(jù)包,當(dāng)捕獲數(shù)據(jù)包之后會(huì)將數(shù)據(jù)包進(jìn)行處理,會(huì)下顯示數(shù)據(jù)包的類型,還有數(shù)據(jù)包的源ip和目的ip,源端口和目的端口,當(dāng)有數(shù)據(jù)時(shí)還會(huì)顯示數(shù)據(jù)。對(duì)于任務(wù)一的2,主要是修改filter中的過濾條件,要實(shí)現(xiàn)只捕獲ICMP類型的數(shù)據(jù)包,只需要將charfilter_exp[]="ip"中的ip改為ICMP,然后要捕獲端口在10-100之間的tcp數(shù)據(jù)包,同理,將這條語句中的條件改為‘tcpanddstportrange10-100’即可。Task2.包欺騙在正常的情況下,當(dāng)一個(gè)用戶發(fā)送一個(gè)數(shù)據(jù)包時(shí),操作系統(tǒng)通常不允許用戶設(shè)置所有的在協(xié)議頭字段(如TCP,UDP,和IP報(bào)頭)。操作系統(tǒng)將大部分的領(lǐng)域,而只允許用戶設(shè)置幾個(gè)字段,如目標(biāo)IP地址、目標(biāo)端口號(hào)等。但是當(dāng)用戶有有root權(quán)限,他們可以在數(shù)據(jù)包標(biāo)頭設(shè)置為任意字段。這就是所謂的包欺騙,它可以通過原始套接字完成。原始套接字給程序員的數(shù)據(jù)包結(jié)構(gòu)的絕對(duì)控制,允許程序員構(gòu)建任何任意的數(shù)據(jù)包,包括設(shè)置頭字段和有效載荷。使用原始套接字是相當(dāng)簡單的,它包括四個(gè)步驟:(1)創(chuàng)建一個(gè)原始套接字,(2)設(shè)置套接字選項(xiàng),(3)構(gòu)建數(shù)據(jù)包,和(4)通過原始套接字發(fā)送數(shù)據(jù)包。有許多在線教程,可以教你如何使用原始套接字在C編程。我們已經(jīng)把一些教程與實(shí)驗(yàn)室的網(wǎng)頁聯(lián)系起來了。請(qǐng)閱讀它們,并學(xué)習(xí)如何寫一個(gè)spoonfing程序包。我們展示了一個(gè)簡單的的程序。運(yùn)行結(jié)果如下:可以看到成功向1的80端口發(fā)送了偽造的的源IP為且端口的234的數(shù)據(jù)包,這就實(shí)現(xiàn)包欺騙的過程。Task3:綜合使用在這個(gè)任務(wù)中,你將嗅探和欺騙技術(shù)實(shí)現(xiàn)連接,并實(shí)現(xiàn)程序。你需要在同一局域網(wǎng)兩虛擬機(jī)。從VMAping另一個(gè)VM的IP,這將產(chǎn)生一個(gè)ICMP回送請(qǐng)求報(bào)文。如果X是活著的,ping程序?qū)⑹盏揭粋€(gè)回音答復(fù),并打印出響應(yīng)。你嗅探到數(shù)據(jù)包然后偽造程序運(yùn)行在虛擬機(jī)B、監(jiān)控網(wǎng)絡(luò)數(shù)據(jù)包嗅探。每當(dāng)它看到ICMP回送請(qǐng)求,不管目標(biāo)IP地址是什么,你的程序應(yīng)該立即發(fā)出回聲應(yīng)答數(shù)據(jù)包欺騙技術(shù)的使用。因此,考慮到機(jī)器X是否是活的,這個(gè)程序?qū)⒖偸鞘盏揭粋€(gè)回復(fù),這表明X是活的。你要寫這樣一個(gè)程序,包括在你顯示你的程序的工作報(bào)告screendumps。請(qǐng)?jiān)谀愕膱?bào)告中附上代碼。附件Task1#defineAPP_NAME "sniffex"

#defineAPP_DESC "Snifferexampleusinglibpcap"

#defineAPP_COPYRIGHT "Copyright(c)2005TheTcpdumpGroup"

#defineAPP_DISCLAIMER "THEREISABSOLUTELYNOWARRANTYFORTHISPROGRAM."

#include<pcap.h>

#include<stdio.h>

#include<string.h>

#include<stdlib.h>

#include<ctype.h>

#include<errno.h>

#include<sys/types.h>

#include<sys/socket.h>

#include<netinet/in.h>

#include<arpa/inet.h>

/*defaultsnaplength(maximumbytesperpackettocapture)*/

#defineSNAP_LEN1518

/*ethernetheadersarealwaysexactly14bytes[1]*/

#defineSIZE_ETHERNET14

/*Ethernetaddressesare6bytes*/

#defineETHER_ADDR_LEN 6

/*Ethernetheader*/

structsniff_ethernet{

u_charether_dhost[ETHER_ADDR_LEN];/*destinationhostaddress*/

u_charether_shost[ETHER_ADDR_LEN];/*sourcehostaddress*/

u_shortether_type;/*IP?ARP?RARP?etc*/

};

/*IPheader*/

structsniff_ip{

u_charip_vhl;/*version<<4|headerlength>>2*/

u_charip_tos;/*typeofservice*/

u_shortip_len;/*totallength*/

u_shortip_id;/*identification*/

u_shortip_off;/*fragmentoffsetfield*/

#defineIP_RF0x8000/*reservedfragmentflag*/

#defineIP_DF0x4000/*dontfragmentflag*/

#defineIP_MF0x2000/*morefragmentsflag*/

#defineIP_OFFMASK0x1fff/*maskforfragmentingbits*/

u_charip_ttl;/*timetolive*/

u_charip_p;/*protocol*/

u_shortip_sum;/*checksum*/

structin_addrip_src,ip_dst;/*sourceanddestaddress*/

};

#defineIP_HL(ip)(((ip)->ip_vhl)&0x0f)/*與15與運(yùn)算*/

#defineIP_V(ip)(((ip)->ip_vhl)>>4)/*ip_vhl的各二進(jìn)位全部右移4位*/

/*TCPheader*/

typedefu_inttcp_seq;

structsniff_tcp{

u_shortth_sport;/*sourceport*/

u_shortth_dport;/*destinationport*/

tcp_seqth_seq;/*sequencenumber*/

tcp_seqth_ack;/*acknowledgementnumber*/

u_charth_offx2;/*dataoffset,rsvd*/

#defineTH_OFF(th)(((th)->th_offx2&0xf0)>>4)

u_charth_flags;

#defineTH_FIN0x01

#defineTH_SYN0x02

#defineTH_RST0x04

#defineTH_PUSH0x08

#defineTH_ACK0x10

#defineTH_URG0x20

#defineTH_ECE0x40

#defineTH_CWR0x80

#defineTH_FLAGS(TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)

u_shortth_win;/*window*/

u_shortth_sum;/*checksum*/

u_shortth_urp;/*urgentpointer*/

};

void

got_packet(u_char*args,conststructpcap_pkthdr*header,constu_char*packet);

void

print_payload(constu_char*payload,intlen);

void

print_hex_ascii_line(constu_char*payload,intlen,intoffset);

void

print_app_banner(void);

void

print_app_usage(void);

void/*輸出相關(guān)信息*/

print_app_banner(void)

{

printf("%s-%s\n",APP_NAME,APP_DESC);

printf("%s\n",APP_COPYRIGHT);

printf("%s\n",APP_DISCLAIMER);

printf("\n");

return;

}

void

print_app_usage(void)

{

printf("Usage:%s[interface]\n",APP_NAME);

printf("\n");

printf("Options:\n");

printf("interfaceListenon<interface>forpackets.\n");

printf("\n");

return;

}

void

print_hex_ascii_line(constu_char*payload,intlen,intoffset)

{

inti;

intgap;

constu_char*ch;

printf("%05d",offset);

ch=payload;

for(i=0;i<len;i++){

printf("%02x",*ch);

ch++;

/*printextraspaceafter8thbyteforvisualaid*/

if(i==7)

printf("");

}

/*printspacetohandlelinelessthan8bytes*/

if(len<8)

printf("");

if(len<16){

gap=16-len;

for(i=0;i<gap;i++){

printf("");

}

}

printf("");

ch=payload;

for(i=0;i<len;i++){

if(isprint(*ch))

printf("%c",*ch);

else

printf(".");

ch++;

}

printf("\n");

return;

}

void

print_payload(constu_char*payload,intlen)

{

intlen_rem=len;

intline_width=16; /*numberofbytesperline*/

intline_len;

intoffset=0; /*zero-basedoffsetcounter*/

constu_char*ch=payload;

if(len<=0)

return;

if(len<=line_width){

print_hex_ascii_line(ch,len,offset);

return;

}

for(;;){

/*computecurrentlinelength*/

line_len=line_width%len_rem;

/*printline*/

print_hex_ascii_line(ch,line_len,offset);

/*computetotalremaining*/

len_rem=len_rem-line_len;

/*shiftpointertoremainingbytestoprint*/

ch=ch+line_len;

/*addoffset*/

offset=offset+line_width;

/*checkifwehavelinewidthcharsorless*/

if(len_rem<=line_width){

/*printlastlineandgetout*/

print_hex_ascii_line(ch,len_rem,offset);

break;

}

}

return;

}

void

got_packet(u_char*args,conststructpcap_pkthdr*header,constu_char*packet)

{

staticintcount=1;/*packetcounter*/

/*declarepointerstopacketheaders*/

conststructsniff_ethernet*ethernet;/*Theethernetheader[1]*/

conststructsniff_ip*ip;/*TheIPheader*/

conststructsniff_tcp*tcp;/*TheTCPheader*/

constchar*payload;/*Packetpayload*/

intsize_ip;

intsize_tcp;

intsize_payload;

printf("\nPacketnumber%d:\n",count);

count++;

/*defineethernetheader*/

ethernet=(structsniff_ethernet*)(packet);

/*define/computeipheaderoffset*/

ip=(structsniff_ip*)(packet+SIZE_ETHERNET);

size_ip=IP_HL(ip)*4;

if(size_ip<20){

printf("*InvalidIPheaderlength:%ubytes\n",size_ip);

return;

}

/*printsourceanddestinationIPaddresses*/

printf("From:%s\n",inet_ntoa(ip->ip_src));

printf("To:%s\n",inet_ntoa(ip->ip_dst));

/*determineprotocol*/

switch(ip->ip_p){

caseIPPROTO_TCP:

printf("Protocol:TCP\n");

break;

caseIPPROTO_UDP:

printf("Protocol:UDP\n");

return;

caseIPPROTO_ICMP:

printf("Protocol:ICMP\n");

return;

caseIPPROTO_IP:

printf("Protocol:IP\n");

return;

default:

printf("Protocol:unknown\n");

return;

}

tcp=(structsniff_tcp*)(packet+SIZE_ETHERNET+size_ip);

size_tcp=TH_OFF(tcp)*4;

if(size_tcp<20){

printf("*InvalidTCPheaderlength:%ubytes\n",size_tcp);

return;

}

printf("Srcport:%d\n",ntohs(tcp->th_sport));

printf("Dstport:%d\n",ntohs(tcp->th_dport));

/*define/computetcppayload(segment)offset*/

payload=(u_char*)(packet+SIZE_ETHERNET+size_ip+size_tcp);

/*computetcppayload(segment)size*/

size_payload=ntohs(ip->ip_len)-(size_ip+size_tcp);

/*

*Printpayloaddata;itmightbebinary,sodon'tjust

*treatitasastring.

*/

if(size_payload>0){

printf("Payload(%dbytes):\n",size_payload);

print_payload(payload,size_payload);

}return;

}

intmain(intargc,char**argv)

{

char*dev=NULL; /*capturedevicename*/

charerrbuf[PCAP_ERRBUF_SIZE]; /*errorbuffer*/

pcap_t*handle; /*packetcapturehandle*/

charfilter_exp[]="ip"; /*filterexpression[3]*/

structbpf_programfp; /*compiledfilterprogram(expression)*/

bpf_u_int32mask; /*子網(wǎng)掩碼*/

bpf_u_int32net; /*IP地址*/

intnum_packets=10; /*numberofpacketstocapture*/

print_app_banner();

/*checkforcapturedevicenameoncommand-line*/

if(argc==2){

dev=argv[1];

}

elseif(argc>2){

fprintf(stderr,"error:unrecognizedcommand-lineoptions\n\n");

print_app_usage();

exit(EXIT_FAILURE);

}

else{

/*findacapturedeviceifnotspecifiedoncommand-line*/

dev=pcap_lookupdev(errbuf);

if(dev==NULL){

fprintf(stderr,"Couldn'tfinddefaultdevice:%s\n",

errbuf);

exit(EXIT_FAILURE);

}

}

/*getnetworknumberandmaskassociatedwithcapturedevice*/

if(pcap_lookupnet(dev,&net,&mask,errbuf)==-1){

fprintf(stderr,"Couldn'tgetnetmaskfordevice%s:%s\n",

dev,errbuf);

net=0;

mask=0;

}

/*printcaptureinfo*/

printf("Device:%s\n",dev);

printf("Numberofpackets:%d\n",num_packets);

printf("Filterexpression:%s\n",filter_exp);

/*opencapturedevice*/

handle=pcap_open_live(dev,SNAP_LEN,1,1000,errbuf);

if(handle==NULL){

fprintf(stderr,"Couldn'topendevice%s:%s\n",dev,errbuf);

exit(EXIT_FAILURE);

}

/*makesurewe'recapturingonanEthernetdevice[2]*/

if(pcap_datalink(handle)!=DLT_EN10MB){

fprintf(stderr,"%sisnotanEthernet\n",dev);

exit(EXIT_FAILURE);

}

if(pcap_compile(handle,&fp,filter_exp,0,net)==-1){/*過濾表達(dá)式*/

fprintf(stderr,"Couldn'tparsefilter%s:%s\n",

filter_exp,pcap_geterr(handle));

exit(EXIT_FAILURE);

}

if(pcap_setfilter(handle,&fp)==-1){

fprintf(stderr,"Couldn'tinstallfilter%s:%s\n",

filter_exp,pcap_geterr(handle));

exit(EXIT_FAILURE);

}

pcap_loop(handle,num_packets,got_packet,NULL);

pcap_freecode(&fp);

pcap_close(handle);

printf("\nCapturecomplete.\n");

return0;

}

Task2#include<unistd.h>#include<stdio.h>#include<sys/socket.h>#include<netinet/ip.h>#include<netinet/udp.h>#include<stdlib.h>#definePCKT_LEN8192structipheader{unsignedchariph_ihl:5,iph_ver:4;unsignedchariph_tos;unsignedshortintiph_len;unsignedshortintiph_ident;unsignedchariph_flag;unsignedshortintiph_offset;unsignedchariph_ttl;unsignedchariph_protocol;unsignedshortintiph_chksum;unsignedintiph_sourceip;unsignedintiph_destip;};//UDPheader'sstructurestructudpheader{unsignedshortintudph_srcport;unsignedshortintudph_destport;unsignedshortintudph_len;unsignedshortintudph_chksum;};//totaludpheaderlength:8bytes(=64bits)//Functionforchecksumcalculation.FromtheRFC,//thechecksumalgorithmis://"Thechecksumfieldisthe16bitone'scomplementoftheone's//complementsumofall16bitwordsintheheader.Forpurposesof//computingthechecksum,thevalueofthechecksumfieldiszero."unsignedshortcsum(unsignedshort*buf,intnwords){//unsignedlongsum;for(sum=0;nwords>0;nwords--)sum+=*buf++;sum=(sum>>16)+(sum&0xffff);sum+=(sum>>16);return(unsignedshort)(~sum);}//SourceIP,sourceport,targetIP,targetportfromthecommandlineargumentsintmain(intargc,char*argv[]){intsd;//Nodata/payloadjustdatagramcharbuffer[PCKT_LEN];//Ourownheaders'structuresstructipheader*ip=(structipheader*)buffer;structudpheader*udp=(structudpheader*)(buffer+sizeof(structipheader));//Sourceanddestinationaddresses:IPandportstructsockaddr_insin,din;intone=1;constint*val=&one;memset(buffer,0,PCKT_LEN);if(argc!=5){printf("-Invalidparameters!!!\n");printf("-Usage%s<sourcehostname/IP><sourceport><targethostname/IP><targetport>\n",argv[0]);exit(-1);}//CreatearawsocketwithUDPprotocolsd=socket(PF_INET,SOCK_RAW,IPPROTO_UDP);if(sd<0){perror("socket()error");//Ifsomethingwrongjustexitexit(-1);}elseprintf("socket()-UsingSOCK_RAWsocketandUDPprotocolisOK.\n");//Thesourceisredundant,maybeusedlaterifneeded//Theaddressfamilysin.sin_family=AF_INET;din.sin_family=AF_INET;//Portnumberssin.sin_port=htons(atoi(argv[2]));din.sin_port=htons(atoi(argv[4]));//IPaddressessin.sin_addr.s_addr=inet_addr(argv[1]);din.sin_addr.s_addr=inet_addr(argv[3]);//FabricatetheIPheaderorwecanusethe//standardheaderstructuresbutassignourownvalues.ip->iph_ihl=5;ip->iph_ver=4;ip->iph_tos=16;//Lowdelayip->iph_len=sizeof(structipheader)+sizeof(structudpheader);ip->iph_ident=htons(54321);ip->iph_ttl=64;//hopsip->iph_protocol=17;//UDP//SourceIPaddress,canusespoofedaddresshere!!!ip->iph_sourceip=inet_addr(argv[1]);//ThedestinationIPaddressip->iph_destip=inet_addr(argv[3]);//FabricatetheUDPheader.Sourceportnumber,redundantudp->udph_srcport=htons(atoi(argv[2]));//Destinationportnumberudp->udph_destport=htons(atoi(argv[4]));udp->udph_len=htons(sizeof(structudpheader));//Calculatethechecksumforintegrityip->iph_chksum=csum((unsignedshort*)buffer,sizeof(structipheader)+sizeof(structudpheader));//Informthekerneldonotfillupthepacketstructure.wewillbuildourown...if(setsockopt(sd,IPPROTO_IP,IP_HDRINCL,val,sizeof(one))<0){perror("setsockopt()error");exit(-1);}elseprintf("setsockopt()isOK.\n");//Sendloop,sendforevery2secondfor100countprintf("Trying...\n");printf("UsingrawsocketandUDPprotocol\n");printf("UsingSourceIP:%sport:%u,TargetIP:%sport:%u.\n",argv[1],atoi(argv[2]),argv[3],atoi(argv[4]));intcount;for(count=1;count<=20;count++){if(sendto(sd,buffer,ip->iph_len,0,(structsockaddr*)&sin,sizeof(sin))<0)//Verify{perror("sendto()error");exit(-1);}else{printf("Count#%u-sendto()isOK.\n",count);sleep(2);}}close(sd);return0;}Task3#include<pcap.h>#include<stdio.h>#include<string.h>#include<stdlib.h>#include<ctype.h>#include<errno.h>#include<sys/types.h>#include<sys/socket.h>#include<netinet/in.h>#include<arpa/inet.h>/*defaultsnaplength(maximumbytesperpackettocapture)*/#include<unistd.h>#include<netinet/ip.h>#include<netinet/udp.h>#include<netdb.h>#include<netinet/in_systm.h>#include<netinet/ip.h>#include<netinet/ip_icmp.h>#include<arpa/inet.h>#defineAPP_NAME"sniffex"#defineAPP_DESC "Snifferexampleusinglibpcap"#defineAPP_COPYRIGHT "Copyright(c)2005TheTcpdumpGroup"#defineAPP_DISCLAIMER "THEREISABSOLUTELYNOWARRANTYFORTHISPROGRAM."#defineSNAP_LEN1518/*ethernetheadersarealwaysexactly14bytes[1]*/#defineSIZE_ETHERNET14/*Ethernetaddressesare6bytes*/#defineETHER_ADDR_LEN 6/*Ethernetheader*/char*dstip;char*srcip;structsniff_ethernet{u_charether_dhost[ETHER_ADDR_LEN];/*destinationhostaddress*/u_charether_shost[ETHER_ADDR_LEN];/*sourcehostaddress*/u_shortether_type;/*IP?ARP?RARP?etc*/};/*IPheader*/structsniff_ip{u_charip_vhl;/*version<<4|headerlength>>2*/u_charip_tos;/*typeofservice*/u_shortip_len;/*totallength*/u_shortip_id;/*identification*/u_shortip_off;/*fragmentoffsetfield*/#defineIP_RF0x8000/*reservedfragmentflag*/#defineIP_DF0x4000/*dontfragmentflag*/#defineIP_MF0x2000/*morefragmentsflag*/#defineIP_OFFMASK0x1fff/*maskforfragmentingbits*/u_charip_ttl;/*timetolive*/u_charip_p;/*protocol*/u_shortip_sum;/*checksum*/structin_addrip_src,ip_dst;/*sourceanddestaddress*/};#defineIP_HL(ip)(((ip)->ip_vhl)&0x0f)#defineIP_V(ip)(((ip)->ip_vhl)>>4)/*TCPheader*/typedefu_inttcp_seq;structsniff_tcp{u_shortth_sport;/*sourceport*/u_shortth_dport;/*destinationport*/tcp_seqth_seq;/*sequencenumber*/tcp_seqth_ack;/*acknowledgementnumber*/u_charth_offx2;/*dataoffset,rsvd*/#defineTH_OFF(th)(((th)->th_offx2&0xf0)>>4)u_charth_flags;#defineTH_FIN0x01#defineTH_SYN0x02#defineTH_RST0x04#defineTH_PUSH0x08#defineTH_ACK0x10#defineTH_URG0x20#defineTH_ECE0x40#defineTH_CWR0x80#defineTH_FLAGS(TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)u_shortth_win;/*window*/u_shortth_sum;/*checksum*/u_shortth_urp;/*urgentpointer*/};voidgot_packet(u_char*args,conststructpcap_pkthdr*header,constu_char*packet);voidprint_payload(constu_char*payload,intlen);voidprint_hex_ascii_line(constu_char*payload,intlen,intoffset);voidprint_app_banner(void);voidprint_app_usage(void);/**appname/banner*/voidprint_app_banner(void){ printf("%s-%s\n",APP_NAME,APP_DESC); printf("%s\n",APP_COPYRIGHT); printf("%s\n",APP_DISCLAIMER); printf("\n");return;}/**printhelptext*/voidprint_app_usage(void){ printf("Usage:%s[interface]\n",APP_NAME); printf("\n"); printf("Options:\n"); printf("interfaceListenon<interface>forpackets.\n"); printf("\n");return;}/**printdatainrowsof16bytes:offsethexascii**00000474554202f20485454502f312e310d0aGET/HTTP/1.1..*/voidprint_hex_ascii_line(constu_char*payload,intlen,intoffset){ inti; intgap; constu_char*ch; /*offset*/ printf("%05d",offset); /*hex*/ ch=payload; for(i=0;i<len;i++){ printf("%02x",*ch); ch++; /*printextraspaceafter8thbyteforvisualaid*/ if(i==7) printf(""); } /*printspacetohandlelinelessthan8bytes*/ if(len<8) printf(""); /*fillhexgapwithspacesifnotfullline*/if(len<16){ gap=16-len; for(i=0;i<gap;i++){ printf(""); } } printf(""); /*ascii(ifprintable)*/ ch=payload; for(i=0;i<len;i++){ if(isprint(*ch)) printf("%c",*ch); else printf("."); ch++; } printf("\n");return;}/**printpacketpayloaddata(avoidprintingbinarydata)*/voidprint_payload(constu_char*payload,intlen){ intlen_rem=len; intline_width=16; /*numberofbytesperline*/ intline_len; intoffset=0; /*zero-basedoffsetcounter*/ constu_char*ch=payload; if(len<=0) return; /*datafitsononeline*/ if(len<=line_width){ print_hex_ascii_line(ch,len,offset); return; } /*dataspansmultiplelines*/ for(;;){ /*computecurrentlinelength*/ line_len=line_width%len_rem; /*printline*/ print_hex_ascii_line(ch,line_len,offset); /*computetotalremaining*/ len_rem=len_rem-line_len; /*shiftpointertoremainingbytestoprint*/ ch=ch+line_len; /*addoffset*/ offset=offset+line_width; /*checkifwehavelinewidthcharsorless*/ if(len_rem<=line_width){ /*printlastlineandgetout*/ print_hex_ascii_line(ch,len_rem,offset); break; } }return;}/**dissect/printpacket*/voidgot_packet(u_char*args,conststructpcap_pkthdr*header,constu_char*packet){ staticintcount=1;/*packetcounter*/ /*declarepointerstopacketheaders*/ conststructsniff_ethernet*ethernet;/*Theethernetheader[1]*/ conststructsniff_ip*ip;/*TheIPheader*/ conststructsniff_tcp*tcp;/*TheTCPheader*/ constchar*payload;/*Packetpayload*/ intsize_ip; intsize_tcp; intsize_payload; printf("\nPacketnumber%d:\n",count); count++; /*defineethernetheader*/ ethernet=(structsniff_ethernet*)(packet); /*define/computeipheaderoffset*/ ip=(structsniff_ip*)(packet+14); size_ip=IP_HL(ip)*4; if(size_ip<20){ printf("*InvalidIPheaderlength:%ubytes\n",size_ip); return; } /*printsourceanddestinationIPaddresses*/ printf("From:%s\n",inet_ntoa(ip->ip_src));dstip=inet_ntoa(ip->ip_src);//printf("desip%s",dstip); printf("To:%s\n",inet_ntoa(ip->ip_dst));srcip=inet_ntoa(ip->ip_dst); /*determineprotocol*/ switch(ip->ip_p){ caseIPPROTO_TCP: printf("Protocol:TCP\n"); break; caseIPPROTO_UDP: printf("Protocol:UDP\n"); return; caseIPPROTO_ICMP: printf("Protocol:ICMP\n"); return; caseIPPROTO_IP: printf("Protocol:IP\n"); return; default: printf("Protocol:unknown\n"); return; } /* *OK,thispacketisTCP. */ /*define/computetcpheaderoffset*/ tcp=(structsniff_tcp*)(packet+14+size_ip); size_tcp=TH_OFF(tcp)*4; if(size_tcp<20){ printf("*InvalidTCPheaderlength:%ubytes\n",size_tcp); return; } printf("Srcport:%d\n",ntohs(tcp->th_sport)); printf("Dstport:%d\n",ntohs(tcp->th_dport)); /*define/computetcppayload(segment)offset*/ payload=(u_char*)(packet+14+size_ip+size_tcp); /*computetcppayload(segment)size*/ size_payload=ntohs(ip->ip_len)-(size_ip+size_tcp); /* *Printpayloaddata;itmightbebinary,sodon'tjust *treatitasastring. */ if(size_payload>0){ printf("Payload(%dbytes):\n",size_payload); print_payload(payload,size_payload); }return;}intmain(intargc,char**argv){ char*dev=NULL; /*capturedevicename*/ charerrbuf[PCAP_ERRBUF_SIZE]; /*errorbuffer*/ pcap_t*handle; /*packetcapturehandle*/ charfilter_exp[]="icmp"; /*filterexpression*/ structbpf_programfp; /*compiledfilterprogram(expression)*/ bpf_u_int32mask; /*subnetmask*/ bpf_u_int32net; /*ip*/ intnum_packets=1; /*numberofpacketstocapture*/ print_app_banner(); /*checkforcapturedevicenameoncommand-line*/ if(argc==2){ dev=argv[1]; } elseif(argc>2){ fprintf(stderr,"error:unrecognizedcommand-lineoptions\n\n"); print_app_usage(); exit(EXIT_FAILURE); } else{ /*findacapturedeviceifnotspecifiedoncommand-line*/ dev=pcap_lookupdev(errbuf); if(dev==NULL){ fprintf(stderr,"Couldn'tfinddefaultdevice:%s\n",errbuf); exit(EXIT_FAILURE); } } /*getnetworknumberandmaskassociatedwithcapturedevice*/ if(pcap_lookupnet(dev,&net,&mask,errbuf)==-1){ fprintf(stderr,"Couldn'tgetnetmaskfordevice%s:%s\n", dev,errbuf); net=0; mask=0; } /*printcaptureinfo*/ printf("Device:%s\n",dev); printf("Numberofpackets:%d\n",num_packets); printf("Filterexpression:%s\n",filter_exp); handle=pcap_open_live(dev,1518,1,1000,errbuf); if(handle==NULL){ fprintf(stderr,"Couldn'topendevice%s:%s\n",dev,errbuf); exit(EXIT_FAILURE); } /*makesurewe'recapturingonanEthernetdevice[2]*/ if(pcap_datalink(handle)!=DLT_EN10MB){ fprintf(stderr,"%sisnotanEthernet\n",dev); exit(EXIT_FAILURE); } /*compilethefilterexpression*/ if(pcap_compile(handle,&fp,filter_exp,0,net)==-1){ fprintf(stderr,"Couldn'tparsefilter%s:%s\n",filter_exp,pcap_geterr(handle)); exit(EXIT_FAILURE); } /*applythecompiledfilter*/ if(pcap_setfilter(handle,&fp)==-1){

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

最新文檔

評(píng)論

0/150

提交評(píng)論