简单的嗅探

简单的嗅探  收藏
由于本人很菜,这个代码是改别人的.呵呵.可以在公司的局域网里搞搞坏,呵呵.
我是在ubuntu8.04下的,需要gcc编译.


#include <string.h>
#include <ctype.h>
#include <stdio.h>
#include <netdb.h>
#include <sys/file.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <sys/signal.h>
#include <net/if.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/if_ether.h>


#define BUFFER_MAX 2048

int open_fd(int fd) {
    int s;
    struct ifreq ifr;
    /*接口名*/
    strcpy(ifr.ifr_name, "eth0");
    /*获取接口标志*/
    if ((s = ioctl(fd, SIOCGIFFLAGS, &ifr)) < 0) {
        close(fd);
        return (-1);
    }
    /*设置接口为混杂模式*/
    ifr.ifru_flags |= 0x100;  // 关闭  ifr.ifr_flags &= ~IFF_PROMISC;
    /*设置接口标志*/
    if ((s = ioctl(fd, SIOCSIFFLAGS, &ifr)) < 0) {
        return (-1);
    }
    printf("Setting   interface   :::   %s   :::   to   promisc\n\n", intf);
    return (fd);
}

int main(int argc, char *argv[]) {
    int sock, readnum, proto;
    char buffer[BUFFER_MAX];
    char *ethhead, *iphead, *tcphead, *udphead, *icmphead, *p;

    sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP));

    while (1) {
        readnum = recvfrom(sock, buffer, 2048, 0, NULL, NULL);
        /*
         14   6(dest)+6(source)+2(type or length)
         +
         20   ip header
         +
         8   icmp,tcp or udp header
         = 42

         MAC: 00:1D:7D:45:1C:09==>00:19:5B:74:27:3B
         IP: 192.168.0.182 => 192.168.0.23
         Protocol: TCP,source port: 1637,dest port: 22

         */
        if(readnum < 42) {
            fprintf(stdout, "Incomplete header, packet corrupt\n");
            continue;
        }
        ethhead = buffer;
        p = ethhead;

        printf("--------------------------------------------------------------------\n");

        printf("MAC: %.2X:%02X:%02X:%02X:%02X:%02X==>%.2X:%.2X:%.2X:%.2X:%.2X:%.2X\n",
                p[6]&0XFF, p[7]&0XFF, p[8]&0XFF, p[9]&0XFF, p[10]&0XFF, p[11]&0XFF,
                p[0]&0XFF, p[1]&0XFF, p[2]&0XFF,p[3]&0XFF, p[4]&0XFF, p[5]&0XFF);

        iphead = ethhead + 14;
        p = iphead + 12;

        printf("IP: %d.%d.%d.%d => %d.%d.%d.%d\n",
                p[0]&0XFF, p[1]&0XFF, p[2]&0XFF, p[3]&0XFF,
                p[4]&0XFF, p[5]&0XFF, p[6]&0XFF, p[7]&0XFF);
        proto = (iphead + 9)[0];
        p = iphead + 20;
        printf("Protocol: ");
        switch(proto) {
            case IPPROTO_ICMP:
                printf("ICMP\n");
                break;
            case IPPROTO_IGMP:
                printf("IGMP\n");
                break;
            case IPPROTO_IPIP:
                printf("IPIP\n");
                break;
            case IPPROTO_TCP :
            case IPPROTO_UDP :
                printf("%s,", proto == IPPROTO_TCP ? "TCP": "UDP");
                printf("source port: %u,",(p[0]<<8)&0XFF00 | p[1]&0XFF);
                printf("dest port: %u\n", (p[2]<<8)&0XFF00 | p[3]&0XFF);
                break;
            case IPPROTO_RAW :
                printf("RAW\n");
                break;
            default:
                printf("Unkown, please query in include/linux/in.h\n");
        }
    }
}