固定端口ip包截获分析（未齐）

#include <winsock2.h>#include <windows.h>#include <ws2tcpip.h>#include <stdio.h>#include <stdlib.h>#pragma comment(lib,"ws2_32.lib")#define MAX_HOSTNAME_LAN 255#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)#define MAX_ADDR_LEN 16struct ipheader {unsigned char ip_hl:4, ip_v:4; /* this means that each member is 4 bits */unsigned char ip_tos;unsigned short int ip_len;unsigned short int ip_id;unsigned short int ip_off;unsigned char ip_ttl;unsigned char ip_p;unsigned short int ip_sum;unsigned int ip_src;unsigned int ip_dst;}; /* total ip header length: 20 bytes (=160 bits) */typedef struct udphdr {unsigned short sport;unsigned short dport;unsigned short len;unsigned short cksum;}UDP_HDR;void main(){SOCKET sock;WSADATA wsd;DWORD dwBytesRet;unsigned int optval = 1;unsigned char *dataudp,*pUdpData;int QQ,iUdpDataLen;SOCKADDR_IN sa,saSource, saDest;struct hostent FAR * pHostent;char FAR name[MAX_HOSTNAME_LAN];char szSourceIP[MAX_ADDR_LEN],RecvBuf[65535] = {0};struct udphdr *pUdpheader;struct ipheader *pIpheader;WSAStartup(MAKEWORD(2,1),&wsd);if ((sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP))==SOCKET_ERROR)exit(1);gethostname(name, MAX_HOSTNAME_LAN);pHostent = gethostbyname(name);sa.sin_family = AF_INET;sa.sin_port = htons(6000);memcpy(&sa.sin_addr.S_un.S_addr, pHostent->h_addr_list[0], pHostent->h_length);bind(sock, (SOCKADDR *)&sa, sizeof(sa));if ((WSAGetLastError())==10013)exit(1);WSAIoctl(sock, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL);pIpheader = (struct ipheader *)RecvBuf;pUdpheader = (struct udphdr *) (RecvBuf+ sizeof(struct ipheader ));printf("QQ sniffer V1.1 code powerd by cooldiyer\r\n");while (1){memset(RecvBuf, 0, sizeof(RecvBuf));recv(sock, RecvBuf, sizeof(RecvBuf), 0);saSource.sin_addr.s_addr = pIpheader->ip_src;strncpy(szSourceIP, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN);iUdpDataLen =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct udphdr))); if((pIpheader->ip_p)==IPPROTO_UDP&&iUdpDataLen!=0){pUdpData=(unsigned char *) RecvBuf+sizeof(struct ipheader)+sizeof(struct udphdr);iUdpDataLen=ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct udphdr));if(ntohs(pUdpheader->dport)==8000)        if(iUdpDataLen%4==0 && iUdpDataLen>0)            if(pUdpData[0]==0x02 && pUdpData[3]==0x00 && pUdpData[iUdpDataLen-1]==0x03)            {                QQ = (pUdpData[7]&0xff);                QQ = (QQ<<8) + (pUdpData[8]&0xff);                QQ = (QQ<<8) + (pUdpData[9]&0xff);                QQ = (QQ<<8) + (pUdpData[10]&0xff);                printf("IP:%s QQ:%d\r",szSourceIP,QQ);             }  }}}