linux 上用C++实现的网络嗅探器

#include"head.h" RawSocket::RawSocket(int memory ) { buffer = new unsigned char[memory]; this -> memory = memory; } RawSocket::~RawSocket() { delete []buffer; } void RawSocket::create_raw_socket() { if((sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP))) < 0) { fprintf(stdout, "create socket error\n"); } } int RawSocket::receive_data() { return recvfrom(sock, buffer, 2048, 0, NULL, NULL); } void RawSocket::output_mac_address(unsigned char *macHead) { unsigned char *p = macHead; int n = 0XFF; printf("MAC:\n %.2X:%02X:%02X:%02X:%02X:%02X==>%.2X:%.2X:%.2X:%.2X:%.2X:%.2X\n\n", p[6]&n, p[7]&n, p[8]&n, p[9]&n, p[10]&n, p[11]&n, p[0]&n, p[1]&n, p[2]&n, p[3]&n, p[4]&n, p[5]&n ); } void RawSocket::output_ip_address(unsigned char *ipHead) { unsigned char *p = ipHead + IP_ADDRESS_OFFSET; int n = 0XFF; printf("IP:\n %u.%u.%u.%u => %u.%u.%u.%u\n\n", p[0]&n, p[1]&n, p[2]&n, p[3]&n, p[4]&n, p[5]&n, p[6]&n, p[7]&n ); } void RawSocket::output_tcp_port(unsigned char *tcpHead) { unsigned char *p = tcpHead; printf("source port: %u => dest port: %u\n", (((*p) << 8) | *(p + 1)), ((*(p + 2) << 8) & 0XFF00) | ((*(p + 3)) & 0XFF) ); } void RawSocket::output_udp_port(unsigned char *udpHead) { unsigned char *p = udpHead; printf("source port: %u => dest port: %u\n", (((*p) << 8) | *(p + 1)), ((*(p + 2) << 8)& 0XFF00) | (*(p + 3) & 0XFF) ); } void RawSocket::output_data(unsigned char *dataHead, unsigned int len) { dataHead[len] = '\0'; cout << "\n***\n" <<string((char *)dataHead) <<"\n***"<< endl; } int RawSocket::get_protocol(unsigned char *ipHead) { return *(ipHead + IP_PROTOCOL_OFFSET); } double RawSocket::work(unsigned int times) { unsigned int count = 0; unsigned int tcpLen, udpLen, dataLen; double sumData = 0.0; create_raw_socket(); while(++count < times) { cout << "case: " << count <<endl; cout << endl; unsigned int temp = receive_data(); sumData += double(temp); if(temp < 42) { cout << "Incomplete header, packet corrupt" << endl; continue; } macHead = buffer; output_mac_address(macHead); ipHead = macHead + IP_HEAD_OFFSET; output_ip_address(ipHead); switch(get_protocol(ipHead)) { case IPPROTO_ICMP: cout << "ICMP" << endl; break; case IPPROTO_IGMP: cout << "IGMP" << endl; break; case IPPROTO_IPIP: cout << "IPIP" << endl; break; case IPPROTO_TCP: cout << "TCP" << endl; tcpHead = ipHead + ((*ipHead) & 0X0F) * 4; tcpLen = (((unsigned int)((*(ipHead + IP_SUM_OFFSET)) << 8) & 0XFF00) | ((*(ipHead +\ IP_SUM_OFFSET + 1)) & 0XFF))- (unsigned int)(*ipHead & 0X0F) * 4; cout << "the lenth of TCP package: " << tcpLen << endl; output_tcp_port(tcpHead); dataLen = tcpLen - (unsigned int) (*(tcpHead +TCP_DATA_OFFSET) >> 4) * 4; dataHead = tcpHead + tcpLen - dataLen; cout << "data lenth is :" << dataLen << endl; output_data(dataHead, dataLen); break; case IPPROTO_UDP: cout << "UDP" << endl; udpHead = ipHead + ((*ipHead) & 0X0F) * 4; udpLen = (((unsigned int)((*(ipHead + IP_SUM_OFFSET)) << 8) & 0XFF00) | ((*(ipHead +\ IP_SUM_OFFSET + 1)) & 0XFF))- (unsigned int)(*ipHead & 0X0F) * 4; if(udpLen != (((*(udpHead + 4) << 8) & 0XFF00) | (*(udpHead + 5) & 0XFF))) cout << "由IP推出的Udp长度和Udp自身的Udp长度不符合" << endl, udpLen = (((*(udpHead + 4) << 8) & 0XFF00) | (*(udpHead + 5) & 0XFF)); cout << "the lenth of UDP: " << udpLen << endl; output_udp_port(udpHead); dataLen = udpLen - 8; dataHead = udpHead + 8; output_data(dataHead, dataLen); break; case IPPROTO_RAW: cout << "RAW" << endl; break; default: cout << "Unknow, please query in include/linux/in.h" << endl; } cout << endl << endl << endl; } return sumData; }