c实现从IP层截取数据包的中获得请求页的网址

#pragma warning( disable: 4996 ) #include <winsock2.h> #include <stdio.h> #include "bish.h" #include "Headinfo.h" #pragma comment( lib, "ws2_32.lib" ) // linker must use this lib for sockets #if 1 #define LS_HI_PART(x) ((x>>4) & 0x0F) #define LS_LO_PART(x) ((x) & 0x0F) #define LS_MAX_PACKET_SIZE 65535 #ifndef SIO_RCVALL # define SIO_RCVALL _WSAIOW(IOC_VENDOR,1) #endif static char address[1024]; // ********************************************************************* // main // ********************************************************************* int main( int _argc, char *_argv[] ) { struct sockaddr_in sock_sniff; SOCKET sniff_socket = -1; WSAData sa_data; WORD ver; IPHEADER *ip_header = NULL; int optval = 1; DWORD dwLen = 0; char packet[LS_MAX_PACKET_SIZE]; int iRet = 0; int ip_header_size = 0; char ipSrc[20], ipDest[20], thisIP[20]; BOOL bShowTCP = TRUE, bShowICMP = TRUE; // Check arguments if ( _argc > 1 ) { if ( !_stricmp(_argv[1], "icmp") ) bShowTCP = FALSE; else if ( !_stricmp(_argv[1], "tcp") ) bShowICMP = FALSE; else { printf( "\nUsage lsniff [ICMP|TCP]\n" ); exit(0); } } // Init Windows sockets version 2.2 ver = MAKEWORD(2,2); WSAStartup(ver, &sa_data); // Get a socket in RAW mode sniff_socket = socket( AF_INET, SOCK_RAW, IPPROTO_IP ); if ( sniff_socket == SOCKET_ERROR ) { printf( "Error: socket = %ld\n", WSAGetLastError() ); exit(-1); } // Bind it memset( thisIP, 0x00, sizeof(thisIP) ); get_this_machine_ip(thisIP); sock_sniff.sin_family = AF_INET; sock_sniff.sin_port = htons(0); // If your machine has more than one IP you might put another one instead thisIP value sock_sniff.sin_addr.s_addr = inet_addr(thisIP); if ( bind( sniff_socket, (struct sockaddr *)&sock_sniff, sizeof(sock_sniff) ) == SOCKET_ERROR ) { printf( "Error: bind = %ld\n", WSAGetLastError() ); exit(-2); } // Set socket to promiscuous mode // setsockopt wont work ... dont even try it if ( WSAIoctl( sniff_socket, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwLen, NULL, NULL ) == SOCKET_ERROR )//start to get packet { printf( "Error: WSAIoctl = %ld\n", WSAGetLastError() ); exit(-3); } while (1) { (void) memset( packet, 0x00, sizeof(packet) ); iRet = recv( sniff_socket, packet, LS_MAX_PACKET_SIZE, 0 ); if ( iRet < (sizeof(IPHEADER))) continue; ip_header = (IPHEADER *)packet; // I only want IPv4 not IPv6 if ( LS_HI_PART(ip_header->ver_ihl) != 4 ) continue; ip_header_size = LS_LO_PART(ip_header->ver_ihl); ip_header_size *= sizeof(DWORD); // size in 32 bits words // Checks the protocol IP is encapsulating memset( ipSrc, 0x00, sizeof(ipSrc) ); memset( ipDest, 0x00, sizeof(ipDest) ); translate_ip(ip_header->source_ip, ipSrc); translate_ip(ip_header->destination_ip, ipDest); // Read http://www.ietf.org/rfc/rfc1700.txt?number=1700 switch( ip_header->protocol ) { case 1: // ICMP /* if ( bShowICMP ) { printf("\n -------------------- // -------------------- "); printf("\n IP Header:"); printf("\n Source IP: %s", ipSrc); printf("\n Destination IP: %s", ipDest); printf("\n ICMP Header:"); decode_icmp(&packet[ip_header_size]); } */ break; case 6: // TCP if ( bShowTCP ) { if(!strnicmp(&packet[sizeof(IPHEADER) + sizeof(TCPHEADER)],"GET ",4)) { printf("\n -------------------- // -------------------- "); printf("\n IP Header:"); printf("\n Source IP: %s", ipSrc); printf("\n Destination IP: %s", ipDest); printf("\n TCP Header:"); decode_tcp(&packet[ip_header_size]); get_web_address(&packet[sizeof(IPHEADER) + sizeof(TCPHEADER) + 4],address); } } break; case 17: // UPD /* printf("\n -------------------- // -------------------- "); printf("\n IP Header:"); printf("\n Source IP: %s", ipSrc); printf("\n Destination IP: %s", ipDest); printf("\n UDP Header:"); decode_udp(&packet[ip_header_size]); */ break; default: break; } } // end-while return 0; } #endif