18,363
社区成员
发帖
与我相关
我的任务
分享Sniffer程序抓不到发往本机的包?
做练习写了一个小程序抓包,本机发出去的包可以抓,但是抓不到发往本机的TCP ,UDP包,ICMP包倒是可以抓到,不明白是什么原因,各位大侠请帮忙看看,代码如下:
SOCKET s = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
if (INVALID_SOCKET == s)
{
printf("create socket fail --- %d\n", WSAGetLastError());
return 0;
}
DWORD flag;
setsockopt(s, IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(flag));
char szName[200];
::gethostname(szName, 199);
hostent *pHost = ::gethostbyname(szName);
if (pHost == NULL)
{
printf("get local host address fail --- %d\n", WSAGetLastError());
return 0;
}
sockaddr_in addr;
addr.sin_family = AF_INET;
addr.sin_addr = *(struct in_addr *)pHost->h_addr_list[0];
addr.sin_port = htons(57727);
if (SOCKET_ERROR == ::bind(s, (sockaddr *)&addr, sizeof(addr)))
{
printf("bind socket fail --- (%d)\n", WSAGetLastError());
return 0;
}
u_long iMode = 1;
ioctlsocket(s, SIO_RCVALL, &iMode);
char buf[65535];
int iRevLen = 0;
while(1)
{
iRevLen = ::recv(s, buf, 65534, 0);
filter(buf, iRevLen);
}
...全文
请发表友善的回复…
发表回复
-润物无声- 2011-11-12
- 打赏
- 举报
找到原因了,把Windows防火墙关了就能收到了。。。
谢谢各位的回答。。。
谢谢各位的回答。。。
-润物无声- 2011-11-12
- 打赏
- 举报
我看到msdn关于原始套接字的有下面一段:
Received datagrams are copied into all SOCK_RAW sockets that satisfy the following conditions:
The protocol number specified for the socket should match the protocol number in the IP header of the received datagram.
是不是说创建套接字时必须指定协议呢,不能用SOCKET s = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
比如要获取TCP,就用SOCKET s = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
Received datagrams are copied into all SOCK_RAW sockets that satisfy the following conditions:
The protocol number specified for the socket should match the protocol number in the IP header of the received datagram.
是不是说创建套接字时必须指定协议呢,不能用SOCKET s = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
比如要获取TCP,就用SOCKET s = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
-润物无声- 2011-11-12
- 打赏
- 举报
[Quote=引用 6 楼 xxq333 的回复:]
和绑定端口没有关系
你应该设置下IP头
setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char*)&flag, sizeof(flag));
[/Quote]
设置过了,还是一样;
不是本机发往本机,是别的机器发往本机的收不到,只能收广播包估计是用了交换机,但是别的机器发过来的包收不到,真是奇怪。我打开了一个在线视频,能看到本机发出去的,却没有发往本机的
和绑定端口没有关系
你应该设置下IP头
setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char*)&flag, sizeof(flag));
[/Quote]
设置过了,还是一样;
不是本机发往本机,是别的机器发往本机的收不到,只能收广播包估计是用了交换机,但是别的机器发过来的包收不到,真是奇怪。我打开了一个在线视频,能看到本机发出去的,却没有发往本机的
xxq333 2011-11-12
- 打赏
- 举报
和绑定端口没有关系
你应该设置下IP头
setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char*)&flag, sizeof(flag));
你应该设置下IP头
setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char*)&flag, sizeof(flag));
ouyh12345 2011-11-12
- 打赏
- 举报
本机发本机的包,不过网卡,当然抓不到
-润物无声- 2011-11-12
- 打赏
- 举报
agoago_2009给的例子和我的差不多,我也试过了,抓不到发往本机的,只能抓到广播包,我用的是Win7 64位,和操作系统有关系不?
Gloveing 2011-11-11
- 打赏
- 举报
#include "stdio.h"
#include "string.h"
#include "Winsock2.h"
#include <ws2tcpip.h>
#include "mstcpip.h"
#include "time.h"
#pragma comment(lib,"WS2_32.lib")
int main(int argc, char **argv)
{
SOCKET SnifferSocket;
int Result;
char Packet[60000];
char Name[255];
WSADATA wsaData;
DWORD dwBufferLen[10];
DWORD dwBufferInLen = 1;
DWORD dwBytesReturned = 0;
struct hostent *pHostent;
Result = WSAStartup(MAKEWORD(2, 2), &wsaData);
if (Result == SOCKET_ERROR)
{
printf("WSAStartup failed with error %d\n", Result);
return 0;
}
SnifferSocket = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
if (Result == SOCKET_ERROR)
{
printf("socket failed with error %d\n", WSAGetLastError());
closesocket(SnifferSocket);
return 0;
}
Result = gethostname(Name, 255);
if (Result == SOCKET_ERROR)
{
printf("gethostname failed with error %d\n", WSAGetLastError());
closesocket(SnifferSocket);
return 0;
}
pHostent = (struct hostent*)malloc(sizeof(struct hostent));
pHostent = gethostbyname(Name);
SOCKADDR_IN sock;
sock.sin_family = AF_INET;
sock.sin_port = htons(0);
memcpy(&sock.sin_addr.S_un.S_addr, pHostent->h_addr_list[2], pHostent->h_length);//2?
printf("\n ip addr is %s\n",inet_ntoa(sock.sin_addr));
Result = bind(SnifferSocket, (PSOCKADDR) &sock, sizeof(sock));
if (Result == SOCKET_ERROR)
{
printf("bind failed with error %d\n", WSAGetLastError());
closesocket(SnifferSocket);
return 0;
}
// Result = WSAIoctl(SnifferSocket, SIO_RCVALL, &dwBufferInLen, sizeof(dwBufferInLen),
// &dwBufferLen, sizeof(dwBufferLen), &dwBytesReturned, NULL, NULL);
Result =ioctlsocket(SnifferSocket, SIO_RCVALL, &dwBufferInLen);
if (Result == SOCKET_ERROR)
{
printf("WSAIoctl failed with error %d\n", WSAGetLastError());
closesocket(SnifferSocket);
return 0;
}
// HANDLE hCon= GetStdHandle(STD_OUTPUT_HANDLE);
//CONSOLE_SCREEN_BUFFER_INFO bInfo;
//GetConsoleScreenBufferInfo(hCon, &bInfo);
int packetcount = 0;
struct sockaddr_in from;//rendb
int fromlen ;//rendb
time_t temp;
while (true)
{
memset(Packet, 0, sizeof(Packet));
// Result = recv(SnifferSocket, Packet, sizeof(Packet), 0);
fromlen=sizeof(from);
Result = recvfrom(SnifferSocket, Packet, sizeof(Packet), 0,(struct sockaddr*)&from,&fromlen);//WSAEINTR
if (Result == SOCKET_ERROR)
{
printf("recv failed with error %d\n", WSAGetLastError());
closesocket(SnifferSocket);
return 0;
}
packetcount++;
time(&temp);
printf("Packet:%d Length:%d Time:%s from %s\n", packetcount, Result,
ctime(&temp),inet_ntoa(from.sin_addr));
if (packetcount==70) break;
}
// SetConsoleTextAttribute(hCon, bInfo.wAttributes);
if (closesocket(SnifferSocket) == SOCKET_ERROR)
{
printf("closesocket failed with error %d\n", WSAGetLastError());
return 0;
}
if (WSACleanup() == SOCKET_ERROR)
{
printf("WSACleanup failed with error %d\n", WSAGetLastError());
return 0;
}
return 1;
}
-润物无声- 2011-11-11
- 打赏
- 举报
哦,有可能,但是我把端口设为0了还是不行
mayudong1 2011-11-11
- 打赏
- 举报
sockaddr_in addr;
addr.sin_family = AF_INET;
addr.sin_addr = *(struct in_addr *)pHost->h_addr_list[0];
addr.sin_port = htons(57727);
if (SOCKET_ERROR == ::bind(s, (sockaddr *)&addr, sizeof(addr)))这里绑定到了具体的端口上,大概跟这个有关系
