#include #include #include #include #include #include #define MAX_HOSTNAME_LAN 255 #define SIO_RCVALL _WSAIOW(IOC_VENDOR,1) #define MAX_ADDR_LEN 16 #pragma comment(lib,"WS2_32.lib") typedef struct tcpheader { unsigned short int sport; unsigned short int dport; unsigned int th_seq; unsigned int th_ack; unsigned char th_x2:4; unsigned char th_off:4; unsigned char th_flag; unsigned short int th_win; unsigned short int th_sum; unsigned short int th_urp; //source address //destination address //sequence number //acknowledge number //header length //reserved //flags: URG ACK PSH RST SYN FIN //window size //check sum //urgent pointer }TCP_HDR; struct ipheader { unsigned char h_lenver; unsigned char ip_tos; unsigned short int ip_len; unsigned short int ip_id; unsigned short int ip_off; unsigned char ip_ttl; unsigned char ip_p; unsigned short int ip_sum; unsigned int ip_src; unsigned int ip_dst; }IP_HDR; typedef struct udphdr { unsigned short sport; unsigned short dport; unsigned short len; //version & header length //tos //total length //id //offset //time to live //protocal //check sum //source address //destination address //source port //destination port //UDP length 

//check sum(include data) unsigned short cksum; } UDP_HDR; typedef struct icmphdr { unsigned short sport; unsigned short dport; BYTE i_type; BYTE i_code; USHORT i_cksum; USHORT i_id; USHORT i_seq; ULONG timestamp; }ICMP_HDR; void main() { optval = 1; //the pointer , which shows us the payload begin SOCKET sock; WSADATA wsd; char RecvBuf[65535] = {0}; char entity_content[65535]={0}; char temp[65535]= {0}; DWORD dwBytesRet; int pCount=0; unsigned int unsigned char *dataip=NULL; unsigned char *datatcp=NULL; //the pointer , which shows us the payload begin unsigned char *dataudp=NULL; unsigned char *dataicmp=NULL; int lentcp=0, lenudp,lenicmp,lenip; int k; char WSAStartup(MAKEWORD(2,1),&wsd); if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP))==SOCKET_ERROR) { TcpFlag[6]={'F','S','R','P','A','U'}; //定义 TCP 的标志位 exit(0); } char FAR name[MAX_HOSTNAME_LAN]; gethostname(name, MAX_HOSTNAME_LAN); struct hostent FAR * pHostent; pHostent = (struct hostent * )malloc(sizeof(struct hostent)); pHostent = gethostbyname(name); SOCKADDR_IN sa; sa.sin_family = AF_INET; sa.sin_port = htons(6000); memcpy(&sa.sin_addr.S_un.S_addr, pHostent->h_addr_list[0], pHostent->h_length); 

bind(sock, (SOCKADDR *)&sa, sizeof(sa)); //if you don't have raw socket support (win 95/98/me/win2kuser) it calls the exit(1) function if ((WSAGetLastError())==10013) exit(0); WSAIoctl(sock, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL); struct udphdr *pUdpheader; struct ipheader *pIpheader; struct tcpheader *pTcpheader; struct icmphdr *pIcmpheader; char szSourceIP[MAX_ADDR_LEN], szDestIP[MAX_ADDR_LEN]; SOCKADDR_IN saSource, saDest; pIpheader = (struct ipheader *)RecvBuf; pTcpheader = (struct tcpheader *)(RecvBuf+ sizeof(struct ipheader )); pUdpheader = (struct udphdr *) (RecvBuf+ sizeof(struct ipheader )); pIcmpheader = (struct icmphdr *) (RecvBuf+ sizeof(struct ipheader )); int iIphLen = sizeof(unsigned long) * ( pIpheader->h_lenver & 0x0f ); while (1) { memset(RecvBuf, 0, sizeof(RecvBuf)); recv(sock, RecvBuf, sizeof(RecvBuf), 0); saSource.sin_addr.s_addr = pIpheader->ip_src; strncpy(szSourceIP, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN); //Check Dest IP saDest.sin_addr.s_addr = pIpheader->ip_dst; strncpy(szDestIP, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN); lenip=ntohs(pIpheader->ip_len); lentcp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct tcpheader))); lenudp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct udphdr))); lenicmp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct icmphdr))); if((pIpheader->ip_p)==IPPROTO_TCP&&lentcp!=0) { pCount++; dataip=(unsigned char *) RecvBuf; datatcp=(unsigned char *) RecvBuf+sizeof(struct ipheader)+sizeof(struct tcpheader); //data entity_content[65535]=*datatcp; printf("\n################### 数 据 包 [%i]=%d 字 节 数 据 ###################",pCount,lentcp); printf("\n*******************IP 协议头部*********************\n"); printf("标识:%i\n",ntohs(pIpheader->ip_id)); 

printf("总长度:%i\n",ntohs(pIpheader->ip_len)); printf("偏移量:%i\n",ntohs(pIpheader->ip_off)); printf("生存时间:%d\n",pIpheader->ip_ttl); printf("服务类型:%d\n",pIpheader->ip_tos); printf("协议类型:%d\n",pIpheader->ip_p); printf("检验和:%i\n",ntohs(pIpheader->ip_sum)); printf("源 IP 地址:%s ",szSourceIP); printf("\n 目的 IP 地址:%s ",szDestIP); printf("\n****************TCP 协议头部******************\n"); printf("源端口:%i\n",ntohs(pTcpheader->sport)); printf("目的端口:%i\n",ntohs(pTcpheader->dport)); printf("序列号:%i\n",ntohs(pTcpheader->th_seq)); printf("应答号:%i\n",ntohs(pTcpheader->th_ack)); printf("检验和:%i\n",ntohs(pTcpheader->th_sum)); printf("标志位："); FlagMask = 1; unsigned char int t=0,j,p=0,i5=0; int lenhttp=0; //print flags for( { k=0; k<6; k++ ) if((pTcpheader->th_flag) & FlagMask) printf("%c",TcpFlag[k]); else printf(" "); FlagMask=FlagMask<<1; } if(ntohs(pTcpheader->sport)==80||ntohs(pTcpheader->dport)==80) for(j=0;j

if( *(datatcp+k)==0x42&&*(datatcp+k+1)==0x69&&*(datatcp+k+2)==0x74&&*(datatcp+k+3)= =0x54&&*(datatcp+k+4)==0x6f&&*(datatcp+k+5)==0x72&&*(datatcp+k+6)==0x72&&*(datat cp+k+7)==0x65&&*(datatcp+k+8)==0x6e) printf("\n****************BitTorrent******************\n"); } for(int i3=0;i3