Author |
Message |
|
JoeImp Enlightened
Active Member
Joined: 24 May 2003 Posts: 747
|
Posted: 21 Dec 2003 01:00:52 pm Post subject: |
|
|
And here's yet another program I've made that noone knows what the heck it is . Im messing around with raw-packets alot, and I made a simple packet sniffer that watches your computer for every ip (tcp/udp/icmp) packet that either is sent to your computer, or your computer sends. You can find the ws2tcpip include in the latest platform SDK from mircrosoft(http://www.microsoft.com/msdownload/platformsdk/sdkupdate/default.htm?p=/msdownload/platformsdk/sdkupdate/home.htm), if you dont have it already. You also must include ws2_32.lib in your project for winsock2. Im working on a new one that takes apart the actual packets, not just the IP header to find out more info on it. later
[EDIT] - If you dont want to dload the SDK for the include or something, I could send you the .exe via email if you want. This program is actually really useful. I discovered 10 min ago that there is some remote IP originating from my comp sending UDP packets to 255.255.255.255. Lol
Code: #include <iostream.h>
#include <winsock2.h>
#include <windows.h>
#include <ws2tcpip.h>
int ProcessPacket(char *buffer);
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
struct IPHEADER
{
unsigned char verlen;
unsigned char tos;
unsigned short length;
unsigned short ident;
unsigned short frag_and_flags;
unsigned char ttl;
unsigned char proto;
unsigned short checksum;
unsigned int sourceIP;
unsigned int destIP;
};
int main()
{
SOCKADDR_IN sockaddr;
HOSTENT *HostInfo;
DWORD returned;
SOCKET rawsock, tempsock;
WSADATA WsaDat;
char buffer[65535], name[255];
unsigned long inbuf;
system("CLS");
cout << "<Packet Watch version 1.0>";
cout << "\nCoded By Joe Impellizzieri - iceman2oo0@hotmail.com";
cout << "\nWARNING: Coder Not At Fault For Illegal Usage/Damage Sustained";
cout.flush();
if (WSAStartup(MAKEWORD(2,1), &WsaDat) != 0)
{
cout << "\nWindows Startup Unsuccessfull";
return 0;
}
rawsock = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
if (rawsock == INVALID_SOCKET)
{
cout << "\nCould Not Create Raw Socket";
return 0;
}
gethostname(name, 255);
HostInfo = gethostbyname(name);
if (HostInfo == NULL)
{
cout << "\nUnable To Retrieve Host Info";
return 0;
}
sockaddr.sin_family = AF_INET;
sockaddr.sin_port = htons(6000);
sockaddr.sin_addr.S_un.S_un_b.s_b1 = (unsigned char)HostInfo->h_addr_list[0][0];
sockaddr.sin_addr.S_un.S_un_b.s_b2 = (unsigned char)HostInfo->h_addr_list[0][1];
sockaddr.sin_addr.S_un.S_un_b.s_b3 = (unsigned char)HostInfo->h_addr_list[0][2];
sockaddr.sin_addr.S_un.S_un_b.s_b4 = (unsigned char)HostInfo->h_addr_list[0][3];
bind (rawsock, (SOCKADDR *)&sockaddr, sizeof(sockaddr));
WSAIoctl(rawsock, SIO_RCVALL, &inbuf, sizeof(inbuf), NULL, 0, &returned, NULL, NULL);
cout << "\n\n[Waiting For Packets...]";
cout.flush();
while (1)
{
tempsock = SOCKET_ERROR;
memset(buffer, 0, sizeof(buffer));
while (tempsock == SOCKET_ERROR)
{
tempsock = recv(rawsock, buffer, sizeof(buffer), 0);
}
ProcessPacket(buffer);
}
}
int ProcessPacket(char *buffer)
{
IPHEADER *header;
SOCKADDR_IN source, dest;
char sourceip[20], destip[20];
int proto, ttl;
header = (IPHEADER *)buffer;
proto = header->proto;
ttl = header->ttl;
source.sin_addr.s_addr = header->sourceIP;
dest.sin_addr.s_addr = header->destIP;
strcpy(sourceip, inet_ntoa(source.sin_addr));
strcpy(destip, inet_ntoa(dest.sin_addr));
if (proto == IPPROTO_TCP)
{
cout << "\n\n[TCP Packet]";
}
if (proto == IPPROTO_UDP)
{
cout << "\n\n[UDP Packet]";
}
if (proto == IPPROTO_ICMP)
{
cout << "\n\n[ICMP Packet]";
}
cout << "\n[Source IP: " << sourceip << "]";
cout << "\n[Destination IP: " << destip << "]";
cout << "\n[TTL = " << ttl << "]";
cout.flush();
return 1;
}
Imp
Last edited by Guest on 21 Dec 2003 01:02:20 pm; edited 1 time in total |
|
Back to top |
|
|
Arcane Wizard `semi-hippie`
Super Elite (Last Title)
Joined: 02 Jun 2003 Posts: 8993
|
Posted: 22 Dec 2003 04:29:28 am Post subject: |
|
|
So it's like windows' netstat.exe? |
|
Back to top |
|
|
JoeImp Enlightened
Active Member
Joined: 24 May 2003 Posts: 747
|
Posted: 22 Dec 2003 12:42:42 pm Post subject: |
|
|
Lol not exactly. Netstat displays what tcp connections are on your computer. If another computer is fully connected under a stream socket, it will display it. Thats only for tcp connections tho. This shows EVERY SINGLE message that gets sent to your computer, tcp, udp, icmp, etc. It shows messages where one computer just asks for a connect to yours, it shows messages from OTHER computers on your network, and messages sent TO other computers on your network. I have my next version %90 finished, It actually displays the data that was in each packet, so you can see what was being sent, other than just the info about it.
Imp
Last edited by Guest on 22 Dec 2003 12:43:39 pm; edited 1 time in total |
|
Back to top |
|
|
Arcane Wizard `semi-hippie`
Super Elite (Last Title)
Joined: 02 Jun 2003 Posts: 8993
|
Posted: 22 Dec 2003 07:32:05 pm Post subject: |
|
|
Nice (though I think you can set netstat to show all kinds of connections, not just tcp), it doesn't run continuously, like a firewall, but once like netstat, right? |
|
Back to top |
|
|
JoeImp Enlightened
Active Member
Joined: 24 May 2003 Posts: 747
|
Posted: 22 Dec 2003 08:14:59 pm Post subject: |
|
|
No, I dont believe you can set netstat to catch everything. This program runs continously forever displaying every single thing sent the network your computer's on. Or just your computer, if you're not on a network. My newest version is almost done, ill have it up here tomorrow morning sometime.
Imp |
|
Back to top |
|
|
Arcane Wizard `semi-hippie`
Super Elite (Last Title)
Joined: 02 Jun 2003 Posts: 8993
|
Posted: 23 Dec 2003 05:58:40 am Post subject: |
|
|
I just checked, netstat can check TCP, UDP, and IP. |
|
Back to top |
|
|
JoeImp Enlightened
Active Member
Joined: 24 May 2003 Posts: 747
|
Posted: 23 Dec 2003 12:16:15 pm Post subject: |
|
|
First of all, IP doesnt really count, cause if it didn't watch IP, it wouldnt get anything. Second of all, a udp or icmp packet gets sent, without any connection, it just goes across the internet, and arrives at the destination once, then disapears, so for you to time netstat so that you check for udp or icmp packets the exact second one gets to your computer is impossible . Netstat is a one time thing. It doesnt loop or anything. And my next a version wont work. Everything works untill I display the data. If I take the data code out, it works fine. If I leave the data in, the internal speaker goes crazy. This is REALLY pissing me off.
Imp |
|
Back to top |
|
|
sic
Advanced Newbie
Joined: 28 Jul 2003 Posts: 62
|
Posted: 23 Dec 2003 05:55:26 pm Post subject: |
|
|
There is a character that, when outputed to the screen, makes the internal speaker beep. Try this code for example:
cout << "\a";
You will likely need to a) mask this character out, or B) display all the bytes as hex bytes, or c) write the data to a file or something.
Last edited by Guest on 23 Dec 2003 05:55:42 pm; edited 1 time in total |
|
Back to top |
|
|
JoeImp Enlightened
Active Member
Joined: 24 May 2003 Posts: 747
|
Posted: 24 Dec 2003 12:15:37 pm Post subject: |
|
|
Yeah, I remembered that, but I wasn't sure as to which character(s) actually did that. I guess I could just output it to a file, and maybe just do a hexdump or something of it to the console. I have a program that someone else wrote, that works fine though, and it's coded almost the same way as mine. :/
Imp |
|
Back to top |
|
|
|