struct is wrong, I guess...

•

What is DaniWeb IT Discussion Community?

You're currently browsing the C++ section within the Software Development category of DaniWeb, a massive community of 426,017 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 1,703 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.

Join our community!

Please support our C++ advertiser: Programming Forums

Thread Tools Display Modes

Views: 239 | Replies: 0

•

Join Date: Jul 2008

Posts: 1

Reputation: JBtje is an unknown quantity at this point

Rep Power: 0

Solved Threads: 0

JBtje

Offline

Newbie Poster

struct is wrong, I guess...

Jul 17th, 2008

Hello,

On a website I found the next source code "sniffer.cpp"

Sniffer.cpp

 Help with Code Tags 
 C++ Syntax (Toggle Plain Text) 
/*
 
  OoOoOoOoOoOoOoOoOoO
  o HTTP-Sniffer    o
  O www.1plus.se    O
  oOoOoOoOoOoOoOoOoOo
 
  INFO: The trick is to use raw packets with SIO_RCVALL
 
 */
 
#include <iostream>
#include <fstream>
#include <string>
#include <winsock2.h>
#include <windows.h>
#include <ws2tcpip.h>
#include "packet_headers.h"
 
using namespace std;
 
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1) 
 
/*
	Init Winsock
	Startup winsock, version 2.
*/
 
bool fInitWinsock(){
	WSADATA lWsa;
 
	if ( WSAStartup(MAKEWORD(2,0), &lWsa) != 0 )
		return false;
 
	return true;
}
 
void LogToFile(const char *log, ... )
{
	va_list va_alist;
	char buff[1024]="";
	va_start (va_alist, log);
	_vsnprintf (buff, sizeof(buff), log, va_alist);
	va_end (va_alist);
 
	ofstream lOutput;
	lOutput.open("packetlog.txt",ios::app);
	if(lOutput.fail()) return;
	lOutput << buff;
	lOutput.close();
}
 
/*
	Init Raw Sockets
	!!SIO_RCVALL!!
  */
 
SOCKET fInitSocket(){
	SOCKET lSock;
	DWORD  lpBuffer[255]; // Should be enough if you dont have like 100 adapters. :P
	DWORD  lSize;
	SOCKET_ADDRESS_LIST *lSaddrlist;
 
	// RAW SOCKET, PROTOCOL IP
	if( (lSock = WSASocket(AF_INET,SOCK_RAW,IPPROTO_IP,NULL,0,WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET){
       return -1;
    }
 
	/*
	MSDN: 
	The SIO_ADDRESS_LIST_QUERY socket I/O control operation allows a
	WSK application to query the current list of local transport
	addresses for a socket's address family. 
 
    OutputBuffer A pointer to the buffer that receives the current list of local transport addresses 
	*/
	WSAIoctl(lSock,SIO_ADDRESS_LIST_QUERY,NULL,0,lpBuffer,sizeof(lpBuffer),&lSize,NULL,NULL);
	lSaddrlist = (SOCKET_ADDRESS_LIST*)lpBuffer;
 
	// Assume its the first. 
	// Dont know how many got more then one network adapter in use.
	// TODO: Fix ? 
	const sockaddr *lSockAddr=lSaddrlist->Address[0].lpSockaddr;
 
	/* Bind socket to first address */
    if(bind(lSock,lSockAddr,sizeof(SOCKADDR_IN)) == SOCKET_ERROR) {
        printf("bind() error");
        return -1;
    }
 
	/* Heres where the fun happens ;) */
	unsigned int  optval = 1;
	if(WSAIoctl(lSock,SIO_RCVALL,&optval,sizeof(optval),NULL,0,&lSize,NULL,NULL) == SOCKET_ERROR){
		printf("ERROR!\n");
        return -1;
    }
 
	return lSock;
 
}
 
int main(void){
	char lPacket[1024];
	SOCKET lSock;
	IP *lIP;
	TCP *lTCP;
 
	// Same as packet. :)
	// Pointer never changes, so we can set it at the begging.
	lIP = (IP*)lPacket;
 
	// Print Banner.
	printf("  OoOoOoOoOoOoOoOoOoO\n");
	printf("  o HTTP-Sniffer    o\n");
	printf("  O www.1plus.se    O\n");
	printf("  oOoOoOoOoOoOoOoOoOo\n\n");
 
	LogToFile("  OoOoOoOoOoOoOoOoOoO\n");
	LogToFile("  o HTTP-Sniffer    o\n");
	LogToFile("  O www.1plus.se    O\n");
	LogToFile("  oOoOoOoOoOoOoOoOoOo\n\n");
	SYSTEMTIME lol;
	GetSystemTime(&lol);
	LogToFile("  Started at: %i:%i:%i\n\n",lol.wDay,lol.wMonth,lol.wYear);
 
 
	// Init Winsock.
	if(!fInitWinsock()) return -1;
 
	// Init socket to recieve all packets.
	lSock = fInitSocket();
 
	// Failed to initialize socket
	if(lSock==-1){
		printf("Failed to initialize socket\n");
		return -1;
	}
 
 
	// Main loop
	while(1){
		// NOTE: Usually you should check if RECV is 0. but connection is never closed, so no need!
		int lRecv=recv(lSock,lPacket,1024,0);
 
 
		// TCP-Packet.
		if(lIP->protocol==6){
 
			// Get Ip Header Length.
			unsigned short lHeaderLength=lIP->ihl*4;
 
			// Change TCP-Header pointer to corect address
			lTCP = (TCP*)(lPacket+lHeaderLength);
 
 
			// Port 80?
			if(ntohs((unsigned short)lTCP->dest_port)==80){
				// Get data offset.
				unsigned short lDataStart=lTCP->data*4;
 
				// The data part.
				char *lData = (char*)(lPacket+lHeaderLength+lDataStart);
 
				// End the string :)
				char *lEndPtr = (char*)(lPacket+lRecv);
				*lEndPtr='\0';
 
				// Dont log SYN/ACK packets
				if(lTCP->flags == 24){
					LogToFile("%s\n",lData);
					printf("%s\n",lData);
				}
			}
		}
	}
 
}
/*

  OoOoOoOoOoOoOoOoOoO
  o HTTP-Sniffer    o
  O www.1plus.se    O
  oOoOoOoOoOoOoOoOoOo

  INFO: The trick is to use raw packets with SIO_RCVALL

 */

#include <iostream>
#include <fstream>
#include <string>
#include <winsock2.h>
#include <windows.h>
#include <ws2tcpip.h>
#include "packet_headers.h"

using namespace std;

#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1) 

/*
	Init Winsock
	Startup winsock, version 2.
*/

bool fInitWinsock(){
	WSADATA lWsa;

	if ( WSAStartup(MAKEWORD(2,0), &lWsa) != 0 )
		return false;
	
	return true;
}

void LogToFile(const char *log, ... )
{
	va_list va_alist;
	char buff[1024]="";
	va_start (va_alist, log);
	_vsnprintf (buff, sizeof(buff), log, va_alist);
	va_end (va_alist);

	ofstream lOutput;
	lOutput.open("packetlog.txt",ios::app);
	if(lOutput.fail()) return;
	lOutput << buff;
	lOutput.close();
}

/*
	Init Raw Sockets
	!!SIO_RCVALL!!
  */

SOCKET fInitSocket(){
	SOCKET lSock;
	DWORD  lpBuffer[255]; // Should be enough if you dont have like 100 adapters. :P
	DWORD  lSize;
	SOCKET_ADDRESS_LIST *lSaddrlist;

	// RAW SOCKET, PROTOCOL IP
	if( (lSock = WSASocket(AF_INET,SOCK_RAW,IPPROTO_IP,NULL,0,WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET){
       return -1;
    }

	/*
	MSDN: 
	The SIO_ADDRESS_LIST_QUERY socket I/O control operation allows a
	WSK application to query the current list of local transport
	addresses for a socket's address family. 

    OutputBuffer A pointer to the buffer that receives the current list of local transport addresses 
	*/
	WSAIoctl(lSock,SIO_ADDRESS_LIST_QUERY,NULL,0,lpBuffer,sizeof(lpBuffer),&lSize,NULL,NULL);
	lSaddrlist = (SOCKET_ADDRESS_LIST*)lpBuffer;

	// Assume its the first. 
	// Dont know how many got more then one network adapter in use.
	// TODO: Fix ? 
	const sockaddr *lSockAddr=lSaddrlist->Address[0].lpSockaddr;

	/* Bind socket to first address */
    if(bind(lSock,lSockAddr,sizeof(SOCKADDR_IN)) == SOCKET_ERROR) {
        printf("bind() error");
        return -1;
    }

	/* Heres where the fun happens ;) */
	unsigned int  optval = 1;
	if(WSAIoctl(lSock,SIO_RCVALL,&optval,sizeof(optval),NULL,0,&lSize,NULL,NULL) == SOCKET_ERROR){
		printf("ERROR!\n");
        return -1;
    }

	return lSock;

}

int main(void){
	char lPacket[1024];
	SOCKET lSock;
	IP *lIP;
	TCP *lTCP;

	// Same as packet. :)
	// Pointer never changes, so we can set it at the begging.
	lIP = (IP*)lPacket;

	// Print Banner.
	printf("  OoOoOoOoOoOoOoOoOoO\n");
	printf("  o HTTP-Sniffer    o\n");
	printf("  O www.1plus.se    O\n");
	printf("  oOoOoOoOoOoOoOoOoOo\n\n");

	LogToFile("  OoOoOoOoOoOoOoOoOoO\n");
	LogToFile("  o HTTP-Sniffer    o\n");
	LogToFile("  O www.1plus.se    O\n");
	LogToFile("  oOoOoOoOoOoOoOoOoOo\n\n");
	SYSTEMTIME lol;
	GetSystemTime(&lol);
	LogToFile("  Started at: %i:%i:%i\n\n",lol.wDay,lol.wMonth,lol.wYear);


	// Init Winsock.
	if(!fInitWinsock()) return -1;

	// Init socket to recieve all packets.
	lSock = fInitSocket();

	// Failed to initialize socket
	if(lSock==-1){
		printf("Failed to initialize socket\n");
		return -1;
	}


	// Main loop
	while(1){
		// NOTE: Usually you should check if RECV is 0. but connection is never closed, so no need!
		int lRecv=recv(lSock,lPacket,1024,0);


		// TCP-Packet.
		if(lIP->protocol==6){
			
			// Get Ip Header Length.
			unsigned short lHeaderLength=lIP->ihl*4;

			// Change TCP-Header pointer to corect address
			lTCP = (TCP*)(lPacket+lHeaderLength);


			// Port 80?
			if(ntohs((unsigned short)lTCP->dest_port)==80){
				// Get data offset.
				unsigned short lDataStart=lTCP->data*4;

				// The data part.
				char *lData = (char*)(lPacket+lHeaderLength+lDataStart);
			
				// End the string :)
				char *lEndPtr = (char*)(lPacket+lRecv);
				*lEndPtr='\0';

				// Dont log SYN/ACK packets
				if(lTCP->flags == 24){
					LogToFile("%s\n",lData);
					printf("%s\n",lData);
				}
			}
		}
	}

}

But in the rar on the website, the file "packet_headers.h" was NOT included

so I had to recover it myself.... There I have no experience with C++, I'm shure there the mistake is....

packet_headers.h

 Help with Code Tags 
 C++ Syntax (Toggle Plain Text) 
#pragma once
#pragma comment(lib, "ws2_32.lib")
 
#ifndef _WIN32_WINNT            // Specifies that the minimum required platform is Windows Vista.
#define _WIN32_WINNT 0x0600     // Change this to the appropriate value to target other versions of Windows.
#endif
 
 
typedef struct lIP
{
	unsigned char ihl; // Version and IP Header Length
	unsigned int protocol;
} IP;
 
typedef struct lTCP
{
	unsigned short flags; //Flags 3 bits and Fragment offset 13 bits
	unsigned short data;
	unsigned long dest_port;
} TCP;
#pragma once
#pragma comment(lib, "ws2_32.lib")

#ifndef _WIN32_WINNT            // Specifies that the minimum required platform is Windows Vista.
#define _WIN32_WINNT 0x0600     // Change this to the appropriate value to target other versions of Windows.
#endif


typedef struct lIP
{
	unsigned char ihl; // Version and IP Header Length
	unsigned int protocol;
} IP;

typedef struct lTCP
{
	unsigned short flags; //Flags 3 bits and Fragment offset 13 bits
	unsigned short data;
	unsigned long dest_port;
} TCP;

With these files I am capable to make an executable, but it doesn't do what it is supposed to do

On line 147 of Sniffer.cpp ther is standing " if(lIP->protocol==6){" This checks if the protocol is TCP, as I need it to be...
Unfortunately, when I print lIP->protocol on the screen it returns 1,2 and 5 but not the needed 6 as it should do when I brows the internet with IE...

Can anyone help me with finding a solution for this lIP->protocol problem, so the correct value is inthere?
The source of "packet_headers.h" Is all "scripted" by me, and not (as far as I know) the original source......
The source of "Sniffer.cpp" is downloaded and should be working perfectly (in combination with "packet_headers.h" ofcourse)

Also I'm working with C++ for 2 days now, so there is a realy big change I made a mistake somewhere!

Thanks in advance,
Jeffrey