RSS Forums RSS

struct is wrong, I guess...

Please support our C++ advertiser: Programming Forums
Reply
Posts: 1
Reputation: JBtje is an unknown quantity at this point 
Solved Threads: 0
JBtje JBtje is offline Offline
Newbie Poster

struct is wrong, I guess...

  #1  
Jul 17th, 2008
Hello,

On a website I found the next source code "sniffer.cpp"

Sniffer.cpp
C++ Syntax (Toggle Plain Text) 
  1. /*
  2.  
  3.   OoOoOoOoOoOoOoOoOoO
  4.   o HTTP-Sniffer    o
  5.   O www.1plus.se    O
  6.   oOoOoOoOoOoOoOoOoOo
  7.  
  8.   INFO: The trick is to use raw packets with SIO_RCVALL
  9.  
  10.  */
  11.  
  12. #include <iostream>
  13. #include <fstream>
  14. #include <string>
  15. #include <winsock2.h>
  16. #include <windows.h>
  17. #include <ws2tcpip.h>
  18. #include "packet_headers.h"
  19.  
  20. using namespace std;
  21.  
  22. #define SIO_RCVALL _WSAIOW(IOC_VENDOR,1) 
  23.  
  24. /*
  25. 	Init Winsock
  26. 	Startup winsock, version 2.
  27. */
  28.  
  29. bool fInitWinsock(){
  30. 	WSADATA lWsa;
  31.  
  32. 	if ( WSAStartup(MAKEWORD(2,0), &lWsa) != 0 )
  33. 		return false;
  34.  
  35. 	return true;
  36. }
  37.  
  38. void LogToFile(const char *log, ... )
  39. {
  40. 	va_list va_alist;
  41. 	char buff[1024]="";
  42. 	va_start (va_alist, log);
  43. 	_vsnprintf (buff, sizeof(buff), log, va_alist);
  44. 	va_end (va_alist);
  45.  
  46. 	ofstream lOutput;
  47. 	lOutput.open("packetlog.txt",ios::app);
  48. 	if(lOutput.fail()) return;
  49. 	lOutput << buff;
  50. 	lOutput.close();
  51. }
  52.  
  53. /*
  54. 	Init Raw Sockets
  55. 	!!SIO_RCVALL!!
  56.   */
  57.  
  58. SOCKET fInitSocket(){
  59. 	SOCKET lSock;
  60. 	DWORD  lpBuffer[255]; // Should be enough if you dont have like 100 adapters. :P
  61. 	DWORD  lSize;
  62. 	SOCKET_ADDRESS_LIST *lSaddrlist;
  63.  
  64. 	// RAW SOCKET, PROTOCOL IP
  65. 	if( (lSock = WSASocket(AF_INET,SOCK_RAW,IPPROTO_IP,NULL,0,WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET){
  66.        return -1;
  67.     }
  68.  
  69. 	/*
  70. 	MSDN: 
  71. 	The SIO_ADDRESS_LIST_QUERY socket I/O control operation allows a
  72. 	WSK application to query the current list of local transport
  73. 	addresses for a socket's address family. 
  74.  
  75.     OutputBuffer A pointer to the buffer that receives the current list of local transport addresses 
  76. 	*/
  77. 	WSAIoctl(lSock,SIO_ADDRESS_LIST_QUERY,NULL,0,lpBuffer,sizeof(lpBuffer),&lSize,NULL,NULL);
  78. 	lSaddrlist = (SOCKET_ADDRESS_LIST*)lpBuffer;
  79.  
  80. 	// Assume its the first. 
  81. 	// Dont know how many got more then one network adapter in use.
  82. 	// TODO: Fix ? 
  83. 	const sockaddr *lSockAddr=lSaddrlist->Address[0].lpSockaddr;
  84.  
  85. 	/* Bind socket to first address */
  86.     if(bind(lSock,lSockAddr,sizeof(SOCKADDR_IN)) == SOCKET_ERROR) {
  87.         printf("bind() error");
  88.         return -1;
  89.     }
  90.  
  91. 	/* Heres where the fun happens ;) */
  92. 	unsigned int  optval = 1;
  93. 	if(WSAIoctl(lSock,SIO_RCVALL,&optval,sizeof(optval),NULL,0,&lSize,NULL,NULL) == SOCKET_ERROR){
  94. 		printf("ERROR!\n");
  95.         return -1;
  96.     }
  97.  
  98. 	return lSock;
  99.  
  100. }
  101.  
  102. int main(void){
  103. 	char lPacket[1024];
  104. 	SOCKET lSock;
  105. 	IP *lIP;
  106. 	TCP *lTCP;
  107.  
  108. 	// Same as packet. :)
  109. 	// Pointer never changes, so we can set it at the begging.
  110. 	lIP = (IP*)lPacket;
  111.  
  112. 	// Print Banner.
  113. 	printf("  OoOoOoOoOoOoOoOoOoO\n");
  114. 	printf("  o HTTP-Sniffer    o\n");
  115. 	printf("  O www.1plus.se    O\n");
  116. 	printf("  oOoOoOoOoOoOoOoOoOo\n\n");
  117.  
  118. 	LogToFile("  OoOoOoOoOoOoOoOoOoO\n");
  119. 	LogToFile("  o HTTP-Sniffer    o\n");
  120. 	LogToFile("  O www.1plus.se    O\n");
  121. 	LogToFile("  oOoOoOoOoOoOoOoOoOo\n\n");
  122. 	SYSTEMTIME lol;
  123. 	GetSystemTime(&lol);
  124. 	LogToFile("  Started at: %i:%i:%i\n\n",lol.wDay,lol.wMonth,lol.wYear);
  125.  
  126.  
  127. 	// Init Winsock.
  128. 	if(!fInitWinsock()) return -1;
  129.  
  130. 	// Init socket to recieve all packets.
  131. 	lSock = fInitSocket();
  132.  
  133. 	// Failed to initialize socket
  134. 	if(lSock==-1){
  135. 		printf("Failed to initialize socket\n");
  136. 		return -1;
  137. 	}
  138.  
  139.  
  140. 	// Main loop
  141. 	while(1){
  142. 		// NOTE: Usually you should check if RECV is 0. but connection is never closed, so no need!
  143. 		int lRecv=recv(lSock,lPacket,1024,0);
  144.  
  145.  
  146. 		// TCP-Packet.
  147. 		if(lIP->protocol==6){
  148.  
  149. 			// Get Ip Header Length.
  150. 			unsigned short lHeaderLength=lIP->ihl*4;
  151.  
  152. 			// Change TCP-Header pointer to corect address
  153. 			lTCP = (TCP*)(lPacket+lHeaderLength);
  154.  
  155.  
  156. 			// Port 80?
  157. 			if(ntohs((unsigned short)lTCP->dest_port)==80){
  158. 				// Get data offset.
  159. 				unsigned short lDataStart=lTCP->data*4;
  160.  
  161. 				// The data part.
  162. 				char *lData = (char*)(lPacket+lHeaderLength+lDataStart);
  163.  
  164. 				// End the string :)
  165. 				char *lEndPtr = (char*)(lPacket+lRecv);
  166. 				*lEndPtr='\0';
  167.  
  168. 				// Dont log SYN/ACK packets
  169. 				if(lTCP->flags == 24){
  170. 					LogToFile("%s\n",lData);
  171. 					printf("%s\n",lData);
  172. 				}
  173. 			}
  174. 		}
  175. 	}
  176.  
  177. }

But in the rar on the website, the file "packet_headers.h" was NOT included so I had to recover it myself.... There I have no experience with C++, I'm shure there the mistake is....

packet_headers.h
C++ Syntax (Toggle Plain Text) 
  1. #pragma once
  2. #pragma comment(lib, "ws2_32.lib")
  3.  
  4. #ifndef _WIN32_WINNT            // Specifies that the minimum required platform is Windows Vista.
  5. #define _WIN32_WINNT 0x0600     // Change this to the appropriate value to target other versions of Windows.
  6. #endif
  7.  
  8.  
  9. typedef struct lIP
  10. {
  11. 	unsigned char ihl; // Version and IP Header Length
  12. 	unsigned int protocol;
  13. } IP;
  14.  
  15. typedef struct lTCP
  16. {
  17. 	unsigned short flags; //Flags 3 bits and Fragment offset 13 bits
  18. 	unsigned short data;
  19. 	unsigned long dest_port;
  20. } TCP;

With these files I am capable to make an executable, but it doesn't do what it is supposed to do

On line 147 of Sniffer.cpp ther is standing " if(lIP->protocol==6){" This checks if the protocol is TCP, as I need it to be...
Unfortunately, when I print lIP->protocol on the screen it returns 1,2 and 5 but not the needed 6 as it should do when I brows the internet with IE...


Can anyone help me with finding a solution for this lIP->protocol problem, so the correct value is inthere?
The source of "packet_headers.h" Is all "scripted" by me, and not (as far as I know) the original source......
The source of "Sniffer.cpp" is downloaded and should be working perfectly (in combination with "packet_headers.h" ofcourse)


Also I'm working with C++ for 2 days now, so there is a realy big change I made a mistake somewhere!


Thanks in advance,
Jeffrey
AddThis Social Bookmark Button
Reply With Quote  
Reply

Quick Reply to Thread

Only community members can participate in forum threads. You must register or log in to contribute.

Register


Similar Threads
Other Threads in the C++ Forum
Views: 448 | Replies: 0 | Currently Viewing: 1 (0 members and 1 guests)

 

Thread Tools Display Modes
Linear Mode Linear Mode
Forums | Blogs | Tutorials | Code Snippets | Whitepapers | RSS Feeds | Advertising
All times are GMT -4. The time now is 10:55 pm.
Newsletter Archive - Sitemap - Privacy Statement - Acceptable Use Policy - Contact Us
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC