Learn TCPIP with Sniffer Pro (1)

xiaoxiao2021-03-06  138

YDZQW

Note: Sniffer Pro should know, don't know, Google search J

It is best to have this << TCP / IP Details 1: Agreement >>

These two days are reading << TCP / IP Details >>, always feels that some places are not deep enough. So I wrote a small program, plus Sniffer, and chew it slowly.

The procedure is as follows:

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -

#include

#include

#include

Using namespace std;

void main ()

{

Word WVER;

Wsadata wsadata;

// WSAStartup

WVER = MakeWord (1, 1);

IF (WSAStartup (WVER, & WSADATA))

{

COUT << "WSASTAUP ERROR!";

Return;

}

// Socket Init

Socket sock;

IF ((Sock = Socket (AF_INET, SOCK_STREAM, 0)) <0)

{

Cout << "Socket Error!";

Return;

}

// bind, Listen and Accept

SockAddr_in sockadr;

SockAdr.sin_Family = AF_INET;

SockAdr.sin_addr.s_un.s_addr = HTONL (INADDR_Any);

SockAdr.sin_Port = HTONS (6666);

IF (Bind (SockAddr *) & SockAdr, Sizeof (SockAdr)))

{

Cout << "Bind Error!";

Return;

}

IF (Listen (Sock, 5))

{

COUT << "Listen Error!";

Return;

}

Socket Sock_svr;

SockAddr_in sockadr_svr;

INT Ilen = SizeOf (SockAdr_svr);

Blocking when // accept, if you want to exit the program, what?

SOCK_SVR = Accept (Sock, (SockAddr *) & SockAdr_SVR, & Ilen);

IF (SOCK_SVR == Invalid_socket)

{

Cout << "accetp erroor!";

Return;

}

// select and recv

FD_SET RDFS;

TimeVal TV;

Char BUF [1024 * 2];

int Retval;

Int Recv_err;

TV.tv_sec = 5;

TV.TV_USEC = 0;

FOR (;;)

{

FD_ZERO (& RDFS);

FD_SET (SOCK_SVR, & RDFS);

RetVal = SELECT (0, & RDFS, NULL, NULL, & TV);

MEMSET (BUF, 0, SIZEOF (BUF));

IF (RetVal> 0)

{

RECV_ERR = Recv (Sock_SVR, BUF, SIZEOF (BUF), 0);

IF (Recv_err == 0)

{

CloseSocket (SOCK_SVR); BREAK;

}

Else

{

Cout << BUF;

}

}

}

CloseSocket (SOCK);

WSACLEANUP ();

}

------------------------------------------------------------------------------------------------------------------------------ -------------------------

#include

#include

#include

Using namespace std;

void main ()

{

Word WVER;

Wsadata wsadata;

// WSAStartup

WVER = MakeWord (1, 1);

IF (WSAStartup (WVER, & WSADATA))

{

COUT << "WSASTAUP ERROR!";

Return;

}

// Socket Init

Socket sock;

IF ((Sock = Socket (AF_INET, SOCK_STREAM, 0)) <0)

{

Cout << "Socket Error!";

Return;

}

// Connect and Send

SockAddr_in sockadr;

SockAdr.sin_Family = AF_INET;

// Server enables loopback interface when this machine, and you can capture data.

// With SNIFFER can't capture data, this should be Windows to do corresponding on the bottom.

SockAdr.sin_addr.s_un.s_addr = inet_addr ("192.168.1.81");

SockAdr.sin_Port = HTONS (6666);

IF (Connect (SockAddr *) & SockAdr, Sizeof (SockAdr)) == Socket_ERROR)

{

COUT << "Connect Error!";

Return;

}

Where is the slice? IP layer? TCP layer?

CHAR TEST [2000];

MEMSET (TEST, 65, SIZEOF (TEST));

TEST [SIZEOF (TEST) - 1] = 'b'; // This can only see if all passed.

IF (SOND (SOCK, TEST, SIZEOF (TEST), 0) == Socket_ERROR)

{

Cout << "Send Error!";

Return;

}

// Sleep (1000); // Waiting for the SERVER's response package to close

// Close and WSacleanup

IF (ClossoSocket)

{

COUT << "CloseSocket Error!";

Return;

}

IF (wsacleanup ())

{

COUT << "WSACLEANUP ERROR!";

Return;

}

}

-------------------------------------------------- ----------------------------------

Change the 192.168.1.81 of the Client End to the IP address of the machine where the Server side is located. Client and Server cannot be in the same machine (I am also confused this), otherwise the sniffer can't capture the data.

START SnifferPro (Capture-> Start), then running Server, Client, the program is over, and Stop and Display SnifferPro (Capture-> Stop and Display). Although the program is over, it doesn't matter, and what we want is Sniffer Capture. Click Decode in the panel, you can start.

Note the above figure, from No.12 to No.21 (of course, it is not necessarily 12-21 when executed in your machine) is the whole process of this transmission. 12, 13, 14 is the three handshakes that establish a connection (DDoS attack has a loopholes that use three handshakes), see << Details >> P176.15, 16 is data transfer (here there is a data fragmentation problem, the following will be described in detail below 17, 19, 20, 21 is a four-time hands on the connection, 18 is the response package, and the data transfer of 15, 16 is responsive. Because the CloseSocket immediately immediately after Send, the response package is behind the termination connection request, of course, as long as the Sleep (1000) after Send, there will be no such situation. I also wonder if I have five handshakes, I am not correct here, it is to reveal everyone, be careful.

The structure of the data packet is started below:

转载请注明原文地址:https://www.9cbs.com/read-127181.html

New Post(0)