Master please advance: how to analyze the contents of the packet sent and received on the fixed port (online, etc.)

zhaozj2021-02-16  51

How to analyze the contents of the packets sent and received on the fixed port? ?

I used the principle of SNIFFER to monitor all sent data packets, then remove the relevant head, get the data in the package. Transform it into a string type.

I installed a mail server on the machine and tried to detect packets on the 25-port and 110 ports. I think it can be parsed by data related to commands such as User, Pass, Mail from, RCPT TO. But I tried it for a long time, there is no result.

When I copy a .txt file from the local area network or to copy the TXT file from the other machine, the file is definitely being sent into several packages, but the first package (part of the file is the most data) is monitoring It's, and the size is correct, but the parsed string is an empty string, and the following packages are completely correct.

This problem makes me depressed for a long time, please ask everyone to solve it.

The code used is as follows:

SOCKET sock; WSADATA wsd; // wsd structure pointer to point WSADATA DWORD dwBytesRet; int pCount = 0; unsigned int optval = 1; unsigned char * datatcp = NULL; unsigned char * dataudp = NULL; int lentcp = 0, lenudp;

WSAStartup (Makeword (2, 1), & WSD); // Initialize Winsock IF ((SOCK = Socket, Sock_RAW, IPPROTO_IP)) == SOCKET_ERROR) // Creates the original socket exit (1);

Char far name [max_hostname_lan]; gethostname (name, max_hostname_lan); // Get this name

Struct hostent far * phostent; phostent = (strunt hostent *) malloc (Struct Hostent); phostent = gethostByname (Name); // Get a given host name IP address

SockAddr_in sa; sa.sin_family = af_INET; // Plip SockAddr_in structure sa.sin_port = HTONS (6000); Memcpy (& sa.sin_addr.s_un.s_addr, phostent-> h_addr_list [0], phostent-> h_length);

Bind (Sock, (SockAddr *) & sa, sizeof (sa)); // Bind the original socket to the local network card ((wsagetlasterror ()) == 10013) exit (1);

WSAIOCTL (SOCK, SIO_RCVALL, & OPTVAL, SIZEOF (OPTVAL), NULL, 0, & DWBYTESRET, NULL, NULL);

Struct udphdr * pudpheader; struct ipheader * pipheader; struct tcpheader * ptcpheader; char szsourceip [max_addr_len], szdestip [max_addr_len]; sockaddr_in sasource, sadest;

while (1) {char RecvBuf [65535] = {0}; pIpheader = (struct ipheader *) RecvBuf; // pIpheader point IP header portion pTcpheader = (struct tcpheader *) (RecvBuf sizeof (struct ipheader)); // PTCPHeader points to the TCP Baotou Pudpheader = (struct udphdr *); // pudpheader points to the UDP Baode Memset (Recvbuf, 0, Sizeof (Recvbuf));

RECV (Sock, Recvbuf, SizeOf (Recvbuf), 0); // Receive data from socket

Sasource.sin_addr.s_addr = pipheader-> ip_src; // Source Port STRNCPY (SZSourceIP, INT_ADDR), MAX_ADDR_LEN); // Sz SoSourceIP is put into data source IP address, with points

Ten etiquette

Sadest.sin_addr.s_addr = pipheader-> ip_dst; // Subbour port strncpy (szdestip, inet_ntoa (sadest.sin_addr), max_addr_len); // szdestip is put into data for the data of the data, with a point of decimal

Indicate

LENTCP = (ntoHS (pipheader-> ip_len) - (Struct ipheader) sizeof (struct tcpheader)); // TCP packet length = IP package

Length-iP head length - TCP head length lenudp = (ntoHS (pipheader-> ip_len) - (Struct ipHeader) sizeof (struct udphdr))); // UCP packet length = IP package length

Degree -ip head length -udp head length

if ((pIpheader-> ip_p) == IPPROTO_TCP && lentcp = 0!) // If this packet uses a TCP protocol {pCount ; datatcp = (unsigned char *) RecvBuf sizeof (struct ipheader) sizeof (struct tcpheader);

CString Temp = ""; CSTRING SOURCEIP (SZDestip); CSTRING DESTIP (Szsources);

INT DESTPORT = NTOHS (PTCPHEADER-> DPORT); int sourceport = ntoHS (ptcpheader-> sport); Temp.Format ("% D", DESTPORT);

CString S; S.Format ("% D", SourcePort); MessageBox ("protocol: TCP / NIP source address: sourceip " source port: " S " / N destination address: " Destip " purpose port:"

TEMP);

Temp.format ("% D", LENTCP); MessageBox ("length:" TEMP); CString Data = ""; for (int i = 0; I

IF ((pipheader-> ip_p) == ipproto_udp && layoutcp! = 0) {// pcount ; // dataudp = (unsigned char *) Recvbuf sizeof (struct ipheader) sizeof (struct udphdr); //printf ("- UDP - / N "); // Printf (" / NDestination Address ->% S / N ", SZDestip); // Printf (" / NDestination Port ->% D / N ", NTOHS (Ptcpheader-> Dport); // Printf ("DataUDP Address ->% X / N", DataUDP); // Printf ("Size Of ipheader ->% I / N", SIZEOF (Struct ipheader)); // Printf ("Size of Udpheader- >% I / N ", SIZEOF (STRUCT UDPHDR)); // Printf (" Size of the Hole Packet ->% I / N ", NTOHS (Pipheader-> ip_len)); //printf (" / nchar packet% i [] = / "", pcount, lenudp); // for (int x = 0; x = 0) // Printf ("% C", * (DataUDP x2)); // else // printf ("."); //} // printf ("/ n / n"); // printf "******************************************** / n") }}

转载请注明原文地址:https://www.9cbs.com/read-15429.html

New Post(0)