C++ sniffer not working, how to fix?

N

NastyaG2016-11-14 21:07:00

Computer networks

NastyaG, 2016-11-14 21:07:00

Hello. I'm trying to figure out how to write a sniffer.
Here is my code:

#include "stdafx.h"
#include <cstdlib>
#include <iostream>
#include <winsock2.h>
#include <stdio.h>
#include <string.h>
#include <windows.h>
#include <process.h>
 
#define SIO_RCVALL         0x98000001
using namespace std;
 
 
typedef struct IPHeader
{
    unsigned char  ip_header_len:4;  // 4-bit header length (in 32-bit words) normally=5 (Means 20 Bytes may be 24 also)
    unsigned char  ip_version   :4;  // 4-bit IPv4 version
    unsigned char  ip_tos;           // IP type of service
    unsigned short ip_total_length;  // Total length
    unsigned short ip_id;            // Unique identifier 
    unsigned char  ip_frag_offset   :5;        // Fragment offset field
    unsigned char  ip_more_fragment :1;
    unsigned char  ip_dont_fragment :1;
    unsigned char  ip_reserved_zero :1;
    
    unsigned char  ip_frag_offset1;    //fragment offset
    
    unsigned char  ip_ttl;           // Time to live
    unsigned char  ip_protocol;      // Protocol(TCP,UDP etc)
    unsigned short ip_checksum;      // IP checksum
    unsigned int   ip_srcaddr;       // Source address
    unsigned int   ip_destaddr;      // Source address
};
 
 
int main(int argc, char *argv[])
{
    cout<<"Start...\n";
    WSAData WSData;
    WSAStartup(0x202,&WSData);
    WSADATA     wsadata;  
    SOCKET      s;         
    char        name[128];
    HOSTENT*    phe;      
    SOCKADDR_IN sa;        
    IN_ADDR sa1;        
    unsigned long        flag = 1;  
  //создаем сокет
    s = socket( AF_INET, SOCK_RAW, IPPROTO_IP );
  //получаем имя нашего локального хоста
    gethostname(name, sizeof(name));
    phe = gethostbyname( name );
    ZeroMemory( &sa, sizeof(sa) );
    sa.sin_family = AF_INET;
    sa.sin_addr.s_addr = ((struct in_addr *)phe->h_addr_list[0])->s_addr;
  //привязать локальный адрес к нашему сокету
    bind(s, (SOCKADDR *)&sa, sizeof(SOCKADDR));
    
  //включение режима promiscuous
    ioctlsocket(s, SIO_RCVALL, &flag);
    

    
    while( 1 )
    {
        int count=0;
        char Buffer[1024];
        count = recv( s, Buffer, sizeof(Buffer), 0 );
 
        if( count >= sizeof(IPHeader) )
        {
            IPHeader* hdr = (IPHeader *)Buffer;
      
            sa1.s_addr = hdr->ip_srcaddr;
      cout<<"Src:";
      printf(inet_ntoa(sa1));
      cout<<endl;
      cout<<"Dest:";
      sa1.s_addr = hdr->ip_destaddr;
      printf(inet_ntoa(sa1));
      cout<<endl;
      if(hdr->ip_protocol == IPPROTO_TCP) printf("TCP ");
            if(hdr->ip_protocol == IPPROTO_UDP) printf("UDP ");
 
        }
    }

 
    WSACleanup ();
    system("PAUSE");
    return EXIT_SUCCESS;
}

It seems like there shouldn't be anything complicated. In a loop, I try to catch all incoming packets and display information on them.
But at startup I get the following (Fig. 1).
Connected Wireshark, packets arrive there.
What could be the problem? Help me please . Thanks in advance!

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

R

Rou1997, 2016-11-14
@Rou1997

It will not be a full-fledged sniffer, it can only intercept outgoing packets, run it if you need Windows Vista or later as an administrator, Src must be your local IP like 192.168.xx, there are plenty of working examples of such "sniffers" on the Internet, if you bother to isolate from the code to a characteristic design and use Google without forgetting to turn off the option in your brain "capriciousness to the aesthetic appearance of search results and the correspondence of their language to your favorite language", then you will find them.