2 years ago
#68963
David
Writing a global sniffer
this is an example of the code I using to capture all the traffic passing by my network card. Unfortunately not all traffic is captured. For example, I don't see the HTTP traffic that should be encrypted and the related images that are downloaded when looking at a site's page. I thought of this code as a recorder that stores all the bits that pass from the network card, but that's not the case: are there any limitations imposed by Windows that I don't know?
Thank you
void main()
{
int iResult = 0, in=0;
WSADATA wsaData;
SOCKET s;
iResult = WSAStartup(MAKEWORD(2, 2), &wsaData);
if (iResult != NO_ERROR)
{
printf(L"WSAStartup failed with error %d\n", iResult);
return;
}
s = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
if (s == INVALID_SOCKET)
{
printf(L"socket failed with error %d\n", WSAGetLastError());
return;
}
//-----------------------------------------------
struct hostent *local;
struct sockaddr_in dest;
char hostname[100];
iResult = gethostname(hostname, sizeof(hostname));
local=gethostbyname(hostname);
memset(&dest, 0, sizeof(dest));
memcpy(&dest.sin_addr.s_addr,local->h_addr_list[in],sizeof(dest.sin_addr.s_addr));
dest.sin_family = AF_INET;
dest.sin_port = 0;
iResult = bind(s, (struct sockaddr *)&dest, sizeof (dest));
if (iResult != 0)
{
//...
return;
}
//-----------------------------------------------
//Enable this socket with the power to sniff : SIO_RCVALL is the key Receive ALL ;)
int j=1;
if(WSAIoctl(s, SIO_RCVALL, &j, sizeof(j), 0, 0, (LPDWORD)&in ,0 ,0) == SOCKET_ERROR)
{
//......
return;
}
char *Buffer = (char *)malloc(65535);
while(!Terminated)
{
iResult = recvfrom(s, Buffer, 65535, 0, 0, 0);
if (iResult == SOCKET_ERROR)
{
sprintf(L"recvfrom failed with error %d\n", WSAGetLastError());
break;
}
else
{
iphdr = (IPV4_HDR *)Buffer;
fwrite(Buffer,iResult,1,fp); // for example
}
}
free(Buffer);
iResult = closesocket(s);
if (iResult == SOCKET_ERROR)
{
//.....
return;
}
WSACleanup();
}
c
winsock
0 Answers
Your Answer