基于winpcap的网络嗅探器
如题,功能:
1使用WinPCap的接口,实现一个网络嗅探器
2完成截获数据包的功能、并具备分析数据包的功能。
提供个源码啊!谢谢啦 --------------------编程问答-------------------- 没人会吗? --------------------编程问答-------------------- 我的毕业设计就是做这个
企业信息安全防范系统
还有代码哦 --------------------编程问答-------------------- 是吗?我也是!帮忙发过来参考参考!lhn.luck@yahoo.com.cn不胜感激!谢谢! --------------------编程问答-------------------- 发了
看看不知道合不合要求 --------------------编程问答-------------------- unit Protohdr;
{
PROTOHDR.PAS
Original source is PROTOHDR.H
Written by Sang-Eun Han
(seh@brabo1.korea.ac.kr, http://widecomm.korea.ac.kr/~seh).
Convert to Delphi 4.0 by: Jagad (don@indo.net.id)
May 10, 1999: Make faster TOULONG and TOUSHORT function and make it works
with D3 by: Francois Piette (francois.piette@pophost.eunet.be)
}
{$ALIGN ON}
interface
type
// Ethernet Frame Header
(*
typedef struct _ETHERNET_HDR {
UCHAR Destination[6];
UCHAR Source[6];
UCHAR Protocol[2];
UCHAR Data[1];
} ETHERNET_HDR, *PETHERNET_HDR;
*)
ETHERNET_HDR = packed record
Destination: array[0..5] of Byte;
Source: array[0..5] of Byte;
Protocol: array[0..1] of Byte;
Data: array[0..0] of Byte;
end;
PETHERNET_HDR = ^ETHERNET_HDR;
const
//rfc1340
PROTO_IP = $0800;
PROTO_ARP = $0806;
PROTO_XNS = $0600;
PROTO_SNMP = $814C;
PROTO_OLD_IPX = $8137;
PROTO_NOVELL = $8138;
PROTO_IPNG = $86DD;
OFFSET_IP = 14;
type
// IPv4 Header
(*
typedef struct _IP_RHDR {
UCHAR VerLen;
UCHAR Service;
UCHAR Length[2];
UCHAR Ident[2];
UCHAR Flagoff[2];
UCHAR Timelive;
UCHAR Protocol;
UCHAR Checksum[2];
UCHAR Source[4];
UCHAR Destination[4];
UCHAR Data[1];
} IP_RHDR, *PIP_RHDR;
*)
IP_RHDR = packed record
Verlen: Byte;
Service: Byte;
Length: array[0..1] of Byte;
Ident: array[0..1] of Byte;
Flagoff: array[0..1] of Byte;
TimeLive: byte;
Protocol: byte;
Checksum: array[0..1] of byte;
Source: array[0..3] of byte;
Destination: array[0..3] of byte;
Data: array[0..0] of byte;
end;
PIP_RHDR = ^IP_RHDR;
// IPv6 Header
(*
typedef struct _IPNG_RHDR {
byte VerPrio;
byte FlowLabel[3];
byte Length[2];
byte NextHdr;
byte HopLimit;
byte Source[16];
byte Destination[16];
byte Data[1];
} IPNG_RHDR, *PIPNG_RHDR;
*)
IPNG_RHDR = packed record
VerPrio: byte;
FlowLabel: array[0..2] of byte;
Length: array[0..1] of byte;
NextHadr: byte;
HopLimit: byte;
Source: array[0..15] of byte;
Destination: array[0..15] of byte;
Data: array[0..0] of byte;
end;
PIPNG_RHDR = ^IPNG_RHDR;
// TCP Header, RFC793
(*
typedef struct _TCP_RHDR {
byte Source[2];
byte Destination[2];
byte Seq[4];
byte Ack[4];
byte Rsvd0:4;
byte Offset:4;
byte Flags:6;
byte Rsvd1:2;
byte Window[2];
byte Checksum[2];
byte UrgPoint[2];
byte Data[1];
} TCP_RHDR, *PTCP_RHDR;
*)
TCP_RHDR = packed record
Source: array[0..1] of byte; //Source Port
Destination: array[0..1] of byte; //Destination Port
Seq: array[0..3] of byte;
Ack: array[0..3] of byte;
Rsvd0_Off: byte;
Flags_Rsvd1: byte;
Window: array[0..1] of byte;
Checksum: array[0..1] of byte;
UrgPoint: array[0..1] of byte;
Data: array[0..0] of byte;
end;
PTCP_RHDR = ^TCP_RHDR;
const
TCP_FLAG_FIN = $01;
TCP_FLAG_SYN = $02;
TCP_FLAG_RST = $04;
TCP_FLAG_PSH = $08;
TCP_FLAG_ACK = $10;
TCP_FLAG_URG = $20;
PROTO_TCP = 6;
type
// UDP Header
(*
typedef struct _UDP_RHDR {
byte Source[2];
byte Destination[2];
byte Length[2];
byte Checksum[2];
byte Data[1];
} UDP_RHDR, *PUDP_RHDR;
*)
UDP_RHDR = packed record
Source: array[0..1] of byte;
Destination: array[0..1] of byte;
Length: array[0..1] of byte;
Checksum: array[0..1] of byte;
Data: array[0..0] of byte;
end;
PUDP_RHDR = ^UDP_RHDR;
// Pseudo Header for evaluating TCP/UDP Checksum
(*
typedef struct _PSU_RHDR {
byte Source[4];
byte Destination[4];
byte Zero;
byte Protocol;
byte Length[2];
byte Data[1];
} PSU_RHDR, *PPSU_RHDR;
*)
PSU_RHDR = packed record
Source: array[0..3] of byte;
Destination: array[0..3] of byte;
Zero: byte;
Protocol: byte;
Length: array[0..1] of byte;
Data: array[0..0] of byte;
end;
PPSU_RHDR = ^PSU_RHDR;
//Borland CBuilder is 32 bit Win App
//#ifdef WIN32
//#define TOUSHORT(x) (USmallint)(*(x)<<8|*(x+1))
//#define TOULONG(x) (ULONG)(*(x)<<24|*(x+1)<<16|*(x+2)<<8|*(x+3))
//#else
//#define TOUSmallint(x) (*(USmallint *)x) //Big-Endian
//#define TOULONG(x) (*(ULONG *)x)
//#endif
function TOUSmallint(x: PChar): Smallint;
function TOULONG(x: PChar): LongWord;
implementation
function TOUSmallint(x: PChar): Smallint;
begin
Result := (Smallint(x^) shl 8) or (Smallint((x + 1)^)); // FP May 10, 1999
end;
function TOULONG(x: PChar): LongWord;
begin
Result := (LONGWORD(x^) shl 24) or // FP May 10, 1999
(LONGWORD((x + 1)^) shl 16) or // FP May 10, 1999
(LONGWORD((x + 2)^) shl 8) or // FP May 10, 1999
(LONGWORD((x + 3)^)); // FP May 10, 1999
end;
end.
--------------------编程问答-------------------- {
********************************************************************************
--------------------------------------------------------------------------------
TZNIFFER
for Packet Capture Driver by Politecnico di Torino
Written by Lars Peter Christiansen
--------------------------------------------------------------------------------
TERMS AND CONDITIONS OF USE.
All of this software is Copyright(C) 2002 Lars Peter Christiansen.
The author of this software assumes no liability for damages caused under
any circumstances whatsoever, and is under no obligation. Use of the software
indicates acceptance of all conditions contained in this document. If you do
not agree to these terms, you must delete this software immediately.
You may distribute the archive in which this software is distributed, but
under no circumstances must this archive be changed. Distributing a modified
archive is a violation of the software license.
If you do redistribute this software, please let me know at the email address
given below.
If you have any questions, requests, bug reports, etc., please contact me at
the address given below.
Lars Peter Christiansen
Email : lp@nzlab.dk
Website: http://www.nzlab.dk
--------------------------------------------------------------------------------
[ user application ]
[ TZniffer ] <- you are here!
[ PCAP ]
[ Netadapter ]
********************************************************************************
}
unit Zniffer;
interface
uses Windows,
Classes,
Sysutils,
Pcap,
Packet32;
Type
PETHERNET_HDR = ^ETHERNET_HDR;
ETHERNET_HDR = packed record
Destination: array[0..5] of UCHAR;
Source: array[0..5] of UCHAR;
Protocol: array[0..1] of UCHAR;
Data: array[0..0] of UCHAR;
end;
PIP_RHDR = ^IP_RHDR;
IP_RHDR = packed record
Verlen: UCHAR; //4bit version 4bit length (bytes/8)
Service: UCHAR; // TOS
Length: WORD;
Ident: WORD;
Flagoff: array[0..1] of UCHAR; //3bit flag - 13 bit offset
TimeLive: UCHAR;
Protocol: UCHAR;
Checksum: WORD;
SrcIP: array[0..3] of UCHAR;
DestIP: array[0..3] of UCHAR;
Data: array[0..0] of UCHAR;
end;
// Added ( Lars Peter Christiansen 13-04-2001)
PTCP_RHDR = ^TCP_RHDR;
TCP_RHDR = Packed record
SrcPort : WORD;
DestPort : WORD;
SequenceNr : array[0..3] of UCHAR;
AckNumber : array[0..3] of UCHAR;
LenResvFlags: array[0..1] of UCHAR; //length(4bits) rsvd(6bits) flags(6bits)
WindowSize : array[0..1] of UCHAR;
Checksum : array[0..1] of UCHAR;
UrgentPtr : array[0..1] of UCHAR;
Data : array[0..0] of UCHAR;
end;
Tzniffer = class;
// Thread that listens to selected Netadapter
TZnifferThread = Class(Tthread)
private
Z : Tzniffer;
public
ReadTimes : integer;
Constructor Create(Zniffer:Tzniffer);
Destructor Destroy;override;
Procedure Execute;override;
end;
// The main TZniffer Class here
TZniffer = Class
private
FPCAP : PPCAP; // Handle to the pcapdriver
Fadapters :TstringList; // the adapters found on the system
FadapterIndex:Integer; // current adapter
FThread : TZnifferThread; // The listening thread
Fsnooping : Boolean; // Flag indicating snooping activity
Function GetAdapters(Var ErrStr:string) : boolean;
procedure ThreadTerminate(Sender:tobject);
procedure SetAdapterIndex(const Value: integer);
public
OnPacket : Procedure(Data:pointer;recvbytes:Word) of Object;
Constructor Create;
Destructor Destroy;override;
Function Activate(var ErrStr:string) : boolean;
Function Deactivate(var ErrStr:string):boolean;
property Snooping : boolean Read Fsnooping;
property Adapters : TstringList read Fadapters;
property AdapterIndex:integer read FadapterIndex write SetAdapterIndex;
end;
Const //Look in rfc1340 dokument
PROTO_IP = $0800;
function TOUSHORT(x: PChar): SHORT; // Ripped C Makro
implementation
function TOUSHORT(x: PChar): SHORT;
begin Result := (SHORT(x^) shl 8) or (SHORT((x + 1)^)); // FP May 10, 1999
end;
{ TZniffer }
constructor TZniffer.Create;
var S:string;
begin
FAdapters := Tstringlist.Create;
FadapterIndex := 0;
FPCAP := Nil;
Fsnooping:=false;
GetAdapters(s);
end;
destructor TZniffer.Destroy;
Var E:string;
begin
DeActivate(E);
Fadapters.free;
Fadapters := nil;
inherited;
end;
//------------------------------------------------------------------------------
// ACTIVATE SNOOP AND START READTHREAD
//------------------------------------------------------------------------------
function TZniffer.Activate(var ErrStr: string): boolean;
begin
Result := false;
// Check if Snooping is active
if Fsnooping or (FPCAP<>nil) then
begin
ErrStr := 'Snooping already activated';
exit;
end;
// Open Driver and NetAdapter
FPCAP := Pcap.pcap_open_live(Pchar(FAdapters[FAdapterindex]),
DEFAULT_SNAPLEN,TRUE,100,ErrStr);
if FPCAP = nil then exit;
if not Assigned(OnPacket) then
begin
ErrStr:='No Packet Read Callback function assigned';
exit;
end;
// Start Snoop Read Thread
FThread := TZnifferThread.create(self);
Fthread.ReadTimes := 10;
Fthread.OnTerminate := ThreadTerminate;
Fthread.FreeOnTerminate := false;
Fthread.resume;
FSnooping := True;
result:=true;
end;
--------------------编程问答-------------------- function TZniffer.Deactivate(var ErrStr: string): boolean;
var
P:Tpacket;
T:longword;
begin
result := false;
if (not Fsnooping) then begin errstr:='Snooping not active';exit;end;
if FThread=nil then begin errstr:='No thread to stop';exit;end;
// Stop Snooping Thread
FThread.Terminate;
FThread.WaitFor;
FThread.Free;
Fthread := nil;
// Release Driver Handle
Pcap_Close(FPCAP);
result :=true;
end;
//------------------------------------------------------------------------------
// GET ADAPTERS IN SYSTEM
//------------------------------------------------------------------------------
function TZniffer.GetAdapters(var ErrStr:string): boolean;
begin
result:=false;
if FAdapters=nil then
begin
ErrStr :='Memory for Adapterlist not allocated';
exit;
end;
Fadapters.commatext := Pcap.pcap_GetAdapternames(',',ErrStr);
if Fadapters.CommaText='' then exit;
result := true;
end;
//------------------------------------------------------------------------------
//
// And Snoop Driver Callback function which cannot be procedure of object!
//------------------------------------------------------------------------------
procedure CaptureCB(User:pointer;const Header:Ppcap_pkthdr;const Data:pchar);
begin
TZniffer(user).OnPacket(Data,Header.len);
end;
//======================================================
{ TZnifferThread }
constructor TZnifferThread.Create(Zniffer:Tzniffer);
begin
ReadTimes:=0;
Z:=Zniffer;
PacketSetReadTimeout(z.Fpcap.Adapter,100);
inherited Create(TRUE);
end;
destructor TZnifferThread.Destroy;
begin
inherited;
end;
procedure TZnifferThread.Execute;
begin
if Z=nil then exit;
While Not Terminated do
begin
Pcap_Read(Z.FPCAP,0,CaptureCB,Pointer(Z));
end;
end;
//==========================================
procedure TZniffer.ThreadTerminate(Sender: tobject);
begin
Fsnooping:=false;
end;
procedure TZniffer.SetAdapterIndex(const Value: integer);
begin
if (value>-1) and (value<Adapters.count) then
FadapterIndex := Value;
end;
end.
--------------------编程问答-------------------- 给我发以下 yong85215@yahoo.com.cn --------------------编程问答-------------------- 给我也发一个,qiufen_1983@163.com.我做了个网络嗅探器的数据捕获,就是完成不了对数据包的保存,很着急,能不能帮帮我呢?很急需,谢谢帮忙! --------------------编程问答-------------------- 请给我发一个小型的源代码开放的微型IDS好吗?
小弟不胜感激!我的邮箱zhanghanyu1102@163.com --------------------编程问答-------------------- mabaolin@eyou.com
谢谢。我也要一份 --------------------编程问答-------------------- WINPCAP是做什么用的,有什么特别的功能吗
我用raw socket就可以捕获网络上的包了呀 --------------------编程问答-------------------- 楼上,raw socket工作在网络层,根据我的经验只能捕获IP包。而WinPcap工作在链路层,可以捕获任何包。 --------------------编程问答-------------------- to Kvci(看了不笑就没小JJ同时又比较长的昵称__——————————————————————————————)
能不能也发给我一份源代码啊?我刚入道,急需这方面的资料。谢谢。
我的邮箱 fanzy80@126.com
谢谢。 --------------------编程问答-------------------- 各位大哥,小妹也正在做网络监听系统,我也是做WPCAP的,谁有的话也给我一份,不胜感激呀!!!!!!!!!!!! --------------------编程问答-------------------- 我的油箱是zhangcaiyun1231993@163.com --------------------编程问答-------------------- 很明显ls没有一个看过winpcap文档的,里头说明的很清楚 --------------------编程问答-------------------- 我也在开发一个网络监控工具,请帮忙!谢谢大家.
我的邮箱: tian1982988@126.com --------------------编程问答-------------------- 等待牛人来答. --------------------编程问答-------------------- 好像没那么简单,呵呵. --------------------编程问答-------------------- gymzyt@163.com
给我发个啊...谢谢啊 --------------------编程问答-------------------- 希望有的人能给兄弟我发个啊,多谢了,eline1027@yahoo.com.cn!不甚感激啊!
1.使用WinPCap的接口,实现一个网络嗅探器
2.完成截获数据包的功能、并具备分析数据包的功能。
--------------------编程问答-------------------- 哎呀,都不用找啦,书上就有现成的啊!抄下来就可以用的
《网络安全开发包详解》 --------------------编程问答-------------------- 晕, 大名鼎鼎的wireshark, 以前叫ethereal, 就是基于libpcap/winpcap的网络嗅探/分析器啊, 它的源码是公开的............ --------------------编程问答-------------------- 你好,我的毕设也做的是和你比较像的那个企业信息安全防范,不知道你能不能把源码和相关资料也发给我一下,我做个参考,我的邮箱是yinistracy@163.com 不胜感激~ --------------------编程问答-------------------- 我也要 lculiuyonghua@163.com谢啦
补充:云计算 , 云安全
