Ok, I'm now making alot of progress on making a Data traffic analizer, I can now succesfully capture IP packets (well this is not really true, because I'm not sure why my program captures packets if I load a video in youtube, but not if I surf to mpgh, so if someone spots any errors/sloppy code please post )
But I cannot decode them into readable(visable) chucks of data, or decode their headers
Can someone fill me up on how to do it, possibly providing me with example/functional code (yes I do plan to leech if possible , yes I do know how to code)
Here's some proof that I have been busy with this for a while now:
Main.h
Code:
#pragma comment "Main.h"
#define MAX_IP_SIZE 65535
#include <iostream>
#include <winsock2.h>
#include <iphlpapi.h>
#include <Mstcpip.h>
#pragma comment(lib, "iphlpapi.lib")
#pragma comment(lib, "ws2_32.lib")
int Initialize();
using namespace std;
Capture Trafic.cpp
Code:
#include "Main.h"
DWORD dwBytesRet;
DWORD dwFlags;
WSADATA wsaData;
WSABUF wbuf;
SOCKET s1;
struct sockaddr_in Lip;
char rcvbuf[MAX_IP_SIZE];
char ac[80];
unsigned int optval;
char buffer[10];
ostream& operator<<(ostream& out, const WSADATA& WsaData) { //Overloading for WSADATA
out<< "MaxSockets: "<< WsaData.iMaxSockets << endl;
out<< "MaxiMaxUdpDg: "<< WsaData.iMaxUdpDg << endl;
out<< "Description: "<< WsaData.szDescription << endl;
out<< "SystemStatus: "<< WsaData.szSystemStatus << endl;
out<< "Winsock High Version: "<< WsaData.wHighVersion << endl;
out<< "Version: "<< WsaData.wVersion << endl;
return out; //return exectution
}
int Initialize(){
cout<<"\n\n#########DATA TRAFIC ANILIZING COMPONENT#########\n\n";
if( WSAStartup( MAKEWORD(2, 2), &wsaData ) != NO_ERROR ) //initialize winsock
{
cerr<<"Socket Initialization: wsa startup error\n";
WSACleanup();
return -1;
}
cout<<"WsaStartup succesfully initialized\n\nWSADATA: "<< wsaData <<"\n\n"; //using overloaded operator
// ( s1 = socket( AF_UNSPEC, SOCK_RAW, IPPROTO_ICMP ) ) //initialize raw socket
if ( (s1 = WSASocket(AF_INET, SOCK_RAW, IPPROTO_IP, NULL, 0, WSA_FLAG_OVERLAPPED) ) == INVALID_SOCKET) { //check for errors
cout << "Invailid socket error: "<< WSAGetLastError() << endl; // call wsagetlasterror if there are any errors
WSACleanup();
return -2;
} else {
cout<<"Raw socket is succesfully bound: "<< s1 << endl;
}
if (gethostname(ac, sizeof(ac)) == SOCKET_ERROR) {
cout<<"Can not resolve host name: "<< WSAGetLastError() << endl;
WSACleanup();
return -3;
} else {
cout<<"Host address name is: "<< ac << endl;
}
struct hostent *phe = gethostbyname(ac);
if (phe == 0) {
cerr << "Hostlookup failed" << endl;
return -4;
}
struct in_addr addr;
memcpy(&addr, phe->h_addr_list[0], sizeof(struct in_addr));
cout<<"Host address is: "<< inet_ntoa(addr) << endl;
Lip.sin_family = AF_INET;
Lip.sin_addr.s_addr = inet_addr( inet_ntoa( addr ) );
Lip.sin_port = htons( 0 );
cout<<"Addres bound to inet_addr: "<< Lip.sin_addr.s_addr <<endl;
if ( bind(s1, (SOCKADDR*) &Lip, sizeof(Lip)) != 0 ){
cout<<"Cannot bind socket: "<< WSAGetLastError() << endl;
WSACleanup();
closesocket(s1);
return -5;
} else {
cout<<"Socket succesfully bound: "<< s1 << endl;
}
int i = WSAIoctl( s1, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL);
if( i != 0) {
cout << "WSAIoctl error: "<< WSAGetLastError() << endl; // call wsagetlasterror if there are any errors
WSACleanup();
closesocket(s1);
return -6;
} else{
cout<<"WSAioctl succesfully called"<<endl;
}
wbuf.len = MAX_IP_SIZE;
wbuf.buf = rcvbuf;
dwFlags = 0;
while(1){
int ret = WSARecv(s1, &wbuf, 1, &dwBytesRet, &dwFlags, NULL, NULL);
// recv(s1, buffer, sizeof(buffer), NULL);
if (ret == SOCKET_ERROR){
cout<<"WSARecv ERROR: "<<WSAGetLastError() << endl;
WSACleanup();
closesocket(s1);
return -7;
}else{
for(int i = 0; i != wbuf.len; i++){
cout<<wbuf.buf[i]<<endl;
}
}
}
cout<<"ERROR: "<< WSAGetLastError()<< endl;
cout<<"\n\n#########DATA TRAFIC ANILIZING COMPONENT#########\n\n#########END#########\n\n";
return 0;
}
in the end, wbuf.buf/.len hold's all the data I've captured, if someone could just show me how to decode it...
-SCHiM