[chinnaedu]

hello all....
is there any possibility to get the entire packet
as such when data is sent
(since its sent in the form of packets)
including the details like source ip,port etc...atleast from IP header....
cos i want to receive
the packet and send the same packet as such
to another server...and if so if anyone has a sample snippet please share with me...
my code says it cant bind...
its getting bind errors

any help is really appreciated

thank you

[gregoryH]

hello

I would like to help you, can you show us any code attempts you have so far?

That is part of the learning process.

[chinnaedu]

#define MAX_PACKET_SIZE 65525

#include <iostream>
#include <winsock2.h>
#include <ws2tcpip.h>
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <atlstr.h>
//#include "buffer.h"
#include <math.h>
#include <assert.h>
//#include <windows.h>
#include <string.h>
#include <ws2def.h>
#include <mstcpip.h>



typedef struct iphdr
{
	unsigned char VerIHL; //Version and IP Header Length
	unsigned char Tos;
	unsigned short Total_len;
	unsigned short ID;
	unsigned short Flags_and_Frags; //Flags 3 bits and Fragment offset 13 bits
	unsigned char TTL;
	unsigned char Protocol;
	unsigned short Checksum;
	unsigned long SrcIP;
	unsigned long DstIP;
	//unsigned long Options_and_Padding;
} IpHeader;

typedef struct port
{
	unsigned short SrcPort;
	unsigned short DstPort;
} TcpUdpPort;

void ProcessPacket(char* Buffer, int Size)
{
	IpHeader *iphdr;
	TcpUdpPort *port;
	struct sockaddr_in SockAddr;
	unsigned short iphdrlen;
	char C;

	iphdr = (IpHeader *)Buffer;

	iphdrlen = (iphdr->VerIHL << 4);
	memcpy(&C, &iphdrlen, 1);
	iphdrlen = (C >> 4) * 4; //20


	memset(&SockAddr, 0, sizeof(SockAddr));
	SockAddr.sin_addr.s_addr = iphdr->SrcIP;
	printf("Packet From: %s ", inet_ntoa(SockAddr.sin_addr));
	memset(&SockAddr, 0, sizeof(SockAddr));
	SockAddr.sin_addr.s_addr = iphdr->DstIP;
	printf("To: %s ", inet_ntoa(SockAddr.sin_addr));

	switch (iphdr->Protocol)
	{
	case 1:
		printf("Protocol: ICMP ");
		break;
	case 2:
		printf("Protocol: IGMP ");
		break;
	case 6:
		printf("Protocol: TCP ");
		if (Size > iphdrlen)
		{
			port = (TcpUdpPort *)(Buffer + iphdrlen);
			printf("From Port: %i To Port: %i ", ntohs(port->SrcPort), ntohs(port->DstPort));
		}
		break;
	case 17:
		printf("Protocol: UDP ");
		if (Size > iphdrlen)
		{
			port = (TcpUdpPort *)(Buffer + iphdrlen);
			printf("From Port: %i To Port: %i ", ntohs(port->SrcPort), ntohs(port->DstPort));
		}
		break;
	default:
		printf("Protocol: %i ", iphdr->Protocol); 
	}

	printf("\n");
}

void StartSniffing(SOCKET Sock)
{
	char *RecvBuffer = (char *)malloc(MAX_PACKET_SIZE + 1);
	int BytesRecv, FromLen;
	struct sockaddr_in From;

	if (RecvBuffer == NULL)
	{
		printf("malloc() failed.\n");
		exit(-1);
	}

	FromLen = sizeof(From);

	do
	{
		memset(RecvBuffer, 0, MAX_PACKET_SIZE + 1);
		memset(&From, 0, sizeof(From));

		BytesRecv = recvfrom(Sock, RecvBuffer, MAX_PACKET_SIZE, 0, (sockaddr *)&From, &FromLen);
		
		if (BytesRecv > 0)
		{
			ProcessPacket(RecvBuffer, BytesRecv);
		}
		else
		{
			printf( "recvfrom() failed.\n");
		}

	} while (BytesRecv > 0);


	free(RecvBuffer);
}



int main()
{
	WSADATA wsaData;
	SOCKET ListenSocket = INVALID_SOCKET,
	ClientSocket = INVALID_SOCKET;
	struct addrinfo *result = NULL,*ptr = NULL,
					hints;
	struct sockaddr_in SockAddr;
	DWORD BytesReturned;
	int I = 1;
	int iResult;

//

	 SOCKADDR_IN Addr;
     int SockFd;
     #ifdef _WIN32_
       int   Len = sizeof(Addr);
     #else
       socklen_t  Len = sizeof(Addr);
     #endif*/

//
    

	// Initialize Winsock
	iResult = WSAStartup(MAKEWORD(2,2), &wsaData);
	if (iResult != 0) 
	{
		printf("WSAStartup failed: %d\n", iResult);
		return 1;
	}

	ZeroMemory(&hints, sizeof(hints));
	hints.ai_family = AF_INET;
	hints.ai_socktype = SOCK_RAW;
	hints.ai_protocol = IPPROTO_IP;
	hints.ai_flags = AI_PASSIVE;

	// Resolve the server address and port
	iResult = getaddrinfo("<ip here>", "9000", &hints, &result);
	if ( iResult != 0 )
	{
		printf("getaddrinfo failed: %d\n", iResult);
		WSACleanup();
		return 1;
	}

	memset(&SockAddr, 0, sizeof(SockAddr));
		SockAddr.sin_addr.s_addr = inet_addr("ip here");
		SockAddr.sin_family = AF_INET;
		SockAddr.sin_port = 0;

	ListenSocket = socket(result->ai_family, result->ai_socktype, result->ai_protocol);
	if (ListenSocket == INVALID_SOCKET)
	{
		printf("socket failed: %ld\n", WSAGetLastError());
		freeaddrinfo(result);
		WSACleanup();
		return 1;
	}


	 // Setup the TCP listening socket
	iResult = bind( ListenSocket, (sockaddr *)&SockAddr, (sizeof(SockAddr)));
	if (iResult == SOCKET_ERROR) 
	{
		printf("bind failed: %d\n", WSAGetLastError());
		freeaddrinfo(result);
		closesocket(ListenSocket);
		WSACleanup();
		return 1;
	}
	

return 0;
}R

The problem i face is my code says bind failed...

when i use the same ip for SOCK_STREAM it works fine...for SOCK_RAW it doesnot work fine....

bind error


is it because of this
"
Limitations on Raw Sockets

On Windows 7, Windows Server 2008 R2, Windows Vista,

and Windows XP with Service Pack 2 (SP2), the ability to

send traffic over raw sockets has been restricted in several ways:

* TCP data cannot be sent over raw sockets.

* UDP datagrams with an invalid source address

cannot be sent over raw sockets. The IP source address for

any outgoing UDP datagram must exist on a network interface or

the datagram is dropped. This change was made to limit the ability

of malicious code to create distributed denial-of-service attacks and

limits the ability to send spoofed packets

(TCP/IP packets with a forged source IP address).

* A call to the bind function with a raw socket is not allowed.

These above restrictions do not apply to Windows Server 2008 ,

Windows Server 2003, or to versions of the operating

system earlier than Windows XP with SP2. "

i found it in msdn

This post has been edited by chinnaedu: 02 March 2010 - 11:38 PM
Reason for edit:: Added code tags

[gregoryH]

Hello

I take it you haven't tried to single step in your IDE yet?

Give that a go and watch your program flow while you learn about this code.

[chinnaedu]

gregoryH, on 02 March 2010 - 01:31 AM, said:

Hello

I take it you haven't tried to single step in your IDE yet?

Give that a go and watch your program flow while you learn about this code.

i did try compiling it..... then it self i came to know the problem is with binding.....actually this code is a mixture of my earlier code and code that i found on net that suits to my requirement to some extent....and by compiling itself i came to know abt the error and when i referred about the error in google and ended up finding the above lines in MSDN

This post has been edited by chinnaedu: 02 March 2010 - 02:54 AM

[JackOfAllTrades]

Like no2pencil I don't like this. However, look closely at your bind call. What is the value of the port to which you're attempting to bind?

[chinnaedu]

9000

[Trav]

Did you even write that?

[no2pencil]

Trav, on 02 March 2010 - 10:53 PM, said:

Did you even write that?

chinnaedu, on 02 March 2010 - 03:27 AM, said:

i found it in msdn

My guess would be .... 'no'.

[Trav]

Ah didn't see that

[chinnaedu]

i found the statements that i mentioned in my previous post not the code......i did google and used the simple socket programming...did modification and then tried to use it for my apllication...but it didnt work.....

[Trav]

Go learn about sockets, before you just copy & paste from other programs. You don't learn that way.

[chinnaedu]

thank you for your valuable suggestion.....

[Trav]

You mean pure gold? You'll learn pretty quick on here people won't just give you code, you will actually require an understanding of what you have written. Or else you might not understand the answer.

[chinnaedu]

really....!