使用VB在WIN2000下截获IP数据包

原创 2002年06月03日 15:09:00

作者:天同
QQ:19632995
MSN:jyu1221@hotmail.com
日期:2002.04.30

      为了方便广大VB爱好者也能向C语言一样能截获IP包,本人特地写了以下的源代码,以供VB开发者参考。

       以下是在VB中截获WIN2000下TCP/IP包的源代码,在VB6.0,win2000下测试通过,需要注意的地方是,1.必须和本地的一块网卡,2.每次获取数据后必须有一段延时。3.数据取到之后放在Buff的数组中。4.把以下的代码放在一个模块中就可以了。
'-----------------------------代码开始--------------------------------------------------
Declare Function bind Lib "ws2_32.dll" (ByVal s As Long, addr As SOCK_ADDR, ByVal namelen As Long) As Long
Declare Function closesocket Lib "ws2_32.dll" (ByVal s As Long) As Long
Declare Function connect Lib "ws2_32.dll" (ByVal s As Long, name As SOCK_ADDR, ByVal namelen As Integer) As Long
Declare Function inet_addr Lib "ws2_32.dll" (ByVal cp As String) As Long
Declare Function htons Lib "ws2_32.dll" (ByVal hostshort As Integer) As Integer
Declare Function recv Lib "ws2_32.dll" (ByVal s As Long, buffer As Any, ByVal length As Long, ByVal flags As Long) As Long
Declare Function send Lib "ws2_32.dll" (ByVal s As Long, buffer As Any, ByVal length As Long, ByVal flags As Long) As Long
Declare Function shutdown Lib "ws2_32.dll" (ByVal s As Long, ByVal how As Long) As Long
Declare Function ioctlsocket Lib "ws2_32.dll" (ByVal s As Long, ByVal v As Long, ut As Long) As Long
Declare Function socket Lib "ws2_32.dll" (ByVal af As Long, ByVal type_specification As Long, ByVal protocol As Long) As Long
Declare Function WSACancelBlockingCall Lib "ws2_32.dll" () As Long
Declare Function WSACleanup Lib "ws2_32.dll" () As Long
Declare Function WSAGetLastError Lib "ws2_32.dll" () As Long
Declare Function WSAStartup Lib "ws2_32.dll" (ByVal wVersionRequired As Integer, wsData As WSA_DATA) As Long
Declare Function WSASocketA Lib "ws2_32.dll" (ByVal af As Long, ByVal type1 As Long, ByVal protocol As Long, lpProtocolInfo As Long, g As Long, ByVal dwFlags As Long)
Declare Function WSAIoctl Lib "ws2_32.dll" (ByVal s As Long, ByVal dwIoControlCode As Long, lpvInBuffer As Long, ByVal cbInBuffer As Long, lpvOutBuffer As Long, ByVal cbOutBuffer As Long, lpcbBytesReturned As Long, lpOverlapped As Long, lpCompletionRoutine As Long) As Long
 

Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal length As Long)

Public Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)

Public Const WSADESCRIPTION_LEN = 256
Public Const WSASYS_STATUS_LEN = 128

Type WSA_DATA
    wVersion As Integer
    wHighVersion As Integer
    strDescription(WSADESCRIPTION_LEN + 1) As Byte
    strSystemStatus(WSASYS_STATUS_LEN + 1) As Byte
    iMaxSockets As Integer
    iMaxUdpDg As Integer
    lpVendorInfo As Long
End Type

Type IN_ADDR
    S_addr As Long
End Type

Type SOCK_ADDR
    sin_family As Integer
    sin_port As Integer
    sin_addr As IN_ADDR
    sin_zero(0 To 7) As Byte
End Type


Type IPHeader
    lenver As Byte
    tos As Byte
    len As Integer
    ident As Integer
    flags As Integer
    ttl As Byte
    proto As Byte
    checksum As Integer
    sourceIP As Long
    destIP As Long
End Type
   
Const AF_INET = 2
Const SOCK_RAW = 3
Const IPPROTO_IP = 0
Const IPPROTO_TCP = 6
Const IPPROTO_UDP = 17
Const MAX_PACK_LEN = 65535
Const SOCKET_ERROR = -1&
   


Private mwsaData As WSA_DATA
Private m_hSocket As Long


Private msaLocalAddr As SOCK_ADDR

Private msaRemoteAddr As SOCK_ADDR


Sub Main()
    Dim nResult As Long
   
    nResult = WSAStartup(&H202, mwsaData)
    If nResult <> WSANOERROR Then
      MsgBox "Error en WSAStartup"
      Exit Sub
    End If
   
    m_hSocket = socket(AF_INET, SOCK_RAW, IPPROTO_IP)
    If (m_hSocket = INVALID_SOCKET) Then
       MsgBox "Error in socket"
       Exit Sub
    End If
   
   
    msaLocalAddr.sin_family = AF_INET
    msaLocalAddr.sin_port = 0
    msaLocalAddr.sin_addr.S_addr = inet_addr("192.168.1.125") '这里需要你自己的网卡的IP地址
   
    nResult = bind(m_hSocket, msaLocalAddr, Len(msaLocalAddr))
    If (nResult = SOCKET_ERROR) Then
       MsgBox "Error in bind"
       Exit Sub
    End If
   
    Dim InParamBuffer  As Long
    Dim BytesRet  As Long
    BytesRet = 0
    InParamBuffer = 1

    nResult = ioctlsocket(m_hSocket, &H98000001, 1)   


    If nResult <> 0 Then
       MsgBox "ioctlsocket"
       Exit Sub
    End If
   
   
    Dim strData As String
    Dim nReceived As Long
   
   
    '截获来的数据放在BUFF里面
    Dim Buff(0 To MAX_PACK_LEN) As Byte
    Dim IPH As IPHeader
   
    Do Until False     '这个例子里,一直获取
       DoEvents
       nResult = recv(m_hSocket, Buff(0), MAX_PACK_LEN, 0)
       If nResult = SOCKET_ERROR Then
           MsgBox "Error in RecvData::recv"
           Exit Do
       End If
       CopyMemory IPH, Buff(0), Len(IPH)     '为了访问方便
       Select Case IPH.proto
             Case IPPROTO_TCP
               'frmHookTcpip.Text1.SelText = HexIp2DotIp(IPH.sourceIP)
               'frmHookTcpip.Text1.SelText = "  ----->  "
               'frmHookTcpip.Text1.SelText = HexIp2DotIp(IPH.destIP)
               'frmHookTcpip.Text1.SelText = vbCrLf
               Debug.Print HexIp2DotIp(IPH.sourceIP) & "  ----->  " & HexIp2DotIp(IPH.destIP)
       End Select
    Loop
   
    nResult = shutdown(m_hSocket, 2)
    nResult = closesocket(m_hSocket)
    nResult = WSACancelBlockingCall
    nResult = WSACleanup
End Sub


Function HexIp2DotIp(ByVal ip As Long) As String
    Dim s As String, p1 As String, p2 As String, p3 As String, p4 As String
    s = Right("00000000" & Hex(ip), 8)
    p1 = Val("&h" & Mid(s, 1, 2))
    p2 = Val("&h" & Mid(s, 3, 2))
    p3 = Val("&h" & Mid(s, 5, 2))
    p4 = Val("&h" & Mid(s, 7, 2))
    HexIp2DotIp = p4 & "." & p3 & "." & p2 & "." & p1
End Function
'-----------------------------代码结束--------------------------------------------------

网络数据包截获原理

首先获取原始socket,SOCK_RAW越过TCP层直接读取IP数据包,linux unix下使用SOCK_PACKET捕获链路层数据包。int sock = socket(AF_INET,SOCK...
  • tanfenghua518
  • tanfenghua518
  • 2007年08月31日 00:31
  • 443

C#截获本机数据包方法实例

本文向大家介绍Windows Sockets的一些关于用C#实现的原始套接字(Raw Socket)的编程,以及在此基础上实现的网络封包监视技术。同Winsock1相比,Winsock2最明显的就是支...
  • king1991wbs
  • king1991wbs
  • 2011年10月21日 20:04
  • 5002

C++ 捕获本机网卡的IP包并对其解析的实现

编程要求:捕获本机网卡的IP包,对捕获的IP包进行解析。要求必须输出以下字段:版本号、总长度、标志位、片偏移、协议、源地址和目的地址。 TCP/IP协议定义了一个在因特网上传输的包,称为IP数据报...
  • NK_test
  • NK_test
  • 2016年05月08日 21:54
  • 6005

使用VB截获WIN98系列下的IP数据包

作者:jyu1221(天同)QQ:19632995          MSN:jyu1221@hotmail.com        因广大VB爱好者开发捕获IP数据包的需要,我花了一个下午的工夫,终于...
  • jyu1221
  • jyu1221
  • 2002年05月08日 10:17
  • 842

以原始套接字的方式截获流经本机网卡的IP数据包

从事网络安全的技术人员和相当一部分准黑客(指那些使用现成的黑客软件进行攻击而不是根据需要去自己编写代码的人)都一定不会对网络嗅探器(sniffer)感到陌生,网络嗅探器无论是在网络安全还是在黑客攻击方...
  • yandaqijian
  • yandaqijian
  • 2015年03月19日 13:31
  • 1625

基于VC6.0的抓取TCP/IP数据包的C++实现

#include #include #include #pragma comment(lib,"Ws2_32.lib") #include using namespace std; //...
  • max18
  • max18
  • 2012年09月05日 10:59
  • 1101

利用原始套接字实现对流经本机IP包的捕获

经过上一篇博客的总结,我知道到了原始套接字接收到的字符串的开始字段是IP数据报的首部,所以我想除了之前利用win_pcap可以捕获数据包以外,理论上来说原始套接字也可以实现对IP数据报的捕获。思路也很...
  • sunny1996
  • sunny1996
  • 2017年03月13日 20:14
  • 268

数据包在内核态得捕获、修改和转发

数据包在内核态得捕获、修改和转发(基于 netfilter)     忙活了好几天,经过多次得死机和重启,终于把截获的数据包转发的功能给实现了。同时,也吧sk_buff结构学习了一下。     本...
  • stonesharp
  • stonesharp
  • 2014年05月26日 16:30
  • 2493

linux命令之----tcpdump用于截取或监视网络传输的数据包

用途 tcpdump简义:dump the traffic on a network,根据使用者的定义对网络上的数据包进行截获的包分析工具。  tcpdump可以将网络中传送的数据包的“头”完全截获下...
  • xianjie0318
  • xianjie0318
  • 2017年06月15日 15:41
  • 880

命令行下直接修改Windows2000的IP地址

有朋友问我,“能不能在命令行下直接修改Windows2000的IP地址?”。      呵呵,当然是可以的了。不仅可以修改IP地址,和网络相关的每个细节都可以用命令行方式进行配置。      ...
  • woods2001
  • woods2001
  • 2012年01月05日 18:18
  • 1182
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:使用VB在WIN2000下截获IP数据包
举报原因:
原因补充:

(最多只允许输入30个字)