Not running a sniffer in C++, how to fix?

Hello. Trying to work on writing a sniffer.
Here is my code:
#include "stdafx.h"
#include <cstdlib>
#include <iostream>
#include <winsock2.h>
#include <stdio.h>
#include <string.h>
#include <windows.h>
#include <process.h>

#define SIO_RCVALL 0x98000001
using namespace std;


typedef struct IPHeader
{
 ip_header_len unsigned char:4; // 4-bit header length (in 32-bit words) normally=5 (Means 20 Bytes may be 24 also)
 unsigned char ip_version :4; // 4-bit IPv4 version
 unsigned char ip_tos; // IP type of service
 unsigned short ip_total_length; // Total length
 unsigned short ip_id; // Unique identifier 
 ip_frag_offset unsigned char :5; // Fragment offset field
 unsigned char ip_more_fragment :1;
 unsigned char ip_dont_fragment :1;
 unsigned char ip_reserved_zero :1;

 unsigned char ip_frag_offset1; //fragment offset

 unsigned char ip_ttl; // Time to live
 unsigned char ip_protocol; // Protocol(TCP,UDP etc)
 unsigned short ip_checksum; // IP checksum
 unsigned int ip_srcaddr; // Source address
 unsigned int ip_destaddr; // Source address
};


int main(int argc, char *argv[])
{
cout<<"Start...\n";
 WSAData WSData;
WSAStartup(0x202,&WSData);
 WSADATA wsadata; 
 SOCKET s; 
 char name[128];
 HOSTENT* phe; 
 SOCKADDR_IN sa; 
 IN_ADDR sa1; 
 unsigned long flag = 1; 
 //create the socket
 s = socket( AF_INET, SOCK_RAW, IPPROTO_IP );
 //get the name of our local host
 gethostname(name, sizeof(name));
 phe = gethostbyname( name );
 ZeroMemory( &sa, sizeof(sa) );
 sa.sin_family was = AF_INET;
 sa.sin_addr.s_addr = ((struct in_addr *)phe->h_addr_list[0])->s_addr;
 //bind a local address to our socket
 bind(s, (SOCKADDR *)&sa, sizeof(SOCKADDR));

 //enable promiscuous mode
 ioctlsocket(s, SIO_RCVALL, &flag);



 while( 1 )
{
 int count=0;
 char Buffer[1024];
 count = recv( s, Buffer, sizeof(Buffer), 0 );

 if( count >= sizeof(IPHeader) )
{
 IPHeader* hdr = (IPHeader *)Buffer;

 sa1.s_addr = hdr->ip_srcaddr;
cout<<"Src:";
printf(inet_ntoa(sa1));
 cout<<endl; cout<<"dest:"; sa1.s_addr="hdr">ip_destaddr;
printf(inet_ntoa(sa1));
 cout<<endl; if(hdr->ip_protocol == IPPROTO_TCP) printf("TCP ");
 if(hdr->ip_protocol == IPPROTO_UDP) printf("UDP ");

}
}


 WSACleanup ();
system("PAUSE");
 return EXIT_SUCCESS;
}</endl;></endl;></process.h></windows.h></string.h></stdio.h></winsock2.h></iostream></cstdlib>

Like anything complex should not be. In a loop trying to catch all incoming packets and display information on them.
But when I run receive the following ( Fig.1).

Hooked up Wireshark, where the packets arrive.

What could be the problem? Help, please . Thanks in advance!
ed4882047d06424ab1e59313dc97a283.PNG04b722ae37f54f609d9c99d5c10c1a08.PNG
1 answer
July 2nd 19 at 16:55
He will not be a full-fledged sniffer, to intercept can only outgoing packets, run the if on Windows Vista or later need as an administrator, the Src should be your local IP type 192.168.x.x, working examples of such "sniffers" on the Internet is full, if you bother to isolate from the code characteristic design and use by Google is not forgetting to turn off in your brain the option "moodiness aesthetic appearance of search results and the conformity of their language to your favorite language", you will find them.
Now a bit of text changed:
#include "stdafx.h"
#include
#include
#include
#include
#include
#include
#include

using namespace std;


#define MAX_PACKET_SIZE 0x10000
#define SIO_RCVALL 0x98000001

char Buffer[MAX_PACKET_SIZE]; // 64 Kb

typedef struct IPHeader {
UCHAR iph_verlen;
UCHAR iph_tos;
USHORT iph_length;
USHORT iph_id;
USHORT iph_offset;
UCHAR iph_ttl;
UCHAR iph_protocol;
USHORT iph_xsum;
ULONG iph_src;
ULONG iph_dest;
} IPHeader;

char src[10];
char dest[10];
char ds[15];
unsigned short lowbyte;
unsigned short hibyte;

void main()
{
WSADATA wsadata;
SOCKET s;
char name[128];
HOSTENT* phe;
SOCKADDR_IN sa;
IN_ADDR sa1;
unsigned long flag = 1; // PROMISC Flag On/off.

// initialization
WSAStartup(MAKEWORD(2,2), &wsadata);
s = socket( AF_INET, SOCK_RAW, IPPROTO_IP );
gethostname(name, sizeof(name));
phe = gethostbyname( name );
ZeroMemory( &sa, sizeof(sa) );
sa.sin_family was = AF_INET;
sa.sin_addr.s_addr = ((struct in_addr *)phe->h_addr_list[0])->s_addr;
bind(s, (SOCKADDR *)&sa, sizeof(SOCKADDR));

ioctlsocket(s, SIO_RCVALL, &flag);

while(1)
{
int count;
count = recv( s, Buffer, sizeof(Buffer), 0 );
if( count >= sizeof(IPHeader) )
{
IPHeader* hdr = (IPHeader *)Buffer;
sa1.s_addr = hdr->iph_src;
cout<<"Src:";
printf(inet_ntoa(sa1));
cout printf(inet_ntoa(sa1));
cout if(hdr->iph_protocol == IPPROTO_UDP) printf("UDP ");
printf("\n");
Sleep(1000);
}
}
closesocket( s );
WSACleanup();
}
- jeff.Murray commented on July 2nd 19 at 16:58
Now get 0.0.0.0 and 0.0.0.0 - jeff.Murray commented on July 2nd 19 at 17:01
I may not fully understand what should happen. Thought needs to be caught incoming packets and analyzed .
Can't understand why the result is zeros - jeff.Murray commented on July 2nd 19 at 17:04
: No, not included, that's not a sniffer, it is a sort of server, you create a server on the IP of your router and it accepts those packets that come from the network card of your computer to your router, i.e. outgoing and incoming so take will not work, it is specially made that the server did not accept your answers for client requests.
Outbound it should work, I've studied it, but he did not write, he used production-ready code, if it had not worked I would have first looked at what is in the variable Buffer, there should both be the IP in HEX, you can see through debugging with a breakpoint or just make a variable to written to a file (this method is called dump), then take a HEX editor, a calculator to translate the number of IP in a 16-hexadecimal number system looking for in HEX editor well, if there is generally only zeros, it is clear that something is wrong, by the recv call.
Actually WinAPI functions do not work correctly if it returns the error code that getlasterror is and all, but you don't use them. - mazie.Towne commented on July 2nd 19 at 17:07
:
It worked) it would only run under Administrator)
Thank you! - jeff.Murray commented on July 2nd 19 at 17:10

Find more questions by tags Computer networksC++Traffic analysisAnalysis of site traffic