• <ins id="pjuwb"></ins>
    <blockquote id="pjuwb"><pre id="pjuwb"></pre></blockquote>

    <noscript id="pjuwb"></noscript>
          <sup id="pjuwb"><pre id="pjuwb"></pre></sup>

            <dd id="pjuwb"></dd>
            <abbr id="pjuwb"></abbr>
            

    
            

            




            







												


        

            
	
            
		
			

            

            
	
            
		
			
            jeromewen
            
			努力中
		            		
	
            

            

            

            

            隨筆 - 9, 文章 - 0, 評論 - 22, 引用 - 0
            

            


            		
	
            

            

            
	
            
		
			
            
				數(shù)據(jù)加載中……
			
            
		            		
		
			
            
				
					
	
            
		
            
			POP(110)監(jiān)控
		
            
		
            
		
            #include "nids.h"
            #include <cstdio>
            #pragma comment(lib,"ws2_32")
            #pragma comment(lib,"wpcap")
            #pragma comment(lib,"libnids")
            char ascii_string[10000];
            char * char_to_ascii(char ch)
            {
            ?char * string;
            ?ascii_string[0] = 0;
            ?string = ascii_string;
            ?if(isgraph(ch))
            ?{
            ??*string++ =ch;
            ?}
            ?else if (ch == '\n' || ch == '\r')
            ?{
            ??*string++ =ch;
            ?}
            ?else
            ?{
            ??*string++ = '.';
            ?}
            ?*string? = 0;
            ?return ascii_string;
            }
            
		
            void pop3_protocol_callback(struct tcp_stream* pop3_connection, void **arg)
            {
            ?int i;
            ?char address_string[1024];
            ?char content[65535];
            ?char content_urgent[65535];
            ?struct tuple4 ip_and_port = pop3_connection->addr;
            ?strcpy(address_string, inet_ntoa(*((struct in_addr*)&(ip_and_port.saddr))));
            ?sprintf(address_string+strlen(address_string),": %i",ip_and_port.source);
            ?strcat(address_string, " <----> ");
            ?strcat(address_string, inet_ntoa(*((struct in_addr*)&(ip_and_port.daddr))));
            ?sprintf(address_string+strlen(address_string),": %i",ip_and_port.dest);
            ?strcat(address_string,"\n");
            ?switch (pop3_connection->nids_state)
            ?{
            ?case NIDS_JUST_EST:
            ??if(pop3_connection->addr.dest == 110)
            ??{
            ??pop3_connection->client.collect++;
            ??pop3_connection->client.collect_urg++;
            ??pop3_connection->server.collect++;
            ??pop3_connection->server.collect_urg++;
            ??printf("%sPOP3客戶端和服務(wù)端建立連接\n", address_string);
            ??}
            ??return;
            ?case NIDS_CLOSE:
            ??printf("---------------------------------------\n");
            ??printf("%sPOP3客戶端和服務(wù)端正常關(guān)閉\n", address_string);
            ??return;
            ?case NIDS_RESET:
            ??printf("---------------------------------------\n");
            ??printf("%sPOP3客戶端和服務(wù)端被RST關(guān)閉\n", address_string);
            ??return;
            ?case NIDS_DATA:
            ??{
            ???char status_code[5];
            ???struct half_stream* hlf;
            ???if(pop3_connection->server.count_new_urg)
            ???{
            ????printf("----------------------------------------\n");
            ????strcpy(address_string, inet_ntoa(*((struct in_addr*)&(ip_and_port.saddr))));
            ????sprintf(address_string+strlen(address_string),": %i",ip_and_port.source);
            ????strcat(address_string, " urgent----> ");
            ????strcat(address_string, inet_ntoa(*((struct in_addr*)&(ip_and_port.daddr))));
            ????sprintf(address_string+strlen(address_string),": %i",ip_and_port.dest);
            ????strcat(address_string,"\n");
            ????address_string[strlen(address_string)+1] = 0;
            ????address_string[strlen(address_string)] = pop3_connection->server.urgdata;
            ????printf("%s",address_string);
            ????return;
            ???}
            ???if (pop3_connection->client.count_new_urg)
            ???{
            ????printf("----------------------------------------\n");
            ????strcpy(address_string, inet_ntoa(*((struct in_addr*)&(ip_and_port.saddr))));
            ????sprintf(address_string+strlen(address_string),": %i",ip_and_port.source);
            ????strcat(address_string, " <------urgent");
            ????strcat(address_string, inet_ntoa(*((struct in_addr*)&(ip_and_port.daddr))));
            ????sprintf(address_string+strlen(address_string),": %i",ip_and_port.dest);
            ????strcat(address_string,"\n");
            ????address_string[strlen(address_string)+1] = 0;
            ????address_string[strlen(address_string)] = pop3_connection->server.urgdata;
            ????printf("%s",address_string);
            ????return;
            ???}
            ???if (pop3_connection->client.count_new)
            ???{
            ????hlf = &pop3_connection->client;
            ????strcpy(address_string, inet_ntoa(*((struct in_addr*)&(ip_and_port.saddr))));
            ????sprintf(address_string+strlen(address_string),": %i",ip_and_port.source);
            ????strcat(address_string, " <-----");
            ????strcat(address_string, inet_ntoa(*((struct in_addr*)&(ip_and_port.daddr))));
            ????sprintf(address_string+strlen(address_string),": %i",ip_and_port.dest);
            ????strcat(address_string,"\n");
            ????printf("----------------------------------------\n");
            ????printf("%s",address_string);
            ????memcpy(content, hlf->data, hlf->count_new);
            ????content[hlf->count_new] = '\0';
            ????if (strstr(strncpy(status_code,content,4),"+OK")) 
            ?????printf("操作成功\n");
            ????if (strstr(strncpy(status_code,content,4),"-ERR")) 
            ?????printf("操作失敗\n");
            ????for(i = 0;i<hlf->count_new;i++)
            ????{
            ?????printf("%s",char_to_ascii(content[i]));
            ????}
            ????printf("\n");
            ????if (strstr(content,"\n\r.\n\r"))
            ?????printf("數(shù)據(jù)傳輸結(jié)束\n");
            ???}
            ???else
            ???{
            ????hlf = &pop3_connection->server;
            ????strcpy(address_string, inet_ntoa(*((struct in_addr*)&(ip_and_port.saddr))));
            ????sprintf(address_string+strlen(address_string),": %i",ip_and_port.source);
            ????strcat(address_string, " <-----");
            ????strcat(address_string, inet_ntoa(*((struct in_addr*)&(ip_and_port.daddr))));
            ????sprintf(address_string+strlen(address_string),": %i",ip_and_port.dest);
            ????strcat(address_string,"\n");
            ????printf("----------------------------------------\n");
            ????printf("%s",address_string);
            ????memcpy(content, hlf->data, hlf->count_new);
            ????content[hlf->count_new] = '\0';
            ????if(strstr(content, "USER"))
            ?????printf("郵件用戶名為\n");
            ????if(strstr(content, "PASS"))
            ?????printf("用戶密碼為\n");
            ????if(strstr(content, "STAT"))
            ?????printf("返回統(tǒng)計資料\n");
            ????if(strstr(content, "LIST"))
            ?????printf("返回郵件數(shù)量和大小\n");
            ????if(strstr(content, "RETR"))
            ?????printf("獲取郵件\n");
            ????if(strstr(content, "DELE"))
            ?????printf("刪除郵件\n");
            ????if(strstr(content, "QUIT"))
            ?????printf("退出連接\n");
            
		
            ????for(i = 0;i<hlf->count_new;i++)
            ????{
            ?????printf("%s",char_to_ascii(content[i]));
            ????}
            ????printf("\n");
            ???}
            ??}
            ?default:
            ??break;
            ?}
            ?return ;
            }
            int main(int argc, char **argv)
            {
            ?if(!nids_init())
            ?{
            ??printf("出現(xiàn)錯誤: %s\n", nids_errbuf);
            ??exit(1);
            ?}
            
		
            ?nids_register_tcp(pop3_protocol_callback);
            ?nids_run();
            ?return 0;
            }
            
		
            
		
            
			posted on 2006-09-29 13:07 JeromeWen 閱讀(734) 評論(9)  編輯 收藏 引用  所屬分類: C++ 
		
            
	
            
	
	


	


            
	    
    


            

            評論
            
	
	
			
            
				
            
					# re: POP(110)監(jiān)控  回復(fù)  更多評論
					  
				
            
				ka看不懂
				
            
					2006-09-29 17:11 | 搞活
				
            
			
            
		
			
            
				
            
					# re: POP(110)監(jiān)控  回復(fù)  更多評論
					  
				
            
				請問JeromeWen,我也在windows平臺下(我的是windows xp sp2 winpcap 3.1)做過用nids監(jiān)視tcp連接的東西,編譯沒有任何問題,但是就是沒有輸出,得不到任何結(jié)果,明明有網(wǎng)絡(luò)連接卻監(jiān)視不到,不知道怎么回事,您的例子也在我的機(jī)器上也是這樣,望指點.
				
            
					2006-10-14 15:10 | aganno2
				
            
			
            
		
			
            
				
            
					# re: POP(110)監(jiān)控  回復(fù)  更多評論
					  
				
            
				我這里很正常
				
            
					2006-11-18 00:59 | j
				
            
			
            
		
			
            
				
            
					# re: POP(110)監(jiān)控  回復(fù)  更多評論
					  
				
            
				在XP下,本地機(jī)器上可以抓取110端口的POP包,

            查看POP包的內(nèi)容,

            內(nèi)容符合個人設(shè)置策略限制,如:不讓來信人用戶名以H開頭的郵件通過

            

            未曾限制的郵件可以通過,從而進(jìn)入Foxmail的收件箱

            

            勞駕回復(fù),我的信箱,不勝感激~~!!

            hanxuexiang2006@yahoo.com.cn
				
            
					2007-03-06 22:16 | 韓學(xué)祥
				
            
			
            
		
			
            
				
            
					# re: POP(110)監(jiān)控[未登錄]  回復(fù)  更多評論
					  
				
            
				郵件內(nèi)容是根據(jù)base64加密的.你可以解密后,限定內(nèi)容等.郵件頭中是有發(fā)現(xiàn)人信息的,你解析后過濾就行了.我沒有做過這個測試.
				
            
					2007-03-07 02:29 | jeromewen
				
            
			
            
		
			
            
				
            
					# re: POP(110)監(jiān)控  回復(fù)  更多評論
					  
				
            
				勞駕你:可以對POP(110)監(jiān)控多加一些注解嗎?我是初學(xué)者
				
            
					2007-03-07 10:42 | 韓言
				
            
			
            
		
			
            
				
            
					# re: POP(110)監(jiān)控  回復(fù)  更多評論
					  
				
            
				請看nids注釋,或者下載libnids的例子看看.
				
            
					2007-03-08 09:22 | JeromeWen
				
            
			
            
		
			
            
				
            
					# re: POP(110)監(jiān)控  回復(fù)  更多評論
					  
				
            
				   請問:POP(110)監(jiān)控----是在收信方收到郵件之前:先截獲此郵件的pop3數(shù)據(jù)包,獲取pop3包中的用戶名和密碼,直接刪除我想刪除的某一個用戶名的郵件 ,只有我沒有刪除的郵件,才能被收信方收到;

            我想pop(110)監(jiān)控:在WINDOWS下能做到我認(rèn)為的上述功能,你可以幫忙代碼實現(xiàn)一下么----基于對話框?                                                            
				
            
					2007-03-17 11:19 | 文科
				
            
			
            
		
			
            
				
            
					# re: POP(110)監(jiān)控  回復(fù)  更多評論
					  
				
            
				請問:POP(110)監(jiān)控----是在收信方收到郵件之前:先截獲此郵件的pop3數(shù)據(jù)包,獲取pop3包中的用戶名和密碼,直接刪除我想刪除的某一個用戶名的郵件 ,只有我沒有刪除的郵件,才能被收信方收到; 

            我想pop(110)監(jiān)控:在WINDOWS下---針對Foxmail能做到我認(rèn)為的上述功能,你可以幫忙代碼實現(xiàn)一下么----基于對話框? 
				
            
					2007-03-17 11:29 | 文科
				
            
			
            
		

            





            






            

				
			
            
		            		
	
            
	
            
		
			

		
	
            

            

    
    







            
	   
	



久久久久99精品成人片欧美|
国产农村妇女毛片精品久久|
亚洲乱码精品久久久久..|
色婷婷狠狠久久综合五月|
久久精品国产AV一区二区三区|
午夜精品久久久久久99热|
成人精品一区二区久久久|
亚洲精品美女久久久久99小说
|
国产精品99久久久久久猫咪|
免费精品久久久久久中文字幕|
亚洲国产欧美国产综合久久|
伊人热人久久中文字幕|
久久精品国产免费观看|
久久夜色精品国产亚洲|
亚洲欧美日韩精品久久亚洲区
|
欧美精品丝袜久久久中文字幕
|
亚洲国产一成久久精品国产成人综合
|
亚洲日本va午夜中文字幕久久|
久久香综合精品久久伊人|
久久精品免费全国观看国产|
品成人欧美大片久久国产欧美|
综合网日日天干夜夜久久
|
久久精品国产亚洲7777|
国产精品久久久久国产A级|
久久天天躁狠狠躁夜夜2020一
|
无码任你躁久久久久久|
久久99国产精品久久久|
久久这里只有精品18|
久久久久久精品无码人妻|
亚洲欧美成人久久综合中文网|
久久国产三级无码一区二区|
色综合久久最新中文字幕|
精品久久久久久综合日本|
久久久久久久97|
国产精品久久久久9999|
久久99国内精品自在现线|
奇米综合四色77777久久|
亚洲精品无码久久久影院相关影片|
久久久久久久免费视频|
久久久噜噜噜久久中文字幕色伊伊
|
久久久久国产视频电影|