2

我正在尝试在本地主机上收听浏览器的 DNS 请求。

我写了这段代码:

WSADATA wsaData;
unsigned char hostname[100];

int sockfd;
struct addrinfo hints, *servinfo, *p;
int rv;
int numbytes;
struct sockaddr_storage their_addr;
char buf[1000];
socklen_t addr_len;

memset(&hints, 0, sizeof hints);
hints.ai_family = AF_UNSPEC; // set to AF_INET to force IPv4
hints.ai_socktype = SOCK_DGRAM;
hints.ai_flags = AI_PASSIVE; // use my IP


if (WSAStartup(MAKEWORD(2,0), &wsaData) != 0) 
{
    fprintf(stderr, "WSAStartup failed.\n");
    exit(1);
}

if ((rv = getaddrinfo(NULL, "53", &hints, &servinfo)) != 0) {
    fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(rv));
    return 1;
}

// loop through all the results and bind to the first we can
for(p = servinfo; p != NULL; p = p->ai_next) {
    if ((sockfd = socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP)) == -1) {
        perror("listener: socket");
        continue;
    }

    if (bind(sockfd, p->ai_addr, p->ai_addrlen) == -1) {
        closesocket(sockfd);
        perror("listener: bind");
        continue;
    }

    break;
}

if (p == NULL) {
    fprintf(stderr, "listener: failed to bind socket\n");
    return 2;
}

freeaddrinfo(servinfo);

printf("listener: waiting to recvfrom...\n");
addr_len = sizeof their_addr;
if ((numbytes = recvfrom(sockfd, buf, 1000-1 , 0,(struct sockaddr *)&their_addr, &addr_len)) == -1) {
    perror("recvfrom");
    exit(1);

    printf("listener: packet is %d bytes long\n", numbytes);
    buf[numbytes] = '\0';
    printf("listener: packet contains \"%s\"\n", buf);
}

closesocket(sockfd);

我收到了一些奇怪的 39 字节数据包和一些我无法阅读的字符......而且它总是在 53 上收到数据包,当不上网时,这不是收听 dns 请求的好方法吗?

我在 Windows 上将我的 DNS Ip 更改为 127.0.0.1。

亲切的问候,

4

2 回答 2

4

DNS不是像 HTTP 这样的基于文本的协议,您应该对数据包进行解码。查看RFC 1035详情。

于 2012-11-19T19:48:51.680 回答
0

我是这样解析的:

    pointer = substring( buffer, 14, numbytes-18);
    //printf("Substring: %s \n",pointer);
    //printf("listener: packet contains \"%x\"\n", buffer);

    for( i = 0; i < strlen(pointer); i++)
    {
        // Indien kleiner als 32 dan moet het een . worden
        if(pointer[i] < 32)
            result[i] = '.';
        // Indien groeter als 32 en kleiner als 127 is het een char
        else if(pointer[i] > 32 && pointer[i] < 127)
            result[i] = (char)(pointer[i]);
        else
            continue;
    }
    result[i] = '\0';

然后在你的结果中你有类似“www.google.com”的东西。

于 2012-11-21T15:56:04.097 回答