IP包解析测试

在字节序转换上, 卡的比较久, 其他,有点类似于PE的编写


直接贴上代码


// GetInterfaceInfo.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include <pcap.h>
#include <remote-ext.h>
#include <Winsock2.h>
#pragma comment(lib,"wpcap.lib")
#pragma comment(lib,"ws2_32.lib")

/* packet handler 函数原型 */
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data);
void parse_IP_packet(const struct pcap_pkthdr *header,const u_char *pkt_data);
void parse_TCP_packet(const struct pcap_pkthdr *header,const u_char *pkt_data);
void parse_UDP_packet(const struct pcap_pkthdr *header,const u_char *pkt_data);	

char buf[PCAP_BUF_SIZE*5] = {0};
char* useBuf = buf;

int main(int argc, char* argv[])
{
	
	pcap_if_t *alldevs;
	pcap_if_t *d;
	int inum;
	int i=0;
	pcap_t *adhandle;
	char errbuf[PCAP_ERRBUF_SIZE];
    
    /* 获取本机设备列表 */
    if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
    {
        fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
        return 0;
    }
    
    /* 打印列表 */

	
    for(d=alldevs; d; d=d->next)
    {
        printf("%d. %s", ++i, d->name);
        if (d->description)
            printf(" (%s)\n", d->description);
        else
            printf(" (No description available)\n");

		pcap_addr* pcap_temp = d->addresses;
		while(pcap_temp)
		{
			sockaddr_in* pcap_addr_ip = (sockaddr_in*)pcap_temp->addr;
			printf("ip: %s\n",inet_ntoa(pcap_addr_ip->sin_addr));
			sockaddr_in* pcap_addr_netmask =(sockaddr_in*)pcap_temp->netmask;
			printf("netmask: %s\n",inet_ntoa(pcap_addr_netmask->sin_addr));
			pcap_temp = pcap_temp->next;
		}

		printf("===============\n");
		
    }
    if(i==0)
    {
        printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
        return -1;
    }
    
    printf("Enter the interface number (1-%d):",i);
    scanf("%d", &inum);
    
    if(inum < 1 || inum > i)
    {
        printf("\nInterface number out of range.\n");
        /* 释放设备列表 */
        pcap_freealldevs(alldevs);
        return -1;
    }
    
    /* 跳转到选中的适配器 */
    for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
    
    /* 打开设备 */
    if ( (adhandle= pcap_open(d->name,          // 设备名
                              65536,            // 65535保证能捕获到不同数据链路层上的每个数据包的全部内容
							     PCAP_OPENFLAG_PROMISCUOUS,    // 混杂模式
                              1000,             // 读取超时时间
                              NULL,             // 远程机器验证
                              errbuf            // 错误缓冲池
                              ) ) == NULL)
    {
        fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
        /* 释放设备列表 */
        pcap_freealldevs(alldevs);
        return -1;
    }
    
    printf("\nlistening on %s...\n", d->description);
    
    /* 释放设备列表 */
    pcap_freealldevs(alldevs);
    
    /* 开始捕获 */
    pcap_loop(adhandle, 0, packet_handler, NULL);
	//typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *, const u_char *);

	getchar();
	
	return 0;
}


/* 每次捕获到数据包时,libpcap都会自动调用这个回调函数 */
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
    struct tm *ltime;
    char timestr[16];
    time_t local_tv_sec;
    
    /* 将时间戳转换成可识别的格式 */
    local_tv_sec = header->ts.tv_sec;
    ltime=localtime(&local_tv_sec);
    strftime( timestr, sizeof timestr, "%H:%M:%S", ltime);
    
    printf("%s,%.6d caplen:%d\n", timestr, header->ts.tv_usec, header->caplen);
	memset(buf,0,PCAP_BUF_SIZE*5);
	memcpy(buf,pkt_data,header->caplen);
	//memcpy()
	printf("抓取的数据:\n");
	//printf("%u\n",pkt_data);
	int Caplen = header->caplen;
	
	for(int i=0;i<Caplen;i++)
	{
		//printf("%01X ",buf[i]);
		

		//printf("DestationMAC:")
		printf("%02X ",(unsigned char)buf[i]);
		
		if((i+1)%16 == 0)
		{
			printf("\n");
		}
	}
	printf("\n");
	//解析MAC
	printf("DestationMAC: ");
	
	for(i=0;i<6;i++)
	{
		printf("%02X ",(unsigned char)buf[i]);
	}
	printf("\n");
	printf("SourceMAC: ");
	for(i=6;i<12;i++)
	{
		printf("%02X ",(unsigned char)buf[i]);
	}
	printf("\n");
	printf("TYPE: ");
	for(i=12;i<14;i++)
	{
		printf("%02X ",(unsigned char)buf[i]);
	}
	//useBuf
	BYTE* GetTypeVersion = (BYTE*)useBuf;
	WORD* pTypeVersion = (WORD*)(GetTypeVersion+12);
	WORD TypeVersion = ntohs(pTypeVersion[0]);
	
	printf("Version: %04X ",TypeVersion);
	if(TypeVersion == 0x0800)
	{
		printf("TYPE: IP \n");
		parse_IP_packet(header,pkt_data);

	}else if(TypeVersion ==  0x0806)
	{
		printf("TYPE: ARP \n");
	}else if(TypeVersion ==  0x8864)
	{
		printf("TYPE: PPPOE \n");
	}else if(TypeVersion ==  0x8100)
	{
		printf("TYPE: 802.1Q \n");
	}else if(TypeVersion ==  0x86DD)
	{
		printf("TYPE: IPV6 \n");
	}else if(TypeVersion ==  0x0884)
	{
		printf("TYPE: MPLS Lable \n");
	}

	//分析IPPacket

	printf("\n===================================\n");
    
}

void parse_IP_packet(const struct pcap_pkthdr *header,const u_char *pkt_data)
{
	memset(buf,0,PCAP_BUF_SIZE*5);
	memcpy(buf,pkt_data,header->caplen);
	//struct
	//version 14 length 14
	int i=0;
	unsigned char IPVersion  = (unsigned char)buf[14];
	printf("IP - Version: %X \n",IPVersion>>4);
	unsigned char IPHeadLength = (unsigned char)buf[14] & 0xF;
	printf("IP - HeadLength : %X \n",IPHeadLength);
	
	//WORD* HeadTotalLength = (WORD)buf[17];
	BYTE* GetHeadTotalLength = (BYTE*)useBuf;
	WORD* pHeadTotalLength = (WORD*)(GetHeadTotalLength+16);
	WORD HeadTotalLength = ntohs(pHeadTotalLength[0]);
	printf("HeaderToalLength : %d,  %04X\n",HeadTotalLength,HeadTotalLength);
	
	BYTE* GetTimeLive = (BYTE*)(useBuf + 22);
	BYTE TimeLive  = GetTimeLive[0];
	printf("TimeLive :%02X\n",TimeLive);
	
	BYTE* GetProtocal = (BYTE*)(useBuf + 23);
	BYTE Protocal  = GetProtocal[0];
	printf("Protocal :%02X\n",Protocal);


	//////////////////////
	BYTE* GetSourceIP = (BYTE*)(useBuf + 26);
	DWORD* pSourceIP = (DWORD*)GetSourceIP;

	char * ipaddr=NULL;
	char addr[20];
	in_addr Myinaddr;
	Myinaddr.S_un.S_addr = pSourceIP[0];
	ipaddr = inet_ntoa(Myinaddr);
	strcpy(addr,ipaddr);
	printf("SourceIP : %s\n",addr);
	//SourceIP = inet_ntoa((struct in_addr)htonl(pSourceIP[0]));

	BYTE* GetDestitonIP = (BYTE*)(useBuf + 30);
	DWORD* pDestitonIP = (DWORD*)GetDestitonIP;
	Myinaddr.S_un.S_addr = pDestitonIP[0];
	ipaddr = inet_ntoa(Myinaddr);
	strcpy(addr,ipaddr);
	printf("DestionIP : %s\n",addr);
}


void parse_TCP_packet(const struct pcap_pkthdr *header,const u_char *pkt_data)
{

}

void parse_UDP_packet(const struct pcap_pkthdr *header,const u_char *pkt_data)
{
	
}

原文链接: IP包解析测试 版权所有,转载时请注明出处,违者必究。
注明出处格式:流沙团 ( https://gyarmy.com/post-452.html )

发表评论

0则评论给“IP包解析测试”