在字节序转换上, 卡的比较久, 其他,有点类似于PE的编写
直接贴上代码
// GetInterfaceInfo.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <pcap.h>
#include <remote-ext.h>
#include <Winsock2.h>
#pragma comment(lib,"wpcap.lib")
#pragma comment(lib,"ws2_32.lib")
/* packet handler 函数原型 */
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data);
void parse_IP_packet(const struct pcap_pkthdr *header,const u_char *pkt_data);
void parse_TCP_packet(const struct pcap_pkthdr *header,const u_char *pkt_data);
void parse_UDP_packet(const struct pcap_pkthdr *header,const u_char *pkt_data);
char buf[PCAP_BUF_SIZE*5] = {0};
char* useBuf = buf;
int main(int argc, char* argv[])
{
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i=0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
/* 获取本机设备列表 */
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
return 0;
}
/* 打印列表 */
for(d=alldevs; d; d=d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
pcap_addr* pcap_temp = d->addresses;
while(pcap_temp)
{
sockaddr_in* pcap_addr_ip = (sockaddr_in*)pcap_temp->addr;
printf("ip: %s\n",inet_ntoa(pcap_addr_ip->sin_addr));
sockaddr_in* pcap_addr_netmask =(sockaddr_in*)pcap_temp->netmask;
printf("netmask: %s\n",inet_ntoa(pcap_addr_netmask->sin_addr));
pcap_temp = pcap_temp->next;
}
printf("===============\n");
}
if(i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return -1;
}
printf("Enter the interface number (1-%d):",i);
scanf("%d", &inum);
if(inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
/* 释放设备列表 */
pcap_freealldevs(alldevs);
return -1;
}
/* 跳转到选中的适配器 */
for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
/* 打开设备 */
if ( (adhandle= pcap_open(d->name, // 设备名
65536, // 65535保证能捕获到不同数据链路层上的每个数据包的全部内容
PCAP_OPENFLAG_PROMISCUOUS, // 混杂模式
1000, // 读取超时时间
NULL, // 远程机器验证
errbuf // 错误缓冲池
) ) == NULL)
{
fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
/* 释放设备列表 */
pcap_freealldevs(alldevs);
return -1;
}
printf("\nlistening on %s...\n", d->description);
/* 释放设备列表 */
pcap_freealldevs(alldevs);
/* 开始捕获 */
pcap_loop(adhandle, 0, packet_handler, NULL);
//typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *, const u_char *);
getchar();
return 0;
}
/* 每次捕获到数据包时,libpcap都会自动调用这个回调函数 */
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
struct tm *ltime;
char timestr[16];
time_t local_tv_sec;
/* 将时间戳转换成可识别的格式 */
local_tv_sec = header->ts.tv_sec;
ltime=localtime(&local_tv_sec);
strftime( timestr, sizeof timestr, "%H:%M:%S", ltime);
printf("%s,%.6d caplen:%d\n", timestr, header->ts.tv_usec, header->caplen);
memset(buf,0,PCAP_BUF_SIZE*5);
memcpy(buf,pkt_data,header->caplen);
//memcpy()
printf("抓取的数据:\n");
//printf("%u\n",pkt_data);
int Caplen = header->caplen;
for(int i=0;i<Caplen;i++)
{
//printf("%01X ",buf[i]);
//printf("DestationMAC:")
printf("%02X ",(unsigned char)buf[i]);
if((i+1)%16 == 0)
{
printf("\n");
}
}
printf("\n");
//解析MAC
printf("DestationMAC: ");
for(i=0;i<6;i++)
{
printf("%02X ",(unsigned char)buf[i]);
}
printf("\n");
printf("SourceMAC: ");
for(i=6;i<12;i++)
{
printf("%02X ",(unsigned char)buf[i]);
}
printf("\n");
printf("TYPE: ");
for(i=12;i<14;i++)
{
printf("%02X ",(unsigned char)buf[i]);
}
//useBuf
BYTE* GetTypeVersion = (BYTE*)useBuf;
WORD* pTypeVersion = (WORD*)(GetTypeVersion+12);
WORD TypeVersion = ntohs(pTypeVersion[0]);
printf("Version: %04X ",TypeVersion);
if(TypeVersion == 0x0800)
{
printf("TYPE: IP \n");
parse_IP_packet(header,pkt_data);
}else if(TypeVersion == 0x0806)
{
printf("TYPE: ARP \n");
}else if(TypeVersion == 0x8864)
{
printf("TYPE: PPPOE \n");
}else if(TypeVersion == 0x8100)
{
printf("TYPE: 802.1Q \n");
}else if(TypeVersion == 0x86DD)
{
printf("TYPE: IPV6 \n");
}else if(TypeVersion == 0x0884)
{
printf("TYPE: MPLS Lable \n");
}
//分析IPPacket
printf("\n===================================\n");
}
void parse_IP_packet(const struct pcap_pkthdr *header,const u_char *pkt_data)
{
memset(buf,0,PCAP_BUF_SIZE*5);
memcpy(buf,pkt_data,header->caplen);
//struct
//version 14 length 14
int i=0;
unsigned char IPVersion = (unsigned char)buf[14];
printf("IP - Version: %X \n",IPVersion>>4);
unsigned char IPHeadLength = (unsigned char)buf[14] & 0xF;
printf("IP - HeadLength : %X \n",IPHeadLength);
//WORD* HeadTotalLength = (WORD)buf[17];
BYTE* GetHeadTotalLength = (BYTE*)useBuf;
WORD* pHeadTotalLength = (WORD*)(GetHeadTotalLength+16);
WORD HeadTotalLength = ntohs(pHeadTotalLength[0]);
printf("HeaderToalLength : %d, %04X\n",HeadTotalLength,HeadTotalLength);
BYTE* GetTimeLive = (BYTE*)(useBuf + 22);
BYTE TimeLive = GetTimeLive[0];
printf("TimeLive :%02X\n",TimeLive);
BYTE* GetProtocal = (BYTE*)(useBuf + 23);
BYTE Protocal = GetProtocal[0];
printf("Protocal :%02X\n",Protocal);
//////////////////////
BYTE* GetSourceIP = (BYTE*)(useBuf + 26);
DWORD* pSourceIP = (DWORD*)GetSourceIP;
char * ipaddr=NULL;
char addr[20];
in_addr Myinaddr;
Myinaddr.S_un.S_addr = pSourceIP[0];
ipaddr = inet_ntoa(Myinaddr);
strcpy(addr,ipaddr);
printf("SourceIP : %s\n",addr);
//SourceIP = inet_ntoa((struct in_addr)htonl(pSourceIP[0]));
BYTE* GetDestitonIP = (BYTE*)(useBuf + 30);
DWORD* pDestitonIP = (DWORD*)GetDestitonIP;
Myinaddr.S_un.S_addr = pDestitonIP[0];
ipaddr = inet_ntoa(Myinaddr);
strcpy(addr,ipaddr);
printf("DestionIP : %s\n",addr);
}
void parse_TCP_packet(const struct pcap_pkthdr *header,const u_char *pkt_data)
{
}
void parse_UDP_packet(const struct pcap_pkthdr *header,const u_char *pkt_data)
{
}
0则评论给“IP包解析测试”