📄 ana.c
字号:
#include <string.h>#include <sys/types.h>#include <getopt.h>#include <stdio.h>#include <stdlib.h>#include <netinet/in.h>#include <netinet/ip.h>#include <netinet/ether.h>#include <pcap.h>#include <netinet/udp.h>#include <netinet/tcp.h>#define DEFAULT_SNAPLEN 68/* The name of this program. */const char* program_name;int g_sflag; //source ipint g_eflag; //end ipint g_pflag; //protocolint g_oflag; //offsetint g_nflag; //numberint g_fflag; //open fileint g_Iflag; //output ipint g_Pflag; //output portchar *g_sourip, *g_endip, *g_protocol;int g_offset, g_number;int g_iphdrlen;////////////////////////////////////////////////// write result to file/////////////////////////////////////////////////void WRsltFile(char* proto, char*spstr, char*dpstr, u_short s_port, u_short d_port, int len, const u_char *p){ char data[128]={0}; char datb[8152]={0}; char datc[3]={0}; FILE *pf=NULL; u_char *pdata=NULL; static int g_first=1; int i=0,j=0; if(g_first == 1) { pf=fopen("Result.txt", "w+"); g_first =0; } else { pf=fopen("Result.txt", "a+"); } if(pf==NULL) { fprintf(stderr, "file open failure!\n"); return; } if(proto[0]!=0) { snprintf(data,sizeof(data), "%s:\n------------------------------------\n", proto); fputs(data, pf); fprintf(stderr, "%s",data); } if(g_Iflag==1 &&spstr[0] !=0 &&dpstr[0] !=0) { snprintf(data,sizeof(data),"\tsrc ip:%s\tdst ip:%s\n", spstr,dpstr); fputs(data, pf); fprintf(stderr, "%s",data); } if(g_Pflag==1 &&s_port!=0 &&d_port!=0) { snprintf(data,sizeof(data),"\tsrc port:%d\t\tdst port:%d\n", s_port,d_port); fputs(data, pf); fprintf(stderr,"%s",data); } if(g_oflag==1) { if(g_offset > len) { fputs("\toffset out of range!\n", pf); fclose(pf); return; } pdata= (u_char*)(p+g_offset); j=g_offset; while(pdata!=NULL && j<len) { if(g_nflag==1 && (j-g_offset)>=g_number) { break; } snprintf(datc,3,"%02X",*pdata); memcpy(&datb[i],datc,2); pdata++; i=i+2; j++; } len = i; for(i=0; i<len; i++) { if(i%2 ==0 && i%16!=0 && i%32!=0) { fputc(' ', pf); fprintf(stderr," "); } else if(i%16 ==0 && i%32 !=0) { fputc('\t', pf); fputc('\t', pf); fprintf(stderr,"\t\t"); } else if (i%32 ==0) { fputc('\n', pf); fputc('\t', pf); fprintf(stderr,"\n\t"); } fputc(datb[i], pf); fprintf(stderr,"%c",datb[i]); } //printf("\n%s",pdata); fputc('\n', pf); fputc('\n', pf); fputc('\n', pf); fprintf(stderr,"\n\n\n"); } fclose(pf); return;} /////////////////////////////////////////// analysis every packet//////////////////////////////////////////void AnalysePacket(u_char *_deviceId, const struct pcap_pkthdr *h, const u_char *p){ struct ether_header* ethdr=NULL; struct ip* iphdr=NULL; struct udphdr* udphdr=NULL; struct tcphdr* tcphdr=NULL; unsigned int etype; char spstr[16]={0}; char dpstr[16]={0}; u_char ptype; u_char* app_data; int pack_len=0; u_long n_sip=0; u_long n_eip=0; u_short s_port=0; u_short d_port=0; char proto[8]={0}; ethdr = (struct ether_header*) p; etype = ntohs(ethdr->ether_type); if (etype == ETHERTYPE_IP) { iphdr = (struct ip*)(p + 14); g_iphdrlen = iphdr->ip_hl *4; //fetch a range of ip if(g_sflag==1 && g_eflag==1 &&g_sourip!=NULL &&g_endip!=NULL) { if(inet_pton(AF_INET, g_sourip, &n_sip)==-1) return; if(inet_pton(AF_INET, g_endip, &n_eip)==-1) return; if(iphdr->ip_src.s_addr < n_sip ||iphdr->ip_src.s_addr > n_eip) { return; } } else if(g_sflag==1 && g_sourip!=NULL) { if(inet_pton(AF_INET, g_sourip, &n_sip)==-1 || n_sip !=iphdr->ip_src.s_addr) return; } //source and dest ip if(g_Iflag==1) { if(inet_ntop(AF_INET, &iphdr->ip_src, spstr, sizeof(spstr))== 0) { return; } if(inet_ntop(AF_INET, &iphdr->ip_dst, dpstr, sizeof(dpstr))== 0) { return; } } ptype = iphdr->ip_p; if(ptype ==IPPROTO_TCP) { if( g_pflag==1 && g_protocol != NULL && memcmp(g_protocol,"udp",3)==0) { return; } memcpy(proto,"tcp",3); tcphdr = (struct tcphdr*)(p + 14 +g_iphdrlen); if(g_Pflag==1) { s_port = ntohs(tcphdr->source); d_port = ntohs(tcphdr->dest); } } else if(ptype ==IPPROTO_UDP) { if( g_pflag==1 && g_protocol != NULL && memcmp(g_protocol,"tcp",3)==0) { return; } memcpy(proto,"udp",3); udphdr = (struct udphdr*)(p + 14 +g_iphdrlen); if(g_Pflag==1) { s_port = ntohs(udphdr->source); d_port = ntohs(udphdr->dest); } printf("%s",p+14+g_iphdrlen+8); } else { if( g_protocol != NULL &&(memcmp(g_protocol,"tcp",3)==0 ||memcmp(g_protocol,"udp",3)==0)) { return; } } } else { //if specified protocol and not identical,then exit if( g_protocol != NULL &&(memcmp(g_protocol,"tcp",3)==0 ||memcmp(g_protocol,"udp",3)==0)) { return; } } WRsltFile(proto, spstr, dpstr, s_port, d_port, h->len, p); return;}///////////////////////////////////////////// capture every packet and save to file////////////////////////////////////////////void CatchToFile(){ pcap_dumper_t *pw; pcap_t * pd; char *device = NULL; char errbuf[PCAP_ERRBUF_SIZE]; int promisc; u_char *pack=NULL; struct pcap_pkthdr h; if((device = pcap_lookupdev(errbuf)) == NULL) { printf("pcap_lookup: %s", errbuf); return; } promisc = 1; if((pd = pcap_open_live("eth0", DEFAULT_SNAPLEN, promisc, 500, errbuf)) == NULL) { printf("pcap_open_live: %s\n", errbuf); return; } if((pw = pcap_dump_open(pd, "savefile"))==NULL) { fprintf(stderr,"dump_open:%s",pcap_geterr(pd)); } while(1) { pack = (u_char*)pcap_next(pd, &h); if(pack !=NULL) { pcap_dump((u_char*)pw, &h, pack); AnalysePacket(NULL, &h, pack); } } pcap_dump_close(pw); pcap_close(pd); return;}///////////////////////////////////////////// read packet data from file and analysis////////////////////////////////////////////void ReadFmFile(char * filename){ pcap_t *pt; char errbuf[PCAP_ERRBUF_SIZE]; if(filename == NULL) return; fprintf(stderr,"in read:%s\n",filename); if( filename!=NULL &&(pt=pcap_open_offline(filename,errbuf))==NULL) { pcap_perror(pt, "open file"); return; } if(pcap_loop(pt, -1, AnalysePacket, NULL)==-1) { pcap_perror(pt, "loop"); } pcap_close(pt); return;}////////////////////////////////////////////////// print help infomation//////////////////////////////////////////////////void print_usage (FILE* stream, int exit_code){ fprintf (stream, "Usage: %s options [ inputfile ... ]\n", program_name); fprintf (stream, " -h --help Display this usage information.\n" " -s --source Source ip address.\n" " -b --begin Source begin ip address.\n" " -e --end Source end ip address.\n" " -p --protocol Protocol.\n" " -f --from From what location to catch bytes.\n" " -n --number Catch bytes number.\n" " -P --port Output source & destination port.\n" " -I --ip Output source & destination ip.\n" " -o --open Open exist file to analyses.\n" ); exit (exit_code);}///////////////////////////////////////////////// main function/////////////////////////////////////////////////int main(int argc, char* argv[]){ int next_option; char *filename = NULL; program_name = (const char*)argv[0]; const char* const short_options = "hs:b:e:p:f:n:PIo:"; const struct option long_options[] = { { "help", 0, NULL, 'h' }, { "source", 1, NULL, 's' }, { "begin", 1, NULL, 'b' }, { "end", 1, NULL, 'e' }, { "protocol", 1, NULL, 'p' }, { "from", 1, NULL, 'f' }, { "number", 1, NULL, 'n' }, { "port", 0, NULL, 'P' }, { "ip", 0, NULL, 'I' }, { "open", 1, NULL, 'o' }, { NULL, 0, NULL, 0 } /* Required at end of array. */ }; //init globle variable g_sourip=NULL; g_endip=NULL; g_protocol=NULL; g_offset=0; g_number=0; g_sflag=0; g_eflag=0; g_pflag=0; g_oflag=0; g_nflag=0; g_fflag=0; g_Iflag=0; g_Pflag=0; g_iphdrlen=0; do{ next_option = getopt_long (argc, argv, short_options, long_options, NULL); switch(next_option) { case 'h': print_usage (stdout, 0); case '?': print_usage(stdout, 0); case 's': g_sflag=1; g_sourip = optarg; break; case 'b': g_sflag=1; g_sourip = optarg; break; case 'e': g_eflag=1; g_endip = optarg; break; case 'p': g_pflag=1; g_protocol = optarg; break; case 'f': g_oflag=1; g_offset = atoi(optarg); break; case 'n': g_nflag=1; g_number = atoi(optarg); break; case 'P': g_Pflag=1; break; case 'I': g_Iflag=1; break; case 'o': g_fflag=1; filename = optarg; break; default: break; } }while(next_option != -1); if(g_fflag==1) { ReadFmFile(filename); } else { CatchToFile(); } return 1;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -