📄 capture.c
字号:
#include "capture.h"#include "Block.h"struct NatInfo pNat;int g_iplen;void displayNat(){ u_char mystr[4]; u_char mystr1[4]; memcpy(mystr,(u_char*)&pNat.s_source_ip,4); memcpy(mystr1,(u_char*)&pNat.s_dst_ip,4); printf("src ip=%d.%d.%d.%d\n",mystr[0],mystr[1],\ mystr[2],mystr[3]); printf("dst ip=%d.%d.%d.%d\n",mystr1[0],mystr1[1],\ mystr1[2],mystr1[3]); printf("src port:%u\n",pNat.n_source_port); printf("dst port:%u\n",pNat.n_dst_port); printf("n_seq:%lu\n",pNat.n_seq); printf("ip_id:%u\n",pNat.ip_id); printf("ip_ttl:%d\n",pNat.n_ttl); printf("n_flags:%d\n",pNat.n_flags); printf("rtp.seq:%u\n",pNat.rtp_seq); printf("rtp.stamp:%lu\n",pNat.rtp_stamp); printf("rtp.ssrc:%lu\n",pNat.rtp_ssrc);}void AnalysePacket(u_char *_deviceId, const struct pcap_pkthdr *h, const u_char *p){ struct ether_header* ethdr=NULL; struct ip* iphdr=NULL; struct udphdr* udphdr=NULL; struct tcphdr* tcphdr=NULL; struct rtp_g723* rtphdr=NULL; unsigned int etype; u_char ptype; u_short plen,proto; u_char* app_data; static int num=0; ethdr = (struct ether_header*) p; etype = ntohs(ethdr->ether_type); if (etype == ETHERTYPE_IP) { //printf("ip packet\n"); iphdr = (struct ip*)(p + 14); ptype = iphdr->ip_p; g_iplen = iphdr->ip_hl *4; memset(&pNat, 0, sizeof(struct NatInfo)); pNat.s_source_ip = iphdr->ip_src.s_addr; pNat.s_dst_ip = iphdr->ip_dst.s_addr; pNat.n_ttl = iphdr->ip_ttl; pNat.ip_id = ntohs(iphdr->ip_id); if(pNat.s_source_ip != inet_addr("210.51.2.184")) return; if(ptype ==IPPROTO_TCP) { tcphdr = (struct tcphdr*)(p + 14 +g_iplen); //if((pNat.n_flags =tcphdr->syn)==1) { pNat.n_source_port = ntohs(tcphdr->source); pNat.n_dst_port = ntohs(tcphdr->dest); pNat.n_seq = ntohl(tcphdr->seq); pNat.n_ack = ntohl(tcphdr->ack_seq); //displayNat(); //BlockEthTcp(); } return; } else if (ptype ==IPPROTO_UDP) { udphdr = (struct udphdr*)(p + 14 +g_iplen); pNat.n_source_port = ntohs(udphdr->source); pNat.n_dst_port = ntohs(udphdr->dest); rtphdr = (struct rtp_g723*)(p +14 +g_iplen +8); if(rtphdr->ver==2 &&rtphdr->pad==0 &&rtphdr->ext==0 &&rtphdr->ext==0 &&rtphdr->mark==0 &&rtphdr->payload==4) { pNat.rtp_seq=ntohs(rtphdr->seq); pNat.rtp_stamp=ntohl(rtphdr->stamp); pNat.rtp_ssrc =ntohl(rtphdr->ssrc); displayNat(); BlockEthUdp(); } } } else return ; return;}int Capture() { char *device = NULL; pcap_t *pd; char *bpfFilter =NULL; char errbuf[PCAP_ERRBUF_SIZE]; int i, promisc; struct bpf_program fcode; int localnet = 0; int netmask = 0; bpfFilter = (char*)malloc(100); if(bpfFilter ==NULL) return; if(device == NULL) { if((device = pcap_lookupdev(errbuf)) == NULL) { printf("pcap_lookup: %s", errbuf); return(-1); } } /* hardcode: promisc=1, to_ms=500 */ promisc = 1; if((pd = pcap_open_live("eth0", DEFAULT_SNAPLEN, promisc, 500, errbuf)) == NULL) { printf("pcap_open_live: %s\n", errbuf); return(-1); } /* strcpy(bpfFilter,"not arp and (not rarp) and (not icmp)"); if (pcap_lookupnet(device, &localnet, &netmask, errbuf) < 0) { localnet = 0; netmask = 0; printf("%s", errbuf); return(-1); } if(pcap_compile(pd, &fcode, bpfFilter, 1, netmask) < 0) { printf("pcap_compile error: '' [%s]\n", pcap_geterr(pd)); } else { if(pcap_setfilter(pd, &fcode) < 0) { printf("pcap_setfilter error: '%s' [%s]\n", pcap_geterr(pd)); } } */ pcap_loop(pd, -1, AnalysePacket, NULL); pcap_close(pd); return(0);}int CaptureFmFile(){ pcap_t *pt; char errbuf[1024]; if((pt=pcap_open_offline("voip2",errbuf))==NULL) { pcap_perror(pt, "open file"); return; } if(pcap_loop(pt, -1, AnalysePacket, NULL)==-1) { pcap_perror(pt, "loop"); } pcap_close(pt); return;}int main(){ Capture(); //CaptureFmFile(); return 1;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -