snifferdlg.cpp

可以抓网络TCP,I CMP等几种包。

// SnifferDlg.cpp : implementation file


#include "stdafx.h"
#include "Sniffer.h"
#include "SnifferDlg.h"
#include "pcap.h"
#include "pcap-bpf.h"
#include "pcap-stdinc.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

int j;
pcap_t *fp;
pcap_dumper_t *dumpfile;
CString A="";
CString E="";
typedef struct ip_address{
    u_char byte1;
    u_char byte2;
    u_char byte3;
    u_char byte4;
}ip_address;
/* IPv4 头的定义 */
typedef struct ip_header{
    u_char  ver_ihl;        // Version (4 bits) + Internet header length (4 bits)
    u_char  tos;            // Type of service 
    u_short tlen;           // Total length 
    u_short identification; // Identification
    u_short flags_fo;       // Flags (3 bits) + Fragment offset (13 bits)
    u_char  ttl;            // Time to live
    u_char  proto;          // Protocol
    u_short crc;            // Header checksum
    ip_address  saddr;      // Source address
    ip_address  daddr;      // Destination address
    u_int   op_pad;         // Option + Padding
}ip_header;
//TCP header
typedef struct tcp_header{
    u_short s_port;
    u_short d_port;
    unsigned int seq;
    unsigned int ack;
    u_char len;
    u_char flag;
    u_short win;
    u_short sum;
    u_short urp;
}tcp_header;


void dispatcher_handler(u_char *pParam,const struct pcap_pkthdr *header, const u_char *pkt_data)
{
	pcap_dump((unsigned char *)dumpfile, header, pkt_data);
}
void dispatcher_handler1(u_char *temp1, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
	ip_header *ih;
    u_int ip_len,tcp_len;
    tcp_header *tcph;
	CString B="";
	CString C="";
	CString D;
	CString F="";
	u_char *datantry;
	u_char datantry1[100000];
	u_char tcplen;
	u_short sport,dport;
//	char tcpoutdata[100];
	ih = (ip_header *) (pkt_data + 14);//跳过mac
	//////////////////////////////////////
    //找到TCP的位置 
	ip_len = (ih->ver_ihl & 0xf) * 4;//ih->ver_ihl & 0xf表示取四位ip_len

   // iSourcePort   =   ntohs(pTcpHeader->th_sport);

    tcph = (tcp_header *) ((u_char*)ih + ip_len);//tcp的头指针=ip头指针+ip包头的长度


	//tcp_len=(tcph->len & 0xf0) * 4;//tcp->ver_thl & 0xf0表示取四位tcp_len
    
	tcp_len = (tcph->len>>4)<<2;
	//tcplen = ntohs( tcph->len );
	// tcp_len=tcplen * 4;//tcp->ver_thl & 0xf0表示取四位tcp_len

	/* convert from network byte order to host byte order */
	sport = ntohs( tcph->s_port );
	dport = ntohs( tcph->d_port );

	//char Get[2048+1];
//memset(Get,0,sizeof(Get));
//memcpy(Get, (char*)th+tcp_len,BUFFER);


   //  tcp_len=20;
    datantry=(u_char*)((u_char*)tcph+tcp_len);//tcp数据头指针=tcp的头指针+tcp包头长度
////////////////////////////////////////////////
	D.Format( ("%d.%d.%d.%d:%d -> %d.%d.%d.%d:%d"),//输出源地址和目的地址
        ih->saddr.byte1,
        ih->saddr.byte2,
        ih->saddr.byte3,
        ih->saddr.byte4,
        sport,
        ih->daddr.byte1,
        ih->daddr.byte2,
        ih->daddr.byte3,
        ih->daddr.byte4,
        dport);
//    for (unsigned int i=1; (i < header->caplen + 1 ) ; i++)
//    {
//		C+=pkt_data[i-1];
//    }

	for (unsigned int i=0;i<u_int(ih->tlen)-tcp_len-ip_len;i++)//输出tcp数据
	{
		C+=datantry[i];
		datantry1[i]=datantry[i];
		datantry1[i]=pkt_data[i+tcp_len+ip_len];
	}
	B.Format("%s\r\n%s\r\n",D,C);
	A=A+B;
}
/////////////////////////////////////////////////////////////////////////////
// CAboutDlg dialog used for App About

class CAboutDlg : public CDialog
{
public:
	CAboutDlg();

// Dialog Data
	//{{AFX_DATA(CAboutDlg)
	enum { IDD = IDD_ABOUTBOX };
	//}}AFX_DATA

	// ClassWizard generated virtual function overrides
	//{{AFX_VIRTUAL(CAboutDlg)
	protected:
	virtual void DoDataExchange(CDataExchange* pDX);    // DDX/DDV support
	//}}AFX_VIRTUAL

// Implementation
protected:
	//{{AFX_MSG(CAboutDlg)
	virtual void OnOK();
	//}}AFX_MSG
	DECLARE_MESSAGE_MAP()
};

CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
	//{{AFX_DATA_INIT(CAboutDlg)
	//}}AFX_DATA_INIT
}

void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CAboutDlg)
	//}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
	//{{AFX_MSG_MAP(CAboutDlg)
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CSnifferDlg dialog

CSnifferDlg::CSnifferDlg(CWnd* pParent /*=NULL*/)
	: CDialog(CSnifferDlg::IDD, pParent)
{
	//{{AFX_DATA_INIT(CSnifferDlg)
	m_strDataNum = _T("");
	m_strFilterRule = _T("");
	m_strPocketsNum = _T("");
	//}}AFX_DATA_INIT
	// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
	m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}

void CSnifferDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CSnifferDlg)
	DDX_Control(pDX, IDC_POCKETS, m_ctrPacketsNum);
	DDX_Text(pDX, IDC_RECIEVE_DATA_NUMBER, m_strDataNum);
	DDX_CBString(pDX, IDC_COMBO, m_strFilterRule);
	DDX_Text(pDX, IDC_POCKETS, m_strPocketsNum);
	DDV_MaxChars(pDX, m_strPocketsNum, 4);
	//}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CSnifferDlg, CDialog)
	//{{AFX_MSG_MAP(CSnifferDlg)
	ON_WM_SYSCOMMAND()
	ON_WM_PAINT()
	ON_WM_QUERYDRAGICON()
	ON_BN_CLICKED(IDC_BUTTON, OnButton)
	ON_BN_CLICKED(IDC_READ_PACK, OnReadPack)
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CSnifferDlg message handlers

BOOL CSnifferDlg::OnInitDialog()
{
	CDialog::OnInitDialog();

	// Add "About..." menu item to system menu.

	// IDM_ABOUTBOX must be in the system command range.
	ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
	ASSERT(IDM_ABOUTBOX < 0xF000);

	CMenu* pSysMenu = GetSystemMenu(FALSE);
	if (pSysMenu != NULL)
	{
		CString strAboutMenu;
		strAboutMenu.LoadString(IDS_ABOUTBOX);
		if (!strAboutMenu.IsEmpty())
		{
			pSysMenu->AppendMenu(MF_SEPARATOR);
			pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
		}
	}

	// Set the icon for this dialog.  The framework does this automatically
	//  when the application's main window is not a dialog
	SetIcon(m_hIcon, TRUE);			// Set big icon
	SetIcon(m_hIcon, FALSE);		// Set small icon
	
	// TODO: Add extra initialization here
	
	return TRUE;  // return TRUE  unless you set the focus to a control
}

void CSnifferDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
	if ((nID & 0xFFF0) == IDM_ABOUTBOX)
	{
		CAboutDlg dlgAbout;
		dlgAbout.DoModal();
	}
	else
	{
		CDialog::OnSysCommand(nID, lParam);
	}
}

// If you add a minimize button to your dialog, you will need the code below
//  to draw the icon.  For MFC applications using the document/view model,
//  this is automatically done for you by the framework.

void CSnifferDlg::OnPaint() 
{
	if (IsIconic())
	{
		CPaintDC dc(this); // device context for painting

		SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);

		// Center icon in client rectangle
		int cxIcon = GetSystemMetrics(SM_CXICON);
		int cyIcon = GetSystemMetrics(SM_CYICON);
		CRect rect;
		GetClientRect(&rect);
		int x = (rect.Width() - cxIcon + 1) / 2;
		int y = (rect.Height() - cyIcon + 1) / 2;

		// Draw the icon
		dc.DrawIcon(x, y, m_hIcon);
	}
	else
	{
		CDialog::OnPaint();
	}
}

// The system calls this to obtain the cursor to display while the user drags
//  the minimized window.
HCURSOR CSnifferDlg::OnQueryDragIcon()
{
	return (HCURSOR) m_hIcon;
}

BOOL CSnifferDlg::StartCapture()
{
	char errbuf[PCAP_ERRBUF_SIZE];
//	char *myAdapter;
	int i=0;
	pcap_if_t *alldevs,*d;
	struct bpf_program fcode;
    u_int netmask;

	pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf);
    for(d=alldevs; d; d=d->next);
	{   ++i;
		    
	}
	int inum=2;
	for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);

//	myAdapter= alldevs->name;
	if ( (fp= pcap_open(d->name, 65535, PCAP_OPENFLAG_PROMISCUOUS, 1000, NULL, errbuf) ) == NULL)
	{
		AfxMessageBox("找不到网络适配器!");
	}
//	pcap_freealldevs(alldevs);

/////////////////////////////////////////////////////////////////////
	 if(pcap_datalink(fp) != DLT_EN10MB)//检查是否是以太网
    {
        AfxMessageBox("This program works only on Ethernet networks.\n");
        /* Free the device list */
        pcap_freealldevs(alldevs);
       
    }

	if(pcap_setbuff(fp, 2056)<0)//检查缓冲区
	{
		pcap_close(fp);
		AfxMessageBox("Not enough memory to allocate the capture buffer");
	}
	//网址类型
	if(d->addresses != NULL)
        //Retrieve the mask of the first address of the interface 
        netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;
    else
        // If the interface is without addresses we suppose to be in a C class network 
        netmask=0xffffff; 
	UpdateData();
    CString FilterRule=m_strFilterRule;
	CString Rule="ip";
	if (m_strFilterRule == "IP")
	{
		Rule="ip";
	}
	if (m_strFilterRule == "TCP")
	{
		Rule="ip and tcp";
	}
	if (m_strFilterRule == "POP3")
	{
		Rule="ip and tcp and port 110";
	}
	if (m_strFilterRule == "SMTP")
	{
		Rule="ip and tcp and port 13";
	}
	if (m_strFilterRule == "ALL PACKET")
	{
		Rule="ip";
	}
    if(pcap_compile(fp, &fcode, Rule.GetBuffer(0), 1, netmask) <0 )
	{   
		AfxMessageBox("Unable to compile the packet filter. Check the syntax. ");
	    pcap_freealldevs(alldevs);
	}
	 if (pcap_setfilter(fp, &fcode)<0)
	{
		AfxMessageBox("\nError setting the filter.\n");
        

        // Free the device list 
        pcap_freealldevs(alldevs);
     
	}
	 	
	 if(pcap_setmode(fp,MODE_CAPT)==-1)
	{
		pcap_close(fp);
		AfxMessageBox(pcap_geterr(fp));

	}

///////////////////////////////////////////////////////////////////////
	dumpfile= pcap_dump_open(fp, "c:\\alltcpdatefie.txt");
	if (dumpfile == NULL)
	{
		AfxMessageBox("没打开文件!");
	}
    pcap_freealldevs(alldevs);
	UpdateData();
	CString PacketsNum=m_strPocketsNum;
	int iNum=atoi(m_strPocketsNum);
	if (m_ctrPacketsNum.GetCapture == NULL)
	{
		iNum=0;
	}
    pcap_loop(fp, iNum, dispatcher_handler, (unsigned char *)dumpfile);
	pcap_close(fp);
	return TRUE;
}

void CAboutDlg::OnOK() 
{
//	StartCapture();
}

void CSnifferDlg::OnButton() 
{	
	StartCapture();
}

void CSnifferDlg::OnReadPack() 
{
	char errbuf[PCAP_ERRBUF_SIZE];
	StartCapture();
    if ( (fp = pcap_open_offline("c:\\alltcpdatefie.txt", errbuf) ) == NULL)
    {
		AfxMessageBox("无法打开文件!");
    }
    
    // 读取数据直到遇到 EOF标志。 
    pcap_loop(fp, 0, dispatcher_handler1, NULL);
	m_strDataNum=A;
	UpdateData(FALSE);
}