📄 list.cpp
字号:
char protocol2[10];
arp_proto* arpp;
char errbuf[PCAP_ERRBUF_SIZE];
CString packet_filter = ""; //the conditions for filter
struct bpf_program fcode;
data_link_header* dh;
ip_header* ih;
udp_header* uh;
tcp_header* th;
u_int ip_len;
u_short sport, dport;
if((fp = pcap_open_offline(FilePathName,errbuf)) == NULL)
{
MessageBox("Please choose the right file!");
return -1;
}
/* complie the filter */
if (pcap_compile(fp, &fcode, (LPSTR)(LPCTSTR)packet_filter, 1, 0xffffffff) < 0)
{
fprintf(stderr, "\nUnable to compile the packet filter. Check the syntax.\n");
}
/* set the filter */
if (pcap_setfilter(fp, &fcode) < 0)
{
fprintf(stderr, "\nError setting the filter.\n");
}
/* Start the capture */
while ((res = pcap_next_ex(fp, &header, &pkt_data)) >= 0)
{
if (res == 0) /* Timeout elapsed */
{
continue;
}
/* convert the timestamp to readable format */
ltime = localtime(&header->ts.tv_sec);
strftime(timestr, sizeof(timestr), "%Y-%m-%d %H:%M:%S", ltime);
strcpy(timestr2 , timestr);
sprintf(timestr1,":%.6d",header->ts.tv_usec);
strcat(timestr,timestr1);
/*retrieve the position of the mac header*/
dh = (data_link_header*)pkt_data;
switch(ntohs(dh->type))
{
/*analysis of IP*/
case 0x0800:
sprintf(protocol1, "IP");
/* retrieve the position of the ip header */
ih = (ip_header*)(pkt_data + 14); /* length of ethernet header */
ip_len = (ih->ver_ihl & 0xf) * 4;
switch(ih->proto)
{
/* retrieve the position of the udp header */
/*analysis of UDP */
case 6:
sprintf(protocol2 , "TCP");
th = (tcp_header*)((u_char*)ih + ip_len);
/* convert from network byte order to host byte order */
sport = ntohs(th->sport);
dport = ntohs(th->dport);
switch(dport)
{
case 21: sprintf(protocol,"%s", "FTP");break;
case 23: sprintf(protocol,"%s", "TELNET");break;
case 25: sprintf(protocol,"%s", "SMTP");break;
case 8080: sprintf(protocol,"%s", "HTTP");break;
default: sprintf(protocol,"%s", "TCP");
}
break;
/* retrieve the position of the tcp header */
/*analysis of TCP */
case 17:
sprintf(protocol2 , "UDP");
uh = (udp_header*)((u_char*)ih + ip_len);
/* convert from network byte order to host byte order */
sport = ntohs(uh->sport);
dport = ntohs(uh->dport);
//printf("source port:%d,destination port:%d\n",sport,dport);
switch(dport)
{
case 53: sprintf(protocol, "%s", "DNS");break;
case 69: sprintf(protocol, "%s", "TFTP");break;
case 161: sprintf(protocol, "%s", "SNMP");break;
case 162: sprintf(protocol, "%s", "SNMP(trap)");break;
default: sprintf(protocol, "%s", "UDP");
}
break;
}
sprintf(srcIP,"%d.%d.%d.%d",ih->saddr.byte1,ih->saddr.byte2,ih->saddr.byte3,ih->saddr.byte4);
sprintf(dstIP,"%d.%d.%d.%d",ih->daddr.byte1,ih->daddr.byte2,ih->daddr.byte3,ih->daddr.byte4);
for(p = 0; p<j; p++)
{
if(pck[p][0] == "any" || pck[p][0] == protocol || pck[p][0] == protocol1 || pck[p][0] == protocol2)
{
if(pck[p][1] == "any" || atoi((LPCTSTR)pck[p][1]) == (int)header->len)
{
if(pck[p][2] == "any")
pck[p][2] = "0.0.0.0";
if(pck[p][3] == "any")
pck[p][3] = "255.255.255.255";
if(inet_addr(pck[p][2]) <= inet_addr(srcIP) && inet_addr(srcIP) <= inet_addr(pck[p][3]))
{
if(pck[p][4] == "any")
pck[p][4] = "0.0.0.0";
if(pck[p][5] == "any")
pck[p][5] = "255.255.255.255";
if(inet_addr(pck[p][4]) <= inet_addr(dstIP) && inet_addr(dstIP) <= inet_addr(pck[p][5]))
{
if(pck[p][6] == "any")
pck[p][6] = "0";
if(pck[p][7] == "any")
pck[p][7] = "65535";
if(atoi(pck[p][6]) <= sport && sport <= atoi(pck[p][7]))
{
if(pck[p][8] == "any")
pck[p][8] = "0";
if(pck[p][9] == "any")
pck[p][9] = "65535";
if(atoi(pck[p][8]) <= dport && dport <= atoi(pck[p][9]))
{
if(pck[p][10] == "any")
pck[p][10] = "0000-00-00 00:00:00";
if(pck[p][11] == "any")
pck[p][11] = "9999-99-99 99:99:99";
if(pck[p][10] <= timestr2 && timestr2 <= pck[p][11])
{
sprintf(nostr,"%d",no);
m_list.InsertItem(nRow,nostr);
// sprintf(srcIP,"%d.%d.%d.%d",ih->saddr.byte1,ih->saddr.byte2,ih->saddr.byte3,ih->saddr.byte4);
m_list.SetItemText(nRow,1,srcIP);
// sprintf(dstIP,"%d.%d.%d.%d",ih->daddr.byte1,ih->daddr.byte2,ih->daddr.byte3,ih->daddr.byte4);
m_list.SetItemText(nRow,2,dstIP);
sprintf(spstr,"%d",sport);
m_list.SetItemText(nRow,3,spstr);
sprintf(dpstr,"%d",dport);
m_list.SetItemText(nRow,4,dpstr);
m_list.SetItemText(nRow,5,protocol);
sprintf(lenstr,"%d",header->len);
m_list.SetItemText(nRow,6,lenstr);
m_list.SetItemText(nRow,7,timestr);
no++;
nRow++;
break;
}
else
continue;
}
else
continue;
}
else
continue;
}
else
continue;
}
else
continue;
}
else
continue;
}
else
continue;
}
break;
/*analysis of ARP*/
case 0x0806:
sprintf(protocol1 , "ARP");
arpp = (arp_proto*)(pkt_data + 14);
switch(ntohs(arpp->opcode))
{
case 0x0001:sprintf(protocol,"%s","ARP request");break;
case 0x0002:sprintf(protocol,"%s","ARP reply");break;
case 0x0003:sprintf(protocol,"%s","RARP request");break;
case 0x0004:sprintf(protocol,"%s","RARP reply");break;
}
sprintf(srcIP,"%d.%d.%d.%d",arpp->send_ip_addr.byte1,arpp->send_ip_addr.byte2,arpp->send_ip_addr.byte3,arpp->send_ip_addr.byte4);
sprintf(dstIP,"%d.%d.%d.%d",arpp->target_ip_addr.byte1,arpp->target_ip_addr.byte2,arpp->target_ip_addr.byte3,arpp->target_ip_addr.byte4);
for(p = 0; p<j; p++)
{
if(pck[p][0] == "any" || pck[p][0] == protocol || pck[p][0] == protocol1)
{
if(pck[p][1] == "any" || atoi((LPCTSTR)pck[p][1]) == (int)header->len)
{
if(pck[p][2] == "any")
pck[p][2] = "0.0.0.0";
if(pck[p][3] == "any")
pck[p][3] = "255.255.255.255";
if(inet_addr(pck[p][2]) <= inet_addr(srcIP) && inet_addr(srcIP) <= inet_addr(pck[p][3]))
{
if(pck[p][4] == "any")
pck[p][4] = "0.0.0.0";
if(pck[p][5] == "any")
pck[p][5] = "255.255.255.255";
if(inet_addr(pck[p][4]) <= inet_addr(dstIP) && inet_addr(dstIP) <= inet_addr(pck[p][5]))
{
if(pck[p][10] == "any")
pck[p][10] = "0000-00-00 00:00:00";
if(pck[p][11] == "any")
pck[p][11] = "9999-99-99 99:99:99";
if(pck[p][10] <= timestr2 && timestr2<= pck[p][11])
{
sprintf(nostr,"%d",no);
m_list.InsertItem(nRow,nostr);
// sprintf(srcIP,"%d.%d.%d.%d",ih->saddr.byte1,ih->saddr.byte2,ih->saddr.byte3,ih->saddr.byte4);
m_list.SetItemText(nRow,1,srcIP);
// sprintf(dstIP,"%d.%d.%d.%d",ih->daddr.byte1,ih->daddr.byte2,ih->daddr.byte3,ih->daddr.byte4);
m_list.SetItemText(nRow,2,dstIP);
sprintf(spstr,"%d",sport);
m_list.SetItemText(nRow,3,spstr);
sprintf(dpstr,"%d",dport);
m_list.SetItemText(nRow,4,dpstr);
m_list.SetItemText(nRow,5,protocol);
sprintf(lenstr,"%d",header->len);
m_list.SetItemText(nRow,6,lenstr);
m_list.SetItemText(nRow,7,timestr);
no++;
nRow++;
break;
}
else
continue;
}
else
continue;
}
else
continue;
}
else
continue;
}
else
continue;
}
break;
/*analysis of RARP*/
case 0x8035:
sprintf(protocol1 , "RARP");
arpp = (arp_proto*)(pkt_data + 14);
switch(ntohs(arpp->opcode))
{
case 0x0001:sprintf(protocol,"%s","ARP request");break;
case 0x0002:sprintf(protocol,"%s","ARP reply");break;
case 0x0003:sprintf(protocol,"%s","RARP request");break;
case 0x0004:sprintf(protocol,"%s","RARP reply");break;
}
sprintf(srcIP,"%d.%d.%d.%d",arpp->send_ip_addr.byte1,arpp->send_ip_addr.byte2,arpp->send_ip_addr.byte3,arpp->send_ip_addr.byte4);
sprintf(dstIP,"%d.%d.%d.%d",arpp->target_ip_addr.byte1,arpp->target_ip_addr.byte2,arpp->target_ip_addr.byte3,arpp->target_ip_addr.byte4);
for(p = 0; p<j; p++)
{
if(pck[p][0] == "any" || pck[p][0] == protocol || pck[p][0] == protocol1)
{
if(pck[p][1] == "any" || atoi((LPCTSTR)pck[p][1]) == (int)header->len)
{
if(pck[p][2] == "any")
pck[p][2] = "0.0.0.0";
if(pck[p][3] == "any")
pck[p][3] = "255.255.255.255";
if(inet_addr(pck[p][2]) <= inet_addr(srcIP) && inet_addr(srcIP) <= inet_addr(pck[p][3]))
{
if(pck[p][4] == "any")
pck[p][4] = "0.0.0.0";
if(pck[p][5] == "any")
pck[p][5] = "255.255.255.255";
if(inet_addr(pck[p][4]) <= inet_addr(dstIP) && inet_addr(dstIP) <= inet_addr(pck[p][5]))
{
if(pck[p][10] == "any")
pck[p][10] = "0000-00-00 00:00:00";
if(pck[p][11] == "any")
pck[p][11] = "9999-99-99 99:99:99";
if(pck[p][10] <= timestr2 && timestr2 <= pck[p][11])
{
sprintf(nostr,"%d",no);
m_list.InsertItem(nRow,nostr);
// sprintf(srcIP,"%d.%d.%d.%d",ih->saddr.byte1,ih->saddr.byte2,ih->saddr.byte3,ih->saddr.byte4);
m_list.SetItemText(nRow,1,srcIP);
// sprintf(dstIP,"%d.%d.%d.%d",ih->daddr.byte1,ih->daddr.byte2,ih->daddr.byte3,ih->daddr.byte4);
m_list.SetItemText(nRow,2,dstIP);
sprintf(spstr,"%d",sport);
m_list.SetItemText(nRow,3,spstr);
sprintf(dpstr,"%d",dport);
m_list.SetItemText(nRow,4,dpstr);
m_list.SetItemText(nRow,5,protocol);
sprintf(lenstr,"%d",header->len);
m_list.SetItemText(nRow,6,lenstr);
m_list.SetItemText(nRow,7,timestr);
no++;
nRow++;
break;
}
else
continue;
}
else
continue;
}
else
continue;
}
else
continue;
}
else
continue;
}
break;
default:printf("failed");break;
}
// nRow++;
}
if (res == -1)
{
printf("Error reading the packets: %s\n", pcap_geterr(fp));
return -1;
}
return 1;
////////////////////////////////////////////////////////////////////
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -