ipdump.cpp

网络抓包小程序

#include<string.h>
#include<stdio.h>
#include<unistd.h>
#include<sys/time.h>
#include<sys/types.h>
#include<sys/socket.h>
#include<net/ethernet.h>
#include<netinet/in_systm.h>
#include<netinet/in.h>
#include<netinet/ip.h>
#include<netinet/ip_icmp.h>
#define __FAVOR_BSD
#include<netinet/tcp.h>
#include<netinet/udp.h>
#include<netinet/if_ether.h>
#include<arpa/inet.h>
#ifdef _linux
#include<linux/sockios.h>
#include<linux/if.h>
#else
#include<sys/ioctl.h>
//＃i nclude<net/bpf.h>
#include<net/if.h>
#include<fcntl.h>
#endif
#define MAXSIZE 65535
#define EXIT_FAILURE 0
void print_ethernet(struct ether_header *eth);
void print_arp(struct ether_arp *arp);
void print_ip(struct ip *ip);
void print_tcp(struct tcphdr *tcp);
void print_icmp(struct icmp *icmp);
void print_udp(struct udphdr *udp);
char *mac_ntoa(u_char *d);
char *ip_ttoa(int flag);
char *ip_ftoa(int flag);
char *tcp_ftoa(int flag);
int main(int argc, char *argv[]) {
 struct ether_header *eth;
 struct ether_arp *arp;
 struct ip *ip;
 struct icmp *icmp;
 struct tcphdr *tcp;
 struct udphdr *udp;
 int sock;
 int len;
 char buff[MAXSIZE];
 char *p;
 printf("begin!\n");
 
 if ( (sock = socket(AF_INET, SOCK_PACKET, htons(ETH_P_ALL))) < 0) {
	 perror(" socket");
  return(EXIT_FAILURE);
 }
/*
 struct socket local;
 memset(&local, 0, sizeof(local));
 local.sa_family = AF_INET;
 local.sin_port = 0;
 local.sin_addr.s_addr = INADDR_ANY;
*/
 while (1) {
  printf("+++++begin+++++++++++++++++++++++++++++++++++\n");
  if ((len = read(sock, buff, MAXSIZE)) < 0) {
   perror(" read");
   return(EXIT_FAILURE);
  }
  p = buff;
  eth = (struct ether_header *)p;
  p += sizeof(struct ether_header);
  print_ethernet(eth);
 
  if (ntohs(eth->ether_type) == ETHERTYPE_ARP) {
   print_arp(arp);
   arp = (struct ether_arp *)p;
  } else if (ntohs(eth->ether_type) == ETHERTYPE_IP) {
   ip = (struct ip *)p;
   p += (int)(ip->ip_hl)<<2;
   if (ip->ip_p == IPPROTO_TCP) {
   print_ip(ip);
   switch (ip->ip_p) {
    case IPPROTO_TCP:
     tcp = (struct tcphdr *)p;
     p += (int)(tcp->th_off)<<2;
     print_tcp(tcp);
     break;
    case IPPROTO_UDP:
     udp = (struct udphdr *)p;
     p += sizeof(struct udphdr);
     print_udp(udp);
     break;
    case IPPROTO_ICMP:
     icmp = (struct icmp *)p;
     p += sizeof(struct icmp);
     print_icmp(icmp);
     break;
    default :
     printf("Unknown!\n");
     break;
   }
   }
  }
  printf("+++++over++++++++++++++++++++++++++++++++++++\n\n\n");
 }
 
 return(0);
}
void print_ethernet(struct ether_header *eth) {
 int type = ntohs(eth->ether_type);
 if (type <= 1500) printf("IEEE 802.3 Ethernet Frame:\n");
 else printf("Ethernet Frame:\n");
 printf("Destination MAC Adress: %17s\n", mac_ntoa(eth->ether_dhost));
 printf("Source MAC Adress: %17s\n", mac_ntoa(eth->ether_shost));
 if (type < 1500) printf("Lenht: %5u\n", type);
 else printf("Ethernet Type ox%04x\n", type);
 return;
}
void print_arp(struct ether_arp *arp) {
 
 static char *arp_operation[] = {
  "Undefine",
  "(ARP Request)",
  "(ARP Reply)",
  "(RARP Request)",
  "(RARP Reply)",
 };
 int op = ntohs(arp->ea_hdr.ar_op);
 if (op <= 0 || 5 < op) {
  op = 0;
  printf("    Protocol: ARP\n");
  printf("    Hedr Type: %2u %-11s | Protocal: 0x%04x %-9s\n",
   ntohs(arp->ea_hdr.ar_hrd),
   (ntohs(arp->ea_hdr.ar_hrd) == ARPHRD_ETHER) ? "(Ethernet)" : "(Notther)",
   ntohs(arp->ea_hdr.ar_pro),
   (ntohs(arp->ea_hdr.ar_pro) == ETHERTYPE_IP) ? "(IP)" : "(Not IP)");
  printf("    Hardlen: %3u | Addr Len: %2u | op: %4d %16s\n",
   arp->ea_hdr.ar_hln, arp->ea_hdr.ar_pln, ntohs(arp->ea_hdr.ar_op), arp_operation[op]);
  printf("    Source MAC Address: %17s\n", mac_ntoa(arp->arp_sha));
  printf("    Source IP Address: %7s\n", inet_ntoa(* (struct in_addr *) &arp->arp_spa));
  printf("    Destination MAC Address: %17s\n", mac_ntoa(arp->arp_tha));
  printf("    Destination IP Adress: %7s\n", inet_ntoa(* (struct in_addr *) &arp->arp_tpa));
 }
 
 return;
}
void print_ip(struct ip *ip) {
 printf("    Protocal: IP\n");
 printf("    IV: %1u | HL:%2u | T:%8s | Total Length: %10u\n", ip->ip_v, ip->ip_hl, ip_ttoa(ip->ip_tos), ntohs(ip->ip_len));
 printf("    Tdentifier: %5u | FF: %3s | FO: %5u\n", ntohs(ip->ip_id), ip_ftoa(ntohs(ip->ip_off)), ntohs(ip->ip_off)&IP_OFFMASK);
 printf("    TTL: %3u | Pro: %3u | Head Checksum: %5u\n", ip->ip_ttl, ip->ip_p, ntohs(ip->ip_sum));
 printf("    Source IP Address: %15s\n", inet_ntoa(*(struct in_addr *) &(ip->ip_src)));
 printf("    Destination IP Address: %15s\n", inet_ntoa(*(struct in_addr *) &(ip->ip_dst)));
 return;
}
void print_tcp(struct tcphdr *tcp) {
 printf("        Protocal: TCP\n");
 printf("        Source Port: %5u | Destination Port: %5u\n", ntohs(tcp->th_sport), ntohs(tcp->th_dport));
 printf("        Sequence Number: %10u\n", (u_long)(tcp->th_seq));
 printf("        Acknowledgement Number: %10u\n", (u_long)(tcp->th_ack));
 printf("        Do: %2u | Reserved | F: %6s | Windows Size: %5u\n", tcp->th_off, tcp_ftoa(tcp->th_flags), ntohs(tcp->th_win));
 printf("        Checksum: %5u | Urgent Pointer: %5u\n", ntohs(tcp->th_sum), ntohs(tcp->th_urp));
 return;
}
void print_udp(struct udphdr *udp) {
 printf("        Protocal: UDP\n");
 printf("        Source Port: %5u | Dest Port: %5u\n", ntohs(udp->uh_sport), ntohs(udp->uh_dport));
 printf("        Length: %5u | Checksum: %5u\n", ntohs(udp->uh_ulen), udp->uh_sum);
 return;
}
void print_icmp(struct icmp *icmp) {
 printf("        Protocal: ICMP\n");
 printf("        Type: %3u | Code: %3u | Checksum: %5u\n", icmp->icmp_type, icmp->icmp_code, ntohs(icmp->icmp_cksum));
 if (icmp->icmp_type == 0 || icmp->icmp_type == 8)
  printf("        Identification: %5u | Sequence Num: %5u\n", ntohs(icmp->icmp_id), ntohs(icmp->icmp_seq));
 else if (icmp->icmp_type == 3) {
  if (icmp->icmp_code == 4)
   printf("        void: %5u | Next MTU: %5u\n", ntohs(icmp->icmp_pmvoid), ntohs(icmp->icmp_nextmtu));
  else
   printf("        Unused: %10u\n", (u_long)ntohs(icmp->icmp_void));
 } else if (icmp->icmp_type == 5) {
  printf("        Router IP Address: %15u\n", inet_ntoa(*(struct in_addr *) &(icmp->icmp_gwaddr)));
 } else if (icmp->icmp_type == 11) {
  printf("        Unused: %10lu\n", (u_long)ntohl(icmp->icmp_void));
 }
 return;
}
char *mac_ntoa(u_char *d) {
 static char str[50];
 sprintf(str, "%02x:%02x:%02x:%02x:%02x:%02x", d[0],d[1],d[2],d[3],d[4],d[5]);
 return(str);
}
char *ip_ttoa(int flag) {
 static int f[] = {'1','1','1','D','T','R','C','X'};
 static char str[17];
 u_int mask = 0x80;
 int i;
 for (i = 0; i < 8; i ++) {
  if (((flag<<i) & mask) != 0) str[i] = f[i];
  else str[i] = '0';
 }
 str[i] = '\0';
 return(str);
}
char *ip_ftoa(int flag) {
 static int f[] = {'R','D','M'};
 static char str[17];
 u_int mask = 0x8000;
 int i;
 for (i = 0;i < 3;i ++) {
  if (((flag<<i) & mask) != 0) str[i] = f[i];
  else str[i] = '0';
 }
 str[i] = '\0';
 return(str);
}
char *tcp_ftoa(int flag) {
 static int f[] = {'U','A','P','R','S','F'};
 static char str[17];
 u_int mask = 1<<5;
 int i;
 for (i = 0;i < 6;i ++) {
  if (((flag << i) & mask) != 0) str[i] = f[i];
  else str[i] = '0';
 }
 str[i] = '\0';
 return(str);
}