group__wpcap__tut6.html

winpcap文档

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
<title>WinPcap: Interpreting the packets</title>
<link href="style.css" rel="stylesheet" type="text/css">
<link href="tabs.css" rel="stylesheet" type="text/css">
</head><body>
<!-- Generated by Doxygen 1.5.1 -->
<div class="tabs">
  <ul>
    <li><a href="main.html"><span>Main&nbsp;Page</span></a></li>
    <li><a href="modules.html"><span>Modules</span></a></li>
    <li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
    <li><a href="files.html"><span>Files</span></a></li>
    <li><a href="pages.html"><span>Related&nbsp;Pages</span></a></li>
  </ul></div>
<h1>Interpreting the packets</h1><table border="0" cellpadding="0" cellspacing="0">
<tr><td></td></tr>
</table>
Now that we are able to capture and filter network traffic, we want to put our knowledge to work with a simple "real world" application.<p>
In this lesson we will take code from the previous lessons and use these pieces to build a more useful program. the main purpose of the current program is to show how the protocol headers of a captured packet can be parsed and interpreted. The resulting application, called UDPdump, prints a summary of the UDP traffic on our network.<p>
We have chosen to parse and display the UDP protocol because it is more accessible than other protocols such as TCP and consequently is an excellent initial example. Let's look at the code:<p>
<div class="fragment"><pre class="fragment"><span class="comment">/*</span>
<span class="comment"> * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy)</span>
<span class="comment"> * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California)</span>
<span class="comment"> * All rights reserved.</span>
<span class="comment"> *</span>
<span class="comment"> * Redistribution and use in source and binary forms, with or without</span>
<span class="comment"> * modification, are permitted provided that the following conditions</span>
<span class="comment"> * are met:</span>
<span class="comment"> *</span>
<span class="comment"> * 1. Redistributions of source code must retain the above copyright</span>
<span class="comment"> * notice, this list of conditions and the following disclaimer.</span>
<span class="comment"> * 2. Redistributions in binary form must reproduce the above copyright</span>
<span class="comment"> * notice, this list of conditions and the following disclaimer in the</span>
<span class="comment"> * documentation and/or other materials provided with the distribution.</span>
<span class="comment"> * 3. Neither the name of the Politecnico di Torino, CACE Technologies </span>
<span class="comment"> * nor the names of its contributors may be used to endorse or promote </span>
<span class="comment"> * products derived from this software without specific prior written </span>
<span class="comment"> * permission.</span>
<span class="comment"> *</span>
<span class="comment"> * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS</span>
<span class="comment"> * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT</span>
<span class="comment"> * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR</span>
<span class="comment"> * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT</span>
<span class="comment"> * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,</span>
<span class="comment"> * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT</span>
<span class="comment"> * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,</span>
<span class="comment"> * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY</span>
<span class="comment"> * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT</span>
<span class="comment"> * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE</span>
<span class="comment"> * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</span>
<span class="comment"> *</span>
<span class="comment"> */</span>

<span class="preprocessor">#include "pcap.h"</span>

<span class="comment">/* 4 bytes IP address */</span>
<span class="keyword">typedef</span> <span class="keyword">struct </span>ip_address{
    u_char byte1;
    u_char byte2;
    u_char byte3;
    u_char byte4;
}ip_address;

<span class="comment">/* IPv4 header */</span>
<span class="keyword">typedef</span> <span class="keyword">struct </span>ip_header{
    u_char  ver_ihl;        <span class="comment">// Version (4 bits) + Internet header length (4 bits)</span>
    u_char  tos;            <span class="comment">// Type of service </span>
    u_short tlen;           <span class="comment">// Total length </span>
    u_short identification; <span class="comment">// Identification</span>
    u_short flags_fo;       <span class="comment">// Flags (3 bits) + Fragment offset (13 bits)</span>
    u_char  ttl;            <span class="comment">// Time to live</span>
    u_char  proto;          <span class="comment">// Protocol</span>
    u_short crc;            <span class="comment">// Header checksum</span>
    ip_address  saddr;      <span class="comment">// Source address</span>
    ip_address  daddr;      <span class="comment">// Destination address</span>
    u_int   op_pad;         <span class="comment">// Option + Padding</span>
}ip_header;

<span class="comment">/* UDP header*/</span>
<span class="keyword">typedef</span> <span class="keyword">struct </span>udp_header{
    u_short sport;          <span class="comment">// Source port</span>
    u_short dport;          <span class="comment">// Destination port</span>
    u_short len;            <span class="comment">// Datagram length</span>
    u_short crc;            <span class="comment">// Checksum</span>
}udp_header;

<span class="comment">/* prototype of the packet handler */</span>
<span class="keywordtype">void</span> packet_handler(u_char *param, <span class="keyword">const</span> <span class="keyword">struct</span> <a class="code" href="structpcap__pkthdr.html">pcap_pkthdr</a> *header, <span class="keyword">const</span> u_char *pkt_data);


main()
{
<a class="code" href="structpcap__if.html">pcap_if_t</a> *alldevs;
<a class="code" href="structpcap__if.html">pcap_if_t</a> *d;
<span class="keywordtype">int</span> inum;
<span class="keywordtype">int</span> i=0;
<a class="code" href="group__wpcap__def.html#g4711d025f83503ce692efa5e45ec60a7">pcap_t</a> *adhandle;
<span class="keywordtype">char</span> errbuf[<a class="code" href="group__wpcap__def.html#gcd448353957d92c98fccc29e1fc8d927">PCAP_ERRBUF_SIZE</a>];
u_int netmask;
<span class="keywordtype">char</span> packet_filter[] = <span class="stringliteral">"ip and udp"</span>;
<span class="keyword">struct </span>bpf_program fcode;

    <span class="comment">/* Retrieve the device list */</span>
    <span class="keywordflow">if</span> (<a class="code" href="group__wpcapfunc.html#g98f36e62c95c6ad81eaa8b2bbeb8f16e">pcap_findalldevs_ex</a>(<a class="code" href="group__remote__source__string.html#g6d7103b8a7e1eca8c325bd8f32c361c3">PCAP_SRC_IF_STRING</a>, NULL, &amp;alldevs, errbuf) == -1)
    {
        fprintf(stderr,<span class="stringliteral">"Error in pcap_findalldevs: %s\n"</span>, errbuf);
        exit(1);
    }
    
    <span class="comment">/* Print the list */</span>
    <span class="keywordflow">for</span>(d=alldevs; d; d=d-&gt;<a class="code" href="structpcap__if.html#81508e6e4e41ca4235c8d6b51913c536">next</a>)
    {
        printf(<span class="stringliteral">"%d. %s"</span>, ++i, d-&gt;<a class="code" href="structpcap__if.html#5ac083a645d964373f022d03df4849c8">name</a>);
        if (d-&gt;<a class="code" href="structpcap__if.html#8444d6e0dfe2bbab0b5e7b24308f1559">description</a>)
            printf(<span class="stringliteral">" (%s)\n"</span>, d-&gt;<a class="code" href="structpcap__if.html#8444d6e0dfe2bbab0b5e7b24308f1559">description</a>);
        <span class="keywordflow">else</span>
            printf(<span class="stringliteral">" (No description available)\n"</span>);
    }

    <span class="keywordflow">if</span>(i==0)
    {
        printf(<span class="stringliteral">"\nNo interfaces found! Make sure WinPcap is installed.\n"</span>);
        <span class="keywordflow">return</span> -1;
    }
    
    printf(<span class="stringliteral">"Enter the interface number (1-%d):"</span>,i);
    scanf(<span class="stringliteral">"%d"</span>, &amp;inum);
    
    <span class="keywordflow">if</span>(inum &lt; 1 || inum &gt; i)
    {
        printf(<span class="stringliteral">"\nInterface number out of range.\n"</span>);
        <span class="comment">/* Free the device list */</span>
        <a class="code" href="group__wpcapfunc.html#g346b4b0b7fd1cda4abb9a39f767dbeb1">pcap_freealldevs</a>(alldevs);