📄 14.cpp
字号:
#include "stdafx.h"
#include "pcap.h"
#include "bao.h"
#include "windows.h"
#pragma comment(lib, "wpcap.lib")//将lib库加入到工程中进行编译
#pragma comment(lib, "ws2_32")//ws2_32.dll是Windows Sockets应用程序接口,用于支持Internet和网络应用程序
void Analyse_IPPacket(char *sMac,char *dMac,const u_char *data);
void Analyse_ARPPacket(char *sMac,char *dMac,const u_char *data);
void Analyse_UDPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data);
void Analyse_ICMPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data);
void Analyse_TCPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data);
void packet_handler(u_char* packets,const struct pcap_pkthdr * header,const u_char *pp);
int summac=0;
void main()
{
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i=0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
for(d=alldevs; d; d=d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf("(%s)\n", d->description);
else
printf("(No description available)\n");
}
if(i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return;
}
printf("Enter the interface number (1-%d):",i);
scanf("%d", &inum);
if(inum < 1 || inum > i)
{
printf("\n 输入有误.\n");
pcap_freealldevs(alldevs);
return;
}
for(d=alldevs, i=0; i< inum-1;d=d->next, i++)
;
if ( (adhandle= pcap_open_live(d->name, //设备名
65536, // 捕捉完整的数据包
1 , // 混在模式
1, // 读入超时
errbuf // 错误缓冲
) ) == NULL)
{
printf("Unable to open the adapter");
pcap_freealldevs(alldevs);
return;
}
printf("\nlistening on %s...\n", d->description);
pcap_freealldevs(alldevs);
//hFile=CreateFile("C:\\aaa.txt",GENERIC_WRITE,0, NULL,CREATE_ALWAYS,0,NULL);
pcap_loop(adhandle, 50, packet_handler, NULL);
//CloseHandle(hFile);
return;
}
void packet_handler(u_char* packets,const struct pcap_pkthdr *header,const u_char *data)
{
struct ether_header *eth;
unsigned int ptype;
char mac_addr1[19],mac_addr2[19];
struct tm *ltime;
char timestr[16];
u_char* dmac_string;
u_char* smac_string;
time_t local_tv_sec;
summac++;
eth=(struct ether_header *)data;
smac_string=eth->ether_shost;
sprintf(mac_addr1,"%02x:%02x:%02x:%02x:%02x:%02x",*smac_string,*(smac_string+1),*(smac_string+2),*(smac_string+3),*(smac_string+4),*(smac_string+5));
dmac_string=eth->ether_dhost;
sprintf(mac_addr2,"%02x:%02x:%02x:%02x:%02x:%02x",*dmac_string,*(dmac_string+1),*(dmac_string+2),*(dmac_string+3),*(dmac_string+4),*(dmac_string+5));
ptype=ntohs(eth->ether_type);
/* 将时间戳转换成可识别的格式 */
local_tv_sec = header->ts.tv_sec;
ltime=localtime(&local_tv_sec);
strftime( timestr, sizeof timestr, "%H:%M:%S", ltime);
printf("%s.%.6d MAC长度:%d \n", timestr, header->ts.tv_usec, header->len);
printf("MAC---* %d *\n",summac);
printf("--- 目MAC(48 bit) %02x:%02x:%02x:%02x:%02x:%02x \n",*dmac_string,*(dmac_string+1),*(dmac_string+2),*(dmac_string+3),*(dmac_string+4),*(dmac_string+5));
printf("--- 源MAC(48 bit) %02x:%02x:%02x:%02x:%02x:%02x \n",*smac_string,*(smac_string+1),*(smac_string+2),*(smac_string+3),*(smac_string+4),*(smac_string+5));
printf("--- 类型(12 bit) ");
//printf("%d,%d,%d ",sizeof(struct iphead),sizeof(struct tcphead),sizeof(struct udphead));
switch(ptype)
{
case ETHERTYPE_ARP:
printf("---ARP(0x%0X) \n",ptype);
printf("--数据部分 \n");
Analyse_ARPPacket(mac_addr1,mac_addr2,data+14);
break;
case ETHERTYPE_IP:
printf("---IP(0x%0X) \n",ptype);
printf("--数据部分 \n");
Analyse_IPPacket(mac_addr1,mac_addr2,data+14);
break;
default:
printf("未知类型数据包 ( 0x%0X) \n",ptype);
printf("--数据部分 \n");
printf("--- ****\n ");
break;
}
printf("-----* \n\n");
}
//---------------------------------------------------------------------
void Analyse_IPPacket(char *sMac,char *dMac,const u_char *data)
{
struct iphead *IPHead;
IPHead=(iphead *)data;
printf("---IP数据报\n");
printf("-------首部\n");
printf("--------- 版本(4 bit) : %d\n",IPHead->ip_version);
printf("--------- 首部长度(4 bit) : %d(*4)\n",IPHead->ip_header_length);
switch(IPHead->ip_tos)
{
case 0:
printf("--------- 分区服务(8 bit) : 正常(默认) 0 \n");break;
case 2:
printf("--------- 分区服务(8 bit) : C-最小代价 2 \n");break;
case 4:
printf("--------- 分区服务(8 bit) : R-最高可靠性 4\n");break;
case 8:
printf("--------- 分区服务(8 bit) : T-最大传输量 8 \n");break;
case 16:
printf("--------- 分区服务(8bit) : 16 D-最小延迟\n");break;
default:
break;
}
printf("--------- 总长度(16 bit) : %d\n",ntohs(IPHead->ip_length));
printf("--------- 标识(16 bit) : %d\n",ntohs(IPHead->ip_id));
printf("--------- 标志(3 bit) : ");//都要换位
if(((ntohs(IPHead->ip_off)>>13)&0x00ff)==2)
printf("不分片-2\n");
else
printf("唯一片\n");
printf("--------- 分片偏移(13 bit): %d(*8)\n",ntohs(IPHead->ip_off)&0x1fff);
printf("--------- 生存时间(8 bit) : %d\n",IPHead->ip_ttl);//ntohs数值变大64---16384
printf("--------- 协议(8 bit) : %d",IPHead->ip_protocol);
switch(IPHead->ip_protocol)
{
case 1:
printf("-ICMP\n"); break;
case 2:
printf("-IGMP\n"); break;
case 6:
printf("-TCP\n"); break;
case 17:
printf("-UDP\n"); break;
default:
break;
}
printf("--------- 校验和(16 bit) : 0x%0x\n",IPHead->ip_checksum);
printf("--------- 源IP(32 bit) : %d.%d.%d.%d \n",IPHead->ip_souce_address.S_un.S_un_b.s_b1,IPHead->ip_souce_address.S_un.S_un_b.s_b2,IPHead->ip_souce_address.S_un.S_un_b.s_b3,IPHead->ip_souce_address.S_un.S_un_b.s_b4);
printf("--------- 目IP(32 bit) : %d.%d.%d.%d \n",IPHead->ip_destination_address.S_un.S_un_b.s_b1,IPHead->ip_destination_address.S_un.S_un_b.s_b2,IPHead->ip_destination_address.S_un.S_un_b.s_b3,IPHead->ip_destination_address.S_un.S_un_b.s_b4);
printf("--------数据部分 \n");
switch(IPHead->ip_protocol)
{
case 1:
Analyse_ICMPPacket(&(IPHead->ip_souce_address),&(IPHead->ip_destination_address),data+20);
break;
case 6:
Analyse_TCPPacket(&(IPHead->ip_souce_address),&(IPHead->ip_destination_address),data+20);
break;
case 17:
Analyse_UDPPacket(&(IPHead->ip_souce_address),&(IPHead->ip_destination_address),data+20);//ip头20字节,指向IP数据首部
break;
default:
break;
}
return;
}
void Analyse_ARPPacket(char *sMac,char *dMac,const u_char *data)
{
struct arphead *ARPHead;
u_char* mac_string;
ARPHead=(arphead *)data;
printf("-----硬件类型(16 bit): ");
if(ntohs(ARPHead->arp_hardware_type)==1)
printf("以太网\n");
else
printf("其他网\n");
printf("-----协议类型(16 bit): 0x%0x IP\n",ARPHead->arp_protocol_type);
printf("-----硬件长度(8 bit): %d\n",ARPHead->arp_hardware_length);
printf("-----协议长度(8 bit): %d\n",ARPHead->arp_protocol_length);
printf("-----操作(16 bit): ");
if(ntohs(ARPHead->arp_operation_code)==1)
printf("请求 (1)\n");
else
printf("回答 (2)\n");
mac_string=ARPHead->arp_source_ethernet_address;
printf("-----发送源IP %d.%d.%d.%d ",ARPHead->arp_source_ip_address[0],ARPHead->arp_source_ip_address[1],ARPHead->arp_source_ip_address[2],ARPHead->arp_source_ip_address[3]);
printf("发送源MAC %02x:%02x:%02x:%02x:%02x:%02x\n",*mac_string,*(mac_string+1),*(mac_string+2),*(mac_string+3),*(mac_string+4),*(mac_string+5));
mac_string=ARPHead->arp_destination_ethernet_address;
printf("-----目IP %d.%d.%d.%d ",ARPHead->arp_destination_ip_address[0],ARPHead->arp_destination_ip_address[1],ARPHead->arp_destination_ip_address[2],ARPHead->arp_destination_ip_address[3]);
printf("目MAC %02x:%02x:%02x:%02x:%02x:%02x\n",*mac_string,*(mac_string+1),*(mac_string+2),*(mac_string+3),*(mac_string+4),*(mac_string+5));
}
//------------------------------------------------------------------------------------
void Analyse_UDPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data)
{
////////////return;
struct udphead *UDFHead;
printf("--------------UDP数据报 \n");
UDFHead=(udphead *)data;
printf("-------------------首部 \n");
printf("--------------------- 源端口(16 bit): %d \n",ntohs(UDFHead->udp_source_port));
printf("--------------------- 目端口(16 bit): %d\n",ntohs(UDFHead->udp_destinanion_port));
printf("--------------------- 总长度(16 bit): %d\n",ntohs(UDFHead->udp_length));
printf("--------------------- 检验和(16 bit): 0x%x\n",ntohs(UDFHead->udp_checksum));
printf("-------------------数据部分 \n");
}
void Analyse_ICMPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data)
{
return;////////////////
struct icmphead *ICMPHead;
ICMPHead=(icmphead *)data;
printf("--------------ICMP报文 \n");
printf("-------------------首部 \n");
switch(ICMPHead->icmp_type)
{
case 0:
printf("--------------------- 类型(8 bit): 0-回送回答\n");break;
case 8:
printf("--------------------- 类型(8 bit): 8-请求回答\n");break;
case 13:
printf("--------------------- 类型(8 bit): 13-时间戳请求\n");break;
case 14:
printf("--------------------- 类型(8 bit): 14-时间戳回答\n");break;
case 17:
printf("--------------------- 类型(8 bit): 17-地址掩码请求\n");break;
case 18:
printf("--------------------- 类型(8 bit): 18-地址掩码回答\n");break;
case 10:
printf("--------------------- 类型(8 bit): 10-路由器询问请求\n");break;
case 9:
printf("--------------------- 类型(8 bit): 9-路由器通告\n");break;
case 4:
printf("--------------------- 类型(8 bit): 4-源点抑制\n");
break;
case 3:
printf("--------------------- 类型(8 bit): 3-终点不可达\n");
break;
case 11:
printf("--------------------- 类型(8 bit): 11-超时\n");
break;
case 12:
printf("--------------------- 类型(8 bit): 12-参数问题\n");
break;
case 5:
printf("--------------------- 类型(8 bit): 5-改变路由\n");
break;
default:
break;
}
printf("--------------------- 代码(8 bit): %d\n",ICMPHead->icmp_code);
printf("--------------------- 校验和(16bit): 0x%x\n",ntohs(ICMPHead->icmp_checksum));
printf("-------------------数据 \n");
//printf("%d \n",ICMPHead->icmp_type);
/* if(ICMPHead->icmp_code==0 && ICMPHead->icmp_type==8)
printf("ping 请求\n");
else if(ICMPHead->icmp_code==0 && ICMPHead->icmp_type==0)
printf("ping 回应\n");
else
printf("未知icmp\n");*/
}
void Analyse_TCPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data)
{
struct tcphead *TCPHead;
TCPHead=(tcphead *)data;
printf("--------------TCP报文段 \n");
printf("-------------------首部 \n");
printf("--------------------- 源端口(16 bit): %d\n",ntohs(TCPHead->th_sport));
printf("--------------------- 目端口(16 bit): %d\n",ntohs(TCPHead->th_dport));
//ultoa(,str,10);
printf("--------------------- 序号(32 bit): 0x%0x\n",ntohs(TCPHead->th_seq));
// ultoa(,str,10);
printf("--------------------- 确认号(32 bit): 0x%0x\n",ntohs(TCPHead->th_ack));
printf("--------------------- 首部长度(4 bit): %d(*4)\n",(char)((TCPHead->th_hlsv>>4)&0x00ff));
printf("--------------------- 保留(6 bit): ***\n");
printf("--------------------- 控制(6 bit): ");
switch(TCPHead->th_flags)
{
case 0x01:
printf("FIN 0x01-终止连接\n");break;
case 0x02:
printf("SYN 0x02-同步序号\n");break;
case 0x04:
printf("PST 0x04-连接复位\n");break;
case 0x08:
printf("PSH 0x08-请求推送\n");break;
case 0x10:
printf("ACK 0x10-确认有效\n");break;
case 0x11:
printf("ACK + FIN 0x11\n");break;
case 0x12:
printf("ACK + SYN 0x12\n");break;
case 0x18:
printf("ACK + PSH 0x18-确认有效\n");break;
case 0x20:
printf("URG 0x20-紧急指针有效\n");break;
default:
printf("0x%0x,%d\n",TCPHead->th_flags,TCPHead->th_flags);//少于8bit补齐16bit换位
break;
}
printf("--------------------- 窗口大小(16 bit): %d\n",ntohs(TCPHead->th_win));
printf("--------------------- 校验和(16 bit): 0x%0x\n",ntohs(TCPHead->th_sum));
printf("--------------------- 紧急指针(16 bit): %d\n",ntohs(TCPHead->th_urp));
printf("-------------------数据部分 \n");
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -