📄 mainfrm.cpp
字号:
this->isAddrA=dlgFlt.m_checkA;
this->isAddrB=dlgFlt.m_checkB;
if(this->isAddrA)
this->addrA=dlgFlt.ipA;
if(this->isAddrB)
this->addrB=dlgFlt.ipB;
this->dirmode=dlgFlt.m_dirmode;
for(i=0;i<TYPE_COUNT;i++)
this->filtertype[i]=dlgFlt.type[i];
}
}
BOOL CMainFrame::Filter(const unsigned char *pkt_data)
{
unsigned char *pos=(unsigned char *)pkt_data;
int type;
int protocol;
int srcaddr;
int destaddr;
pos+=12;
type=(*pos)*0x100+(*(pos+1));//获取Mac层帧所载的报文类型
if(type==0x0806){//ARP
if(this->filtertype[TYPE_ARP]==FALSE)
return FALSE;
else
return TRUE;
}
if(type==0x8035){//RARP
if(this->filtertype[TYPE_RARP]==FALSE)
return FALSE;
else
return TRUE;
}
if(type==0x0800){//IP
pos=(unsigned char *)pkt_data;
pos+=14+9;
protocol=(*pos);//获取IP包所提供的传输层协议
if(this->filtertype[TYPE_TCP]==FALSE && protocol==6)//对报文类型进行判断
return FALSE;
if(this->filtertype[TYPE_UDP]==FALSE && protocol==17)//对报文类型进行判断
return FALSE;
if(this->filtertype[TYPE_ICMP]==FALSE && protocol==1)//对报文类型进行判断
return FALSE;
if(this->filtertype[TYPE_OSPF]==FALSE && protocol==89)//对报文类型进行判断
return FALSE;
//获取源目的地址
pos=(unsigned char *)pkt_data;
pos+=14+12;
srcaddr=(*pos)*0x1000000+(*(pos+1))*0x10000+(*(pos+2))*0x100+(*(pos+3));
pos+=4;
destaddr=(*pos)*0x1000000+(*(pos+1))*0x10000+(*(pos+2))*0x100+(*(pos+3));
switch(this->dirmode){//按传输方向分类筛选
case DIR_AB:
if(this->isAddrA && srcaddr!=this->addrA)//对地址进行判断
return FALSE;
if(this->isAddrB && destaddr!=this->addrB)//对地址进行判断
return FALSE;
else
return TRUE;
break;
case DIR_BA:
if(this->isAddrB && srcaddr!=this->addrB)//对地址进行判断
return FALSE;
if(this->isAddrA && destaddr!=this->addrA)//对地址进行判断
return FALSE;
else
return TRUE;
break;
case DIR_BOTH:
if(this->isAddrA && srcaddr!=this->addrA && destaddr!=this->addrA)//对地址进行判断
return FALSE;
if(this->isAddrB && srcaddr!=this->addrB && destaddr!=this->addrB)//对地址进行判断
return FALSE;
else
return TRUE;
break;
}
}//IP
return FALSE;//其余包都过滤掉
}
void CMainFrame::OnClose()
{
// TODO: Add your message handler code here and/or call default
for(int i=0;i<this->mulPackView->pkt_headers.GetSize();i++){//关闭时释放所以抓到的包
delete (struct pacp_pkthdr*)this->mulPackView->pkt_headers.GetAt(i);
delete[] (unsigned char *)this->mulPackView->pkt_datas.GetAt(i);
}
this->mulPackView->pkt_headers.RemoveAll();
this->mulPackView->pkt_datas.RemoveAll();
CFrameWnd::OnClose();
}
void CMainFrame::OnFileReassembly()
{
// TODO: Add your command handler code here
IPGram *tempip,*ip;
TCPGram *temptcp,*tcp;
Founder founder;
int count=this->mulPackView->pkt_datas.GetSize();
int index=this->mulPackView->index;
int i;
//int type;
//unsigned char *pos;
char type[5];
if(count<=0)//没有包被捕获
return;
this->mulPackView->GetListCtrl().GetItemText(index,5,type,5);
if(strcmp(type,"TCP")!=0){
MessageBox("请选择TCP报文!");
return;
}
if(MessageBox("TCP重组后,各报文头信息将不被显示,并且对于重组后大于100K的报文,为节省内存将不予显示内容,但可以用Save As 将其保存至文件.是否继续?",NULL,MB_OKCANCEL)==IDCANCEL)
return;
this->mulPackView->GetListCtrl().DeleteColumn(6);
this->mulPackView->GetListCtrl().InsertColumn(6," ",LVCFMT_LEFT,100);
//为所选中的报文生IP和TCP包
ip=new IPGram(this->mulPackView->pkt_datas.GetAt(index)+14,this->mulPackView->pkt_headers.GetAt(index)->len-14);
tcp=new TCPGram(ip->data,ip->datalen);
founders.RemoveAll();
int tcptotallen=0;
for(i=0;i<count;i++){//对收到包的队列进行查找,找出需要的包
if(*(this->mulPackView->pkt_datas.GetAt(i)+23)==6){//指向protocol字段,为6表示TCP
tempip=new IPGram(this->mulPackView->pkt_datas.GetAt(i)+14,this->mulPackView->pkt_headers.GetAt(i)->len-14);//对每个TCP包生成对象,进行筛选
temptcp=new TCPGram(tempip->data,tempip->datalen);
if(tempip->srcaddr==ip->srcaddr && tempip->destaddr==ip->destaddr
&& temptcp->srcport==tcp->srcport && temptcp->destport==tcp->destport
&& temptcp->datalen>0){//源目的地址相同,源目的端口相同,数据不为空
//为每个需要的包生成一个定位器,指出这个包在队列中的位置,tcp数据离开首址的偏移量,和tcp数据长度
founder.index=i;
founder.start=14+tempip->IHL*4+temptcp->headlen*4;
founder.len=temptcp->datalen;
founders.Add(founder);//加入定位器队列
tcptotallen+=temptcp->datalen;//tcp总数据长度递增
delete tempip;//释放内存
delete temptcp;//释放内存
this->mulPackView->GetListCtrl().SetItemText(i,6,"Reassemblied");//将被组装的包进行标识
}
else{
delete temptcp;//释放内存
delete tempip;//释放内存
}
}//TCP
}
delete tcp;//释放内存
delete ip;//释放内存
if(tcptotallen<=102400)//总长小于100K才显示,发消息给CStcView,令其显示
::PostMessage(*this->stcView,WM_MESSAGE_PACKET_REASSEMBLY,0,0);
}
void CMainFrame::OnUpdateFileReassembly(CCmdUI* pCmdUI)
{
// TODO: Add your command update UI handler code here
if(this->isStart){//如果开始抓包,则disable重组功能
pCmdUI->Enable(FALSE);
}
else
pCmdUI->Enable(TRUE);
}
void CMainFrame::OnFileDown()
{
// TODO: Add your command handler code here
}
void CMainFrame::OnUpdateFileDown(CCmdUI* pCmdUI)
{
// TODO: Add your command update UI handler code here
}
void CMainFrame::OnUpdateOptAdpater(CCmdUI* pCmdUI)
{
// TODO: Add your command update UI handler code here
if(this->isStart){//如果开始抓包,则disable网卡选项功能
pCmdUI->Enable(FALSE);
}
else
pCmdUI->Enable(TRUE);
}
void CMainFrame::OnUpdateOptFilter(CCmdUI* pCmdUI)
{
// TODO: Add your command update UI handler code here
if(this->isStart){//如果开始抓包,则disable过滤选项功能
pCmdUI->Enable(FALSE);
}
else
pCmdUI->Enable(TRUE);
}
void CMainFrame::OnFileAdvance()//处理TCP报文的乱序和重复
{
// TODO: Add your command handler code here
if(MessageBox("高阶重组会占用比较多的时间和内存,并且对于重组后大于100K的报文,\n为节省内存将不予显示内容,但可以用Save As 将其保存至文件.是否继续?",NULL,MB_OKCANCEL)==IDCANCEL)
return;
IPGram *tempip,*ip;
TCPGram *temptcp,*tcp;
Founder founder;
list<Founder> founderlist;
int count=this->mulPackView->pkt_datas.GetSize();
int index=this->mulPackView->index;
int i;
char type[5];
if(count<=0)//没有包被捕获
return;
this->mulPackView->GetListCtrl().GetItemText(index,5,type,5);
if(strcmp(type,"TCP")!=0){//没有选TCP
MessageBox("请选择TCP报文!");
return;
}
//清空上次
founders.RemoveAll();
int tcptotallen=0;
this->mulPackView->GetListCtrl().DeleteColumn(6);
this->mulPackView->GetListCtrl().InsertColumn(6," ",LVCFMT_LEFT,100);
//为所选中的报文生IP和TCP包
ip=new IPGram(this->mulPackView->pkt_datas.GetAt(index)+14,this->mulPackView->pkt_headers.GetAt(index)->len-14);
tcp=new TCPGram(ip->data,ip->datalen);
for(i=0;i<count;i++){//对收到包的队列进行查找,找出需要的包
if(*(this->mulPackView->pkt_datas.GetAt(i)+23)==6){//指向protocol字段,为6表示TCP
tempip=new IPGram(this->mulPackView->pkt_datas.GetAt(i)+14,this->mulPackView->pkt_headers.GetAt(i)->len-14);//对每个TCP包生成对象,进行筛选
temptcp=new TCPGram(tempip->data,tempip->datalen);
if(tempip->srcaddr==ip->srcaddr && tempip->destaddr==ip->destaddr
&& temptcp->srcport==tcp->srcport && temptcp->destport==tcp->destport
&& temptcp->datalen>0){//源目的地址相同,源目的端口相同,数据不为空
//为每个需要的包生成一个定位器,指出这个包在队列中的位置,tcp数据离开首址的偏移量,和tcp数据长度
founder.index=i;
founder.start=14+tempip->IHL*4+temptcp->headlen*4;
founder.len=temptcp->datalen;
//founders.Add(founder);//加入定位器队列
founderlist.push_back(founder);//加入定位器列表
tcptotallen+=temptcp->datalen;//tcp总数据长度递增
delete tempip;//释放内存
delete temptcp;//释放内存
this->mulPackView->GetListCtrl().SetItemText(i,6,"Reassemblied");//将被组装的包进行标识
}
else{
delete temptcp;//释放内存
delete tempip;//释放内存
}
}//TCP
}
delete tcp;//释放内存
delete ip;//释放内存
//进行整理TCP包
list<Founder>::iterator it,temp;//迭代算子
founderlist.sort();//对TCP进行排序,避免乱序的TCP造成错误
it=founderlist.begin();
while(it!=founderlist.end()){//消除重复TCP报文
temp=it;
it++;
if(temp==it){//顺序号相同认为是重复包
founderlist.erase(temp);
}
}
it=founderlist.begin();//将整理好的TCP包放进队列,以备显示和输出到文件
while(it!=founderlist.end()){
Founder founder;
founder.index=it->index;
founder.seq=it->seq;
founder.start=it->start;
founder.len=it->len;
founders.Add(founder);
it++;
}
founderlist.clear();//清空列表
if(tcptotallen<=102400)//总长小于100K才显示,发消息给CStcView,令其显示
::PostMessage(*this->stcView,WM_MESSAGE_PACKET_REASSEMBLY,0,0);
}
void CMainFrame::OnUpdateFileAdvance(CCmdUI* pCmdUI)
{
// TODO: Add your command update UI handler code here
if(this->isStart){//如果开始抓包,则disable高阶重组功能
pCmdUI->Enable(FALSE);
}
else
pCmdUI->Enable(TRUE);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -