⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 cappack.cpp

📁 控制台输出的winpcap抓包程序
💻 CPP
字号:
🔍 
//#include "stdafx.h"

#include "pcap.h"  
#include "inc.h"
//#include "windows.h"

#pragma comment(lib, "wpcap.lib")
#pragma comment(lib, "ws2_32")

void Analyse_IPPacket(char *sMac,char *dMac,const u_char *data);
void Analyse_TCPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data);
void packet_handler(u_char* packets,const struct pcap_pkthdr * header,const u_char *pp);

HANDLE hFile;

void main()
{
	pcap_if_t *alldevs;
	pcap_if_t *d;
	int inum;
	int i = 0;
	pcap_t *adhandle;
	char errbuf[PCAP_ERRBUF_SIZE];
	/* 获取设备列表 */  
	if (pcap_findalldevs(&alldevs, errbuf) == -1)
	{
		fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
		exit(1);
	}
	/* 数据列表 */  
	for(d = alldevs; d; d = d->next)
	{
		printf("%d. %s", ++i, d->name);
		if (d->description)
			printf(" (%s)\n", d->description);
		else
			printf(" (No description available)\n");
	}
	if(i==0)
	{
		printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
		return;  
	}
	printf("Enter the interface number (1-%d):",i);
	scanf("%d", &inum);
	if(inum < 1 || inum > i)
	{
		printf("\n 输入有误.\n");
		pcap_freealldevs(alldevs);
		return;
	}  
	/* 转到选择的设备 */  
	for(d = alldevs, i = 0; i < inum - 1;d = d->next, i++)
		;  
	/* 打开设备 */  
	if ( (adhandle = pcap_open_live(d->name, //设备名  
		65536, // 捕捉完整的数据包  
		1 , // 混在模式  
		1, // 读入超时  
		errbuf // 错误缓冲  
		) ) == NULL)
	{
		printf("Unable to open the adapter");
		pcap_freealldevs(alldevs);
		return;  
	}
	printf("\nlistening on %s...\n", d->description);
	/* 我们已经不需要设备列表了, 释放它 */
	pcap_freealldevs(alldevs);

	//hFile=CreateFile("C:\\aaa.txt",GENERIC_WRITE,0, NULL,CREATE_ALWAYS,0,NULL);
	
	pcap_loop(adhandle, 0, packet_handler, NULL);


	//CloseHandle(hFile);
	return;
}  

void packet_handler(u_char* packets, const struct pcap_pkthdr *header, const u_char *data)
{
	ether_header *eth; //以太网帧报头指针  
	unsigned int ptype; //协议类型变量
	char mac_addr1[19], mac_addr2[19];
	u_char* mac_string;
	DWORD len;
	
	eth = (struct ether_header *)data;
	mac_string = eth->ether_shost;
	sprintf(mac_addr1, "%02x:%02x:%02x:%02x:%02x:%02x", 
        *mac_string,
        *(mac_string + 1),
        *(mac_string + 2),
        *(mac_string + 3),
        *(mac_string + 4),
        *(mac_string + 5));
	mac_string = eth->ether_dhost;
	sprintf(mac_addr2, "%02x:%02x:%02x:%02x:%02x:%02x",
        *mac_string,
        *(mac_string + 1),
        *(mac_string + 2),
        *(mac_string + 3),
        *(mac_string + 4),
        *(mac_string + 5));
	ptype = ntohs(eth->ether_type);
	if(ETHERTYPE_IP == ptype)
	{
		Analyse_IPPacket(mac_addr1, mac_addr2, data+14);
    }
    else if(0X888E == ptype)
	{
		printf("客户端认证:%d\n", header->caplen);
		WriteFile(hFile, (LPCVOID)data, header->caplen, &len, NULL);
		WriteFile(hFile, (LPCVOID)"\r\n", 2, &len, NULL);
	}

}
//---------------------------------------------------------------------
void Analyse_IPPacket(char *sMac,char *dMac,const u_char *data)
{
    iphead *IPHead;
    char AnalyseStr[1024];
    char temp[1024];
    IPHead=(iphead *)data;
	printf("\n");
    strcpy(AnalyseStr, "IP包\r\n");
    strcat(AnalyseStr, "---------------------\r\n");

    sprintf(temp, "IP头长:%d BYTE\r\n", (IPHead->ip_header_length&0x0F)*4);
    printf(temp);
    strcat(AnalyseStr, temp);
    sprintf(temp, "IP版本号:%d\r\n", (IPHead->ip_header_length&0xF0)/16);
    printf(temp);
    strcat(AnalyseStr, temp);
    sprintf(temp, "IP服务类型:%d\r\n", ntohs(IPHead->ip_tos));
    printf(temp);
    strcat(AnalyseStr, temp);
    sprintf(temp, "IP包总长度:%d\r\n", ntohs(IPHead->ip_length));
    printf(temp);
    strcat(AnalyseStr, temp);
    sprintf(temp, "IP包标识:%d\r\n", ntohs(IPHead->ip_id));
    printf(temp);
    strcat(AnalyseStr, temp);
    sprintf(temp, "IP包分片标志(DF):%ld\r\n", (ntohs(IPHead->ip_off) & 0X4000) >> 14);
    printf(temp);
    strcat(AnalyseStr, temp);
    sprintf(temp, "IP包分片标志(MF):%ld\r\n", (ntohs(IPHead->ip_off) & 0X2000) >> 13);
    printf(temp);
    strcat(AnalyseStr, temp);
    sprintf(temp, "IP包分片偏移:%ld BYTE\r\n", 8 * (ntohs(IPHead->ip_off) & 0X1FFF));
    printf(temp);
    strcat(AnalyseStr, temp);
    sprintf(temp, "IP包生存时间:%d\r\n", (IPHead->ip_ttl));
    printf(temp);
    strcat(AnalyseStr, temp);
    sprintf(temp, "IP包检验和:%0X\r\n", ntohs(IPHead->ip_checksum));
    printf(temp);
    strcat(AnalyseStr, temp);
    sprintf(temp, "IP包源IP:%d.%d.%d.%d\r\n", 
        IPHead->ip_souce_address.S_un.S_un_b.s_b1,
        IPHead->ip_souce_address.S_un.S_un_b.s_b2,
        IPHead->ip_souce_address.S_un.S_un_b.s_b3,
        IPHead->ip_souce_address.S_un.S_un_b.s_b4);
    printf(temp);
    strcat(AnalyseStr, temp);
    sprintf(temp, "IP包目的IP:%d.%d.%d.%d\r\n", 
        IPHead->ip_destination_address.S_un.S_un_b.s_b1,
        IPHead->ip_destination_address.S_un.S_un_b.s_b2,
        IPHead->ip_destination_address.S_un.S_un_b.s_b3,
        IPHead->ip_destination_address.S_un.S_un_b.s_b4);
    printf(temp);
    strcat(AnalyseStr, temp);
    if( 6 == IPHead->ip_protocol)
    {
        Analyse_TCPPacket(&(IPHead->ip_souce_address), &(IPHead->ip_destination_address), data + 20);
    }
    return;
}

//------------------------------------------------------------------------------------
void Analyse_TCPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data)
{
	struct tcphead *TCPHead;
	TCPHead=(tcphead *)(data);
	
	printf("TCP:从源端口:%d \t到目的端口:%d \r\n",ntohs(TCPHead->th_sport),ntohs(TCPHead->th_dport));
	printf("TCP:序号sequence number: %u\r\n", (TCPHead->th_seq));
	printf("TCP:确认号acknowledgement number: %u\r\n", (TCPHead->th_ack));
	printf("TCP:首部长度data offset: %d\r\n", TCPHead->th_off&0x0F);
	printf("TCP:URG: %d\r\nACK: %d\r\nPSH: %d\r\nRST: %d\r\nSYN: %d\r\nFIN: %d\r\n",
        TCPHead->th_flags & TH_URG,
        TCPHead->th_flags & TH_ACK,
        TCPHead->th_flags & TH_PUSH,
        TCPHead->th_flags & TH_RST,
        TCPHead->th_flags & TH_SYN,
        TCPHead->th_flags & TH_FIN);
    printf("窗口大小window: %d\r\n", TCPHead->th_win);
    printf("校验和checksum: %d\r\n", TCPHead->th_sum);
    printf("紧急指针urgent pointer: %d\r\n", TCPHead->th_urp);
}

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -