cappack2.cpp

控制台输出的winpcap抓包程序

// CapPack2.cpp : 定义控制台应用程序的入口点。
//

#include "stdafx.h"
#include "pcap.h"  
#include "inc.h"
#include "windows.h"

#pragma comment(lib, "wpcap.lib")
#pragma comment(lib, "ws2_32")

void Analyse_IPPacket(char *sMac,char *dMac,const u_char *data);
void Analyse_ARPPacket(char *sMac,char *dMac,const u_char *data);
void Analyse_UDPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data);
void Analyse_ICMPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data);
void Analyse_TCPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data);
void packet_handler(u_char* packets,const struct pcap_pkthdr * header,const u_char *pp);

HANDLE hFile;

void main()
{
	pcap_if_t *alldevs;
	pcap_if_t *d;
	int inum;
	int i=0;
	pcap_t *adhandle;
	char errbuf[PCAP_ERRBUF_SIZE];
	/* 获取设备列表 */  
	if (pcap_findalldevs(&alldevs, errbuf) == -1)
	{
		fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
		exit(1);
	}
	/* 数据列表 */  
	for(d=alldevs; d; d=d->next)
	{
		printf("%d. %s", ++i, d->name);
		if (d->description)
			printf(" (%s)\n", d->description);
		else
			printf(" (No description available)\n");
	}
	if(i==0)
	{
		printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
		return;  
	}
	printf("Enter the interface number (1-%d):",i);
	scanf("%d", &inum);
	if(inum < 1 || inum > i)
	{
		printf("\n 输入有误.\n");
		pcap_freealldevs(alldevs);
		return;
	}  
	/* 转到选择的设备 */  
	for(d=alldevs, i=0; i< inum-1;d=d->next, i++)
		;  
	/* 打开设备 */  
	if ( (adhandle= pcap_open_live(d->name, //设备名  
		65536, // 捕捉完整的数据包  
		1 , // 混在模式  
		1, // 读入超时  
		errbuf // 错误缓冲  
		) ) == NULL)
	{
		printf("Unable to open the adapter");
		pcap_freealldevs(alldevs);
		return;  
	}
	printf("\nlistening on %s...\n", d->description);
	/* 我们已经不需要设备列表了, 释放它 */
	pcap_freealldevs(alldevs);

	//hFile=CreateFile("C:\\aaa.txt",GENERIC_WRITE,0, NULL,CREATE_ALWAYS,0,NULL);
	
	pcap_loop(adhandle, 0, packet_handler, NULL);


	//CloseHandle(hFile);
	return;
}  

void packet_handler(u_char* packets,const struct pcap_pkthdr *header,const u_char *data)
{
	struct ether_header *eth; //以太网帧报头指针  
	unsigned int ptype; //协议类型变量
	char mac_addr1[19],mac_addr2[19];
	u_char* mac_string;
	DWORD len;
	
	eth=(struct ether_header *)data;
	mac_string=eth->ether_shost;
	sprintf(mac_addr1,"%02x:%02x:%02x:%02x:%02x:%02x",*mac_string,*(mac_string+1),*(mac_string+2),*(mac_string+3),*(mac_string+4),*(mac_string+5));
	mac_string=eth->ether_dhost;
	sprintf(mac_addr2,"%02x:%02x:%02x:%02x:%02x:%02x",*mac_string,*(mac_string+1),*(mac_string+2),*(mac_string+3),*(mac_string+4),*(mac_string+5));
	ptype=ntohs(eth->ether_type);
	switch(ptype)
	{
	case ETHERTYPE_ARP:
		Analyse_ARPPacket(mac_addr1,mac_addr2,data+14);
		break;
	case ETHERTYPE_REVARP: 
		printf("RARP \n");
		break;
	case ETHERTYPE_IP:
		Analyse_IPPacket(mac_addr1,mac_addr2,data+14);
		break;
	case ETHERTYPE_PUP:
		printf("PUP\n");
		break;
	case 0X888E:
		printf("客户端认证:%d\n",header->caplen);
		WriteFile(hFile,(LPCVOID)data,header->caplen,&len,NULL);
		WriteFile(hFile,(LPCVOID)"\r\n",2,&len,NULL);
		break;
	default:
		//printf("未知类型数据包:0x%0X\n",ptype);
		break;
	}

}
//---------------------------------------------------------------------
void Analyse_IPPacket(char *sMac,char *dMac,const u_char *data)
{
	struct iphead *IPHead;

	IPHead=(iphead *)data;
	//printf("%d %d\n",IPHead->ip_header_length,IPHead->ip_version);
	switch(IPHead->ip_protocol)
	{
	case 1:
		Analyse_ICMPPacket(&(IPHead->ip_souce_address),&(IPHead->ip_destination_address),data+20);
		break;
	case 6:
		Analyse_TCPPacket(&(IPHead->ip_souce_address),&(IPHead->ip_destination_address),data+20);
		break;
	case 17:
		Analyse_UDPPacket(&(IPHead->ip_souce_address),&(IPHead->ip_destination_address),data+20);
		break;
	default:
		break;
	}

	return;
}
void Analyse_ARPPacket(char *sMac,char *dMac,const u_char *data)//此函数完成
{
	return;////////////
	struct arphead *ARPHead;
	u_char* mac_string;

	
	ARPHead=(arphead *)data;
	if(ntohs(ARPHead->arp_operation_code)==1)
	{
		printf("ARP请求");
		
		printf("源:%d.%d.%d.%d \t ",ARPHead->arp_source_ip_address[0],ARPHead->arp_source_ip_address[1],ARPHead->arp_source_ip_address[2],ARPHead->arp_source_ip_address[3]);
		mac_string=ARPHead->arp_source_ethernet_address;
		printf("%02x:%02x:%02x:%02x:%02x:%02x \t",*mac_string,*(mac_string+1),*(mac_string+2),*(mac_string+3),*(mac_string+4),*(mac_string+5));
		printf("IP:%d.%d.%d.%d \t ",ARPHead->arp_destination_ip_address[0],ARPHead->arp_destination_ip_address[1],ARPHead->arp_destination_ip_address[2],ARPHead->arp_destination_ip_address[3]);
	}
	else if(ntohs(ARPHead->arp_operation_code)==2)
	{
		printf("ARP 回复");

		printf("源:%d.%d.%d.%d \t ",ARPHead->arp_source_ip_address[0],ARPHead->arp_source_ip_address[1],ARPHead->arp_source_ip_address[2],ARPHead->arp_source_ip_address[3]);
		mac_string=ARPHead->arp_source_ethernet_address;
		printf("%02x:%02x:%02x:%02x:%02x:%02x \n",*mac_string,*(mac_string+1),*(mac_string+2),*(mac_string+3),*(mac_string+4),*(mac_string+5));
		printf("至:%d.%d.%d.%d \t ",ARPHead->arp_destination_ip_address[0],ARPHead->arp_destination_ip_address[1],ARPHead->arp_destination_ip_address[2],ARPHead->arp_destination_ip_address[3]);
		mac_string=ARPHead->arp_destination_ethernet_address;
		printf("%02x:%02x:%02x:%02x:%02x:%02x \n\n",*mac_string,*(mac_string+1),*(mac_string+2),*(mac_string+3),*(mac_string+4),*(mac_string+5));
	
	}
	
}
//------------------------------------------------------------------------------------
void Analyse_UDPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data)
{
	return;////////////
	struct udphead *UDFHead;

	UDFHead=(udphead *)data;
	printf("UDP源:%d.%d.%d.%d :%d \t",sAddr->S_un.S_un_b.s_b1,sAddr->S_un.S_un_b.s_b2,sAddr->S_un.S_un_b.s_b3,sAddr->S_un.S_un_b.s_b4,ntohs(UDFHead->udp_source_port));
	printf("UDP至:%d.%d.%d.%d :%d \n",dAddr->S_un.S_un_b.s_b1,dAddr->S_un.S_un_b.s_b2,dAddr->S_un.S_un_b.s_b3,dAddr->S_un.S_un_b.s_b4,ntohs(UDFHead->udp_destinanion_port));

}
void Analyse_ICMPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data)
{
	return;////////////////
	struct icmphead *ICMPHead;
	
	ICMPHead=(icmphead *)data;
	//printf("%d \n",ICMPHead->icmp_type);
	if(ICMPHead->icmp_code==0 && ICMPHead->icmp_type==8)
		printf("ping 请求\n");
	else if(ICMPHead->icmp_code==0 && ICMPHead->icmp_type==0)
		printf("ping 回应\n");
	else
		printf("未知icmp\n");

}
void Analyse_TCPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data)
{
	struct tcphead *TCPHead;
	TCPHead=(tcphead *)data;
	
	printf("from:%d \tto:%d \t",ntohs(TCPHead->th_sport),ntohs(TCPHead->th_dport));
	printf("window :%d\n\n",TCPHead->th_win);
}