📄 parse_fun.c
字号:
#include <pcap.h>
#include <Winsock2.h>
#include "parse_fun.h"
#pragma pack()
char errbuf[PCAP_ERRBUF_SIZE]; //存放错误信息的缓冲区。
char strbuf[2000];
char Cardname[256]; //存放网卡名字
/////////////////////////////////////////////////////////////////////////////
//IP地址换成字符串函数
char *iptos(DWORD in)
{
static char output[3*4+3+1];
BYTE *p;
p = (u_char *)∈
sprintf(output, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
return output;
}
/////////////////////////////////////////////////////////////////////////////
void GetAllDevs()
{
pcap_if_t * alldevs;
pcap_addr_t * addrs;
//打开接口列表
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
printf("pcap_findalldevs错误: %s", errbuf); //错误,返回错误信息
return;
}
//显示接口列表
if(alldevs!= NULL)
{
alldevs=alldevs->next;
addrs=alldevs->addresses;
if(addrs!=NULL)
{
sprintf(Cardname,"%s", alldevs->name);
if(addrs->addr->sa_family==AF_INET)
{
printf("网卡名字:%s\n",alldevs->name);
printf("描述信息:%s\n", alldevs->description);
printf("本机IP: %15s\t\t\n",iptos(((struct sockaddr_in *)addrs->addr)->sin_addr.s_addr));
printf("子网掩码: %15s\n",iptos(((struct sockaddr_in *)addrs->netmask)->sin_addr.s_addr));
printf("广播地址: %15s\n\n",iptos(((struct sockaddr_in *)addrs->broadaddr)->sin_addr.s_addr));
}
}
}
}
////////////////////////////////////////////////////////////////////////////////////////////
//数据包捕获函数
void Capture(char *logfile)
{
pcap_t* adhandle; // 打开网络接口返回的指针。
struct pcap_pkthdr* header; /* pkt_header is the header associated by the
capture driver to the packet-> It is NOT a
protocol header 该参数指向的结构保存捕获的数据包的
一些基本信息*/
const u_char* pkt_data; /* pkt_data points to the data of the packet,
including the protocol headers 数据包内容指针 */
adhandle=pcap_open_live(Cardname,65535,1,1000,errbuf);//Open a generic source in order to capture / send (WinPcap only) traffic
if(adhandle==NULL)
{
printf("打开网络接口出错!\n");
return;
}
else
{
printf("打开网卡: %s成功!\n\n",Cardname);
}
while(1)
{
if(pcap_next_ex(adhandle,&header,&pkt_data)>0)
Datelog(logfile,pkt_data);
}
}
///////////////////////////////////////////////////////////////////////
//分析收到的IP数据包,并且将分析结果写入日志文件。
void Datelog(char *logfile,const u_char* pkt_data)
{
int k=0;
BYTE *p;
FILE *fp; //文件指针
FrameData *pFrDa; //帧结构(内含IP包)
fp=fopen(logfile,"aw+");
pFrDa = (FrameData *)pkt_data;
if(pFrDa->pFrhdr.fhFrameType==0x0008) //IP包
{
k=sprintf(strbuf,"IP包版本: %i\t\t\t\n",pFrDa->pIphdr.Ver_Hlen>>4);
k+=sprintf(strbuf+k,"IP头长度: %i bytes\t\t\n",(pFrDa->pIphdr.Ver_Hlen&0x0f)*4);
k+=sprintf(strbuf+k,"服务类型: 0x%02x\n",pFrDa->pIphdr.TOS);
k+=sprintf(strbuf+k,"数据包总长度: 0x%04x\t\t\n",ntohs(pFrDa->pIphdr.TatalLen));
k+=sprintf(strbuf+k,"数据包标识: 0x%04x \n",ntohs(pFrDa->pIphdr.ID));
k+=sprintf(strbuf+k,"分片标识: 0x%02x\t\t\t\n", pFrDa->pIphdr.Flag_Segment>>13);
k+=sprintf(strbuf+k,"分段偏移值: 0x%04x \n",ntohs(pFrDa->pIphdr.Flag_Segment&0x0fff));
k+=sprintf(strbuf+k,"生存时间:0x%02x\t\t\t\n",pFrDa->pIphdr.TTL);
k+=sprintf(strbuf+k,"上层协议类型:0x%02x \n",pFrDa->pIphdr.Protocol);
k+=sprintf(strbuf+k,"头校验和:0x%02x%02x\n",ntohs(pFrDa->pIphdr.Checksum));
//显示包中IP信息
k+=sprintf(strbuf+k,"源IP地址: %15s\n",iptos(pFrDa->pIphdr.SrcIP));
k+=sprintf(strbuf+k,"目标IP地址: %s\n",iptos(pFrDa->pIphdr.DstIP));
//显示包中MAC地址和帧类型
p = (u_char *)pFrDa->pFrhdr.fhSrcMAC;
k+=sprintf(strbuf+k,"源MAC地址:%02x:%02x:%02x:%02x:%02x:%02x\n", p[0], p[1], p[2], p[3], p[4], p[5]);
p = (u_char *)pFrDa->pFrhdr.fhDesMAC;
k+=sprintf(strbuf+k,"目标MAC地址:%02x:%02x:%02x:%02x:%02x:%02x\n", p[0], p[1], p[2], p[3], p[4], p[5]);
k+=sprintf(strbuf+k,"帧类型:%04x\n",ntohs(pFrDa->pFrhdr.fhFrameType));
k+=sprintf(strbuf+k,"--------------------------------------------------------------------------\n");
printf("%s",strbuf);
fwrite(strbuf,strlen(strbuf),1,fp);
}
fclose(fp);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -