Winpcap示例,Libpcap示例

最新推荐文章于 2024-01-19 22:10:00 发布

最新推荐文章于 2024-01-19 22:10:00 发布 · 112 阅读

本文介绍了一个能够在WinPcap和Libpcap之间通用的抓包程序示例。该示例提供了详细的注释，帮助读者理解如何解析以太网头部、IP头部及TCP头部等关键信息，并通过条件判断筛选特定的数据包。

换下头文件就可以在winpcap和libpcap之间通用了，且有详细注释

#include <stdio.h>

#include <string.h>

#include <pcap.h>

#include <winsock.h>

struct ether_header

{

u_int8_t ether_dhost[6];

u_int8_t ether_shost[6];

u_int16_t ether_type;

};

struct my_ip

{

u_int8_t ip_vhl;/* header length, version */

#define IP_V(ip) (((ip)->ip_vhl & 0xf0) >> 4)

#define IP_HL(ip) ((ip)->ip_vhl & 0x0f)

u_int8_t ip_tos;/* type of service */

u_int16_t ip_len;/* total length */

u_int16_t ip_id;/* identification */

u_int16_t ip_off;/* fragment offset field */

#define IP_DF 0x4000/* dont fragment flag */

#define IP_MF 0x2000/* more fragments flag */

#define IP_OFFMASK 0x1fff/* mask for fragmenting bits */

u_int8_t ip_ttl;/* time to live */

u_int8_t ip_p;/* protocol */

u_int16_t ip_sum;/* checksum */

struct in_addr ip_src,ip_dst;/* source and dest address */

};

struct tcphdr

{

u_int16_t source;

u_int16_t dest;

u_int32_t tcp_sequence_num;

u_int32_t ack_seq;

#ifdef WORDS_BIGENDIAN

u_int8_t tcp_offset:4,tcp_offset:4;

#else

u_int8_t tcp_reserved:4,tcp_offset:4;

#endif

u_int8_t tcp_flags;

u_int16_t tcp_windows;

u_int16_t tcp_checksum;

u_int16_t tcp_urent_pointer;

};

void work(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet)

{

const struct my_ip* ip;

u_int length = pkthdr->len;

u_int hlen,off,version;

struct tcphdr *tcpptr;

char buf[25];

u_int len;

/* jump pass the ethernet header */

ip = (struct my_ip*)(packet + sizeof(struct ether_header));

length -= sizeof(struct ether_header);

/* check to see we have a packet of valid length */

if (length < sizeof(struct my_ip))

{

printf("truncated ip %d",length);

}

len = ntohs(ip->ip_len);

hlen = IP_HL(ip); /* header length */

version = IP_V(ip);/* ip version */

/* check version */

if(version != 4)

{

fprintf(stdout,"Unknown version %d/n",version);

}

if(hlen < 5 )

{

fprintf(stdout,"bad-hlen %d /n",hlen);

}

/* see if we have as much packet as we should */

if(length < len)

printf("/ntruncated IP - %d bytes missing/n",len - length);

/* Check to see if we have the first fragment */

off = ntohs(ip->ip_off);

tcpptr = (struct tcphdr*)(packet+sizeof(struct ether_header)+sizeof(struct my_ip));

if((off& 0x1fff) == 0 && strstr(inet_ntoa(ip->ip_src),"192.168.13.")==NULL)/* aka no 1's in first 13 bits */

{/* print SOURCE DESTINATION hlen version len offset */

//strftime(buf,24,"%Y-%m-%d %H:%M:%S",localtime(&(pkthdr->ts.tv_sec)));

fprintf(stdout,"IP: ",buf);

fprintf(stdout,"%s ",

inet_ntoa(ip->ip_src));

fprintf(stdout,"%s %d %d %d %d %d",

inet_ntoa(ip->ip_dst),

hlen,version,len,off,ip->ip_p);

fprintf(stdout," %d %d/n",ntohs(tcpptr->source),ntohs(tcpptr->dest));

}

int main(void)

{

char *dev;

char errbuf[PCAP_ERRBUF_SIZE];

pcap_if_t *alldevs;

struct in_addr addr;

pcap_t* descr;

struct bpf_program fp; /* hold compiled program */

bpf_u_int32 maskp; /* subnet mask */

bpf_u_int32 netp; /* ip */

pcap_findalldevs(&alldevs, errbuf);

dev=alldevs->next->next->name;

printf("%s/n",dev);

pcap_lookupnet(dev,&netp,&maskp,errbuf);

addr.s_addr=netp;

printf("%s/n",inet_ntoa(addr));

descr = pcap_open_live(dev,BUFSIZ,0,-1,errbuf);

pcap_compile(descr,&fp,"ip and dst host 192.168.13.177 and port 80",0,netp);

pcap_setfilter(descr,&fp);

pcap_loop(descr,-1,work,NULL);

}