udpcap

#include "pcap.h"#pragma comment(lib, "wpcap.lib")#pragma comment(lib, "Packet.lib")#pragma comment(lib, "wsock32.lib")/* 4 bytes IP address */typedef struct ip_address{u_char byte1;u_char byte2;u_char byte3;u_char byte4;}ip_address;/* IPv4 header */typedef struct ip_header{u_char ver_ihl; // Version (4 bits) + Internet header length (4 bits)u_char tos; // Type of service u_short tlen; // Total length u_short identification; // Identificationu_short flags_fo; // Flags (3 bits) + Fragment offset (13 bits)u_char ttl; // Time to liveu_char proto; // Protocolu_short crc; // Header checksumip_address saddr; // Source addressip_address daddr; // Destination addressu_int op_pad; // Option + Padding}ip_header;/* UDP header*/typedef struct udp_header{u_short sport; // Source portu_short dport; // Destination portu_short len; // Datagram lengthu_short crc; // Checksum}udp_header;/* prototype of the packet handler */void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data);main(){pcap_if_t *alldevs;pcap_if_t *d;int inum;int i=0;pcap_t *adhandle;char errbuf[PCAP_ERRBUF_SIZE];u_int netmask;char packet_filter[] = "ip and udp";struct bpf_program fcode;/* Retrieve the device list */if(pcap_findalldevs(&alldevs, errbuf) == -1){fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);exit(1);}/* Print the list */for(d=alldevs; d; d=d->next){printf("%d. %s", ++i, d->name);if (d->description)printf(" (%s)\n", d->description);elseprintf(" (No description available)\n");}if(i==0){printf("\nNo interfaces found! Make sure WinPcap is installed.\n");return -1;}printf("Enter the interface number (1-%d):",i);scanf("%d", &inum);/* Check if the user specified a valid adapter */if(inum < 1 || inum > i){printf("\nAdapter number out of range.\n");/* Free the device list */pcap_freealldevs(alldevs);return -1;}/* Jump to the selected adapter */for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);/* Open the adapter */if ((adhandle= pcap_open_live(d->name, // name of the device 65536, // portion of the packet to capture. // 65536 grants that the whole packet will be captured on all the MACs. 1, // promiscuous mode (nonzero means promiscuous) 1000, // read timeout errbuf // error buffer )) == NULL){fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n");/* Free the device list */pcap_freealldevs(alldevs);return -1;}/* Check the link layer. We support only Ethernet for simplicity. */if(pcap_datalink(adhandle) != DLT_EN10MB){fprintf(stderr,"\nThis program works only on Ethernet networks.\n");/* Free the device list */pcap_freealldevs(alldevs);return -1;}if(d->addresses != NULL)/* Retrieve the mask of the first address of the interface */netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;else/* If the interface is without addresses we suppose to be in a C class network */netmask=0xffffff; //compile the filterif (pcap_compile(adhandle, &fcode, packet_filter, 1, netmask) <0 ){fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n");/* Free the device list */pcap_freealldevs(alldevs);return -1;}//set the filterif (pcap_setfilter(adhandle, &fcode)<0 fprintf="" stderr="" nerror="" setting="" the="" filter="" n="" free="" the="" device="" list="" pcap_freealldevs="" alldevs="" return="" -1="" printf="" nlistening="" on="" s="" n="" d-="">description);/* At this point, we don't need any more the device list. Free it */pcap_freealldevs(alldevs);/* start the capture */pcap_loop(adhandle, 0, packet_handler, NULL);return 0;}/* Callback function invoked by libpcap for every incoming packet */void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data){ip_header *ih;udp_header *uh;u_int ip_len;u_short sport,dport;/* retireve the position of the ip header */ih = (ip_header *) (pkt_data +14); //length of ethernet header/* retireve the position of the udp header */ip_len = (ih->ver_ihl & 0xf) * 4;uh = (udp_header *) ((u_char*)ih + ip_len);/* convert from network byte order to host byte order */sport = ntohs( uh->sport );dport = ntohs( uh->dport );/* print ip addresses and udp ports */if (ih->daddr.byte4!=255) { //exclude the broadcast packet/*print the packet length and the time*/printf("Pkt len:%d byte,time: %s",header->len,ctime((const time_t*)&header->ts.tv_sec));/*print the source IP/port and destination IP/port*/printf("%d.%d.%d.%d:%d -> %d.%d.%d.%d:%d\n",ih->saddr.byte1,ih->saddr.byte2,ih->saddr.byte3,ih->saddr.byte4,sport,ih->daddr.byte1,ih->daddr.byte2,ih->daddr.byte3,ih->daddr.byte4,dport);}}