winpcap数据包分析

本文详细介绍了使用WinPCAP库进行数据包捕获的方法,通过调用pcap_open函数,设置参数如设备名称、缓冲区大小、混杂模式等,实现对网络数据包的全面监控和分析。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

使用PCAP_OPENFLAG_PROMISCUOUS必须#define HAVE_REMOTE,否则编译报错。

pcap_open(d->name,65535,PCAP_OPENFLAG_PROMISCUOUS,1000,NULL,errorBuf)


#define HAVE_REMOTE

#include <stdio.h>
#include "pcap.h"
#include <time.h>
#include <string.h>

#pragma comment(lib,"wpcap.lib")
#pragma comment(lib,"Packet.lib")
#pragma comment(lib,"ws2_32.lib")

/*以太网帧头格式结构体 14个字节*/  
typedef struct ether_header{  
    unsigned char ether_dhost[6];  
    unsigned char ether_shost[6];  
    unsigned short ether_type;  
}ETHERHEADER,*PETHERHEADER;  

/*以ARP字段结构体 28个字节*/  
typedef struct arp_header{  
    unsigned short arp_hrd;  
    unsigned short arp_pro;  
    unsigned char arp_hln;  
    unsigned char arp_pln;  
    unsigned short arp_op;  
    unsigned char arp_sourha[6];  
    unsigned long arp_sourpa;  
    unsigned char arp_destha[6];  
    unsigned long arp_destpa;  
}ARPHEADER,*PARPHEADER;  

/*ARP报文结构体 42个字节*/  
typedef struct arp_packet{  
    ETHERHEADER etherHeader;  
    ARPHEADER   arpHeader;  
}ARPPACKET,*PARPPACKET;  

/*IPv4报头结构体 20个字节*/  
typedef struct ipv4_header{
    unsigned char ipv4_hl:4; 
	unsigned char ipv4_ver:4;
    unsigned char ipv4_stype;  
    unsigned short ipv4_plen;  
    unsigned short ipv4_pidentify;  
    unsigned short ipv4_flag_offset;  
    unsigned char ipv4_ttl;  
    unsigned char ipv4_pro;  
    unsigned short ipv4_crc;  
    unsigned long  ipv4_sourpa;  
    unsigned long  ipv4_destpa;  
}IPV4HEADER,*PIPV4HEADER;  
/*  
ipv4_pro字段:  
#define PROTOCOL_ICMP   0x01  
#define PROTOCOL_IGMP   0x02  
#define PROTOCOL_TCP    0x06  
#define PROTOCOL_UDP    0x11  
*/           


/*IPv6报头结构体 40个字节*/  
typedef struct ipv6_header{  
    u_char ipv6_ver_hl;  
    u_char ipv6_priority;  
    u_short ipv6_lable;  
    u_short ipv6_plen;  
    u_char  ipv6_nextheader;  
    u_char  ipv6_limits;  
    u_char ipv6_sourpa[16];  
    u_char ipv6_destpa[16];  
}IPV6HEADER,*PIPV6HEADER;  

/*TCP报头结构体 20个字节*/  
typedef struct tcp_header{  
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值