winpcap数据包分析

使用PCAP_OPENFLAG_PROMISCUOUS必须#define HAVE_REMOTE,否则编译报错。

pcap_open(d->name,65535,PCAP_OPENFLAG_PROMISCUOUS,1000,NULL,errorBuf)

#define HAVE_REMOTE

#include <stdio.h>
#include "pcap.h"
#include <time.h>
#include <string.h>

#pragma comment(lib,"wpcap.lib")
#pragma comment(lib,"Packet.lib")
#pragma comment(lib,"ws2_32.lib")

/*以太网帧头格式结构体 14个字节*/  
typedef struct ether_header{  
    unsigned char ether_dhost[6];  
    unsigned char ether_shost[6];  
    unsigned short ether_type;  
}ETHERHEADER,*PETHERHEADER;  

/*以ARP字段结构体 28个字节*/  
typedef struct arp_header{  
    unsigned short arp_hrd;  
    unsigned short arp_pro;  
    unsigned char arp_hln;  
    unsigned char arp_pln;  
    unsigned short arp_op;  
    unsigned char arp_sourha[6];  
    unsigned long arp_sourpa;  
    unsigned char arp_destha[6];  
    unsigned long arp_destpa;  
}ARPHEADER,*PARPHEADER;  

/*ARP报文结构体 42个字节*/  
typedef struct arp_packet{  
    ETHERHEADER etherHeader;  
    ARPHEADER   arpHeader;  
}ARPPACKET,*PARPPACKET;  

/*IPv4报头结构体 20个字节*/  
typedef struct ipv4_header{
    unsigned char ipv4_hl:4; 
	unsigned char ipv4_ver:4;
    unsigned char ipv4_stype;  
    unsigned short ipv4_plen;  
    unsigned short ipv4_pidentify;  
    unsigned short ipv4_flag_offset;  
    unsigned char ipv4_ttl;  
    unsigned char ipv4_pro;  
    unsigned short ipv4_crc;  
    unsigned long  ipv4_sourpa;  
    unsigned long  ipv4_destpa;  
}IPV4HEADER,*PIPV4HEADER;  
/*  
ipv4_pro字段：  
＃define PROTOCOL_ICMP   0x01  
＃define PROTOCOL_IGMP   0x02  
＃define PROTOCOL_TCP    0x06  
＃define PROTOCOL_UDP    0x11  
*/           


/*IPv6报头结构体 40个字节*/  
typedef struct ipv6_header{  
    u_char ipv6_ver_hl;  
    u_char ipv6_priority;  
    u_short ipv6_lable;  
    u_short ipv6_plen;  
    u_char  ipv6_nextheader;  
    u_char  ipv6_limits;  
    u_char ipv6_sourpa[16];  
    u_char ipv6_destpa[16];  
}IPV6HEADER,*PIPV6HEADER;  

/*TCP报头结构体 20个字节*/  
typedef struct tcp_header{