?? cxlcapture.c
字號:
?
#include "pcap.h"
struct ether_header
{
u_int8_t ether_dhost[6];
u_int8_t ether_shost[6];
u_int16_t ether_type;
};
typedef u_int32_t in_addr_t;
struct in_addr
{
in_addr_t s_addr;
};
struct ip_header
{
#ifdef WORDS_BIGENDIAN
u_int8_t ip_version : 4,
ip_header_length : 4;
#else
u_int8_t ip_header_length : 4, ip_version : 4;
#endif
u_int8_t ip_tos_taowenliu;
u_int16_t ip_length;
u_int16_t ip_id;
u_int16_t ip_off;
u_int8_t ip_ttl;
u_int8_t ip_protocol;
u_int16_t ip_checksum;
struct in_addr ip_souce_address;
struct in_addr ip_destination_address;
};
-------------------------------------------------------------------------------------------------------------------
*/
struct tcp_header
{
u_int16_t tcp_source_port;
u_int16_t tcp_destination_port;
u_int32_t tcp_acknowledgement;
u_int32_t tcp_ack;
#ifdef WORDS_BIGENDIAN
u_int8_t tcp_offset : 4,
tcp_reserved : 4;
#else
u_int8_t tcp_reserved : 4,
tcp_offset : 4;
#endif
u_int8_t tcp_flags;
u_int16_t tcp_windows;
u_int16_t tcp_checksum;
u_int16_t tcp_urgent_pointer;
};
void tcp_protocol_packet_callback
(
u_char *argument,
const struct pcap_pkthdr *packet_header,
const u_char *packet_content
)
{
struct tcp_header *tcp_protocol;
u_char flags;
int header_length;
u_short source_port;
u_short destination_port;
u_short windows;
u_short urgent_pointer;
u_int sequence;
u_int acknowledgement;
u_int16_t checksum;
tcp_protocol = (struct tcp_header *) (packet_content + 14 + 20);
source_port = ntohs(tcp_protocol->tcp_source_port);
destination_port = ntohs(tcp_protocol->tcp_destination_port);
header_length = tcp_protocol->tcp_offset * 4;
sequence = ntohl(tcp_protocol->tcp_acknowledgement);
acknowledgement = ntohl(tcp_protocol->tcp_ack);
windows = ntohs(tcp_protocol->tcp_windows);
urgent_pointer = ntohs(tcp_protocol->tcp_urgent_pointer);
flags = tcp_protocol->tcp_flags;
checksum = ntohs(tcp_protocol->tcp_checksum);
printf("------- TCP Protocol (Transport Layer) -------\n");
printf("Source Port:%d\n", source_port);
printf("Destination Port:%d\n", destination_port);
switch(destination_port)
{
case 80: printf("HTTP protocol\n"); break;
case 21: printf("FTP protocol\n"); break;
case 23: printf("TELNET protocol\n"); break;
case 25: printf("SMTP protocol\n"); break;
case 110: printf("POP3 protocol\n"); break;
default: break;
}
}
void ip_protocol_packet_callback
(
u_char *argument,
const struct pcap_pkthdr *packet_header,
const u_char *packet_content
)
{
struct ip_header *ip_protocol;
u_int header_length;
u_int offset;
u_char tos;
u_int16_t checksum;
printf("------- IP Protocol (Network Layer) --------\n");
ip_protocol = (struct ip_header *) (packet_content + 14);
checksum = ntohs(ip_protocol->ip_checksum);
header_length = ip_protocol->ip_header_length * 4;
tos = ip_protocol->ip_tos_taowenliu;
offset = ntohs(ip_protocol->ip_off);
printf("Total length:%d\n", ntohs(ip_protocol->ip_length));
printf("Protocol:%d\n", ip_protocol->ip_protocol);
switch(ip_protocol->ip_protocol)
{
case 6: printf("The Transport Layer Protocol is TCP\n"); break;
case 17: printf("The Transport Layer Protocol is UDP\n"); break;
case 1: printf("The Transport Layer Protocol is ICMP\n"); break;
default: break;
}
printf("Source address:%s\n", inet_ntoa(ip_protocol->ip_souce_address));
printf("Destination address:%s\n", inet_ntoa(ip_protocol->ip_destination_address));
switch(ip_protocol->ip_protocol)
{
case 6: tcp_protocol_packet_callback(argument, packet_header, packet_content); break;
default: break;
}
}
void ethernet_protocol_packet_callback
(
u_char *argument,
const struct pcap_pkthdr *packet_header,
const u_char *packet_content
)
{
u_short ethernet_type;
struct ether_header *ethernet_protocol;
u_char *mac_string;
static int packet_number = 1;
printf("**************************************************\n");
printf("The %d TCP packet is captured.\n", packet_number);
printf("------- Ehternet Protocol (Link Layer) -----\n");
ethernet_protocol = (struct ether_header *) packet_content;
printf("Ethernet type is :");
ethernet_type = ntohs(ethernet_protocol->ether_type);
printf("%04x\n", ethernet_type);
switch(ethernet_type)
{
case 0x0800: printf("The network layer is IP protocol\n"); break;
case 0x0806: printf("The network layer is ARP protocol\n"); break;
case 0x8035: printf("The network layer is RARP protocol\n"); break;
default: break;
}
printf("Mac Source Address is : ");
mac_string = ethernet_protocol->ether_shost;
printf
(
"%02x:%02x:%02x:%02x:%02x:%02x\n",
*mac_string,
*(mac_string + 1),
*(mac_string + 2),
*(mac_string + 3),
*(mac_string + 4),
*(mac_string + 5)
);
printf("Mac Destination Address is : ");
mac_string = ethernet_protocol->ether_dhost;
printf
(
"%02x:%02x:%02x:%02x:%02x:%02x\n",
*mac_string,
*(mac_string + 1),
*(mac_string + 2),
*(mac_string + 3),
*(mac_string + 4),
*(mac_string + 5)
);
switch(ethernet_type)
{
case 0x0800: ip_protocol_packet_callback(argument, packet_header, packet_content); break;
default: break;
}
printf("**************************************************\n");
packet_number++;
}
void main()
{
pcap_t *pcap_handle;
char error_content[PCAP_ERRBUF_SIZE];
char *net_interface;
struct bpf_program bpf_filter;
char bpf_filter_string[] = "ip src host 10.4.16.53";
bpf_u_int32 net_mask;
bpf_u_int32 net_ip;
net_interface = pcap_lookupdev(error_content);
pcap_lookupnet(net_interface, &net_ip, &net_mask, error_content);
pcap_handle = pcap_open_live(net_interface, BUFSIZ, 1, 0, error_content);
pcap_compile(pcap_handle, &bpf_filter, bpf_filter_string, 0, net_ip);
pcap_setfilter(pcap_handle, &bpf_filter);
if(pcap_datalink(pcap_handle) != DLT_EN10MB) return;
pcap_loop(pcap_handle, -1, ethernet_protocol_packet_callback, NULL);
pcap_close(pcap_handle);
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -