?? cappack.cpp
字號(hào):
//#include "stdafx.h"
#include "pcap.h"
#include "inc.h"
//#include "windows.h"
#pragma comment(lib, "wpcap.lib")
#pragma comment(lib, "ws2_32")
void Analyse_IPPacket(char *sMac,char *dMac,const u_char *data);
void Analyse_TCPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data);
void packet_handler(u_char* packets,const struct pcap_pkthdr * header,const u_char *pp);
HANDLE hFile;
void main()
{
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i = 0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
/* 獲取設(shè)備列表 */
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
/* 數(shù)據(jù)列表 */
for(d = alldevs; d; d = d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if(i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return;
}
printf("Enter the interface number (1-%d):",i);
scanf("%d", &inum);
if(inum < 1 || inum > i)
{
printf("\n 輸入有誤.\n");
pcap_freealldevs(alldevs);
return;
}
/* 轉(zhuǎn)到選擇的設(shè)備 */
for(d = alldevs, i = 0; i < inum - 1;d = d->next, i++)
;
/* 打開(kāi)設(shè)備 */
if ( (adhandle = pcap_open_live(d->name, //設(shè)備名
65536, // 捕捉完整的數(shù)據(jù)包
1 , // 混在模式
1, // 讀入超時(shí)
errbuf // 錯(cuò)誤緩沖
) ) == NULL)
{
printf("Unable to open the adapter");
pcap_freealldevs(alldevs);
return;
}
printf("\nlistening on %s...\n", d->description);
/* 我們已經(jīng)不需要設(shè)備列表了, 釋放它 */
pcap_freealldevs(alldevs);
//hFile=CreateFile("C:\\aaa.txt",GENERIC_WRITE,0, NULL,CREATE_ALWAYS,0,NULL);
pcap_loop(adhandle, 0, packet_handler, NULL);
//CloseHandle(hFile);
return;
}
void packet_handler(u_char* packets, const struct pcap_pkthdr *header, const u_char *data)
{
ether_header *eth; //以太網(wǎng)幀報(bào)頭指針
unsigned int ptype; //協(xié)議類型變量
char mac_addr1[19], mac_addr2[19];
u_char* mac_string;
DWORD len;
eth = (struct ether_header *)data;
mac_string = eth->ether_shost;
sprintf(mac_addr1, "%02x:%02x:%02x:%02x:%02x:%02x",
*mac_string,
*(mac_string + 1),
*(mac_string + 2),
*(mac_string + 3),
*(mac_string + 4),
*(mac_string + 5));
mac_string = eth->ether_dhost;
sprintf(mac_addr2, "%02x:%02x:%02x:%02x:%02x:%02x",
*mac_string,
*(mac_string + 1),
*(mac_string + 2),
*(mac_string + 3),
*(mac_string + 4),
*(mac_string + 5));
ptype = ntohs(eth->ether_type);
if(ETHERTYPE_IP == ptype)
{
Analyse_IPPacket(mac_addr1, mac_addr2, data+14);
}
else if(0X888E == ptype)
{
printf("客戶端認(rèn)證:%d\n", header->caplen);
WriteFile(hFile, (LPCVOID)data, header->caplen, &len, NULL);
WriteFile(hFile, (LPCVOID)"\r\n", 2, &len, NULL);
}
}
//---------------------------------------------------------------------
void Analyse_IPPacket(char *sMac,char *dMac,const u_char *data)
{
iphead *IPHead;
char AnalyseStr[1024];
char temp[1024];
IPHead=(iphead *)data;
printf("\n");
strcpy(AnalyseStr, "IP包\r\n");
strcat(AnalyseStr, "---------------------\r\n");
sprintf(temp, "IP頭長(zhǎng):%d BYTE\r\n", (IPHead->ip_header_length&0x0F)*4);
printf(temp);
strcat(AnalyseStr, temp);
sprintf(temp, "IP版本號(hào):%d\r\n", (IPHead->ip_header_length&0xF0)/16);
printf(temp);
strcat(AnalyseStr, temp);
sprintf(temp, "IP服務(wù)類型:%d\r\n", ntohs(IPHead->ip_tos));
printf(temp);
strcat(AnalyseStr, temp);
sprintf(temp, "IP包總長(zhǎng)度:%d\r\n", ntohs(IPHead->ip_length));
printf(temp);
strcat(AnalyseStr, temp);
sprintf(temp, "IP包標(biāo)識(shí):%d\r\n", ntohs(IPHead->ip_id));
printf(temp);
strcat(AnalyseStr, temp);
sprintf(temp, "IP包分片標(biāo)志(DF):%ld\r\n", (ntohs(IPHead->ip_off) & 0X4000) >> 14);
printf(temp);
strcat(AnalyseStr, temp);
sprintf(temp, "IP包分片標(biāo)志(MF):%ld\r\n", (ntohs(IPHead->ip_off) & 0X2000) >> 13);
printf(temp);
strcat(AnalyseStr, temp);
sprintf(temp, "IP包分片偏移:%ld BYTE\r\n", 8 * (ntohs(IPHead->ip_off) & 0X1FFF));
printf(temp);
strcat(AnalyseStr, temp);
sprintf(temp, "IP包生存時(shí)間:%d\r\n", (IPHead->ip_ttl));
printf(temp);
strcat(AnalyseStr, temp);
sprintf(temp, "IP包檢驗(yàn)和:%0X\r\n", ntohs(IPHead->ip_checksum));
printf(temp);
strcat(AnalyseStr, temp);
sprintf(temp, "IP包源IP:%d.%d.%d.%d\r\n",
IPHead->ip_souce_address.S_un.S_un_b.s_b1,
IPHead->ip_souce_address.S_un.S_un_b.s_b2,
IPHead->ip_souce_address.S_un.S_un_b.s_b3,
IPHead->ip_souce_address.S_un.S_un_b.s_b4);
printf(temp);
strcat(AnalyseStr, temp);
sprintf(temp, "IP包目的IP:%d.%d.%d.%d\r\n",
IPHead->ip_destination_address.S_un.S_un_b.s_b1,
IPHead->ip_destination_address.S_un.S_un_b.s_b2,
IPHead->ip_destination_address.S_un.S_un_b.s_b3,
IPHead->ip_destination_address.S_un.S_un_b.s_b4);
printf(temp);
strcat(AnalyseStr, temp);
if( 6 == IPHead->ip_protocol)
{
Analyse_TCPPacket(&(IPHead->ip_souce_address), &(IPHead->ip_destination_address), data + 20);
}
return;
}
//------------------------------------------------------------------------------------
void Analyse_TCPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data)
{
struct tcphead *TCPHead;
TCPHead=(tcphead *)(data);
printf("TCP:從源端口:%d \t到目的端口:%d \r\n",ntohs(TCPHead->th_sport),ntohs(TCPHead->th_dport));
printf("TCP:序號(hào)sequence number: %u\r\n", (TCPHead->th_seq));
printf("TCP:確認(rèn)號(hào)acknowledgement number: %u\r\n", (TCPHead->th_ack));
printf("TCP:首部長(zhǎng)度data offset: %d\r\n", TCPHead->th_off&0x0F);
printf("TCP:URG: %d\r\nACK: %d\r\nPSH: %d\r\nRST: %d\r\nSYN: %d\r\nFIN: %d\r\n",
TCPHead->th_flags & TH_URG,
TCPHead->th_flags & TH_ACK,
TCPHead->th_flags & TH_PUSH,
TCPHead->th_flags & TH_RST,
TCPHead->th_flags & TH_SYN,
TCPHead->th_flags & TH_FIN);
printf("窗口大小window: %d\r\n", TCPHead->th_win);
printf("校驗(yàn)和checksum: %d\r\n", TCPHead->th_sum);
printf("緊急指針urgent pointer: %d\r\n", TCPHead->th_urp);
}?? 快捷鍵說(shuō)明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號(hào)
Ctrl + =
減小字號(hào)
Ctrl + -