?? cappack2.cpp
字號:
// CapPack2.cpp : 定義控制臺應用程序的入口點。
//
#include "stdafx.h"
#include "pcap.h"
#include "inc.h"
#include "windows.h"
#pragma comment(lib, "wpcap.lib")
#pragma comment(lib, "ws2_32")
void Analyse_IPPacket(char *sMac,char *dMac,const u_char *data);
void Analyse_ARPPacket(char *sMac,char *dMac,const u_char *data);
void Analyse_UDPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data);
void Analyse_ICMPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data);
void Analyse_TCPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data);
void packet_handler(u_char* packets,const struct pcap_pkthdr * header,const u_char *pp);
HANDLE hFile;
void main()
{
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i=0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
/* 獲取設備列表 */
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
/* 數據列表 */
for(d=alldevs; d; d=d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if(i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return;
}
printf("Enter the interface number (1-%d):",i);
scanf("%d", &inum);
if(inum < 1 || inum > i)
{
printf("\n 輸入有誤.\n");
pcap_freealldevs(alldevs);
return;
}
/* 轉到選擇的設備 */
for(d=alldevs, i=0; i< inum-1;d=d->next, i++)
;
/* 打開設備 */
if ( (adhandle= pcap_open_live(d->name, //設備名
65536, // 捕捉完整的數據包
1 , // 混在模式
1, // 讀入超時
errbuf // 錯誤緩沖
) ) == NULL)
{
printf("Unable to open the adapter");
pcap_freealldevs(alldevs);
return;
}
printf("\nlistening on %s...\n", d->description);
/* 我們已經不需要設備列表了, 釋放它 */
pcap_freealldevs(alldevs);
//hFile=CreateFile("C:\\aaa.txt",GENERIC_WRITE,0, NULL,CREATE_ALWAYS,0,NULL);
pcap_loop(adhandle, 0, packet_handler, NULL);
//CloseHandle(hFile);
return;
}
void packet_handler(u_char* packets,const struct pcap_pkthdr *header,const u_char *data)
{
struct ether_header *eth; //以太網幀報頭指針
unsigned int ptype; //協議類型變量
char mac_addr1[19],mac_addr2[19];
u_char* mac_string;
DWORD len;
eth=(struct ether_header *)data;
mac_string=eth->ether_shost;
sprintf(mac_addr1,"%02x:%02x:%02x:%02x:%02x:%02x",*mac_string,*(mac_string+1),*(mac_string+2),*(mac_string+3),*(mac_string+4),*(mac_string+5));
mac_string=eth->ether_dhost;
sprintf(mac_addr2,"%02x:%02x:%02x:%02x:%02x:%02x",*mac_string,*(mac_string+1),*(mac_string+2),*(mac_string+3),*(mac_string+4),*(mac_string+5));
ptype=ntohs(eth->ether_type);
switch(ptype)
{
case ETHERTYPE_ARP:
Analyse_ARPPacket(mac_addr1,mac_addr2,data+14);
break;
case ETHERTYPE_REVARP:
printf("RARP \n");
break;
case ETHERTYPE_IP:
Analyse_IPPacket(mac_addr1,mac_addr2,data+14);
break;
case ETHERTYPE_PUP:
printf("PUP\n");
break;
case 0X888E:
printf("客戶端認證:%d\n",header->caplen);
WriteFile(hFile,(LPCVOID)data,header->caplen,&len,NULL);
WriteFile(hFile,(LPCVOID)"\r\n",2,&len,NULL);
break;
default:
//printf("未知類型數據包:0x%0X\n",ptype);
break;
}
}
//---------------------------------------------------------------------
void Analyse_IPPacket(char *sMac,char *dMac,const u_char *data)
{
struct iphead *IPHead;
IPHead=(iphead *)data;
//printf("%d %d\n",IPHead->ip_header_length,IPHead->ip_version);
switch(IPHead->ip_protocol)
{
case 1:
Analyse_ICMPPacket(&(IPHead->ip_souce_address),&(IPHead->ip_destination_address),data+20);
break;
case 6:
Analyse_TCPPacket(&(IPHead->ip_souce_address),&(IPHead->ip_destination_address),data+20);
break;
case 17:
Analyse_UDPPacket(&(IPHead->ip_souce_address),&(IPHead->ip_destination_address),data+20);
break;
default:
break;
}
return;
}
void Analyse_ARPPacket(char *sMac,char *dMac,const u_char *data)//此函數完成
{
return;////////////
struct arphead *ARPHead;
u_char* mac_string;
ARPHead=(arphead *)data;
if(ntohs(ARPHead->arp_operation_code)==1)
{
printf("ARP請求");
printf("源:%d.%d.%d.%d \t ",ARPHead->arp_source_ip_address[0],ARPHead->arp_source_ip_address[1],ARPHead->arp_source_ip_address[2],ARPHead->arp_source_ip_address[3]);
mac_string=ARPHead->arp_source_ethernet_address;
printf("%02x:%02x:%02x:%02x:%02x:%02x \t",*mac_string,*(mac_string+1),*(mac_string+2),*(mac_string+3),*(mac_string+4),*(mac_string+5));
printf("IP:%d.%d.%d.%d \t ",ARPHead->arp_destination_ip_address[0],ARPHead->arp_destination_ip_address[1],ARPHead->arp_destination_ip_address[2],ARPHead->arp_destination_ip_address[3]);
}
else if(ntohs(ARPHead->arp_operation_code)==2)
{
printf("ARP 回復");
printf("源:%d.%d.%d.%d \t ",ARPHead->arp_source_ip_address[0],ARPHead->arp_source_ip_address[1],ARPHead->arp_source_ip_address[2],ARPHead->arp_source_ip_address[3]);
mac_string=ARPHead->arp_source_ethernet_address;
printf("%02x:%02x:%02x:%02x:%02x:%02x \n",*mac_string,*(mac_string+1),*(mac_string+2),*(mac_string+3),*(mac_string+4),*(mac_string+5));
printf("至:%d.%d.%d.%d \t ",ARPHead->arp_destination_ip_address[0],ARPHead->arp_destination_ip_address[1],ARPHead->arp_destination_ip_address[2],ARPHead->arp_destination_ip_address[3]);
mac_string=ARPHead->arp_destination_ethernet_address;
printf("%02x:%02x:%02x:%02x:%02x:%02x \n\n",*mac_string,*(mac_string+1),*(mac_string+2),*(mac_string+3),*(mac_string+4),*(mac_string+5));
}
}
//------------------------------------------------------------------------------------
void Analyse_UDPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data)
{
return;////////////
struct udphead *UDFHead;
UDFHead=(udphead *)data;
printf("UDP源:%d.%d.%d.%d :%d \t",sAddr->S_un.S_un_b.s_b1,sAddr->S_un.S_un_b.s_b2,sAddr->S_un.S_un_b.s_b3,sAddr->S_un.S_un_b.s_b4,ntohs(UDFHead->udp_source_port));
printf("UDP至:%d.%d.%d.%d :%d \n",dAddr->S_un.S_un_b.s_b1,dAddr->S_un.S_un_b.s_b2,dAddr->S_un.S_un_b.s_b3,dAddr->S_un.S_un_b.s_b4,ntohs(UDFHead->udp_destinanion_port));
}
void Analyse_ICMPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data)
{
return;////////////////
struct icmphead *ICMPHead;
ICMPHead=(icmphead *)data;
//printf("%d \n",ICMPHead->icmp_type);
if(ICMPHead->icmp_code==0 && ICMPHead->icmp_type==8)
printf("ping 請求\n");
else if(ICMPHead->icmp_code==0 && ICMPHead->icmp_type==0)
printf("ping 回應\n");
else
printf("未知icmp\n");
}
void Analyse_TCPPacket(struct in_addr *sAddr,struct in_addr *dAddr,const u_char *data)
{
struct tcphead *TCPHead;
TCPHead=(tcphead *)data;
printf("from:%d \tto:%d \t",ntohs(TCPHead->th_sport),ntohs(TCPHead->th_dport));
printf("window :%d\n\n",TCPHead->th_win);
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -