?? parse_fun.c
字號:
#include <pcap.h>
#include <Winsock2.h>
#include "parse_fun.h"
#pragma pack()
char errbuf[PCAP_ERRBUF_SIZE]; //存放錯誤信息的緩沖區。
char strbuf[2000];
char Cardname[256]; //存放網卡名字
/////////////////////////////////////////////////////////////////////////////
//IP地址換成字符串函數
char *iptos(DWORD in)
{
static char output[3*4+3+1];
BYTE *p;
p = (u_char *)∈
sprintf(output, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
return output;
}
/////////////////////////////////////////////////////////////////////////////
void GetAllDevs()
{
pcap_if_t * alldevs;
pcap_addr_t * addrs;
//打開接口列表
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
printf("pcap_findalldevs錯誤: %s", errbuf); //錯誤,返回錯誤信息
return;
}
//顯示接口列表
if(alldevs!= NULL)
{
alldevs=alldevs->next;
addrs=alldevs->addresses;
if(addrs!=NULL)
{
sprintf(Cardname,"%s", alldevs->name);
if(addrs->addr->sa_family==AF_INET)
{
printf("網卡名字:%s\n",alldevs->name);
printf("描述信息:%s\n", alldevs->description);
printf("本機IP: %15s\t\t\n",iptos(((struct sockaddr_in *)addrs->addr)->sin_addr.s_addr));
printf("子網掩碼: %15s\n",iptos(((struct sockaddr_in *)addrs->netmask)->sin_addr.s_addr));
printf("廣播地址: %15s\n\n",iptos(((struct sockaddr_in *)addrs->broadaddr)->sin_addr.s_addr));
}
}
}
}
////////////////////////////////////////////////////////////////////////////////////////////
//數據包捕獲函數
void Capture(char *logfile)
{
pcap_t* adhandle; // 打開網絡接口返回的指針。
struct pcap_pkthdr* header; /* pkt_header is the header associated by the
capture driver to the packet-> It is NOT a
protocol header 該參數指向的結構保存捕獲的數據包的
一些基本信息*/
const u_char* pkt_data; /* pkt_data points to the data of the packet,
including the protocol headers 數據包內容指針 */
adhandle=pcap_open_live(Cardname,65535,1,1000,errbuf);//Open a generic source in order to capture / send (WinPcap only) traffic
if(adhandle==NULL)
{
printf("打開網絡接口出錯!\n");
return;
}
else
{
printf("打開網卡: %s成功!\n\n",Cardname);
}
while(1)
{
if(pcap_next_ex(adhandle,&header,&pkt_data)>0)
Datelog(logfile,pkt_data);
}
}
///////////////////////////////////////////////////////////////////////
//分析收到的IP數據包,并且將分析結果寫入日志文件。
void Datelog(char *logfile,const u_char* pkt_data)
{
int k=0;
BYTE *p;
FILE *fp; //文件指針
FrameData *pFrDa; //幀結構(內含IP包)
fp=fopen(logfile,"aw+");
pFrDa = (FrameData *)pkt_data;
if(pFrDa->pFrhdr.fhFrameType==0x0008) //IP包
{
k=sprintf(strbuf,"IP包版本: %i\t\t\t\n",pFrDa->pIphdr.Ver_Hlen>>4);
k+=sprintf(strbuf+k,"IP頭長度: %i bytes\t\t\n",(pFrDa->pIphdr.Ver_Hlen&0x0f)*4);
k+=sprintf(strbuf+k,"服務類型: 0x%02x\n",pFrDa->pIphdr.TOS);
k+=sprintf(strbuf+k,"數據包總長度: 0x%04x\t\t\n",ntohs(pFrDa->pIphdr.TatalLen));
k+=sprintf(strbuf+k,"數據包標識: 0x%04x \n",ntohs(pFrDa->pIphdr.ID));
k+=sprintf(strbuf+k,"分片標識: 0x%02x\t\t\t\n", pFrDa->pIphdr.Flag_Segment>>13);
k+=sprintf(strbuf+k,"分段偏移值: 0x%04x \n",ntohs(pFrDa->pIphdr.Flag_Segment&0x0fff));
k+=sprintf(strbuf+k,"生存時間:0x%02x\t\t\t\n",pFrDa->pIphdr.TTL);
k+=sprintf(strbuf+k,"上層協議類型:0x%02x \n",pFrDa->pIphdr.Protocol);
k+=sprintf(strbuf+k,"頭校驗和:0x%02x%02x\n",ntohs(pFrDa->pIphdr.Checksum));
//顯示包中IP信息
k+=sprintf(strbuf+k,"源IP地址: %15s\n",iptos(pFrDa->pIphdr.SrcIP));
k+=sprintf(strbuf+k,"目標IP地址: %s\n",iptos(pFrDa->pIphdr.DstIP));
//顯示包中MAC地址和幀類型
p = (u_char *)pFrDa->pFrhdr.fhSrcMAC;
k+=sprintf(strbuf+k,"源MAC地址:%02x:%02x:%02x:%02x:%02x:%02x\n", p[0], p[1], p[2], p[3], p[4], p[5]);
p = (u_char *)pFrDa->pFrhdr.fhDesMAC;
k+=sprintf(strbuf+k,"目標MAC地址:%02x:%02x:%02x:%02x:%02x:%02x\n", p[0], p[1], p[2], p[3], p[4], p[5]);
k+=sprintf(strbuf+k,"幀類型:%04x\n",ntohs(pFrDa->pFrhdr.fhFrameType));
k+=sprintf(strbuf+k,"--------------------------------------------------------------------------\n");
printf("%s",strbuf);
fwrite(strbuf,strlen(strbuf),1,fp);
}
fclose(fp);
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -