《网络数据包抓取以及流量分析》由会员分享,可在线阅读,更多相关《网络数据包抓取以及流量分析(16页珍藏版)》请在金锄头文库上搜索。
1、#include#includetypedef struct macaddressu_char mac1;u_char mac2;u_char mac3;u_char mac4;u_char mac5;u_char mac6;typedef struct macheadermacaddress dest;macaddress src;u_short type;/IP地址32位,这里用4个字节来表示。typedef struct ipaddressu_char by1;u_char by2;u_char by3;u_char by4;/IP报文格式typedef struct ipbaowenu
2、_char ver_ihl; /首部长度和版本号u_char tos; /服务类型u_short tlen;/ 报文总长度u_short ident;/ 标识u_short flags_fo; / 标志和片偏移u_char ttl;/ 生存时间u_char proto; /协议类型#define IP_ICMP 1#define IP_IGMP 2#define IP_TCP 6#define IP_UDP 17#define IP_IGRP 88#define IP_OSPF 89u_short crc;ipaddress saddr;ipaddress daddr;typedef stru
3、ct tcpheaderu_short sport;/ 源端口u_short dport;/ 目的端口u_int th_seq;/ 序列号u_int th_ack;/ 确认号u_char th_lenand; / 报文长度u_char th_flags; /标志#define TH_FIN0x01#define TH_SYN0x02#define TH_RST0x04#define TH_PSH0x08#define TH_ACK0x10#define TH_URG0x20u_short th_win; /窗口u_short th_sum; /校验和u_short th_urp; /紧急;/
4、UDP格式typedef struct udpheaderu_short sport; / Source port 源端口u_short dport; / Destination port 目的端口u_short uh_len; / Datagram length 用户数据包长度u_short uh_sum; / Checksum 校验和;typedef struct udpnodeipaddress saddr;ipaddress daddr;u_short sport;u_short dport;u_short length;u_int upnum;u_int downnum;struct
5、 udpnode * next;struct udpnode * pre;typedef struct tcpnodeipaddress saddr;ipaddress daddr;u_short sport;u_short dport;u_short length;u_int upnum;u_int downnum;struct tcpnode * next;struct tcpnode * pre;#define tcphashtablelength 10#define udphashtablelength 10udpnode udphashtableudphashtablelength;
6、tcpnode tcphashtabletcphashtablelength;void initudp()for (int i = 0; i udphashtablelength; i+)udphashtablei.pre = udphashtable + i;udphashtablei.next = NULL;udphashtablei.length = 0;void inittcp()for (int i = 0; i next)printf(%d. %sn, +i, d-name);/设备名printf( (%s)n, d-description);/设备描述printf(适配器总共有%
7、d个n, i);if (i = 0)printf(nNo?interfaces?found!?Make?sure?WinPcap?is?installed.n);return -1;/输入某个适配器;printf(Enter the device number(1-%d):, i);scanf_s(%d, &inum);if (inum i)printf(ndevice number out of range.n);pcap_freealldevs(alldevs);return -1;/使d指向输入的那个;for (d = alldevs, i = 0; inext, i+);/打开指定的适
8、配器;if (adhandle = pcap_open_live(d-name, 65536, 1, 1000, errbuf) = NULL)fprintf(stderr, nUnable?to?open?the?adapter.?%s?is?not?supported?by?WinPcapn);pcap_freealldevs(alldevs); /*?Free?the?device?list?*/return -1;/检查链路层if (pcap_datalink(adhandle) != DLT_EN10MB)fprintf(stderr, nThis?program?works?onl
9、y?on?Ethernet?networks.n);/*?Free?the?device?list?*/pcap_freealldevs(alldevs);return -1;/* 获得接口第一个地址的掩码 */if (d-addresses != NULL)/ netmask = (struct sockaddr_in*)(d-addresses-netmask)-sin_addr.S_un.S_addr;elsenetmask = 0xffffff;/编译过滤器if (pcap_compile(adhandle, &fcode, packet_filter, 1, netmask)0)fprintf(stderr, nUnable to compile the packet filter. Check the syntax.n);/*?Free?the?device?list?*/pcap_freealldevs(alldevs);return -1;/设置过滤器if (pcap_setfilter(adhandle, &fcode)0)fprintf(stderr, nError?setting?the?filter.n);
