《programmingproject2 winpcapprogramming(winpcap抓包分析程序)》由会员分享,可在线阅读,更多相关《programmingproject2 winpcapprogramming(winpcap抓包分析程序)(7页珍藏版)》请在金锄头文库上搜索。
1、 1 / 7Project 2 WinPcap ProgrammingRequirements:Network data packet capture tool is the main method of analyzing network protocol and detecting faults, WinPcap is a network packet capture tool kit, which can capture data frames in network adapter level.1. understand the formation of the Ethernet dat
2、a frame2. know the programming method of WinPcap 3. understand the inclusion relationships between the network packetsContents:Using the WinPcap library function to write the network data frame (Ethernet) capture program. First of all, it captures the data link frames through the network adapter and
3、 you can analyze the formations of upper package structure in advance, such as TCP/UDP, IP packages.Environment:Program running environment is built on Ethernet which uses TCP/IP protocol stack and the network operating system is Windows.Program development environment is VC+6.0.Steps:S1. Needs anal
4、ysis:The function of WinPcap capturing data frames program:(1) The capture program has the ability to capture the frames of the local network adapter and display each field of the Ethernet frame.(2) The capture program has the ability to analyze the data from upper protocol.(3) The adapter is set to
5、 promiscuous mode, and receiving data frame for analysis.S2. Capture frame program development:Using VC+ to write data frame capture program and using WinPcap library functions to achieve the network adapter data Frame. The program, first of all, gets the adapter number and sets it in a promiscuous
6、mode to receive all the data frames on the network. After setting the buffer, location, initializing the equipment in the driver, we start capturing data frame and display the various fields in the format of Ethernet frame, and further display the upper protocol data format.S3 Compile and Execute th
7、e program:The WinPcap capture program should be compiled, linked and executed. The program shows captured data frame and the upper protocol frames in a loop.Codes :WinPcap Program#define _CRT_SECURE_NO_WARNINGS 2 / 7#include pcap.h #include #pragma comment(lib,wpcap.lib) #pragma comment(lib,packet.l
8、ib) #pragma comment(lib,ws2_32.lib) /*以下是以太网协议格式*/struct ether_headeru_int8_t ether_dhost6; /目的Mac地址 u_int8_t ether_shost6; /源Mac地址 u_int16_t ether_type; /协议类型 ;struct ip_header#if defined(WORDS_BIENDIAN) u_int8_t ip_version : 4,ip_header_length : 4;#else u_int8_t ip_header_length : 4,ip_version : 4
9、;#endif u_int8_t ip_tos;u_int16_t ip_length;u_int16_t ip_id;u_int16_t ip_off;u_int8_t ip_ttl;u_int8_t ip_protocol;u_int16_t ip_checksum;struct in_addr ip_souce_address;struct in_addr ip_destination_address;void ip_protool_packet_callback(u_char *argument, const struct pcap_pkthdr* packet_header, con
10、st u_char* packet_content) 3 / 7struct ip_header *ip_protocol;u_int header_length = 0;u_int offset;u_char tos;u_int16_t checksum;/MAC首部是 14位的,加上14位得到IP协议首部 ip_protocol = (struct ip_header *) (packet_content + 14);checksum = ntohs(ip_protocol-ip_checksum);tos = ip_protocol-ip_tos;offset = ntohs(ip_pr
11、otocol-ip_off);printf(-Ip-n);printf(Version Number: %dn, ip_protocol-ip_version);printf(Header Length: %dn, header_length);printf(Type of Service: %dn, tos);printf(Total Length: %dn, ntohs(ip_protocol-ip_length);printf(Identification: %dn, ntohs(ip_protocol-ip_id);printf(Fragment Offset: %dn, (offse
12、t printf(Time to Live: %dn, ip_protocol-ip_ttl);printf(Protocol Type: %dn, ip_protocol-ip_protocol);switch (ip_protocol-ip_protocol)case 1: printf(Upper Protocol is ICMP Protocoln); break;case 2: printf(Upper Protocol is IGMP Protocoln); break;case 6: printf(Upper Protocol is TCP Protocoln); break;c
13、ase 17: printf(Upper Protocol is UDP Protocoln); break;default:break;printf(CheckSum: %dn, checksum);printf(Source IP Address: %sn, inet_ntoa(ip_protocol-ip_souce_address);printf(Destination IP Address: %sn, inet_ntoa(ip_protocol-ip_destination_address);void ethernet_protocol_packet_callback(u_char
14、*argument, const struct pcap_pkthdr* packet_header, const u_char* packet_content)u_short ethernet_type; 4 / 7struct ether_header *ethernet_protocol;u_char *mac_string;static int packet_number = 1;printf(=n);printf(Capture Package Number: %dn, packet_number);printf(Package Length: %dn, packet_header-
15、len);printf(-Ethernet-n);ethernet_protocol = (struct ether_header*)packet_content;/获得数据包内容 printf(Ethernet Type :);ethernet_type = ntohs(ethernet_protocol-ether_type);/获得以太网类型 printf(%04xn, ethernet_type);switch (ethernet_type)case 0x0800: printf(Upper Protocol is IP Protocoln); break;case 0x0806: printf(Upper Protocol is ARP Protocoln); break;case 0x8035: printf(Upper Protocol is RARP Protocoln); break;default:break;printf(MAC Frame Source Address: n);mac_string = ethernet
