百度空间 | 百度首页 
 
查看文章
  
pcap set fitler
2009-11-03 15:56

//start

// yjyfir.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include <stdio.h>
#define HAVE_REMOTE
#include "pcap.h"

#ifndef WIN32
#include <sys/socket.h>
#include <netinet/in.h>
#else
#include <winsock.h>
#endif

#include <pcap.h>

#pragma comment(lib, "Packet.lib")
#pragma comment(lib, "wpcap.lib")
#pragma comment(lib,"ws2_32.lib")
/* 4字节的IP地址 */
typedef struct ip_address{
    u_char byte1;
    u_char byte2;
    u_char byte3;
    u_char byte4;
}ip_address;

/* IPv4 首部 */
typedef struct ip_header{
    u_char ver_ihl;        // 版本 (4 bits) + 首部长度 (4 bits)
    u_char tos;            // 服务类型(Type of service)
    u_short tlen;           // 总长(Total length)
    u_short identification; // 标识(Identification)
    u_short flags_fo;       // 标志位(Flags) (3 bits) + 段偏移量(Fragment offset) (13 bits)
    u_char ttl;            // 存活时间(Time to live)
    u_char proto;          // 协议(Protocol)
    u_short crc;            // 首部校验和(Header checksum)
    ip_address saddr;      // 源地址(Source address)
    ip_address daddr;      // 目的地址(Destination address)
    u_int   op_pad;         // 选项与填充(Option + Padding)
}ip_header;

/* UDP 首部*/
typedef struct udp_header{
    u_short sport;          // 源端口(Source port)
    u_short dport;          // 目的端口(Destination port)
    u_short len;            // UDP数据包长度(Datagram length)
    u_short crc;            // 校验和(Checksum)
}udp_header;

void mylis(u_char *user, const struct pcap_pkthdr *, const u_char *);
int main()
{
pcap_if_t * alldevs;
pcap_if_t * d;

char errbuf[PCAP_ERRBUF_SIZE];
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING,NULL,&alldevs,errbuf)<0){
   printf("%s\n",errbuf);
   exit(1);
}
int cas=0;
for (d=alldevs;d!=NULL;d=d->next){
   printf("case: %d: %s\n",cas++,d->description);
}
int id;
printf("input which card:");
scanf("%d",&id);
int i;
for (d=alldevs,i=0;d!=NULL && i!=id;i++,d=d->next);
printf("choose: %s\n",d->description);
pcap_t * handle = pcap_open(d->name,65536, PCAP_OPENFLAG_PROMISCUOUS,1000,NULL,errbuf);
if (handle==NULL){
   printf("open error: %s\n",errbuf);
}

if (alldevs==NULL){
   printf("NO netcard found!\n");
}

pcap_freealldevs(alldevs);
if (pcap_datalink(handle)!=DLT_EN10MB){
   printf("note a Ethernet network\n");
}
u_int netmask=0xffffff;
if (d->addresses!=NULL){
   netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;
}
char filter[]="ip and udp";
struct bpf_program fcode;
if (pcap_compile(handle,&fcode,filter,1,netmask)<0){
   printf("error\n");
}
if (pcap_setfilter(handle,&fcode)<0){
   printf("error\n");
}


//pcap_loop(handle,cnt, mylis,NULL);
int res;
struct pcap_pkthdr *pkt_header;
const u_char *pkt_data;
int cnt=0;
while ((res=pcap_next_ex(handle,&pkt_header ,&pkt_data ))>=0){
   if (res==0){
    continue;
   }
   cnt++;
   if (cnt>5)break;
   mylis(NULL,pkt_header ,pkt_data );
}
return 0;
}
void mylis(u_char *user, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data){
struct tm * ltime;
char timestr[100];
time_t local;
local=pkt_header->ts.tv_sec;
ltime=localtime(&local);
strftime(timestr,sizeof(timestr),"%H : %M:%S",ltime);
printf("%s: len:%d nl: %d\n",timestr,pkt_header->len,pkt_header->caplen);

ip_header * ih = (ip_header *)(pkt_data+14);
int iplen = (ih->ver_ihl &0xf)*4;
udp_header * uh = (udp_header*)(ih+iplen);
int sport = ntohs(uh->sport);
int dport = ntohs(uh->dport);

printf("%d.%d.%d.%d : %d -> %d.%d.%d.%d: %d\n",
   ih->saddr.byte1,
        ih->saddr.byte2,
        ih->saddr.byte3,
        ih->saddr.byte4,
        sport,
        ih->daddr.byte1,
        ih->daddr.byte2,
        ih->daddr.byte3,
        ih->daddr.byte4,
        dport);
}

//end


类别:net 协议 | 添加到搜藏 | 浏览() | 评论 (0)
 
最近读者:
 
网友评论:
发表评论:
姓 名:
网址或邮箱: (选填)
内 容:
验证码: 请点击后输入四位验证码,字母不区分大小写
      

     

©2009 Baidu