winpcap抓取tcp等包

#include<pcap.h> #include<String.h> /*以下是以太网协议格式的定义*/ struct ether_header { u_int8_t ether_dhost[6]; /*目的以太网地址*/ u_int8_t ether_shost[6]; /*源以太网地址*/ u_int16_t ether_type; /*以太网类型*/ }; /*下面是ARP协议格式的定义*/ struct arp_header { u_int16_t arp_hardware_type; /*硬件类型*/ u_int16_t arp_protocol_type; /*协议类型*/ u_int8_t arp_hardware_length; /*硬件地址类型*/ u_int8_t arp_protocol_length; /*协议地址长度*/ u_int16_t arp_operation_code; /*操作吗*/ u_int8_t arp_source_ethernet_address[6]; /*源以太网地址*/ u_int8_t arp_source_ip_address[4]; /*源ip地址*/ u_int8_t arp_destination_ethernet_address[6]; /*目的以太网地址*/ u_int8_t arp_destination_ip_address[4]; /*目的Ip地址*/ }; /*下面是IP协议格式的定义*/ struct ip_header { #if defined(WORDS_BIGENDIAN) u_int8_t ip_version:4, ip_header_length:4; #else u_int8_t ip_header_length:4,ip_version:4; #endif u_int8_t ip_tos; /*服务质量*/ u_int16_t ip_length; /*长度*/ u_int16_t ip_id; /*标识*/ u_int16_t ip_off; /*偏移*/ u_int8_t ip_ttl; /*生存时间*/ u_int8_t ip_protocol; /*协议类型*/ u_int16_t ip_checksum; /*校验和*/ struct in_addr ip_souce_address; /*源Ip地址*/ struct in_addr ip_destination_address; /*目的Ip地址*/ }; /*下面是UDP协议格式定义*/ struct udp_header { u_int16_t udp_source_port; /*源端口号*/ u_int16_t udp_destination_port; /*目的端口号*/ u_int16_t udp_length; /*长度*/ u_int16_t udp_checksum; /*校验和*/ }; /*下面是TCP协议格式的定义*/ struct tcp_header { u_int16_t tcp_source_port; /*源端口号*/ u_int16_t tcp_destination_port; /*目的端口号*/ u_int32_t tcp_sequence_lliiuuwweennttaaoo; /*序列号*/ u_int32_t tcp_acknowledgement; /*确认序列号*/ #ifdef WORDS_BIGENDIAN u_int8_t tcp_offset:4,tcp_reserved:4; #else u_int8_t tcp_reserved:4,tcp_offset:4; #endif u_int8_t tcp_flags; /*标记*/ u_int16_t tcp_windows; /*窗口大小*/ u_int16_t tcp_checksum; /*校验和*/ u_int16_t tcp_urgent_pointer; /*紧急指针*/ }; /*下面是ICMP协议格式的定义*/ struct icmp_header { u_int8_t icmp_type; /*ICMP类型*/ u_int8_t icmp_code; /*ICMP代码*/ u_int16_t icmp_checksum; /*校验和*/ u_int16_t icmp_id; /*标识符*/ u_int16_t icmp_sequence; /*序列码*/ }; /*以下是分析HTTP协议的函数，其定义方式与回调函数相同*/ void http_protocol_packet_callback(u_char *argument,const struct pcap_pkthdr* packet_header,const u_char* packet_content) { struct tcp_header * tcp_protocol = (struct tcp_header *) (packet_content+14+20); bool find_http = false; string http_txt = ""; char* ip_pkt_data = (char*)ih; for(int i=0;i<ip_len;++i){ //check the http request if(!find_http && (i+3<ip_len && strncmp(ip_pkt_data+i,"GET ",strlen("GET ")) ==0 ) || (i+4<ip_len && strncmp(ip_pkt_data+i,"POST ",strlen("POST ")) == 0) ){ find_http = true; } //check the http response if(!find_http && i+8<ip_len && strncmp(ip_pkt_data+i,"HTTP/1.1 ",strlen("HTTP/1.1 "))==0){ find_http = true; } //collect the http text if(find_http && is_readable(ip_pkt_data[i])){ http_txt += ip_pkt_data[i]; } } //print the http request or response if(http_txt != ""){ cout<<http_txt; cout<<endl<<"***********************************************************"<<endl<<endl; } } } /*以下是分析SMTP协议的函数，其定义方式与回调函数相同*/ void smtp_protocol_packet_callback(u_char *argument,const struct pcap_pkthdr* packet_header,const u_char* packet_content) { } /*以下是分析FTP协议的函数，其定义方式与回调函数相同*/ void ftp_protocol_packet_callback(u_char *argument,const struct pcap_pkthdr* packet_header,const u_char* packet_content) { } /* 下面是分析TCP协议的函数，其定义方式与回调函数相同*/ void tcp_protocol_packet_callback(u_char *argument,const struct pcap_pkthdr *packet_header,const u_char * packet_content) { struct tcp_header * tcp_protocol; /*TCP协议变量*/ u_char flags; /*标记*/ int header_length; /*长度*/ u_short source_port; /*源端口号*/ u_short destination_port; /*目的端口*/ u_short windows; /*窗口大小*/ u_short urgent_pointer; /*紧急指针*/ u_int sequence; /*序列号*/ u_int acknowledgement; /* 确认号*/ u_int16_t checksum; /*校验和*/ tcp_protocol = (struct tcp_header *) (packet_content+14+20); /*获得TCP协议内容*/ source_port = ntohs(tcp_protocol->tcp_source_port); /*获得源端口*/ destination_port = ntohs(tcp_protocol->tcp_destination_port); /*获得目的端口号*/ header_length = tcp_protocol->tcp_offset * 4; /*长度*/ sequence = ntohl(tcp_protocol->tcp_sequence_lliiuuwweennttaaoo); /*序列码*/ acknowledgement = ntohl(tcp_protocol->tcp_acknowledgement); /*确认序列码*/ windows = ntohs(tcp_protocol->tcp_windows); /*窗口大小*/ urgent_pointer = ntohs(tcp_protocol->tcp_urgent_pointer); /*紧急指针*/ flags = tcp_protocol->tcp_flags; /*标识*/ checksum = ntohs(tcp_protocol->tcp_checksum); /*校验和*/ printf("------- TCP协议 -------\n"); printf("源端口号:%d\n",source_port); printf("目的端口号:%d\n",destination_port); switch (destination_port) { case 80: printf("上层协议为HTTP协议\n"); break; case 21: printf("上层协议为FTP协议\n"); break; case 23: printf("上层协议为TELNET协议\n"); break; case 25: printf("上层协议为SMTP协议\n"); break; case 110: printf("上层协议为POP3协议\n"); break; default: break; } printf("序列号:%u\n",sequence); printf("确认号:%u\n",acknowledgement); printf("首部长度:%d\n",header_length); printf("保留:%d\n",tcp_protocol->tcp_reserved); printf("标记:"); if(flags & 0x08) printf("PSH"); if(flags & 0x10) printf("ACK"); if(flags & 0x02) printf("SYN"); if(flags & 0x20) printf("URG"); if(flags & 0x01) printf("FIN"); if(flags & 0x04) printf("RST"); printf("\n"); printf("窗口大小:%d\n",windows); printf("校验和:%d\n",checksum); printf("紧急指针:%d\n",urgent_pointer); switch (destination_port) { case 80: http_protocol_packet_callback(argument,packet_header,packet_content); break; /*case 21: printf("上层协议为FTP协议\n"); break; case 23: printf("上层协议为TELNET协议\n"); break; case 25: printf("上层协议为SMTP协议\n"); break; case 110: printf("上层协议为POP3协议\n"); break;*/ default: break; } } /*下面是实现UDP协议分析的函数，函数类型与回调函数相同*/ void udp_protocol_packet_callback(u_char *argument,const struct pcap_pkthdr* packet_header,const u_char* packet_content) { struct udp_header *udp_protocol; /*UDP协议类型*/ u_short source_port; /*源端口号*/ u_short destination_port; /*目的端口号*/ u_short length; udp_protocol = (struct udp_header *) (packet_content+14+20); /*获得UDP协议内容*/ source_port = ntohs(udp_protocol->udp_source_port); /*获得源端口号*/ destination_port = ntohs(udp_protocol->udp_destination_port); /*获得目的端口*/ length = ntohs(udp_protocol->udp_length); /*获得长度*/ printf("------- UDP协议 -------\n"); printf("源端口号:%d\n",destination_port); switch (destination_port) { case 138: printf("上层协议为NetBIOS数据报服务\n"); break; case 137: printf("上层协议为NetBIOS名字服务\n"); break; case 139: printf("上层协议为NetBIOS会话服务\n"); break; case 53: printf("上层协议为域名服务\n"); break; default: break; } printf("长度:%d\n",length); printf("校验和:%d\n",ntohs(udp_protocol->udp_checksum)); } /*下面是实现分析ICMP协议的函数，函数类型与回调函数相同*/ void icmp_protocol_pack