linux-get-net-packet-libpcap.rar_libpcap_libpcap抓包

#include <pcap.h> #include <stdlib.h> #include <netinet/in.h> #include <arpa/inet.h> #include <stdio.h> #include <string.h> #include <errno.h> //mac 头部数据结构 struct ether_header{ u_int8_t ether_dhost[6]; /*目的以太网地址*/ u_int8_t ether_shost[6]; /*源 以太网地址*/ u_int16_t ether_type; /*以太网类型*/ }; typedef u_int32_t in_addr_t; /* struct in_addr{ in_addr_t s_addr; }; */ //ip 头部数据结构 struct ip_header { #ifdef WORDS_BIGENDIAN u_int8_t ip_version:4; /*ip 版本*/ u_int8_t ip_header_length:4; /*首部长度*/ #else u_int8_t ip_header_length:4; /* 首部长度*/ u_int8_t ip_version:4; #endif u_int8_t ip_tos; /*服务类型*/ u_int16_t ip_length; /*数据包长度*/ u_int16_t ip_id; /*标识*/ u_int16_t ip_off; /*数据包偏移量*/ u_int8_t ip_ttl; /*生存时间*/ u_int8_t ip_protocol; /*ip 数据包协议*/ u_int16_t ip_checksum; /*检验*/ struct in_addr ip_source_address; /*源地址ip */ struct in_addr ip_destination_address; /*目的地址ip*/ }; //arp头部数据结构 struct arp_header{ u_int16_t arp_hardware_type; /*硬件类型*/ u_int16_t arp_protocol_type; /*协议类型*/ u_int8_t arp_hardware_length; /*硬件长度*/ u_int8_t arp_protocol_length; /*协议长度*/ u_int16_t arp_operation_code; /*工作类型*/ u_int8_t arp_source_ethernet_address[6]; /*源 以太网地址*/ u_int8_t arp_source_ip_address[4]; /*源 ip地址*/ u_int8_t arp_destination_ethernet_address[6]; /*目的以太网地址*/ u_int8_t arp_destination_ip_address[4]; /*目的ip 地址*/ }; //tcp 头部数据结构 struct tcp_header{ u_int16_t tcp_source_port; u_int16_t tcp_destination_port; u_int32_t tcp_acknowledgement; u_int32_t tcp_ack; #ifdef WORDS_BIGENDIAN u_int8_t tcp_offset:4; u_int8_t tcp_reserved:4; #else u_int8_t tcp_reserved:4; u_int8_t tcp_offset:4; #endif u_int8_t tcp_flags; u_int16_t tcp_windows; u_int16_t tcp_checksum; u_int16_t tcp_urgent_pointer; }; // udp 头部数据结构 struct udp_header{ u_int16_t udp_source_port; u_int16_t udp_destination_port; u_int16_t udp_length; u_int16_t udp_checksum; }; //icmp 头部数据结构 struct icmp_header { u_int8_t icmp_type; u_int8_t icmp_code; u_int16_t icmp_checksum; u_int16_t icmp_identifier; u_int16_t icmp_sequence; }; //arp 数据解析函数 void arp_protocol_packet_callback(u_char *argument,const struct pcap_pkthdr *packet_header,const u_char *packet_content) { struct arp_header *arp_protocol; u_short protocol_type; u_short hardware_type; u_short operation_code; u_char *mac_string; struct in_addr source_ip_address; struct in_addr destination_ip_address; u_char hardware_length; u_char protocol_length; printf("------------ ARP Protocol(network layer)------\n"); arp_protocol = (struct arp_header *)(packet_content + 14); hardware_type = ntohs(arp_protocol->arp_hardware_type); protocol_type = ntohs(arp_protocol->arp_protocol_type); operation_code = ntohs(arp_protocol->arp_operation_code); hardware_length = arp_protocol->arp_hardware_length; protocol_length = arp_protocol->arp_protocol_length; printf("ARP hardware type :%d\n",hardware_type); printf("ARP protocol type :%d\n",protocol_type); printf("ARP hardware_length : %d\n",hardware_length); printf("ARP protocol_length : %d\n",protocol_length); printf("ARP protocol_operation : %d\n",operation_code); switch(operation_code) { case 1:printf("ARP Request protocol\n"); break; case 2:printf("ARP Reply protocol\n"); break; case 3:printf("RARP Request protocol\n"); break; case 4:printf("RARP Reply protocol \n"); break; } printf("Ethernet source address is :\n"); mac_string = arp_protocol->arp_source_ethernet_address; printf("%02x:%02x:%02x:%02x:%02x:%02x\n",*mac_string,*(mac_string + 1),*(mac_string + 2),*(mac_string + 3),*(mac_string + 4),*(mac_string + 5)); memcpy((void *)&source_ip_address,(void *)&arp_protocol->arp_source_ip_address,sizeof(struct in_addr)); printf("source ip address : %s\n",inet_ntoa(source_ip_address)); printf("ethernet destination address is : \n"); mac_string = arp_protocol->arp_destination_ethernet_address; printf("%02x:%02x:%02x:%02x:%02x:%02x\n",*mac_string,*(mac_string + 1),*(mac_string + 2),*(mac_string + 3),*(mac_string + 4),*(mac_string + 5)); memcpy((void *)&destination_ip_address,(void *)&arp_protocol->arp_destination_ip_address,sizeof(struct in_addr)); printf("destination ip address : %s\n",inet_ntoa(destination_ip_address)); } //tcp 数据解析函数 void tcp_protocol_packet_callback(u_char *argument,const struct pcap_pkthdr *packet_header,const u_char *packet_content) { struct tcp_header *tcp_protocol; u_char flags; int header_length; u_short source_port; u_short destination_port; u_short windows; u_short urgent_pointer; u_int sequence; u_int acknowledgement; u_int16_t checksum; tcp_protocol=(struct tcp_header *)(packet_content+14+20); source_port=ntohs(tcp_protocol->tcp_source_port); destination_port=ntohs(tcp_protocol->tcp_destination_port); header_length=tcp_protocol->tcp_offset*4; sequence=ntohl(tcp_protocol->tcp_acknowledgement); acknowledgement=ntohl(tcp_protocol->tcp_ack); windows=ntohs(tcp_protocol->tcp_windows); urgent_pointer=ntohs(tcp_protocol->tcp_urgent_pointer); flags=tcp_protocol->tcp_flags; checksum=ntohs(tcp_protocol->tcp_checksum); printf("-----------------------------Tcp protocol------------------\n"); printf("source port:%d\n",source_port); printf("destination port:%d\n",destination_port); switch(destination_port) { case 80: printf("http protocol\n"); break; case 21: printf("ftp protocol\n"); break; case 23: printf("telnet protocol\n"); break; case 25: printf("smtp protocol\n"); break; case 110: printf("pop3 protocol\n"); break; default: break; } printf("Sequence Number :%u\n",sequence); printf("Acknowledgement Number:%u\n",acknowledgement); printf("header Length:%d\n",header_length); printf("reserved :%d\n",tcp_protocol->tcp_reserved); printf("Flags:"); if(flags&0x08)printf("PSH"); if(flags&0x10)printf("ACK"); if(flags&0x02)printf("SYS"); if(flags&0x20)printf("URG"); if(flags&0x01)printf("FIN"); if(flags&0x04)printf("RST"); printf("\n"); printf("Windows size:%d\n",windows); printf("checksum:%d\n",checksum); printf("urgent pointer :%d\n",urgent_pointer); } //udp 数据解析函数 void udp_protocol_packet_callback(u_char *argument,const struct pcap_pkthdr *packet_header,const u_char * packet_content) { struct udp_header *udp_protocol; u_short source_port; u_short destination_port; u_short length; udp_protocol=(struct udp_header *)(packet_content+14+20); source_port=ntohs(udp_protocol->udp_source_port); destination_port=ntohs(udp_protocol->udp_destination_port); length=ntohs(udp_protocol->udp_length); printf("----------------------------------UDP protocol---------------------\n"); printf("Source port :%d\n",source_port); printf("destination port :%d\n",destination_port); switch(destination_port) { case 138: printf("NETBIOS Datagra Service\n"); break; case 137: printf("NETBIOS Name Service \n"); break; case 139 : printf("NETBIOS Session Service\n"); break; case 53: printf