捕获ARP数据包程序.rar_arp_arp mac_抓 数据包_指定网卡 arp_操作系统类型

#include<Winsock2.h> #pragma comment(lib,"Ws2_32.lib") #pragma comment(lib,"Wpcap.lib") #pragma comment(lib,"wsock32.lib") #include"pcap.h" #include<fstream.h> #include<iomanip.h> #include<conio.h> struct arppkt{ unsigned short hdtyp; unsigned short protyp; unsigned char hdsize; unsigned char prosize; unsigned short ip; u_char smac[6]; u_char sip[4]; u_char dmac[6]; u_char dip[4]; }; void packet_handler(const pcap_pkthdr *header,const u_char *pkt_data,ostream& out); void main(int argc,char *argv[]) { if(argc!=2) { cout<<"Usage:arpparse logfilename"<<endl; cout<<"Press any key to continue."<<endl; _getch(); return; } pcap_if_t *alldevs; pcap_if_t *d; pcap_t *adhandle; char errbuf[PCAP_ERRBUF_SIZE]; u_int netmask; char packet_filter[]="ether proto\\arp"; struct bpf_program fcode; struct pcap_pkthdr *header; const u_char *pkt_data; if(pcap_findalldevs(&alldevs,errbuf)==-1) { cout<<"Error in pcap_findallsevs:"<<errbuf; return; } for(d=alldevs;d;d=d->next) { if((adhandle=pcap_open_live(d->name,1000,1,300,errbuf))==NULL) { cout<<"\nUnable to ipen the adapter."; pcap_freealldevs(alldevs); return; } if(pcap_datalink(adhandle)==DLT_EN10MB&&d->addresses!=NULL) break; } if(d==NULL) { cout<<"\nNo interfaces found! Make sure WinPcap isinstallde.\n"; return; } netmask=((sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr; if(pcap_compile(adhandle,&fcode,packet_filter,1,netmask)<0) { cout<<"\nUnable to compile the packet filter.Chexk thesyntax.\n"; pcap_freealldevs(alldevs); return; } if(pcap_setfilter(adhandle,&fcode)<0){ cout<<"\nError setting the filter.\n"; pcap_freealldevs(alldevs); return; } cout<<"\t\tlistening on "<<d->description<<"..."<<endl<<endl; ofstream fout(argv[1],ios::app); time_t t; time(&t); fout.seekp(0,ios::end); if(fout.tellp()!=0) fout<<endl; fout<<"\t\tARP request(1)/reply(2) on "<<ctime(&t); cout<<"Sour IP Addr"<<" "<<"Sour MAC Address" <<" "<<"Des IP Addr"<<" "<<"Des MAC Address" <<" " <<"OP"<<" "<<"Time"<<endl; fout<<"Sour IP Addr"<<" "<<"Sour MAC Address" <<" "<<"Des IP Addr"<<" "<<"Des MAC Address" <<" " <<"OP"<<" "<<"Time"<<endl; pcap_freealldevs(alldevs); int result; while((result=pcap_next_ex(adhandle,&header,&pkt_data))>=0) { if(result==0) continue; packet_handler(header,pkt_data,cout); packet_handler(header,pkt_data,fout); } } void packet_handler(const pcap_pkthdr *header,const u_char *pkt_data,ostream& out) { arppkt* arph=(arppkt *)(pkt_data +14); //输出源IP地址 for(int i=0;i<3;i++) out<<int(arph->sip[i])<<'.'; out.setf(ios::left); out<<setw(3)<<int(arph->sip[3])<<" "; out.unsetf(ios::left); //输出源MAC地址 char oldfillchar=out.fill('0'); out.setf(ios::uppercase); for(i=0;i<5;i++) out<<hex<<setw(2)<<int(arph->smac[i])<<'-'; out<<hex<<setw(2)<<int(arph->smac[5])<<" "; out.fill(oldfillchar); //输出目的IP地址 out.unsetf(ios::hex|ios::uppercase); for(i=0;i<3;i++) out<<int(arph->dip[i])<<'.'; out.setf(ios::left); out<<setw(3)<<int(arph->dip[3])<<" "; out.unsetf(ios::left); //输出目的MAC地址 out.fill('0'); out.setf(ios::uppercase); for(i=0;i<5;i++) out<<hex<<setw(2)<<int(arph->dmac[i])<<'-'; out<<hex<<setw(2)<<int(arph->dmac[5])<<" "; out.fill(oldfillchar); //输出操作类型 out.unsetf(ios::hex|ios::uppercase); out<<ntohs(arph->ip)<<" "; //输出时间 struct tm *ltime; ltime=localtime(&header->ts.tv_sec); out.fill('0'); out<<ltime->tm_hour<<':' <<setw(2)<<ltime->tm_min<<':' <<setw(2)<<ltime->tm_sec; out.fill(oldfillchar); out<<endl; }