#include<winsock2.h>
#pragma comment(lib,"Ws2_32.lib") //用到ntobs()
//等同于点击"project-setting-link"打开object/library module编辑框后加入文件
#pragma comment(lib,"wpcap.lib")
#include "pcap.h" //此头文件没有包含在VC中,需要另外加入
#include<fstream.h>
#include<iomanip.h> //格式化输出需要用到
#include<conio.h> //用到_getch()
int main()
{
pcap_if_t *alldevs, *dev;
int inum, i = 0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
u_int netmask;
char packet_filter_all[] = "";
char packet_filter_notarp[] = "not arp"; //
char packet_filter_tcp[] = "ip and tcp";
char packet_filter_udp[] = "ip and udp";
char packet_filter_icmp[] = "ip and icmp";
struct bpf_program fcode;
initial_eth_type_table(); //初始化以太网帧协议表
opcode_table[1].type = 1; //初始化ARP操作字段表
strcpy(opcode_table[1].description, "ARP request");
opcode_table[2].type = 2;
strcpy(opcode_table[2].description, "ARP response");
opcode_table[3].type = 1;
strcpy(opcode_table[3].description , "RARP request");
opcode_table[4].type = 2;
strcpy(opcode_table[4].description , "RARP response");
/* 获取本机设备列表*/
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
/* 打印列表*/
printf("网卡列表如下:\n");
for(dev=alldevs; dev; dev=dev->next)
{
printf("\n");
printf("%d. %s", ++i, dev->name);
if (dev->description)
printf(" (%s)\n", dev->description);
else
printf(" (No description available)\n");
}
if(i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return -1;
}
printf("\nEnter the interface number (1-%d):",i);
scanf("%d", &inum);
if(inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
/* 释放设备列表*/
pcap_freealldevs(alldevs);
return -1;
}
/* 跳转到选中的适配器*/
for(dev=alldevs, i=0; i< inum-1 ;dev=dev->next, i++);
/* 打开设备*/
if ( (adhandle= pcap_open(dev->name, // 设备名
65536, // 65535保证能捕获到不同数据链路层上的每个数据包的全部内容
PCAP_OPENFLAG_PROMISCUOUS, // 混杂模式
1000, // 读取超时时间
NULL, // 远程机器验证
errbuf // 错误缓冲池
) ) == NULL)
{
fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", dev->name);
/* 释放设备列表*/
pcap_freealldevs(alldevs);
return -1;
}
if(dev->addresses != NULL)
/* 获得接口第一个地址的掩码 */
netmask=((struct sockaddr_in *)(dev->addresses->netmask))->sin_addr.S_un.S_addr;
else
/* 如果接口没有地址,那么我们假设一个C类的掩码 */
netmask=0xffffff;
//编译过滤器
printf("\n选择过滤器:1、不过滤 2、不捕获ARP 3、只捕获TCP 4、只捕获UDP 5、只捕获ICMP\n");
char fileter;
fileter = getchar();
scanf( "%c", &fileter);
switch (fileter)
{
case '1':
{
if (pcap_compile(adhandle, &fcode, packet_filter_all, 1, netmask) <0 )
{
fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n");
/* 释放设备列表 */
pcap_freealldevs(alldevs);
return -1;
}
break;
}
case '2':
{
if (pcap_compile(adhandle, &fcode, packet_filter_notarp, 1, netmask) <0 )
{
fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n");
/* 释放设备列表 */
pcap_freealldevs(alldevs);
return -1;
}
break;
}
case '3':
{
if (pcap_compile(adhandle, &fcode, packet_filter_tcp, 1, netmask) <0 )
{
fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n");
/* 释放设备列表 */
pcap_freealldevs(alldevs);
return -1;
}
break;
}
case '4':
{
if (pcap_compile(adhandle, &fcode, packet_filter_udp, 1, netmask) <0 )
{
fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n");
/* 释放设备列表 */
pcap_freealldevs(alldevs);
return -1;
}
break;
}
case '5':
{
if (pcap_compile(adhandle, &fcode, packet_filter_icmp, 1, netmask) <0 )
{
fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n");
/* 释放设备列表 */
pcap_freealldevs(alldevs);
return -1;
}
break;
}
default:
if (pcap_compile(adhandle, &fcode, packet_filter_all, 1, netmask) <0 )
{
fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n");
/* 释放设备列表 */
pcap_freealldevs(alldevs);
return -1;
}
}
//设置过滤器
if (pcap_setfilter(adhandle, &fcode)<0)
{
fprintf(stderr,"Error setting the filter.\n");
/* 释放设备列表 */
pcap_freealldevs(alldevs);
return -1;
}
printf("\nlistening on %s\n", dev->description);
/* 释放设备列表 */
pcap_freealldevs(alldevs);
/* 开始捕捉 */
pcap_loop(adhandle, 0, packet_handler, NULL);
return 0;
}
/* 每次捕获到数据包时,会自动调用这个回调函数*/
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
struct tm *ltime;
char timestr[16];
time_t local_tv_sec;
ip_header *ih;
UDPHeader *uh;
ARPFRAME *ah;
u_int ip_len;
u_short sport,dport;
DLCHEADER *dlcheader;
u_short ethernet_type;
ETHERNET_FRAME_PROTOCOL eth_pro;
ETHERNET_FRAME_TYPE eth_type;
unsigned char *ch;
/* 将时间戳转换成可识别的格式*/
local_tv_sec = header->ts.tv_sec;
ltime=localtime(&local_tv_sec);
strftime( timestr, sizeof timestr, "%H:%M:%S", ltime);
printf("\n%s, %.6d len:%d\n", timestr, header->ts.tv_usec, header->len);
printf("-------------------以太网帧内容-------------------\n");
dlcheader = (DLCHEADER *)pkt_data; //获取以太网帧的首部
ch = ( unsigned char *)pkt_data;
for (int i = 0; i < header ->len; i++)
{
printf("%02x ", *(ch + i));
if (i % 16 == 15)
{
printf("\n");
}
}
printf("\n");
printf("\n--------------------以太网帧首部--------------------\n");
printf("目标MAC地址: " );
for (int i = 0; i < 6; i++)
{
if (i != 5)
{
printf("%02x-", dlcheader->DesMAC[i]);
}
else
printf("%02x\n", dlcheader->DesMAC[i]);
}
printf("源MAC地址: " );
for (int i = 0; i < 6; i++)
{
if (i != 5)
{
printf("%02x-", dlcheader->SrcMAC[i]);
}
else
printf("%02x\n", dlcheader->SrcMAC[i]);
}
ethernet_type = ntohs(dlcheader->Ethertype);
eth_type = get_eth_type(ethernet_type, eth_match);
printf("以太网帧格式:0x%04x (%s)\n", ethernet_type, eth_type.description);
/* 获得IP数据包头部的位置 */
if (eth_type.type == IP)
{
ih = (ip_header *) (pkt_data +
14); //以太网头部长度
printf("\n--------------------IP头部详细内容-