Winpcap 信息截获.rar_arp_hack_winpcap_winpcap 数据包内容_winpcap-pcap

#include<pcap.h> #include<conio.h> #include "sniffer_winpcap.h" #include<time.h> #pragma comment(lib,"wpcap") #pragma comment(lib,"packet") #pragma comment(lib,"ws2_32") #define TIME (1) void printPacket(u_char *pkt_data); int main(int argc,char **argv) { pcap_if_t *alldevs; pcap_if_t *d; int inum; long int i=0,ret=0,count=0; pcap_t *adhandle; char errbuf[PCAP_ERRBUF_SIZE]; u_int netmask; time_t start,judge; struct pcap_pkthdr *header; unsigned char *pkt_data; /* 设备检错 */ if (pcap_findalldevs(&alldevs, errbuf) == -1) { fprintf(stderr,"寻找网络出错: %s\n", errbuf); getch(); exit(1); } /* 打印列表 */ for(d=alldevs; d; d=d->next) { printf("%d. %s", ++i, d->name); if (d->description) printf(" (%s)\n", d->description); else printf("没有可用的描述\n"); } if(i==0) { printf("\n没有找到接口，确定winpcap已安装\n"); return -1; } printf("请选择网络接口(1-%d):",i); scanf("%d", &inum); if(inum < 1 || inum > i) { printf("\n输入数字超出范围\n"); /* 释放网络列表 */ pcap_freealldevs(alldevs); getch(); return -1; } /* 跳转到所选择的适配器 */ for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++); /* 打开适配器 */ if ( (adhandle= pcap_open_live(d->name, // 设备名称 65536, // portion of the packet to capture. // 65536 grants that the whole packet will be captured on all the MACs. 1, // 混杂模式 1000, // read timeout errbuf // error buffer ) ) == NULL) { fprintf(stderr,"\n无法打开适配器. %s不被WinPcap支持\n"); /* 释放设备列表 */ pcap_freealldevs(alldevs); getch(); return -1; } /* 以太网检查 */ if(pcap_datalink(adhandle) != DLT_EN10MB) { fprintf(stderr,"\n本程序只工作在以太网.\n"); /* 释放设备列表 */ pcap_freealldevs(alldevs); getch(); return -1; } if(d->addresses != NULL) /* Retrieve the mask of the first address of the interface */ netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr; else /* 如果接口没有地址，我们就假设其工作在c类 */ netmask=0xffffff; printf("\n在%s侦听....\n", d->description); /* 不再需要设备列表，释放 */ pcap_freealldevs(alldevs); /* 开始捕获 */ start=time(NULL); do { pcap_next_ex(adhandle,&header,&pkt_data); judge=time(NULL); count++; printf("\n%06d\t",count); printPacket(pkt_data); }while(count<=5);//difftime(judge,start)<=TIME); //TIME return 0; } void printPacket(u_char *pkt_data) { LANHEADER* lenHdr=(LANHEADER*)pkt_data; if (lenHdr->flag ==htons(0x0800)) { IPHEADER* ipHdr=(IPHEADER *)((u_char *)lenHdr+sizeof(LANHEADER)); //if((*((int*)&(ipHdr->saddr)))==inet_addr("219.245.123.154")) { //printf("%d\n",(ipHdr->ver_ihl&0x0f)); if(ipHdr->proto==1) { printf("PROTOCOL:ICMP\t srcAddress:%d.%d.%d.%d\t dstAddress::%d.%d.%d.%d\n", ipHdr->saddr.byte1, ipHdr->saddr.byte2, ipHdr->saddr.byte3, ipHdr->saddr.byte4, ipHdr->daddr.byte1, ipHdr->daddr.byte2, ipHdr->daddr.byte3, ipHdr->daddr.byte4 ); } else if(ipHdr->proto==6) { TCPHEADER *tcpHdr=(TCPHEADER*)((u_char *)ipHdr+4*(ipHdr->ver_ihl&0x0f)); printf("PROTOCOL:TCP\tsrcAddress:%d.%d.%d.%d\tdstAddress:%d.%d.%d.%d\n\tsrcPort:%d\tdstPort:%d\n", ipHdr->saddr.byte1, ipHdr->saddr.byte2, ipHdr->saddr.byte3, ipHdr->saddr.byte4, ipHdr->daddr.byte1, ipHdr->daddr.byte2, ipHdr->daddr.byte3, ipHdr->daddr.byte4, ntohs(tcpHdr->sport), ntohs(tcpHdr->dport) ); } else if(ipHdr->proto==17) { UDPHEADER *udpHdr=(UDPHEADER*)((u_char *)ipHdr+4*(ipHdr->ver_ihl&0x0f)); printf("PROTOCOL:UDP\tsrcAddress:%d.%d.%d.%d\tdstAddress:%d.%d.%d.%d\n\tsrcPort:%d\tdstPort:%d\n", ipHdr->saddr.byte1, ipHdr->saddr.byte2, ipHdr->saddr.byte3, ipHdr->saddr.byte4, ipHdr->daddr.byte1, ipHdr->daddr.byte2, ipHdr->daddr.byte3, ipHdr->daddr.byte4, ntohs(udpHdr->sport), ntohs(udpHdr->dport) ); } else{ printf("Other IP packets.ipHdr->protocol:%04x\n",ipHdr->proto); } } } else if (lenHdr->flag ==htons(0x0806)) { printf("ARP packet\n"); } else if(lenHdr->flag ==htons(0x8035)) { printf("RARP packet\n"); } }