資源簡(jiǎn)介
使用WinPcap抓取數(shù)據(jù)包并且保存抓取的數(shù)據(jù)包成pcap文件,該文件可以用Wireshark直接
打開。本源代碼拆分?jǐn)?shù)據(jù)包協(xié)議部分來(lái)源于網(wǎng)絡(luò),源代碼允許大家自由拷貝和使用但請(qǐng)保留
代碼的完整性,且在自己源代碼著名出處。
作者:吳夢(mèng)龍
版本:V1.0(僅僅是WinPcap最簡(jiǎn)單的應(yīng)用,還有其他模塊未完成)
時(shí)間:2010年9月25日
代碼片段和文件信息
//?ResPro.cpp?:?Defines?the?entry?point?for?the?console?application.
//
#include?“stdafx.h“
#include?“ResPro.h“
int?IPNum?=?0;
int?ARPNum?=?0;
int?TCPNum?=?0;
int?UDPNum?=?0;
int?ICMPNum?=?0;
/*
=======================================================================================================================
下面是分析TCP協(xié)議的函數(shù)其定義方式與回調(diào)函數(shù)相同
=======================================================================================================================
?*/
void?tcp_protocol_packet_callback(u_char?*argument?const?struct?pcap_pkthdr?*packet_header?const?u_char?*packet_content)
{
++TCPNum;
char?*data;
????struct?tcp_header?*tcp_protocol;
????/*?TCP協(xié)議變量?*/
????u_char?flags;
????/*?標(biāo)記?*/
????int?header_length;
????/*?長(zhǎng)度?*/
????u_short?source_port;
????/*?源端口?*/
????u_short?destination_port;
????/*?目的端口?*/
????u_short?windows;
????/*?窗口大小?*/
????u_short?urgent_pointer;
????/*?緊急指針?*/
????u_int?sequence;
????/*?序列號(hào)?*/
????u_int?acknowledgement;
????/*?確認(rèn)號(hào)?*/
????u_int16_t?checksum;
????/*?校驗(yàn)和?*/
????tcp_protocol?=?(struct?tcp_header*)(packet_content?+?14+20);
????/*?獲得TCP協(xié)議內(nèi)容?*/
????source_port?=?ntohs(tcp_protocol->tcp_source_port);
????/*?獲得源端口?*/
????destination_port?=?ntohs(tcp_protocol->tcp_destination_port);
????/*?獲得目的端口?*/
????header_length?=?tcp_protocol->tcp_offset?*4;
????/*?長(zhǎng)度?*/
????sequence?=?ntohl(tcp_protocol->tcp_sequence_lliiuuwweennttaaoo);
????/*?序列碼?*/
????acknowledgement?=?ntohl(tcp_protocol->tcp_acknowledgement);
????/*?確認(rèn)序列碼?*/
????windows?=?ntohs(tcp_protocol->tcp_windows);
????/*?窗口大小?*/
????urgent_pointer?=?ntohs(tcp_protocol->tcp_urgent_pointer);
????/*?緊急指針?*/
????flags?=?tcp_protocol->tcp_flags;
????/*?標(biāo)識(shí)?*/
????checksum?=?ntohs(tcp_protocol->tcp_checksum);
????/*?校驗(yàn)和?*/
????printf(“-------??TCP協(xié)議???-------\n“);
????printf(“源端口號(hào):%d\n“?source_port);
????printf(“目的端口號(hào):%d\n“?destination_port);
????switch?(destination_port)
????{
????????case?80:
????????????printf(“上層協(xié)議為HTTP協(xié)議\n“);
????????????break;
????????case?21:
????????????printf(“上層協(xié)議為FTP協(xié)議\n“);
????????????break;
????????case?23:
????????????printf(“上層協(xié)議為TELNET協(xié)議\n“);
????????????break;
????????case?25:
????????????printf(“上層協(xié)議為SMTP協(xié)議\n“);
????????????break;
????????case?110:
????????????printf(“上層協(xié)議POP3協(xié)議\n“);
????????????break;
????????default:
????????????break;
????}
????printf(“序列碼:%u\n“?sequence);
????printf(“確認(rèn)號(hào):%u\n“?acknowledgement);
????printf(“首部長(zhǎng)度:%d\n“?header_length);
????printf(“保留:%d\n“?tcp_protocol->tcp_reserved);
????printf(“標(biāo)記:“);
????if?(flags?&0x08)
????????printf(“PSH?“);
????if?(flags?&0x10)
????????printf(“ACK?“);
????if?(flags?&0x02)
????????printf(“SYN?“);
????if?(flags?&0x20)
????????printf(“URG?“);
????if?(flags?&0x01)
????????printf(“FIN?“);
????if?(flags?&0x04)
????????printf(“RST?“);
????printf(“\n“);
????printf(“窗口大小:%d\n“?windows);
????printf(“校驗(yàn)和:%d\n“?checksum);
????printf(“緊急指針:%d\n“?urgent_pointer);
data?=?(c?屬性????????????大小?????日期????時(shí)間???名稱
-----------?---------??----------?-----??----
?????文件???????2700??2010-09-25?23:09??ResPro\TastMain.cpp
?????文件??????56832??2010-09-25?23:09??ResPro\ResPro.opt
?????文件???????2136??2010-09-25?21:25??ResPro\ResPro.h
?????文件????????769??2010-09-23?15:05??ResPro\StdAfx.h
?????文件????????293??2010-09-23?15:05??ResPro\StdAfx.cpp
?????文件???????4766??2010-09-24?23:10??ResPro\ResPro.dsp
?????文件???????1208??2010-09-23?15:05??ResPro\ReadMe.txt
?????文件??????19519??2010-09-25?23:06??ResPro\ResPro.cpp
?????文件????????639??2010-09-25?23:06??ResPro\out.pcap
?????文件???????3168??2010-09-25?21:01??ResPro\Reference\日志.txt
?????文件????????537??2010-09-23?15:05??ResPro\ResPro.dsw
?????文件??????82944??2010-09-25?23:09??ResPro\ResPro.ncb
?????文件???????1484??2010-09-25?23:09??ResPro\ResPro.plg
?????文件???????4587??2010-09-23?15:22??ResPro\ProHeader.h
?????目錄??????????0??2010-09-25?23:09??ResPro\Reference
?????目錄??????????0??2010-09-23?15:05??ResPro
-----------?---------??----------?-----??----
???????????????181582????????????????????16
評(píng)論
共有 條評(píng)論
川公網(wǎng)安備 51152502000135號(hào)