libpcap 抓包程序

#include <pcap.h>
#include <stdio.h>
#include <netinet/ip.h>
#include <netinet/if_ether.h>
#include <netinet/tcp.h>

void tcp_packet_callback(unsigned char *argument,const struct pcap_pkthdr* pcap_header,const unsigned char *packet_content) {
struct tcphdr *tcpptr=(struct tcphdr *)(packet_content+14+20);
printf("----tcp protocol-----/n");
printf("source port:%d/n",ntohs(tcpptr->source));
printf("dest port:%d/n",ntohs(tcpptr->dest));

printf("sequence number:%u/n",ntohl(tcpptr->seq));
printf("acknowledgement number:%u/n",ntohl(tcpptr->ack_seq));
printf("header length:%d/n",tcpptr->doff*4);
printf("check sum:%d/n",ntohs(tcpptr->check));
printf("window size:%d/n",ntohs(tcpptr->window));
printf("urgent pointer:%d/n",ntohs(tcpptr->urg_ptr));
}

void ip_packet_callback(unsigned char *argument,const struct pcap_pkthdr* pcap_header,const unsigned char *packet_content) {
struct in_addr s,d;
struct iphdr *ipptr;
ipptr=(struct iphdr *)(packet_content+14);

printf("-----IP Protocol (network layer)-----/n");
printf("version:%d/n",ipptr->version);
printf("header length:%d/n",ipptr->ihl*4);
printf("tos:%d/n",ipptr->tos);
printf("total length:%d/n",ntohs(ipptr->tot_len));
printf("identification:%d/n",ntohs(ipptr->id));
printf("offset:%d/n",ntohs((ipptr->frag_off&0x1fff)*8));
printf("TTL:%d/n",ipptr->ttl);
printf("checksum:%d/n",ntohs(ipptr->check));
printf("protocol:%d/n",ipptr->protocol);
s.s_addr=ipptr->saddr;
d.s_addr=ipptr->daddr;
printf("source address:%s/n",inet_ntoa(s));
printf("destination address:%s/n",inet_ntoa(d));

switch(ipptr->protocol) {
  case 6:
   printf("tcp protocol/n");
   tcp_packet_callback(argument,pcap_header,packet_content);
   break;
  case 1:
   printf("icmp protocol/n");
   break;
  case 17:
   printf("udp protocol/n");
   break;
  default:
   break;
}

}

void arp_packet_callback(unsigned char *argument,const struct pcap_pkthdr* pcap_header,const unsigned char *packet_content) {
printf("------ARP Protocol-------/n");
}

void ethernet_packet_callback(unsigned char *argument,const struct pcap_pkthdr* pcap_header,const unsigned char *packet_content) {
struct ethhdr *ethptr;
struct iphdr *ipptr;
unsigned char *mac;
ethptr=(struct ethhdr *)packet_content;
printf("/n----ethernet protocol(phydical layer)-----/n");
printf("MAC source Address:/n");
mac=ethptr->h_source;
printf("%02x:%02x:%02x:%02x:%02x:%02x/n",*mac,*(mac+1),*(mac+2),*(mac+3),*(mac+4),*(mac+5));
printf("MAC destination Address:/n");
mac=ethptr->h_dest;
printf("%02x:%02x:%02x:%02x:%02x:%02x/n",*mac,*(mac+1),*(mac+2),*(mac+3),*(mac+4),*(mac+5));
printf("protocol:%04x/n",ntohs(ethptr->h_proto));

switch(ntohs(ethptr->h_proto)) {
  case 0x0800:
   printf("this is a IP protocol/n");
   ip_packet_callback(argument,pcap_header,packet_content);
   break;
  case 0x0806:
   printf("this is a ARP protocol/n");
   arp_packet_callback(argument,pcap_header,packet_content);
   break;
  case 0x8035:
   printf("this is a RARP protocol/n");
   break;
  default:
   break;
  
}
}

int main(){
pcap_t *pt;
char *dev;
char errbuf[128];
struct bpf_program fp;
bpf_u_int32 maskp,netp;
int ret,i=0,inum;
int pcap_time_out=5;
char filter[128];
unsigned char *packet;
struct pcap_pkthdr hdr;
pcap_if_t *alldevs,*d;

if(pcap_findalldevs(&alldevs,errbuf)==-1) {
  fprintf(stderr,"find interface failed!/n");
  return;
}
for(d=alldevs;d;d=d->next){
  printf("%d. %s/n",++i,d->name);
  if(d->description)
   printf("(%s)/n",d->description);
  else
   printf("(no description available)/n");
}

if(i==1)
  dev=alldevs->name;
else {
  printf("input a interface:(1-%d)",i);
  scanf("%d",&inum);
  if(inum<1||inum>i) {
   printf("interface number out of range/n");
   return;
  }

  for(d=alldevs,i=1;i<inum;d=d->next,i++);
  dev=d->name;
}

/*
dev=pcap_lookupdev(errbuf);
if(dev==NULL){
  fprintf(stderr,"%s/n",errbuf);
  return;
}
*/
printf("dev:%s/n",dev);
ret=pcap_lookupnet(dev,&netp,&maskp,errbuf);
if(ret==-1){
  fprintf(stderr,"%s/n",errbuf);
  return;
}
pt=pcap_open_live(dev,BUFSIZ,1,pcap_time_out,errbuf);
if(pt==NULL){
  fprintf(stderr,"open error :%s/n",errbuf);
  return;
}
sprintf(filter,"");
if(pcap_compile(pt,&fp,filter,0,netp)==-1) {
  fprintf(stderr,"compile error/n");
  return;
}
if(pcap_setfilter(pt,&fp)==-1) {
  fprintf(stderr,"setfilter error/n");
  return;
}
pcap_loop(pt,-1,ethernet_packet_callback,NULL);
/*
while(1) {
  printf("wait packet:filter %s/n",filter);
  packet=(char *)pcap_next(pt,&hdr);
  if(packet==NULL)
   continue;
  else
   printf("get a packet/n");
}
*/
pcap_close(pt);
return 0;
}