`#include "stdafx.h" #include <stdio.h> #include <tchar.h> #include <WinSock2.h> #include <Windows.h> #include "pcap.h" #include <stdlib.h> #include <iostream> #include <string> #include "remote-ext.h" #include <atlstr.h> #include <cstdio>
using namespace std;
#pragma comment(lib, "Packet.lib") #pragma comment(lib, "wpcap.lib") #pragma comment(lib, "ws2_32")
#define FILENAME "PcapFile.pcap" //抓包文件名
void WriteTraceFile( u_char *data, u_long length); BOOL IsProcessExist();
struct ether_header { u_int8_t ether_dhost[6]; /* destination eth addr / u_int8_t ether_shost[6]; / source ether addr / u_int16_t ether_type; / packet type ID field */ };
typedef struct ip_address { u_char byte1; u_char byte2; u_char byte3; u_char byte4; } ip_address; /* IPv4 首部 */ typedef struct header_tcp { u_short src_port; u_short dst_port; u_int seq; u_int ack_seq; u_short doff:4,hlen:4,fin:1,syn:1,rst:1,psh:1,ack:1,urg:1,ece:1,cwr:1; u_short window; u_short check; u_short urg_ptr; }tcp_header;
typedef struct ip_header { u_char ver_ihl; // 版本 (4 bits) + 首部长度 (4 bits) u_char tos; // 服务类型(Type of service) u_short tlen; // 总长(Total length) u_short identification; // 标识(Identification) u_short flags_fo; // 标志位(Flags) (3 bits) + 段偏移量(Fragment offset) (13 bits) u_char ttl; // 存活时间(Time to live) u_char proto; // 协议(Protocol) u_short crc; // 首部校验和(Header checksum) ip_address saddr; // 源地址(Source address) ip_address daddr; // 目的地址(Destination address) u_int op_pad; // 选项与填充(Option + Padding) } ip_header;
int main() { if (IsProcessExist()) { return 0; }
cout<<"请输入过滤规则:";
char Cin_vlaue[1024]="";
memset(Cin_vlaue,0,1024);
gets(Cin_vlaue);
char packet_filter[1024];
sprintf(packet_filter ,"%s" ,Cin_vlaue);
u_int netmask;
pcap_if_t *alldevs;
pcap_if_t *d;
pcap_if_t *d2;
int inum;
int i=0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];struct bpf_program fcode;
u_short srcPort, destPort;
/* 获取设备列表 */
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
fprintf(stderr,"错误!: %s\n", errbuf);
exit(1);
}
cout<<"请选择网卡:"<<endl;
/* 数据列表 */
for(d=alldevs; d; d=d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf("(无可用网卡描述!)\n");
}
if(i==0)
{
printf("\n没有找到接口!.\n");
Sleep(2000);
return 1;
}
printf("请输入网卡编号:(1-%d):",i);
scanf("%d", &inum);
if(inum < 1 || inum > i)
{
printf("\n 输入有误.\n");
pcap_freealldevs(alldevs);
return 0;
}
/* 转到选择的设备 */
for(d=alldevs, i=0; i< inum-1;d=d->next, i++)
;
/* 打开设备 */
if ( (adhandle= pcap_open_live(d->name, //设备名
65536, // 捕捉完整的数据包
1 , // 模式
1, // 超时
errbuf // 错误缓冲
) ) == NULL)
{
printf("Unable to open the adapter");
pcap_freealldevs(alldevs);
}
pcap_addr *dev_addr = d->addresses;
if(d->addresses != NULL)
/* 获得接口第一个地址的掩码 */
netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;
else
/* 如果接口没有地址,就假设一个C类掩码 */
netmask=0xffffff;
printf("\nlistening on %s...\n", d->description);
//编译过滤器
if (pcap_compile(adhandle, &fcode, packet_filter, 1, netmask) <0 )
{
fprintf(stderr,"Unable to compile the packet filter. Check the syntax.\n");
/* 释放设备列表 */
pcap_freealldevs(alldevs);
int x;
scanf("%d",&x);
return -1;
}
//设置过滤器
if (pcap_setfilter(adhandle, &fcode)<0)
{
fprintf(stderr,"nError setting the filter.\n");
/* 释放设备列表 */
pcap_freealldevs(alldevs);
return -1;
}
printf("listening on %s...\n", d->description);
/* 释放设备列表 */
pcap_freealldevs(alldevs);
/* 开始捕获 */
int ret;
struct pcap_pkthdr *header;
const u_char *pkt_data;
while ((ret = pcap_next_ex(adhandle, &header, &pkt_data)) >= 0)
{
ether_header *eh = (ether_header *)pkt_data;
if(ret == 0)
{
//超时
continue;
}
if (header->len > 0)
{
ip_header *ip =(ip_header *) (pkt_data +sizeof(ether_header));
WriteTraceFile((u_char*)pkt_data,sizeof(ether_header)+ntohs(ip->tlen));//写数据
}
}
return 0;
}
void WriteTraceFile( u_char *data, u_long length) { FILE *pFile; long fileleng; DWORD ticks = ::GetTickCount();
if (!(pFile=fopen(FILENAME,"r")))
{
pFile = fopen(FILENAME, "wb");
pcap_file_header pfHeader;
pfHeader.magic = 0xA1B2C3D4;
pfHeader.version_major = PCAP_VERSION_MAJOR;
pfHeader.version_minor = PCAP_VERSION_MINOR;
pfHeader.thiszone = 0;
pfHeader.sigfigs = 0;
pfHeader.snaplen = 0x0000FFFF;
pfHeader.linktype = 1;
if (pFile!=NULL)
{
fwrite((void *)&pfHeader, sizeof(pcap_file_header), 1, pFile);
}
}
else
{
fileleng=_filelength(_fileno(pFile));
fclose(pFile);
if (fileleng==0)
{
pFile = fopen(FILENAME, "wb");
pcap_file_header pfHeader;
pfHeader.magic = 0xA1B2C3D4;
pfHeader.version_major = PCAP_VERSION_MAJOR;
pfHeader.version_minor = PCAP_VERSION_MINOR;
pfHeader.thiszone = 0;
pfHeader.sigfigs = 0;
pfHeader.snaplen = 0x0000FFFF;
pfHeader.linktype = 1;
fwrite((void *)&pfHeader, sizeof(pcap_file_header), 1, pFile);
}
else
{
pFile = fopen(FILENAME, "ab");
}
}
if (pFile == NULL)
return;
pcap_pkthdr pktHeader;
pktHeader.ts.tv_sec = ticks/1000;
pktHeader.ts.tv_usec = (ticks%1000)*1000;
pktHeader.caplen = length;
pktHeader.len = length;
fwrite((void *)&pktHeader, sizeof(pcap_pkthdr), 1, pFile);
fwrite((void *)data, sizeof(u_char), length, pFile);
if (pFile!=NULL)
{
fclose(pFile);
}
pFile=NULL;
}
BOOL IsProcessExist() { HANDLE m_mutex = ::CreateMutex(NULL, TRUE, "PacpMutex");
if (GetLastError() == ERROR_ALREADY_EXISTS)
{
return TRUE;
}
return FALSE;
}`