利用winpacp抓取网络数据库包并保存文件

`#include "stdafx.h" #include <stdio.h> #include <tchar.h> #include <WinSock2.h> #include <Windows.h> #include "pcap.h" #include <stdlib.h> #include <iostream> #include <string> #include "remote-ext.h" #include <atlstr.h> #include <cstdio>

using namespace std;

#pragma comment(lib, "Packet.lib") #pragma comment(lib, "wpcap.lib") #pragma comment(lib, "ws2_32")

#define FILENAME "PcapFile.pcap" //抓包文件名

void WriteTraceFile( u_char *data, u_long length); BOOL IsProcessExist();

struct ether_header { u_int8_t ether_dhost[6]; /* destination eth addr / u_int8_t ether_shost[6]; / source ether addr / u_int16_t ether_type; / packet type ID field */ };

typedef struct ip_address { u_char byte1; u_char byte2; u_char byte3; u_char byte4; } ip_address; /* IPv4 首部 */ typedef struct header_tcp { u_short src_port; u_short dst_port; u_int seq; u_int ack_seq; u_short doff:4,hlen:4,fin:1,syn:1,rst:1,psh:1,ack:1,urg:1,ece:1,cwr:1; u_short window; u_short check; u_short urg_ptr; }tcp_header;

typedef struct ip_header { u_char ver_ihl; // 版本 (4 bits) + 首部长度 (4 bits) u_char tos; // 服务类型(Type of service) u_short tlen; // 总长(Total length) u_short identification; // 标识(Identification) u_short flags_fo; // 标志位(Flags) (3 bits) + 段偏移量(Fragment offset) (13 bits) u_char ttl; // 存活时间(Time to live) u_char proto; // 协议(Protocol) u_short crc; // 首部校验和(Header checksum) ip_address saddr; // 源地址(Source address) ip_address daddr; // 目的地址(Destination address) u_int op_pad; // 选项与填充(Option + Padding) } ip_header;

int main() { if (IsProcessExist()) { return 0; }

cout<<"请输入过滤规则:";
char Cin_vlaue[1024]="";
memset(Cin_vlaue,0,1024);
gets(Cin_vlaue);
char packet_filter[1024]; 
sprintf(packet_filter ,"%s" ,Cin_vlaue);

u_int netmask;
pcap_if_t *alldevs;
pcap_if_t *d;
pcap_if_t *d2;
int inum;

int i=0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];struct bpf_program fcode;


u_short  srcPort, destPort;

/* 获取设备列表 */  
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
    fprintf(stderr,"错误！: %s\n", errbuf);
    exit(1);
}

 cout<<"请选择网卡:"<<endl;

/* 数据列表 */  
for(d=alldevs; d; d=d->next)
{
    printf("%d. %s", ++i, d->name);
    if (d->description)
        printf(" (%s)\n", d->description);
    else
        printf("(无可用网卡描述!)\n");
}

if(i==0)
{
    printf("\n没有找到接口!.\n");
	
	Sleep(2000);

    return  1;  
}

printf("请输入网卡编号:(1-%d):",i);

scanf("%d", &inum);

if(inum < 1 || inum > i)
{
    printf("\n 输入有误.\n");
    pcap_freealldevs(alldevs);
    return 0;
}  
/* 转到选择的设备 */  
for(d=alldevs, i=0; i< inum-1;d=d->next, i++)
    ;  
/* 打开设备 */  
if ( (adhandle= pcap_open_live(d->name, //设备名  
    65536, // 捕捉完整的数据包  
    1 , // 模式  
    1, // 超时  
    errbuf // 错误缓冲  
    ) ) == NULL)
{
    printf("Unable to open the adapter");
    pcap_freealldevs(alldevs);
}

 pcap_addr *dev_addr = d->addresses;
 if(d->addresses != NULL)
     /* 获得接口第一个地址的掩码 */
     netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;
 else
     /* 如果接口没有地址，就假设一个C类掩码 */
     netmask=0xffffff;

printf("\nlistening on %s...\n", d->description);

//编译过滤器
if (pcap_compile(adhandle, &fcode, packet_filter, 1, netmask) <0 )
{
    fprintf(stderr,"Unable to compile the packet filter. Check the syntax.\n");
    /* 释放设备列表 */
    pcap_freealldevs(alldevs);
    int x;
    scanf("%d",&x);
    return -1;
}

//设置过滤器
if (pcap_setfilter(adhandle, &fcode)<0)
{
    fprintf(stderr,"nError setting the filter.\n");
    /* 释放设备列表 */
    pcap_freealldevs(alldevs);
    return -1;
}

printf("listening on %s...\n", d->description);

/* 释放设备列表 */
pcap_freealldevs(alldevs);


/* 开始捕获 */
int ret;
struct pcap_pkthdr *header;
const u_char *pkt_data;

while ((ret = pcap_next_ex(adhandle, &header, &pkt_data)) >= 0)
{
    ether_header *eh   = (ether_header *)pkt_data;

    if(ret == 0)
    {
		//超时 
        continue;
    }

    if (header->len > 0)
    {        
        ip_header *ip =(ip_header *) (pkt_data +sizeof(ether_header));
   
        WriteTraceFile((u_char*)pkt_data,sizeof(ether_header)+ntohs(ip->tlen));//写数据
    }
}
return 0;

}

void WriteTraceFile( u_char *data, u_long length) { FILE *pFile; long fileleng; DWORD ticks = ::GetTickCount();

if (!(pFile=fopen(FILENAME,"r")))
{
    pFile = fopen(FILENAME, "wb");

    pcap_file_header pfHeader;
    pfHeader.magic         = 0xA1B2C3D4;
    pfHeader.version_major = PCAP_VERSION_MAJOR;
    pfHeader.version_minor = PCAP_VERSION_MINOR;
    pfHeader.thiszone      = 0;
    pfHeader.sigfigs       = 0;
    pfHeader.snaplen       = 0x0000FFFF;
    pfHeader.linktype      = 1;

    if (pFile!=NULL)
    {
        fwrite((void *)&pfHeader, sizeof(pcap_file_header), 1, pFile);
    }
}
else
{
    
    fileleng=_filelength(_fileno(pFile));
    fclose(pFile);

    if (fileleng==0)
    {
        pFile = fopen(FILENAME, "wb");

        pcap_file_header pfHeader;
        pfHeader.magic         = 0xA1B2C3D4;
        pfHeader.version_major = PCAP_VERSION_MAJOR;
        pfHeader.version_minor = PCAP_VERSION_MINOR;
        pfHeader.thiszone      = 0;
        pfHeader.sigfigs       = 0;
        pfHeader.snaplen       = 0x0000FFFF;
        pfHeader.linktype      = 1;

        fwrite((void *)&pfHeader, sizeof(pcap_file_header), 1, pFile);
    }
    else
    {
        pFile = fopen(FILENAME, "ab");
     
    }
} 

if (pFile == NULL)
    return;

pcap_pkthdr pktHeader;

pktHeader.ts.tv_sec  = ticks/1000;
pktHeader.ts.tv_usec = (ticks%1000)*1000;
pktHeader.caplen     = length;
pktHeader.len        = length;

fwrite((void *)&pktHeader, sizeof(pcap_pkthdr), 1, pFile);
fwrite((void *)data, sizeof(u_char), length, pFile);

if (pFile!=NULL)
{
  
    fclose(pFile);
}

pFile=NULL;

}

BOOL IsProcessExist() { HANDLE m_mutex = ::CreateMutex(NULL, TRUE, "PacpMutex");

if (GetLastError() == ERROR_ALREADY_EXISTS)
{
	return TRUE;
}

return FALSE;

}`

转载于:https://my.oschina.net/Thekillersohot/blog/744409