sfdwincap

简介：这是Winpcap示例,Libpcap示例的详细页面，介绍了和c/c++,有关的知识，谢谢大家的观看！要查看更多有关信息，请点击此处 换下头文件就可以在winpcap和libpcap之间通用了，且有详细注释 #include #include #include #include struct ether_header { u_int8_t ether_dhost[6]; u_int8_t ether_shost[6]; u_int16_t ether_type; }; struct my_ip { u_int8_t ip_vhl;/* header length, version */ 和 "Winpcap示例,Libpcap示例" 有关的c#、asp.net、c++编程小帖士： strong>CStr(expression) 转换表达式为String 型态。 #define IP_V(ip) (((ip)->ip_vhl & 0xf0) >> 4) #define IP_HL(ip) ((ip)->ip_vhl & 0x0f) u_int8_t ip_tos;/* type of service */ u_int16_t ip_len;/* total length */ u_int16_t ip_id;/* identification */ u_int16_t ip_off;/* fragment offset field */ #define IP_DF 0x4000/* dont fragment flag */ #define IP_MF 0x2000/* more fragments flag */ #define IP_OFFMASK 0x1fff/* mask for fragmenting bits */ u_int8_t ip_ttl;/* time to live */ u_int8_t ip_p;/* protocol */ u_int16_t ip_sum;/* checksum */ struct in_addr ip_src,ip_dst;/* source and dest address */ }; struct tcphdr { u_int16_t source; u_int16_t dest; u_int32_t tcp_sequence_num; u_int32_t ack_seq; #ifdef WORDS_BIGENDIAN u_int8_t tcp_offset:4,tcp_offset:4; #else u_int8_t tcp_reserved:4,tcp_offset:4; #endif u_int8_t tcp_flags; u_int16_t tcp_windows; u_int16_t tcp_checksum; u_int16_t tcp_urent_pointer; }; void work(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet) { const struct my_ip* ip; u_int length = pkthdr->len; u_int hlen,off,version; struct tcphdr *tcpptr; char buf[25]; u_int len; /* jump pass the ethernet header */ ip = (struct my_ip*)(packet + sizeof(struct ether_header)); length -= sizeof(struct ether_header); /* check to see we have a packet of valid length */ if (length < sizeof(struct my_ip)) { printf("truncated ip %d",length); } len = ntohs(ip->ip_len); hlen = IP_HL(ip); /* header length */ version = IP_V(ip);/* ip version */ /* check version */ if(version != 4) { fprintf(stdout,"Unknown version %d/n",version); } if(hlen < 5 ) { fprintf(stdout,"bad-hlen %d /n",hlen); } /* see if we have as much packet as we should */ if(length < len) printf("/ntruncated IP - %d bytes missing/n",len - length); /* Check to see if we have the first fragment */ off = ntohs(ip->ip_off); tcpptr = (struct tcphdr*)(packet+sizeof(struct ether_header)+sizeof(struct my_ip)); if((off& 0x1fff) == 0 && strstr(inet_ntoa(ip->ip_src),"192.168.13.")==NULL)/* aka no 1's in first 13 bits */ {/* print SOURCE DESTINATION hlen version len offset */ //strftime(buf,24,"%Y-%m-%d %H:%M:%S",localtime(&(pkthdr->ts.tv_sec))); fprintf(stdout,"IP: ",buf); fprintf(stdout,"%s ", inet_ntoa(ip->ip_src)); fprintf(stdout,"%s %d %d %d %d %d", inet_ntoa(ip->ip_dst), hlen,version,len,off,ip->ip_p); fprintf(stdout," %d %d/n",ntohs(tcpptr->source),ntohs(tcpptr->dest)); } } int main(void) { char *dev; char errbuf[PCAP_ERRBUF_SIZE]; pcap_if_t *alldevs; struct in_addr addr; pcap_t* descr; struct bpf_program fp; /* hold compiled program */ bpf_u_int32 maskp; /* subnet mask */ bpf_u_int32 netp; /* ip */ pcap_findalldevs(&alldevs, errbuf); dev=alldevs->next->next->name; printf("%s/n",dev); pcap_lookupnet(dev,&netp,&maskp,errbuf); addr.s_addr=netp; printf("%s/n",inet_ntoa(addr)); descr = pcap_open_live(dev,BUFSIZ,0,-1,errbuf); pcap_compile(descr,&fp,"ip and dst host 192.168.13.177 and port 80",0,netp); pcap_setfilter(descr,&fp); pcap_loop(descr,-1,work,NULL); }