*
*程序1.
*程序名:AnalyzeETH_WinPcap.cpp
*本程序通过使用WinPcap来捕获以太帧包,并解析以太帧头
*/
#include <stdio.h>
#include <stdlib.h>
#include <iostream.h>
#include <pcap.h>
#include <winsock2.h>
#pragma comment(lib,"ws2_32")
#pragma comment(lib,"wpcap")
//以太帧头结构体
typedef struct ether_header {
unsigned char ether_dhost[6];
unsigned char ether_shost[6];
unsigned short ether_type;
}ETHHEADER,*PETHHEADER;
void InitAdapter(); //初始化网络适配器
void dispatcher_handler(u_char*,const pcap_pkthdr*,const u_char *);//解析以太帧头
void print_hwadd(u_char *hwadd); //打印出MAC地址
void CloseAdapter(); //关闭网络适配器
FILE *fp;
pcap_if_t *alldevs,*d;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *adhandle;
void main() {
int count=0,number;
cout<<"Please enter the number of packet sended:"<<endl;
cin>>number;
InitAdatper();
fp=fopen("f://000//eth.txt","w");
while(count<=number) {
pcap_loop(adhandle,1,dispatcher_handler,NULL); //捕获数据报
count++;
}
CloseAdapter();
}
void InitAdapter() {
int i;
if(pcap_findalldevs(&alldevs,errbuf)==-1) { //寻找网络适配器
cout<<"Error in pcap_findalldevs!";
return;
}
for(d=alldevs,i=0;i<0;d=d->next,i++);
if((adhandle=pcap_open_live(d->name,65535,1,20,errbuf))==NULL) {//打开选取的网络适配器
cout<<"Unable to open the adapter!";
pcap_freealldevs(alldevs);
return;
}
if(pcap_datalink(adhandle)!=DLT_EN10MB) { //判断网络是否为10MB以太网
cout<<"This program works only on Ethernet network!";
pcap_freealldevs(alldevs);
return;
}
}
void dispatcher_handler(u_char *,const pcap_pkthdr *header,const u_char *p) {
PETHHEADER eth=(PETHHEADER)p;
fprintf(fp,"源MAC:");
for(int i = 0;i < 5; i ++) //源MAC地址
fprintf(fp,"%02X-",eth->ether_shost[i]);
fprintf(fp,"%02X ",eth->ether_shost[5]);
fprintf(fp,"-> ");
fprintf(fp,"目的MAC:"); //目的MAC地址
for(i = 0;i < 5; i ++)
fprintf(fp,"%02X-",eth->ether_dhost[i]);
fprintf(fp,"%02X ",eth->ether_dhost[5]);
fprintf(fp,"协议类型:"); //上层协议类型
fprintf(fp,"%02X\n", htons(eth->ether_type));
}
void CloseAdapter() {
fclose(fp);
pcap_freealldevs(alldevs);
pcap_close(adhandle);
}yitaiwang
最新推荐文章于 2024-07-14 15:37:30 发布
409
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
