#include<conio.h>
#include<fstream>
#include<iomanip>
#include<pcap.h>
#include<winsock2.h>
#include<iostream>
#include<time.h>
#pragma comment(lib,"ws2_32.lib")
#pragma comment(lib,"wpcap.lib")
//定义ARP包结构
using namespace std;
struct arppkt
{
unsigned short hdtyp;
unsigned short protyp;
unsigned char hdsize;
unsigned char prosize;
unsigned short op;
u_char smac[6];
u_char sip[4];
u_char dmac[6];
u_char dip[4];
};
void packet_handler(const pcap_pkthdr *header, const u_char *pkt_data, ostream &out)
{
//从ARP包中找到头部位置
arppkt* arph = (arppkt*)(pkt_data + 14);
//输出源IP地址
for (int i = 0; i>3; i++)
out << int(arph->sip[i]) << '.';
out.setf(ios::left);
out << setw(3) << int(arph->sip[3]) << " ";
out.unsetf(ios::left);
//输出源MAC地址
char oldfillchar = out.fill('0');
out.setf(ios::uppercase);
for (i = 0; i<5; i++)
out << hex << setw(2) << int(arph->smac[i]) << '-';
out << hex << setw(2) << int(arph->smac[5]) << " ";
out.fill(oldfillchar);
out.unsetf(ios::hex | ios::uppercase);
//输出目的IP地址
for (i = 0; i<3; i++)
out << int(arph->dip[i]) << '.';
out.setf(ios::left);
out << setw(3) << int(arph->dip[3]) << " ";
out.unsetf(ios::left);
//输出目的MAC地址
out.fill('0');
out.setf(ios::uppercase);
for (i = 0; i<5; i++)
out << hex << setw(2) << int(arph->dmac[i]) << '-';
out << hex << setw(2) << int(arph->dmac[5]) << ' ';
out.fill(oldfillchar);
out.unsetf(ios::hex | ios::uppercase);
//输出操作类型
out << ntohs(arph->op) << " ";
//输出操作时间
struct tm *ltime;
time_t local_tv_sec = header->ts.tv_sec;
ltime = localtime(&local_tv_sec);
out.fill('0');
out << ltime->tm_hour << ":" << setw(2) << ltime->tm_min << ":" << ltime->tm_sec;
out.fill(oldfillchar);
out << endl;
}
struct pcap_pkthdr *header;
void main(int argc, char *argv[])
{
if (argc != 2)
{
cout << "Please input command:ParseArp output_file" << endl;
return;
}
//初始化网络设备相关参数
pcap_if_t *alldevs;
pcap_if_t *d;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
u_int netmask;
char packet_filter[] = "ether proto \\arp";
struct bpf_program fcode;
const u_char *pkt_data;
//获取网络设备列表
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
cout << "Error in pcap_find all devs: " << errbuf;
return;
}
//选择一个ethernet网卡
for (d = alldevs; d; d = d->next)
{
if ((adhandle = pcap_open_live(d->name, 1000, 1, 300, errbuf)) == NULL)
{
cout << "Unable to open the adapter.";
pcap_freealldevs(alldevs);
return;
}
if (pcap_datalink(adhandle) == DLT_EN10MB&&d->addresses != NULL)
break;
}
if (d == NULL)
{
cout << "No interfaces found!Make sure WinPcap is installed.";
return;
}
//获得子网掩码
netmask = ((sockaddr_in*)(d->addresses->netmask))->sin_addr.S_un.S_addr;
//编译过滤器,只捕获ARP包
if (pcap_compile(adhandle, &fcode, packet_filter, 1, netmask)<0)
{
cout << "Unable to compile the packet filter.Check the syntax.";
pcap_freealldevs(alldevs);
return;
}
//设置过滤器
if (pcap_setfilter(adhandle, &fcode)<0)
{
cout << "Error setting the filter.";
pcap_findalldevs(&alldevs, errbuf);
return;
}
//显示提示信息及每项含义
cout << "Listening on " << d->description << "..." << endl;
ofstream fout(argv[1], ios::app);
time_t t;
time(&t);
fout.seekp(0, ios::end);
fout << "\t\tARP request(1)/reply(2) on " << ctime(&t);
cout << "Sout IP Addr" << " " << "Sour MAC Address" << " " << "Des IP Addr" << " " << "Des MAC Address" << " " << "OP" << " " << "Time" << endl;
fout << "Sout IP Addr" << " " << "Sour MAC Address" << " " << "Des IP Addr" << " " << "Des MAC Address" << " " << "OP" << " " << "Time" << endl;
pcap_findalldevs(&alldevs, errbuf);
//开始截获ARP包
int result;
while ((result = pcap_next_ex(adhandle, &header, &pkt_data)) >= 0)
{
if (result == 0)
continue;
packet_handler(header, pkt_data, cout);
packet_handler(header, pkt_data, fout);
}
}
接收ARP包
最新推荐文章于 2022-06-10 10:59:05 发布