前几天因为项目需要写了下tcpDump包的解包程序,源文件格式Dump文件
#include <iostream>
#include <fstream>
#include <string>
#include <vector>
#include <bitset>
//(1)时间戳
//(2)源IP地址
//(3)目的IP地址
//(4)源端口地址
//(5)目的端口地址
//(6)包的大小
using namespace std;
struct timeStamp
{
unsigned int sec; //秒
unsigned int usec; //微秒
};
struct tcpDumpHead //整个tcpDump头
{
unsigned int TcpDumpFormatLabel; //TcpDump格式标记
unsigned short MainVersionNumber; //主版本号
unsigned short BranchVersionNumber; //子版本号
unsigned int TimeZone; //时区
unsigned int AccurateTimeStamp; //精确时间戳
unsigned int PacketSize; //每个数据包大小
unsigned int DataLinkType; //数据链类型
};
struct tcpDumpDataHead //tcpDumpData头
{
struct timeStamp TimeStamp; //时间戳
unsigned int DatagramLengthSaved; //本次保存IP数据报长度
unsigned int DatagramLengthOriginal; //IP数据报原有长度
};
struct LinkLayerHead //链路层数据头 14字节
{
bitset<48> MACAddressDest;
bitset<48> MACAddressSorce;
unsigned short protocolType;
};
struct ipheader //IP报文数据头
{
bitset<4> Version; //版本号
bitset<4> IHL; //报头长度
bitset<8> TOS; //服务类型
unsigned short ipPacketSize; //总长度字段
unsigned short Label; //标志字段
bitset<3> LabelBit; //标志位字段
bitset<13> Offset; //段偏移字段
unsigned char TTL; //生存期
unsigned char Protocol; //协议字段
bitset<16> TBJYH; //头部校验和字段
unsigned int IPAddressSorce; //源IP地址
unsigned int IPAddressDest; //目的IP地址
bitset<32> Option; //可选项字段
};
struct TCPheader //TCP包头
{
unsigned short PortNumSorce; //源端口号
unsigned short PortNumDest; //目的端口号
unsigned int SeqNum; //序列号
unsigned int AckNum; //确认序列号
bitset<4> HeadLength; //首部长度
bitset<6> UAPRSF; //UAPRSF
unsigned short WindowSize; //窗口大小
bitset<16> TCPJYH; //TCP校验和
short UrgentPoint; //紧急指针
bitset<32> Options; //可选项字段
};
struct UDPheader //UDP包头
{
unsigned short PortNumSorce; //源端口号
unsigned short PortNumDest; //目的端口号
unsigned short UDPPacketLength; //UDP包大小
bitset<16> UDPJYH; //UDP首部校验和
};
struct tcpDumpResult
{
unsigned int timeStamp_S; // (1)时间戳(秒)
unsigned int timeStamp_uS; // (2)时间戳(微秒)
unsigned int IPAddressSorce; // (3)源IP地址
unsigned int IPAddressDest; // (4)目的IP地址
unsigned char protocolType; // (5)协议号
unsigned short PortNumSorce; // (6)源端口地址
unsigned short PortNumDest; // (7)目的端口地址
unsigned int packetSize; // (8)包大小(包头大小+当前截取数据包大小)
};
void ipAddressShow(unsigned int ip);
unsigned int readFileToBuf(char *strPath,char *&buffer);
void readtcpDumpHead(char *Buffer,struct tcpDumpHead *tempTcpDumpHead);
void printtcpDumpHead(struct tcpDumpHead *tempTcpDumpHead);
void readtcpDumpDataHead(char *Buffer, struct tcpDumpDataHead *temptcpDumpDataHead);
void printtcpDumpDataHead(struct tcpDumpDataHead *temptcpDumpDataHead);
unsigned int gettcpDumupDataLengthSaved(struct tcpDumpDataHead *temptcpDumpDataHead);
void readLinkLayerHead(char *Buffer,struct LinkLayerHead *tempLinkLayerHead);
unsigned short GetProtocolType(struct LinkLayerHead *tempLinkLayerHead);
void printLinkLayerHead(struct LinkLayerHead *tempLinkLayerHead);
void readIPHead(char *Buffer,struct ipheader *tempipHead);
void printIPHead(struct ipheader *tempipHead);
unsigned int getIPHeadLength(struct ipheader *tempipHead);
unsigned int getIPPacketSize(struct ipheader *tempipHead);
unsigned char getIPPacketProtocol(struct ipheader *tempipHead);
void readTCPhead(char *Buffer, struct TCPheader *tempTCPheader);
void printTCPhead(struct TCPheader *tempTCPheader);
void readUDPhead(char *Buffer, struct UDPheader *tempUDPheader);
void printUDPhead(struct UDPheader *tempUDPheader);
void readtcpDumpToFile(char *strPath,char *pFileSavedPath,
vector<unsigned int> &vTimeStamp_S,
vector<unsigned int> &vTimeStamp_uS,
vector<unsigned int> &IPSorce,
vector<unsigned int> &IPDest,
vector<unsigned short> &PortSorce,
vector<unsigned short> &PortDest,
vector<unsigned int> &packetSize);
char *queryProtocol(unsigned char protocolType);
void ip2Str(unsigned int ip,unsigned char *pStr);
unsigned int readFileToBuf(char *strPath,char *&buffer)
{
std::ifstream is(strPath, std::ifstream::binary);
unsigned int length=0;
if (is) {
// get length of file:
is.seekg (0, is.end);
length = is.tellg();
is.seekg (0, is.beg);
buffer = new char [length];
std::cout << "Reading " << length << " characters... ";
// read data as a block:
is.read (buffer,length);
if (is)
std::cout << "all characters read successfully."<<endl;
else
std::cout << "error: only " << is.gcount() << " could be read"<<endl;
is.close();
}
return length;
}
void readtcpDumpHead(char *Buffer,struct tcpDumpHead *tempTcpDumpHead)
{
//struct tcpDumpHead tempTcpDumpHead;
char *BufferCurrent=Buffer;
unsigned int tempInt;
unsigned short tempShort;
memcpy(&tempInt,BufferCurrent,sizeof(int));
// cout<<tempInt<<endl;