tcpDump包的解封读取（附源代码）

最新推荐文章于 2023-08-22 20:52:56 发布

wangxin110000

最新推荐文章于 2023-08-22 20:52:56 发布

阅读量2.7k

点赞数 2

分类专栏： C/C++ 文章标签： Dump文件 tcpDump

本文链接：https://blog.csdn.net/wangxin110000/article/details/41146245

版权

本文介绍如何解析tcpDump生成的Dump文件，详细探讨解包过程，并提供源代码示例。

摘要由CSDN通过智能技术生成

前几天因为项目需要写了下tcpDump包的解包程序，源文件格式Dump文件

#include <iostream>
#include <fstream>
#include <string>
#include <vector>
#include <bitset>



//（1）时间戳
//（2）源IP地址
//（3）目的IP地址
//（4）源端口地址
//（5）目的端口地址
//（6）包的大小

using namespace std;

struct timeStamp
{
	unsigned int sec;						//秒
	unsigned int usec;						//微秒
};
struct tcpDumpHead							//整个tcpDump头
{
	unsigned int	TcpDumpFormatLabel;		//TcpDump格式标记
	unsigned short	MainVersionNumber;		//主版本号
	unsigned short	BranchVersionNumber;	//子版本号
	unsigned int	TimeZone;				//时区
	unsigned int	AccurateTimeStamp;		//精确时间戳
	unsigned int	PacketSize;				//每个数据包大小
	unsigned int	DataLinkType;			//数据链类型
};
struct tcpDumpDataHead						//tcpDumpData头
{
	struct timeStamp TimeStamp;				//时间戳
	unsigned int DatagramLengthSaved;			//本次保存IP数据报长度
	unsigned int DatagramLengthOriginal;	//IP数据报原有长度
};
struct LinkLayerHead						//链路层数据头 14字节
{
	bitset<48> MACAddressDest;
	bitset<48> MACAddressSorce;
	unsigned short protocolType;
};

struct ipheader								//IP报文数据头
{
	bitset<4> Version;						//版本号
	bitset<4> IHL;							//报头长度
	bitset<8> TOS;							//服务类型
	unsigned short ipPacketSize;			//总长度字段
	unsigned short Label;					//标志字段
	bitset<3> LabelBit;						//标志位字段
	bitset<13> Offset;						//段偏移字段
	unsigned char TTL;						//生存期
	unsigned char Protocol;					//协议字段
	bitset<16> TBJYH;						//头部校验和字段  

	unsigned int IPAddressSorce;			//源IP地址
	unsigned int IPAddressDest;				//目的IP地址

	bitset<32> Option;						//可选项字段
};

struct TCPheader							//TCP包头
{
	unsigned short PortNumSorce;			//源端口号
	unsigned short PortNumDest;				//目的端口号
	unsigned int   SeqNum;					//序列号
	unsigned int   AckNum;					//确认序列号
	bitset<4> HeadLength;					//首部长度
	bitset<6> UAPRSF;						//UAPRSF
	unsigned short WindowSize;				//窗口大小
	bitset<16> TCPJYH;						//TCP校验和
	short UrgentPoint;						//紧急指针
	bitset<32> Options;						//可选项字段
};
struct UDPheader							//UDP包头
{
	unsigned short PortNumSorce;			//源端口号
	unsigned short PortNumDest;				//目的端口号
	unsigned short UDPPacketLength;			//UDP包大小
	bitset<16> UDPJYH;						//UDP首部校验和
};

struct tcpDumpResult
{
	unsigned int timeStamp_S;		// 	（1）时间戳(秒)
	unsigned int timeStamp_uS;		// 	（2）时间戳(微秒)
	unsigned int IPAddressSorce;	// 	（3）源IP地址
	unsigned int IPAddressDest;		// 	（4）目的IP地址
	unsigned char protocolType;		//	（5）协议号
	unsigned short PortNumSorce;	// 	（6）源端口地址
	unsigned short PortNumDest;		// 	（7）目的端口地址
	unsigned int packetSize;       //	（8）包大小（包头大小+当前截取数据包大小）    
};

void ipAddressShow(unsigned int ip);
unsigned int readFileToBuf(char *strPath,char *&buffer);
void readtcpDumpHead(char *Buffer,struct tcpDumpHead *tempTcpDumpHead);
void printtcpDumpHead(struct tcpDumpHead *tempTcpDumpHead);
void readtcpDumpDataHead(char *Buffer,	struct tcpDumpDataHead *temptcpDumpDataHead);
void printtcpDumpDataHead(struct tcpDumpDataHead *temptcpDumpDataHead);
unsigned int gettcpDumupDataLengthSaved(struct tcpDumpDataHead *temptcpDumpDataHead);
void readLinkLayerHead(char *Buffer,struct LinkLayerHead *tempLinkLayerHead);
unsigned short GetProtocolType(struct LinkLayerHead *tempLinkLayerHead);
void printLinkLayerHead(struct LinkLayerHead *tempLinkLayerHead);
void readIPHead(char *Buffer,struct ipheader *tempipHead);
void printIPHead(struct ipheader *tempipHead);
unsigned int getIPHeadLength(struct ipheader *tempipHead);
unsigned int getIPPacketSize(struct ipheader *tempipHead);
unsigned char getIPPacketProtocol(struct ipheader *tempipHead);

void readTCPhead(char *Buffer, struct TCPheader	*tempTCPheader);
void printTCPhead(struct TCPheader	*tempTCPheader);
void readUDPhead(char *Buffer, struct UDPheader	*tempUDPheader);
void printUDPhead(struct UDPheader	*tempUDPheader);
void readtcpDumpToFile(char *strPath,char *pFileSavedPath,
									   vector<unsigned int>    &vTimeStamp_S,
										vector<unsigned int>    &vTimeStamp_uS,
										vector<unsigned int>    &IPSorce,
										vector<unsigned int>    &IPDest,
										vector<unsigned short> &PortSorce,
										vector<unsigned short> &PortDest,
										vector<unsigned int>  &packetSize);
char *queryProtocol(unsigned char protocolType);
void ip2Str(unsigned int ip,unsigned char *pStr);








unsigned int readFileToBuf(char *strPath,char *&buffer)
{
	std::ifstream is(strPath, std::ifstream::binary);
	unsigned int length=0;
	if (is) {
		// get length of file:
		is.seekg (0, is.end);
		length = is.tellg();
		is.seekg (0, is.beg);

		buffer = new char [length];

		std::cout << "Reading " << length << " characters... ";
		// read data as a block:
		is.read (buffer,length);

		if (is)
			std::cout << "all characters read successfully."<<endl;
		else
			std::cout << "error: only " << is.gcount() << " could be read"<<endl;
		is.close();
	}
	return length;
}

void readtcpDumpHead(char *Buffer,struct tcpDumpHead *tempTcpDumpHead)
{
	//struct tcpDumpHead tempTcpDumpHead;
	char *BufferCurrent=Buffer;
	unsigned int tempInt;
	unsigned short tempShort;

	memcpy(&tempInt,BufferCurrent,sizeof(int));
	// 	cout<<tempInt<<endl;