- 博客(0)
- 资源 (3)
- 收藏
- 关注
email capture
抓取用户收发的邮件数据
ULONG nReceived = pCard->m_pkt_header->caplen;
char *buffer = (char*)pCard->m_pkt_data;
UINT offset = 0;
UINT nDataLen = 0;
UINT nCaptLen = 0;
UCHAR sSource[4] ;
UCHAR sDest[4];
ULONG nLong;
UCHAR fromMAC[6] = {0};
UCHAR toMAC[6] = {0};
ETHERNET_HEADER *pEthernet = (ETHERNET_HEADER*)(buffer+offset);
// 1st 6 bytes destination
memcpy( toMAC, pEthernet->EthDHost, 6 );
// following 6 bytes source
memcpy( fromMAC, pEthernet->EthSHost, 6 );
// VLAN
if( pEthernet->EthType == 0x81 )
{
offset += 4;
}
else if ( pEthernet->EthType != 0x8 &&
pEthernet->EthType != 0x800 )
{
if( toMAC[0] == 0x1 && toMAC[1] == 0x00 && toMAC[2] == 0xc &&
toMAC[3] == 0xcc && toMAC[4] == 0xcc && toMAC[5] == 0xcc )
{
// WriteDebugData( "CDP", buffer, nReceived );
}
return;
}
PIP_HEADER pIp = (PIP_HEADER)(buffer+offset+sizeof(ETHERNET_HEADER));
nLong = pIp->SrcAddr;
memcpy( sSource, &nLong, 4 );
nLong = pIp->DestAddr;
memcpy( sDest, &nLong, 4 );
switch( pIp->Protocol ) {
case 0x06:
2009-10-27
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人