#include <stdio.h>
#include <pcap.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/if_ether.h>
#include <net/ethernet.h>
#include <netinet/ether.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
//#include <linux/ip.h>
//#include <linux/tcp.h>
void fcb(u_char *arg, const struct pcap_pkthdr *pkthdr, const u_char *packet)
{
struct in_addr addr;
struct iphdr *ipptr;
struct tcphdr *tcpptr;
char *data;
int *id = (int *)arg;
++*id;
printf("[+] id = %d\n", *id);
printf("\npacket len: %d\n",pkthdr->len);
// printf("Ethernet address header length is %d\n",ETHER_HDR_LEN);
struct ether_header *eptr;
//struct ether_header
//{
// u_int8_t ether_dhost[ETH_ALEN]; /* destination eth addr */
// u_int8_t ether_shost[ETH_ALEN]; /* source ether addr */
// u_int16_t ether_type; /* packet type ID field */
//} __attribute__ ((__packed__));
printf("[+]Ethernet Parser\t\t");
eptr = (struct ether_header *)packet;
if( ntohs( eptr->ether_type) == ETHERTYPE_IP )
{
printf("Ethernet type hex:%x dec:%d is an IP packet\n",ntohs(eptr->ether_type),ntohs(eptr->ether_type));
}
else if(ntohs(eptr->ether_type) == ETHERTYPE_ARP )
{
printf("Ethernet type hex:%x dec:%d is an ARP packet\n",ntohs(eptr->ether_type),ntohs(eptr->ether_type));
return ;
}
else
{
printf("Ethernet type hex:%x dec:%d is unknown packet\n",ntohs(eptr->ether_type),ntohs(eptr->ether_type));
return;
}
// ETHERTYPE_IP
printf("[+] IP Parser\t\t");
u_char *ptr;
int i;
ptr = eptr->ether_dhost;
i = ETHER_ADDR_LEN;
//printf("i=%d\n",i);
printf("Destination Addr:");
do
{
printf("%s%x", (i== ETHER_ADDR_LEN)?"":":",*ptr++);
}while(--i > 0);
putchar(10);
//struct iphdr {
//#if defined(__LITTLE_ENDIAN_BITFIELD)
// __u8 ihl:4,
// version:4;
//#elif defined (__BIG_ENDIAN_BITFIELD)
// __u8 version:4,
// ihl:4;
//#else
//#error "Please fix <asm/byteorder.h>"
//#endif
// __u8 tos;
// __be16 tot_len;
// __be16 id;
// __be16 frag_off;
// __u8 ttl;
// __u8 protocol;
// __sum16 check;
// __be32 saddr;
// __be32 daddr;
// /*The options start here. */
//};
//
ipptr = (struct iphdr*)(packet + sizeof(struct ether_header));
// printf("the IP Packets total_length is :%d\n",ipptr->tot_len);
// printf("the IP protocol is %d\n",ipptr->protocol);
addr.s_addr = ipptr->saddr;
printf("Source IP: %s \t",inet_ntoa(addr));
addr.s_addr = ipptr->daddr;
printf("Destination IP: %s\n",inet_ntoa(addr));
if( ipptr->protocol != IPPROTO_TCP ) return;
printf("[+] TCP Parser\t\t");
tcpptr = (struct tcphdr *)(packet + sizeof(struct ether_header) + sizeof(struct iphdr));
printf("Source port: %d \t",ntohs(tcpptr->th_sport));
printf("Destination port: %d\n",ntohs(tcpptr->th_dport));
// printf("the seq of packet is %u\n", tcpptr->seq);
data = (char *)packet + sizeof(struct ether_header) + sizeof(struct iphdr) + sizeof(struct tcphdr);
printf("Content: \n%s\n",data);
return;
}
int main(int argc,char *argv[])
{
// int i;
char *dev;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *descr;
int id = 0;
//const u_char *packet;
//struct pcap_pkthdr hdr;
//struct ether_header *eptr;
if( argc !=2 )
{
fprintf(stdout,"Usage: %s numpackets\n",argv[0]);
return 0;
}
dev = pcap_lookupdev(errbuf);
if(dev == NULL)
{
printf("%s\n",errbuf);
exit(0);
}
descr = pcap_open_live(dev, BUFSIZ, 1, -1, errbuf);
if( descr==NULL )
{
printf("pcap_open_live(): %s\n",errbuf);
exit(0);
}
struct bpf_program filter;
pcap_compile(descr, &filter, "(ip host 10.10.10.110) and (dst port 80 or src port 80)",1,0);
pcap_setfilter(descr, &filter);
pcap_loop(descr, atoi(argv[1]), fcb, (u_char *)&id );
return 0;
}一個pcap抓包分析code
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.