Chinaunix首页 | 论坛 | 博客
  • 博客访问: 364578
  • 博文数量: 19
  • 博客积分: 1450
  • 博客等级: 上尉
  • 技术积分: 262
  • 用 户 组: 普通用户
  • 注册时间: 2009-10-17 23:23
个人简介

右手代碼,左手《史記》

文章分类
文章存档

2019年(1)

2014年(5)

2013年(2)

2011年(1)

2010年(6)

2009年(4)

我的朋友

分类: 系统运维

2010-07-18 19:53:19

 

文件:pcapcb.rar
大小:261KB
下载:下载

   内容安全的课一直在围绕着libwpcap在写程序,但是一直就觉得VC6.0的样子很丑,VS2008倒是比较方便,但是无比的庞大笨拙,好几G,还是 codeblocks用着比较顺手,所以闲来无事研究了以下codeblocks下配置winpcap的方法,原来比配置VS和VC都要简单。

  1,在菜单栏里选Settings->Compiler and debugger


 2,在出现的窗口中选择Linker settings,加入Packet.lib和wpcap.lib所在路径,这两个是libwpcap的库。还要加入一个Ws2_32.lib,这个是使 用socket等套接口时要用到的库,在下面的例子中如果不加入这个库就无法使用ntohs()等函数。Ws2_32.lib这个库在我电脑里的路径是 C:\Program Files\VC98\Lib,可能不同的机器情况还不太一样。


 3,同一窗口再选择Search directories,下的Compiler选项卡,加入libwpcap的include文件夹的路径。OK,一切就绪


4,用下面代码做下测试吧

// mypcap.cpp : Defines the entry point for the console application.

#include <winsock.h>
#include <stdlib.h>
#define HAVE_REMOTE
#include <pcap.h>

//#include "remote_ext.h"

pcap_t *adhandle;

/* 4字节的IP地址*/
typedef struct ip_address{
    u_char byte1;
    u_char byte2;
    u_char byte3;
    u_char byte4;
}ip_address;

/* IPv4 首部*/
typedef struct ip_header{
    u_char ver_ihl; // 版本(4 bits) + 首部长度(4 bits)

    u_char tos; // 服务类型(Type of service)

    u_short tlen; // 总长(Total length)

    u_short identification; // 标识(Identification)

    u_short flags_fo; // 标志位(Flags) (3 bits) + 段偏移量(Fragment offset) (13 bits)

    u_char ttl; // 存活时间(Time to live)

    u_char proto; // 协议(Protocol)

    u_short crc; // 首部校验和(Header checksum)

    ip_address saddr; // 源地址(Source address)

    ip_address daddr; // 目的地址(Destination address)

    u_int op_pad; // 选项与填充(Option + Padding)

}ip_header;
/*TCP 首部*/
typedef struct tcp_header{
    u_short th_sport; //16位源端口

    u_short th_dport; //16位目的端口

    u_int th_seq; //32位序列号

    u_int th_ack; //32位确认号

    u_char th_lenres; //4位首部长度/6位保留字

    u_char th_flag; //6位标志位

    u_short th_win; //16位窗口大小

    u_short th_sum; //16位校验和

    u_short th_urp; //16位紧急数据偏移量

}tcp_header;

/* UDP 首部*/
typedef struct udp_header{
    u_short sport; // 源端口(Source port)

    u_short dport; // 目的端口(Destination port)

    u_short len; // UDP数据包长度(Datagram length)

    u_short crc; // 校验和(Checksum)

}udp_header;


void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data);

int main()
{
    pcap_if_t *alldevs;
    pcap_if_t *d;
    int i=0;
    int inum;
    char errbuf[PCAP_ERRBUF_SIZE];
    u_int netmask;
    char packet_filter[] = "ip and tcp";
    struct bpf_program fcode;

    if(pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf)==-1)
    {
        printf("find all devs err:%s", errbuf);
        exit(1);
    }

    for(d=alldevs; d; d=d->next)
    {
        if(d->description)
            printf("%d. %s\n", ++i, d->description);
        else
            printf("%d. no description\n", ++i);
    }

    printf("enter the interface number u wanna choose:");
    scanf("%d", &inum);
    if(inum<1||inum>i)
    {
        printf("interface number out of range.\n");
        pcap_freealldevs(alldevs);
        return -1;
    }
    for(d=alldevs,i=0;i<inum-1;d=d->next,++i);

    if((adhandle=pcap_open(d->name, 65536, PCAP_OPENFLAG_PROMISCUOUS, 1000, NULL, errbuf))==NULL)
    {
        printf("can't open the adapter.%s is not supported by winpcap\n", d->name);
        pcap_freealldevs(alldevs);
        return -1;
    }

    if(d->addresses != NULL)
        /* Retrieve the mask of the first address of the interface */
        netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;
    else
        /* If the interface is without addresses we suppose to be in a C class network */
        netmask=0xffffff;

     //compile the filter

    if(pcap_compile(adhandle, &fcode, packet_filter, 1, netmask) <0 ){
        fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n");
        /* Free the device list */
        pcap_freealldevs(alldevs);
        return -1;
    }

    //set the filter

    if(pcap_setfilter(adhandle, &fcode)<0){
        fprintf(stderr,"\nError setting the filter.\n");
        /* Free the device list */
        pcap_freealldevs(alldevs);
        return -1;
    }

    printf("lsitening on %s\n", d->description);
    pcap_freealldevs(alldevs);
    pcap_loop(adhandle, 0, packet_handler, NULL);

    return 0;
}

void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
    struct tm *ltime;
    time_t local_tv_sec;
    char timestr[16];
    ip_header *ih;
    tcp_header *th;
    u_int ip_len;
    u_int tcp_len;
    u_short sport,dport;


    local_tv_sec = header->ts.tv_sec;
    ltime=localtime(&local_tv_sec);
    strftime(timestr, sizeof(timestr), "%H:%M:%S", ltime);
    printf("%s, %.6d len:%d\n", timestr, header->ts.tv_usec, header->len);
    ih=(ip_header *)(pkt_data+14);
    ip_len = (ih->ver_ihl & 0xf) * 4; /* 获得TCP首部的位置*/
    th = (tcp_header *) ((u_char*)ih + ip_len);
    tcp_len = (th->th_lenres & 0xf0)>>2;/* 获得TCP首部的长度*/
     /* 将网络字节序列转换成主机字节序列*/
    sport = ntohs(th->th_sport);
    dport = ntohs(th->th_dport);

    /* 打印IP地址和UDP端口*/
    printf("src:%d.%d.%d.%d:%d -> des:%d.%d.%d.%d:%d\n",
        ih->saddr.byte1,
        ih->saddr.byte2,
        ih->saddr.byte3,
        ih->saddr.byte4,
        sport,
        ih->daddr.byte1,
        ih->daddr.byte2,
        ih->daddr.byte3,
        ih->daddr.byte4,
        dport);
}



 5,执行结果

THE END!

 


阅读(6233) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~