这段时间,分析DNS数据,用tcpdump捕获的包都是截断的,cap文件都是1G多。当分析到某个包出现断错误的时候,无法分析。因此,写了这个显示cap文件中某个数据包内容的程序。具体如下:
1 #include
2 #include
3 #include
4 #include
5 #include
6 #include "pcap.h"
7
8 void print(struct pcap_pkthdr *header, u_char *pkt_data)
9 {
10 int i = 0, j = 0;
11 char timestr[26];
12 struct tm *ltime;
13 memset(timestr, 0, 26);
14 ltime = localtime(&header->ts.tv_sec);
15 strftime(timestr, sizeof(timestr), "%H:%M:%S", ltime);
16 printf("%s, %.6d len:%d\n", timestr, header->ts.tv_usec, header->len);
17 for(i = 0; i < header->caplen /16; i++)
18 {
19 for(j = 0; j < 16; j++ )
20 printf("%02x ", *pkt_data++);
21 printf("\n");
22 }
23 for(i = 0; i < header->caplen % 16; i++)
24 printf("%02x ", *pkt_data++);
25 printf("\n");
26 }
27
28 int main()
29 {
30 char filename[50];
31 long packetnum = 0;
32 long i;
33 int j;
34 int reval;
35 struct pcap_pkthdr* header;
36 u_char *pkt_data;
37 pcap_t *pcap_handle;
38 char error_content[PCAP_ERRBUF_SIZE];
39 printf("please input packet name:");
40 fflush(stdin);
41 scanf("%s", filename); //modified
42 printf("please input packetnum:");
43 fflush(stdin);
44 scanf("%ld", &packetnum);
45 pcap_handle = pcap_open_offline(filename,error_content);
if(!pcap_handle)
47 {
48 fprintf(stderr, "Error in opening savefile, %s, for reading: %s\n",
49 filename, error_content);
50 exit(1);
51 }
52 for(i = 0;;)
53 {
54 i++;
55 //printf("NO. %d\n", i++);
56 reval = pcap_next_ex(pcap_handle, &header, (const u_char **)&pkt_data);
57 if( reval > 0)
58 {
59 if(i == packetnum)
60 {
61 printf("NO.%ld\n", i);
62 print(header, pkt_data);
63 break;
64 }
65 }
66 else if (reval == 0)
67 {
68 printf("time out\n");
69 i--;
70 }
71 else
72 {
73 break;
74 }
75 }
76 pcap_close(pcap_handle);
77 return 0;
78 }
阅读(942) | 评论(0) | 转发(0) |
