网络数据包抓取以及流量分析.docx
《网络数据包抓取以及流量分析.docx》由会员分享,可在线阅读,更多相关《网络数据包抓取以及流量分析.docx(18页珍藏版)》请在冰豆网上搜索。
网络数据包抓取以及流量分析
#include
typedefstructmacaddress{
u_charmac1;
u_charmac2;
u_charmac3;
u_charmac4;
u_charmac5;
u_charmac6;
};
typedefstructmacheader{
macaddressdest;
macaddresssrc;
u_shorttype;
//IP地址32位,这里用4个字节来表示。
typedefstructipaddress{
u_charby1;
u_charby2;
u_charby3;
u_charby4;
//IP报文格式
typedefstructipbaowen{
u_charver_ihl;//首部长度和版本号
u_chartos;//服务类型
u_shorttlen;//报文总长度
u_shortident;//标识
u_shortflags_fo;//标志和片偏移
u_charttl;//生存时间
u_charproto;//协议类型
#defineIP_ICMP1
#defineIP_IGMP2
#defineIP_TCP6
#defineIP_UDP17
#defineIP_IGRP88
#defineIP_OSPF89
u_shortcrc;
ipaddresssaddr;
ipaddressdaddr;
typedefstructtcpheader{
u_shortsport;//源端口
u_shortdport;//目的端口
u_intth_seq;//序列号
u_intth_ack;//确认号
u_charth_lenand;//报文长度
u_charth_flags;//标志
#defineTH_FIN0x01
#defineTH_SYN0x02
#defineTH_RST0x04
#defineTH_PSH0x08
#defineTH_ACK0x10
#defineTH_URG0x20
u_shortth_win;//窗口
u_shortth_sum;//校验和
u_shortth_urp;//紧急
//UDP格式
typedefstructudpheader{
u_shortsport;//Sourceport源端口
u_shortdport;//Destinationport目的端口
u_shortuh_len;//Datagramlength用户数据包长度
u_shortuh_sum;//Checksum校验和
typedefstructudpnode{
u_shortsport;
u_shortdport;
u_shortlength;
u_intupnum;
u_intdownnum;
structudpnode*next;
structudpnode*pre;
typedefstructtcpnode{
structtcpnode*next;
structtcpnode*pre;
#definetcphashtablelength10
#defineudphashtablelength10
udpnodeudphashtable[udphashtablelength];
tcpnodetcphashtable[tcphashtablelength];
voidinitudp()
{
for(inti=0;i{udphashtable[i].pre=udphashtable+i;udphashtable[i].next=NULL;udphashtable[i].length=0;}}voidinittcp(){for(inti=0;i{tcphashtable[i].pre=tcphashtable+i;tcphashtable[i].next=NULL;tcphashtable[i].length=0;}}inthash(inta,intb,intc,intd){return(a%2+b%3+c%4+d%5);}voidpacket_handler(u_char*param,conststructpcap_pkthdr*header,constu_char*pkt_data);voiddispatcher_handler(u_char*,conststructpcap_pkthdr*,constu_char*);voidshowudphashtable();voidshowtcphashtable();//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////intmain(){FILE*PP;pcap_if_t*alldevs;pcap_if_t*d;intinum;inti=0;pcap_t*adhandle;charerrbuf[PCAP_ERRBUF_SIZE];u_intnetmask;charpacket_filter[]="ip";structbpf_programfcode;#defineLINE_LEN10pcap_t*fp;charerrbuf2[PCAP_ERRBUF_SIZE];charsource[PCAP_BUF_SIZE];initudp();//////////////////////////////////inittcp();////////////////////////////////////获取设备列表;if(pcap_findalldevs(&alldevs,errbuf)==-1)//{fprintf(stderr,"Errorinpcap_findalldevs:%s\n",errbuf);exit(1);}//显示设备名及其描述for(d=alldevs;d;d=d->next){printf("%d.%s\n",++i,d->name);//设备名printf("(%s)\n",d->description);//设备描述}printf("适配器总共有%d个\n",i);if(i==0){printf("\nNointerfacesfound!MakesureWinPcapisinstalled.\n");return-1;}//输入某个适配器;printf("Enterthedevicenumber(1-%d):",i);scanf_s("%d",&inum);if(inum<=0||inum>i){printf("\ndevicenumberoutofrange.\n");pcap_freealldevs(alldevs);return-1;}//使d指向输入的那个;for(d=alldevs,i=0;inext,i++);//打开指定的适配器;if((adhandle=pcap_open_live(d->name,65536,1,1000,errbuf))==NULL){fprintf(stderr,"\nUnabletoopentheadapter.%sisnotsupportedbyWinPcap\n");pcap_freealldevs(alldevs);/*Freethedevicelist*/return-1;}//检查链路层if(pcap_datalink(adhandle)!=DLT_EN10MB){fprintf(stderr,"\nThisprogramworksonlyonEthernetnetworks.\n");/*Freethedevicelist*/pcap_freealldevs(alldevs);return-1;}/*获得接口第一个地址的掩码*/if(d->addresses!=NULL)//netmask=((structsockaddr_in*)(d->addresses->netmask))->sin_addr.S_un.S_addr;elsenetmask=0xffffff;//编译过滤器if(pcap_compile(adhandle,&fcode,packet_filter,1,netmask)<0){fprintf(stderr,"\nUnabletocompilethepacketfilter.Checkthesyntax.\n");/*Freethedevicelist*/pcap_freealldevs(alldevs);return-1;}//设置过滤器if(pcap_setfilter(adhandle,&fcode)<0){fprintf(stderr,"\nErrorsettingthefilter.\n");pcap_freealldevs(alldevs);return-1;}printf("\nlisteningon:%s...\n",d->description);pcap_freealldevs(alldevs);pcap_dumper_t*dumpfp;dumpfp=pcap_dump_open(adhandle,"data");charfilename[]="data";//开始抓包////////////////////////////////////////////////////pcap_loop(adhandle,100,packet_handler,(u_char*)dumpfp);pcap_close(adhandle);pcap_dump_close(dumpfp);/*根据新的WinPcap语法创建源字符串*/if(pcap_createsrcstr(source,//variablethatwillkeepthesourcestringPCAP_SRC_FILE,//wewanttoopenafileNULL,//remotehostNULL,//portontheremotehostfilename,//nameofthefilewewanttoopenerrbuf//errorbuffer)!=0){fprintf(stderr,"/nErrorcreatingasourcestring/n");return-1;}/*打开捕捉文件*/if((fp=pcap_open(source,//nameofthedevice65536,//portionofthepackettocapture//65536guaranteesthatthewholepacketwillbecapturedonallthelinklayersPCAP_OPENFLAG_PROMISCUOUS,//promiscuousmode1000,//readtimeoutNULL,//authenticationontheremotemachineerrbuf2//errorbuffer))==NULL){fprintf(stderr,"/nUnabletoopenthefile%s./n",source);return-1;}showudphashtable();showtcphashtable();printf("hashtable----show----is----stopped\n");//打开离线pcap文件,将其显示出来;pcap_loop(fp,0,dispatcher_handler,NULL);system("pause");return0;}voidshowudphashtable(){printf("starttoshowudphashtable-------->\n");printf("UDPhashtable:\n");inti;for(i=0;i{udpnode*s;printf("key=%d:\n",i);s=udphashtable+i;while((s->next)!=NULL){printf("\n");s=s->next;printf("这是IP:%d.%d.%d.%d端口:%d------与-----IP:%d.%d.%d.%d端口:%d之间的连接\n",s->saddr.by1,s->saddr.by2,s->saddr.by3,s->saddr.by4,s->sport,s->daddr.by1,s->daddr.by2,s->daddr.by3,s->daddr.by4,s->dport);printf("数据包总长度:%d字节上行数据包数目:%d个下行数据包数目:%d个\n",s->length,s->upnum,s->downnum);}}printf("UDP显示完---------------------------------------------------------------------------------------------------\n");}voidshowtcphashtable(){printf("begin:\n");printf("TCPhashtable:");inti;for(i=0;i{tcpnode*s;printf("%d\n",i);s=tcphashtable+i;while((s->next)!=NULL){s=s->next;printf("目的端口%d->源端口%d->数据包总长度%d字节\n",s->dport,s->sport,s->length);}}printf("TCP显示完--------------------------------------------------------------------------------------\n");}////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////voiddispatcher_handler(u_char*temp1,conststructpcap_pkthdr*header,constu_char*pkt_data){u_inti=0;/*Printthepacket*/for(i=1;icaplen+1;i++){printf("%x",pkt_data[i-1]);if((i%LINE_LEN)==30)printf("\n");//每30位一组换行一次;}printf("\n");}intcompare(udpnode**p,udpnode**pd){intflag=0;if((*pd)->daddr.by1==(*p)->daddr.by1)flag+=1;if((*pd)->daddr.by2==(*p)->daddr.by2)flag+=1;if((*pd)->daddr.by3==(*p)->daddr.by3)flag+=1;if((*pd)->daddr.by4==(*p)->daddr.by4)flag+=1;if((*pd)->saddr.by1==(*p)->saddr.by1)flag+=1;if((*pd)->saddr.by2==(*p)->saddr.by2)flag+=1;if((*pd)->saddr.by3==(*p)->saddr.by3)flag+=1;if((*pd)->saddr.by4==(*p)->saddr.by4)flag+=1;if((*pd)->sport==(*p)->sport)flag+=1;if((*pd)->dport==(*p)->dport)flag+=1;if(flag==10)flag=2;elseflag=0;intf=0;if((*pd)->daddr.by1==(*p)->saddr.by1)f+=1;if((*pd)->daddr.by2==(*p)->saddr.by2)f+=1;if((*pd)->daddr.by3==(*p)->saddr.by3)f+=1;if((*pd)->daddr.by4==(*p)->saddr.by4)f+=1;if((*pd)->saddr.by1==(*p)->daddr.by1)f+=1;if((*pd)->saddr.by2==(*p)->daddr.by2)f+=1;if((*pd)->saddr.by3==(*p)->daddr.by3)f+=1;if((*pd)->saddr.by4==(*p)->daddr.by4)f+=1;if((*pd)->sport!=(*p)->dport)f+=1;if((*pd)->dport!=(*p)->sport)f+=1;if(f==10)f=1;elsef=0;return(flag+f);}voidpacket_handler(u_char*dumpfp,conststructpcap_pkthdr*header,constu_char*pkt_data){macheader*mh;ipbaowen*ih;tcpheader*th;udpheader*uh;u_intiplen=0;u_intkey=0;intflag=0;//定义源端口和目的端口;u_shortsport=0;u_shortdport=0;//Mac帧各个指针找到自己对应的位置;mh=(macheader*)pkt_data;//mac头ih=(ipbaowen*)(pkt_data+14);//ip头iplen=(ih->ver_ihl&0xf)*4;//ip层的长度uh=(udpheader*)((u_char*)ih+iplen);//udp指针th=(tcpheader*)((u_char*)ih+iplen);//tcp指针//边收边存哈希//printf("%d\n",ih->proto);//system("pause");if((ih->proto)==17)//udp报文2{udpnode*p;p=(udpnode*)malloc(sizeof(udpnode));p->downnum=0;p->upnum=1;inta=0,b=0;a=(ih->saddr.by1)+(ih->saddr.by2)+(ih->saddr.by3)+(ih->saddr.by4);b=(ih->daddr.by1)+(ih->daddr.by2)+(ih->daddr.by3)+(ih->daddr.by4);key=has
udphashtable[i].pre=udphashtable+i;
udphashtable[i].next=NULL;
udphashtable[i].length=0;
}
voidinittcp()
for(inti=0;i{tcphashtable[i].pre=tcphashtable+i;tcphashtable[i].next=NULL;tcphashtable[i].length=0;}}inthash(inta,intb,intc,intd){return(a%2+b%3+c%4+d%5);}voidpacket_handler(u_char*param,conststructpcap_pkthdr*header,constu_char*pkt_data);voiddispatcher_handler(u_char*,conststructpcap_pkthdr*,constu_char*);voidshowudphashtable();voidshowtcphashtable();//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////intmain(){FILE*PP;pcap_if_t*alldevs;pcap_if_t*d;intinum;inti=0;pcap_t*adhandle;charerrbuf[PCAP_ERRBUF_SIZE];u_intnetmask;charpacket_filter[]="ip";structbpf_programfcode;#defineLINE_LEN10pcap_t*fp;charerrbuf2[PCAP_ERRBUF_SIZE];charsource[PCAP_BUF_SIZE];initudp();//////////////////////////////////inittcp();////////////////////////////////////获取设备列表;if(pcap_findalldevs(&alldevs,errbuf)==-1)//{fprintf(stderr,"Errorinpcap_findalldevs:%s\n",errbuf);exit(1);}//显示设备名及其描述for(d=alldevs;d;d=d->next){printf("%d.%s\n",++i,d->name);//设备名printf("(%s)\n",d->description);//设备描述}printf("适配器总共有%d个\n",i);if(i==0){printf("\nNointerfacesfound!MakesureWinPcapisinstalled.\n");return-1;}//输入某个适配器;printf("Enterthedevicenumber(1-%d):",i);scanf_s("%d",&inum);if(inum<=0||inum>i){printf("\ndevicenumberoutofrange.\n");pcap_freealldevs(alldevs);return-1;}//使d指向输入的那个;for(d=alldevs,i=0;inext,i++);//打开指定的适配器;if((adhandle=pcap_open_live(d->name,65536,1,1000,errbuf))==NULL){fprintf(stderr,"\nUnabletoopentheadapter.%sisnotsupportedbyWinPcap\n");pcap_freealldevs(alldevs);/*Freethedevicelist*/return-1;}//检查链路层if(pcap_datalink(adhandle)!=DLT_EN10MB){fprintf(stderr,"\nThisprogramworksonlyonEthernetnetworks.\n");/*Freethedevicelist*/pcap_freealldevs(alldevs);return-1;}/*获得接口第一个地址的掩码*/if(d->addresses!=NULL)//netmask=((structsockaddr_in*)(d->addresses->netmask))->sin_addr.S_un.S_addr;elsenetmask=0xffffff;//编译过滤器if(pcap_compile(adhandle,&fcode,packet_filter,1,netmask)<0){fprintf(stderr,"\nUnabletocompilethepacketfilter.Checkthesyntax.\n");/*Freethedevicelist*/pcap_freealldevs(alldevs);return-1;}//设置过滤器if(pcap_setfilter(adhandle,&fcode)<0){fprintf(stderr,"\nErrorsettingthefilter.\n");pcap_freealldevs(alldevs);return-1;}printf("\nlisteningon:%s...\n",d->description);pcap_freealldevs(alldevs);pcap_dumper_t*dumpfp;dumpfp=pcap_dump_open(adhandle,"data");charfilename[]="data";//开始抓包////////////////////////////////////////////////////pcap_loop(adhandle,100,packet_handler,(u_char*)dumpfp);pcap_close(adhandle);pcap_dump_close(dumpfp);/*根据新的WinPcap语法创建源字符串*/if(pcap_createsrcstr(source,//variablethatwillkeepthesourcestringPCAP_SRC_FILE,//wewanttoopenafileNULL,//remotehostNULL,//portontheremotehostfilename,//nameofthefilewewanttoopenerrbuf//errorbuffer)!=0){fprintf(stderr,"/nErrorcreatingasourcestring/n");return-1;}/*打开捕捉文件*/if((fp=pcap_open(source,//nameofthedevice65536,//portionofthepackettocapture//65536guaranteesthatthewholepacketwillbecapturedonallthelinklayersPCAP_OPENFLAG_PROMISCUOUS,//promiscuousmode1000,//readtimeoutNULL,//authenticationontheremotemachineerrbuf2//errorbuffer))==NULL){fprintf(stderr,"/nUnabletoopenthefile%s./n",source);return-1;}showudphashtable();showtcphashtable();printf("hashtable----show----is----stopped\n");//打开离线pcap文件,将其显示出来;pcap_loop(fp,0,dispatcher_handler,NULL);system("pause");return0;}voidshowudphashtable(){printf("starttoshowudphashtable-------->\n");printf("UDPhashtable:\n");inti;for(i=0;i{udpnode*s;printf("key=%d:\n",i);s=udphashtable+i;while((s->next)!=NULL){printf("\n");s=s->next;printf("这是IP:%d.%d.%d.%d端口:%d------与-----IP:%d.%d.%d.%d端口:%d之间的连接\n",s->saddr.by1,s->saddr.by2,s->saddr.by3,s->saddr.by4,s->sport,s->daddr.by1,s->daddr.by2,s->daddr.by3,s->daddr.by4,s->dport);printf("数据包总长度:%d字节上行数据包数目:%d个下行数据包数目:%d个\n",s->length,s->upnum,s->downnum);}}printf("UDP显示完---------------------------------------------------------------------------------------------------\n");}voidshowtcphashtable(){printf("begin:\n");printf("TCPhashtable:");inti;for(i=0;i{tcpnode*s;printf("%d\n",i);s=tcphashtable+i;while((s->next)!=NULL){s=s->next;printf("目的端口%d->源端口%d->数据包总长度%d字节\n",s->dport,s->sport,s->length);}}printf("TCP显示完--------------------------------------------------------------------------------------\n");}////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////voiddispatcher_handler(u_char*temp1,conststructpcap_pkthdr*header,constu_char*pkt_data){u_inti=0;/*Printthepacket*/for(i=1;icaplen+1;i++){printf("%x",pkt_data[i-1]);if((i%LINE_LEN)==30)printf("\n");//每30位一组换行一次;}printf("\n");}intcompare(udpnode**p,udpnode**pd){intflag=0;if((*pd)->daddr.by1==(*p)->daddr.by1)flag+=1;if((*pd)->daddr.by2==(*p)->daddr.by2)flag+=1;if((*pd)->daddr.by3==(*p)->daddr.by3)flag+=1;if((*pd)->daddr.by4==(*p)->daddr.by4)flag+=1;if((*pd)->saddr.by1==(*p)->saddr.by1)flag+=1;if((*pd)->saddr.by2==(*p)->saddr.by2)flag+=1;if((*pd)->saddr.by3==(*p)->saddr.by3)flag+=1;if((*pd)->saddr.by4==(*p)->saddr.by4)flag+=1;if((*pd)->sport==(*p)->sport)flag+=1;if((*pd)->dport==(*p)->dport)flag+=1;if(flag==10)flag=2;elseflag=0;intf=0;if((*pd)->daddr.by1==(*p)->saddr.by1)f+=1;if((*pd)->daddr.by2==(*p)->saddr.by2)f+=1;if((*pd)->daddr.by3==(*p)->saddr.by3)f+=1;if((*pd)->daddr.by4==(*p)->saddr.by4)f+=1;if((*pd)->saddr.by1==(*p)->daddr.by1)f+=1;if((*pd)->saddr.by2==(*p)->daddr.by2)f+=1;if((*pd)->saddr.by3==(*p)->daddr.by3)f+=1;if((*pd)->saddr.by4==(*p)->daddr.by4)f+=1;if((*pd)->sport!=(*p)->dport)f+=1;if((*pd)->dport!=(*p)->sport)f+=1;if(f==10)f=1;elsef=0;return(flag+f);}voidpacket_handler(u_char*dumpfp,conststructpcap_pkthdr*header,constu_char*pkt_data){macheader*mh;ipbaowen*ih;tcpheader*th;udpheader*uh;u_intiplen=0;u_intkey=0;intflag=0;//定义源端口和目的端口;u_shortsport=0;u_shortdport=0;//Mac帧各个指针找到自己对应的位置;mh=(macheader*)pkt_data;//mac头ih=(ipbaowen*)(pkt_data+14);//ip头iplen=(ih->ver_ihl&0xf)*4;//ip层的长度uh=(udpheader*)((u_char*)ih+iplen);//udp指针th=(tcpheader*)((u_char*)ih+iplen);//tcp指针//边收边存哈希//printf("%d\n",ih->proto);//system("pause");if((ih->proto)==17)//udp报文2{udpnode*p;p=(udpnode*)malloc(sizeof(udpnode));p->downnum=0;p->upnum=1;inta=0,b=0;a=(ih->saddr.by1)+(ih->saddr.by2)+(ih->saddr.by3)+(ih->saddr.by4);b=(ih->daddr.by1)+(ih->daddr.by2)+(ih->daddr.by3)+(ih->daddr.by4);key=has
tcphashtable[i].pre=tcphashtable+i;
tcphashtable[i].next=NULL;
tcphashtable[i].length=0;
inthash(inta,intb,intc,intd)
return(a%2+b%3+c%4+d%5);
voidpacket_handler(u_char*param,conststructpcap_pkthdr*header,constu_char*pkt_data);
voiddispatcher_handler(u_char*,conststructpcap_pkthdr*,constu_char*);
voidshowudphashtable();
voidshowtcphashtable();
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
intmain()
FILE*PP;
pcap_if_t*alldevs;
pcap_if_t*d;
intinum;
inti=0;
pcap_t*adhandle;
charerrbuf[PCAP_ERRBUF_SIZE];
u_intnetmask;
charpacket_filter[]="ip";
structbpf_programfcode;
#defineLINE_LEN10
pcap_t*fp;
charerrbuf2[PCAP_ERRBUF_SIZE];
charsource[PCAP_BUF_SIZE];
initudp();//////////////////////////////////
inittcp();//////////////////////////////////
//获取设备列表;
if(pcap_findalldevs(&alldevs,errbuf)==-1)//
fprintf(stderr,"Errorinpcap_findalldevs:
%s\n",errbuf);
exit
(1);
//显示设备名及其描述
for(d=alldevs;d;d=d->next)
printf("%d.%s\n",++i,d->name);//设备名
printf("(%s)\n",d->description);//设备描述
printf("适配器总共有%d个\n",i);
if(i==0)
printf("\nNointerfacesfound!
MakesureWinPcapisinstalled.\n");
return-1;
//输入某个适配器;
printf("Enterthedevicenumber(1-%d):
",i);
scanf_s("%d",&inum);
if(inum<=0||inum>i)
printf("\ndevicenumberoutofrange.\n");
pcap_freealldevs(alldevs);
//使d指向输入的那个;
for(d=alldevs,i=0;inext,i++);
//打开指定的适配器;
if((adhandle=pcap_open_live(d->name,65536,1,1000,errbuf))==NULL)
fprintf(stderr,"\nUnabletoopentheadapter.%sisnotsupportedbyWinPcap\n");
pcap_freealldevs(alldevs);/*Freethedevicelist*/
//检查链路层
if(pcap_datalink(adhandle)!
=DLT_EN10MB)
fprintf(stderr,"\nThisprogramworksonlyonEthernetnetworks.\n");
/*Freethedevicelist*/
/*获得接口第一个地址的掩码*/
if(d->addresses!
=NULL)//
netmask=((structsockaddr_in*)(d->addresses->netmask))->sin_addr.S_un.S_addr;
else
netmask=0xffffff;
//编译过滤器
if(pcap_compile(adhandle,&fcode,packet_filter,1,netmask)<0){
fprintf(stderr,"\nUnabletocompilethepacketfilter.Checkthesyntax.\n");
//设置过滤器
if(pcap_setfilter(adhandle,&fcode)<0){
fprintf(stderr,"\nErrorsettingthefilter.\n");
printf("\nlisteningon:
%s...\n",d->description);
pcap_dumper_t*dumpfp;
dumpfp=pcap_dump_open(adhandle,"data");
charfilename[]="data";
//开始抓包////////////////////////////////////////////////////
pcap_loop(adhandle,100,packet_handler,(u_char*)dumpfp);
pcap_close(adhandle);
pcap_dump_close(dumpfp);
/*根据新的WinPcap语法创建源字符串*/
if(pcap_createsrcstr(source,//variablethatwillkeepthesourcestring
PCAP_SRC_FILE,//wewanttoopenafile
NULL,//remotehost
NULL,//portontheremotehost
filename,//nameofthefilewewanttoopen
errbuf//errorbuffer
)!
=0)
fprintf(stderr,"/nErrorcreatingasourcestring/n");
/*打开捕捉文件*/
if((fp=pcap_open(source,//nameofthedevice
65536,//portionofthepackettocapture
//65536guaranteesthatthewholepacketwillbecapturedonallthelinklayers
PCAP_OPENFLAG_PROMISCUOUS,//promiscuousmode
1000,//readtimeout
NULL,//authenticationontheremotemachine
errbuf2//errorbuffer
))==NULL)
fprintf(stderr,"/nUnabletoopenthefile%s./n",source);
showudphashtable();
showtcphashtable();
printf("hashtable----show----is----stopped\n");
//打开离线pcap文件,将其显示出来;
pcap_loop(fp,0,dispatcher_handler,NULL);
system("pause");
return0;
voidshowudphashtable()
printf("starttoshowudphashtable-------->\n");
printf("UDPhashtable:
\n");
inti;
for(i=0;i{udpnode*s;printf("key=%d:\n",i);s=udphashtable+i;while((s->next)!=NULL){printf("\n");s=s->next;printf("这是IP:%d.%d.%d.%d端口:%d------与-----IP:%d.%d.%d.%d端口:%d之间的连接\n",s->saddr.by1,s->saddr.by2,s->saddr.by3,s->saddr.by4,s->sport,s->daddr.by1,s->daddr.by2,s->daddr.by3,s->daddr.by4,s->dport);printf("数据包总长度:%d字节上行数据包数目:%d个下行数据包数目:%d个\n",s->length,s->upnum,s->downnum);}}printf("UDP显示完---------------------------------------------------------------------------------------------------\n");}voidshowtcphashtable(){printf("begin:\n");printf("TCPhashtable:");inti;for(i=0;i{tcpnode*s;printf("%d\n",i);s=tcphashtable+i;while((s->next)!=NULL){s=s->next;printf("目的端口%d->源端口%d->数据包总长度%d字节\n",s->dport,s->sport,s->length);}}printf("TCP显示完--------------------------------------------------------------------------------------\n");}////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////voiddispatcher_handler(u_char*temp1,conststructpcap_pkthdr*header,constu_char*pkt_data){u_inti=0;/*Printthepacket*/for(i=1;icaplen+1;i++){printf("%x",pkt_data[i-1]);if((i%LINE_LEN)==30)printf("\n");//每30位一组换行一次;}printf("\n");}intcompare(udpnode**p,udpnode**pd){intflag=0;if((*pd)->daddr.by1==(*p)->daddr.by1)flag+=1;if((*pd)->daddr.by2==(*p)->daddr.by2)flag+=1;if((*pd)->daddr.by3==(*p)->daddr.by3)flag+=1;if((*pd)->daddr.by4==(*p)->daddr.by4)flag+=1;if((*pd)->saddr.by1==(*p)->saddr.by1)flag+=1;if((*pd)->saddr.by2==(*p)->saddr.by2)flag+=1;if((*pd)->saddr.by3==(*p)->saddr.by3)flag+=1;if((*pd)->saddr.by4==(*p)->saddr.by4)flag+=1;if((*pd)->sport==(*p)->sport)flag+=1;if((*pd)->dport==(*p)->dport)flag+=1;if(flag==10)flag=2;elseflag=0;intf=0;if((*pd)->daddr.by1==(*p)->saddr.by1)f+=1;if((*pd)->daddr.by2==(*p)->saddr.by2)f+=1;if((*pd)->daddr.by3==(*p)->saddr.by3)f+=1;if((*pd)->daddr.by4==(*p)->saddr.by4)f+=1;if((*pd)->saddr.by1==(*p)->daddr.by1)f+=1;if((*pd)->saddr.by2==(*p)->daddr.by2)f+=1;if((*pd)->saddr.by3==(*p)->daddr.by3)f+=1;if((*pd)->saddr.by4==(*p)->daddr.by4)f+=1;if((*pd)->sport!=(*p)->dport)f+=1;if((*pd)->dport!=(*p)->sport)f+=1;if(f==10)f=1;elsef=0;return(flag+f);}voidpacket_handler(u_char*dumpfp,conststructpcap_pkthdr*header,constu_char*pkt_data){macheader*mh;ipbaowen*ih;tcpheader*th;udpheader*uh;u_intiplen=0;u_intkey=0;intflag=0;//定义源端口和目的端口;u_shortsport=0;u_shortdport=0;//Mac帧各个指针找到自己对应的位置;mh=(macheader*)pkt_data;//mac头ih=(ipbaowen*)(pkt_data+14);//ip头iplen=(ih->ver_ihl&0xf)*4;//ip层的长度uh=(udpheader*)((u_char*)ih+iplen);//udp指针th=(tcpheader*)((u_char*)ih+iplen);//tcp指针//边收边存哈希//printf("%d\n",ih->proto);//system("pause");if((ih->proto)==17)//udp报文2{udpnode*p;p=(udpnode*)malloc(sizeof(udpnode));p->downnum=0;p->upnum=1;inta=0,b=0;a=(ih->saddr.by1)+(ih->saddr.by2)+(ih->saddr.by3)+(ih->saddr.by4);b=(ih->daddr.by1)+(ih->daddr.by2)+(ih->daddr.by3)+(ih->daddr.by4);key=has
udpnode*s;
printf("key=%d:
\n",i);
s=udphashtable+i;
while((s->next)!
=NULL)
printf("\n");
s=s->next;
printf("这是IP:
%d.%d.%d.%d端口:
%d------与-----IP:
%d之间的连接\n",
s->saddr.by1,
s->saddr.by2,
s->saddr.by3,
s->saddr.by4,
s->sport,
s->daddr.by1,
s->daddr.by2,
s->daddr.by3,
s->daddr.by4,
s->dport
);
printf("数据包总长度:
%d字节上行数据包数目:
%d个下行数据包数目:
%d个\n",
s->length,
s->upnum,
s->downnum
printf("UDP显示完---------------------------------------------------------------------------------------------------\n");
voidshowtcphashtable()
printf("begin:
printf("TCPhashtable:
");
for(i=0;i{tcpnode*s;printf("%d\n",i);s=tcphashtable+i;while((s->next)!=NULL){s=s->next;printf("目的端口%d->源端口%d->数据包总长度%d字节\n",s->dport,s->sport,s->length);}}printf("TCP显示完--------------------------------------------------------------------------------------\n");}////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////voiddispatcher_handler(u_char*temp1,conststructpcap_pkthdr*header,constu_char*pkt_data){u_inti=0;/*Printthepacket*/for(i=1;icaplen+1;i++){printf("%x",pkt_data[i-1]);if((i%LINE_LEN)==30)printf("\n");//每30位一组换行一次;}printf("\n");}intcompare(udpnode**p,udpnode**pd){intflag=0;if((*pd)->daddr.by1==(*p)->daddr.by1)flag+=1;if((*pd)->daddr.by2==(*p)->daddr.by2)flag+=1;if((*pd)->daddr.by3==(*p)->daddr.by3)flag+=1;if((*pd)->daddr.by4==(*p)->daddr.by4)flag+=1;if((*pd)->saddr.by1==(*p)->saddr.by1)flag+=1;if((*pd)->saddr.by2==(*p)->saddr.by2)flag+=1;if((*pd)->saddr.by3==(*p)->saddr.by3)flag+=1;if((*pd)->saddr.by4==(*p)->saddr.by4)flag+=1;if((*pd)->sport==(*p)->sport)flag+=1;if((*pd)->dport==(*p)->dport)flag+=1;if(flag==10)flag=2;elseflag=0;intf=0;if((*pd)->daddr.by1==(*p)->saddr.by1)f+=1;if((*pd)->daddr.by2==(*p)->saddr.by2)f+=1;if((*pd)->daddr.by3==(*p)->saddr.by3)f+=1;if((*pd)->daddr.by4==(*p)->saddr.by4)f+=1;if((*pd)->saddr.by1==(*p)->daddr.by1)f+=1;if((*pd)->saddr.by2==(*p)->daddr.by2)f+=1;if((*pd)->saddr.by3==(*p)->daddr.by3)f+=1;if((*pd)->saddr.by4==(*p)->daddr.by4)f+=1;if((*pd)->sport!=(*p)->dport)f+=1;if((*pd)->dport!=(*p)->sport)f+=1;if(f==10)f=1;elsef=0;return(flag+f);}voidpacket_handler(u_char*dumpfp,conststructpcap_pkthdr*header,constu_char*pkt_data){macheader*mh;ipbaowen*ih;tcpheader*th;udpheader*uh;u_intiplen=0;u_intkey=0;intflag=0;//定义源端口和目的端口;u_shortsport=0;u_shortdport=0;//Mac帧各个指针找到自己对应的位置;mh=(macheader*)pkt_data;//mac头ih=(ipbaowen*)(pkt_data+14);//ip头iplen=(ih->ver_ihl&0xf)*4;//ip层的长度uh=(udpheader*)((u_char*)ih+iplen);//udp指针th=(tcpheader*)((u_char*)ih+iplen);//tcp指针//边收边存哈希//printf("%d\n",ih->proto);//system("pause");if((ih->proto)==17)//udp报文2{udpnode*p;p=(udpnode*)malloc(sizeof(udpnode));p->downnum=0;p->upnum=1;inta=0,b=0;a=(ih->saddr.by1)+(ih->saddr.by2)+(ih->saddr.by3)+(ih->saddr.by4);b=(ih->daddr.by1)+(ih->daddr.by2)+(ih->daddr.by3)+(ih->daddr.by4);key=has
tcpnode*s;
printf("%d\n",i);
s=tcphashtable+i;
printf("目的端口%d->源端口%d->数据包总长度%d字节\n",
s->dport,
s->length
printf("TCP显示完--------------------------------------------------------------------------------------\n");
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
voiddispatcher_handler(u_char*temp1,conststructpcap_pkthdr*header,constu_char*pkt_data)
u_inti=0;
/*Printthepacket*/
for(i=1;icaplen+1;i++)
printf("%x",pkt_data[i-1]);
if((i%LINE_LEN)==30)printf("\n");//每30位一组换行一次;
intcompare(udpnode**p,udpnode**pd)
intflag=0;
if((*pd)->daddr.by1==(*p)->daddr.by1)flag+=1;
if((*pd)->daddr.by2==(*p)->daddr.by2)flag+=1;
if((*pd)->daddr.by3==(*p)->daddr.by3)flag+=1;
if((*pd)->daddr.by4==(*p)->daddr.by4)flag+=1;
if((*pd)->saddr.by1==(*p)->saddr.by1)flag+=1;
if((*pd)->saddr.by2==(*p)->saddr.by2)flag+=1;
if((*pd)->saddr.by3==(*p)->saddr.by3)flag+=1;
if((*pd)->saddr.by4==(*p)->saddr.by4)flag+=1;
if((*pd)->sport==(*p)->sport)flag+=1;
if((*pd)->dport==(*p)->dport)flag+=1;
if(flag==10)flag=2;
elseflag=0;
intf=0;
if((*pd)->daddr.by1==(*p)->saddr.by1)f+=1;
if((*pd)->daddr.by2==(*p)->saddr.by2)f+=1;
if((*pd)->daddr.by3==(*p)->saddr.by3)f+=1;
if((*pd)->daddr.by4==(*p)->saddr.by4)f+=1;
if((*pd)->saddr.by1==(*p)->daddr.by1)f+=1;
if((*pd)->saddr.by2==(*p)->daddr.by2)f+=1;
if((*pd)->saddr.by3==(*p)->daddr.by3)f+=1;
if((*pd)->saddr.by4==(*p)->daddr.by4)f+=1;
if((*pd)->sport!
=(*p)->dport)f+=1;
if((*pd)->dport!
=(*p)->sport)f+=1;
if(f==10)f=1;
elsef=0;
return(flag+f);
voidpacket_handler(u_char*dumpfp,conststructpcap_pkthdr*header,constu_char*pkt_data)
macheader*mh;
ipbaowen*ih;
tcpheader*th;
udpheader*uh;
u_intiplen=0;
u_intkey=0;
//定义源端口和目的端口;
u_shortsport=0;
u_shortdport=0;
//Mac帧各个指针找到自己对应的位置;
mh=(macheader*)pkt_data;//mac头
ih=(ipbaowen*)(pkt_data+14);//ip头
iplen=(ih->ver_ihl&0xf)*4;//ip层的长度
uh=(udpheader*)((u_char*)ih+iplen);//udp指针
th=(tcpheader*)((u_char*)ih+iplen);//tcp指针
//边收边存哈希
//printf("%d\n",ih->proto);
//system("pause");
if((ih->proto)==17)//udp报文2
udpnode*p;
p=(udpnode*)malloc(sizeof(udpnode));
p->downnum=0;
p->upnum=1;
inta=0,b=0;
a=(ih->saddr.by1)+(ih->saddr.by2)+(ih->saddr.by3)+(ih->saddr.by4);
b=(ih->daddr.by1)+(ih->daddr.by2)+(ih->daddr.by3)+(ih->daddr.by4);
key=has
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1