1、网络安全监管实验使用WinPcap进行网络数据包编程一、实验目的通过实验创建一个使用 wpcap.dll 的应用程序,学习如何使用WinPcap进行编程。二、实验环境操作系统环境:Windows2000/NT/XP;编程环境:Visual c+;Turbo c三、实验任务任务性质:设计性实验任务描述:首先要完全理解winpcap编程的实现过程,然后用C或C+编写程序。实验步骤:1.首先运行winpcap的安装程序WinPcap_3_1.exe,然后把winpcap开发包WpdPack_3_1.zip解压缩到某个目录下,这里假设把winpcap开发包解压缩到C:wpdpack文件夹下。在C:wp
2、dpack文件夹下有子文件夹”include”和”lib”,分别把它们添加到VC的头文件路径和静态链接库路径下面。具体方法如下:打开VC,选择Tools菜单的子菜单options,打开对话框Options,选择Directory页面,然后在”Include files”中添加路径”C:wpdpackinclude”,在”Library files”中添加路径”C:wpdpacklib”。某些应用程序可能使用到Platform SDK,此时应该安装psdk,然后将其include和lib目录添加到VC的头文件路径和静态链接库路径下面。 在具体开发一个基于winpcap的工程时,还需要把winpc
3、ap的静态链接库wpcap.lib添加进来。选择菜单Project的子菜单Settings,打开对话框Project Settings,选择页面Link,在项目Object/library modules中添加wpcap.lib。由于在Windows中要使用其他网络函数操作,如ntohs(),必须使用套接字函数,所以还应该添加静态链接库wsock32.lib。有些控制台程序需要运行参数,可以在VC中这样设置:打开VC菜单Project的子菜单Setting中的对话框Project Settings,然后在页面Debug的选项Program arguments中填入参数。2. 创建工程打开VC,
4、选择菜单File New,在弹出的对话框中选择Projects页,再选择Win32 Console Application,通过Location下面的编辑框旁边的按钮选择存放工程的路径,在Project name:下的编辑框中输入工程名Proj_1,单击OK按钮。在弹出的对话框中选择An empty project,单击Finish按钮。在接下来弹出的对话框中单击OK按钮。选择菜单File New,在弹出的对话框中选择Files页,再选择C+ Source File,将Add to project左边的选择框选中,确定Add to project下面的编辑框中出现的是Proj_1。在File下
5、的编辑框中输入文件名ex1,单击OK按钮。 单击Save All工具条,再单击Build (F7)工具条,输出窗口显示以下信息。单击工具条上红色的!号运行程序。3. Packet Dump 这个程序会依据命令行参数,从网络适配器,或是从文件来读取数据包。如果没有提供源,那么程序会显示出所有可用的适配器,你可以选其中一个。当捕获过程开始,程序会打印数据包的时间戳,长度,原始内容。一旦被编译了,那么它将能运行于所有的Win32平台,当然,它也可以被编译成Unix平台的程序。 -/* * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torin
6、o (Italy) * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain
7、the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3.
8、 Neither the name of the Politecnico di Torino, CACE Technologies * nor the names of its contributors may be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * AS IS A
9、ND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CON
10、SEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING I
11、N ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include #include / / NOTE: remember to include WPCAP and HAVE_REMOTE among your / preprocessor definitions. / #include #define LINE_LEN 16 main(int argc, char *argv) pcap_if_t *alldevs, *d; pcap_t *
12、fp; u_int inum, i=0; char errbufPCAP_ERRBUF_SIZE; int res; struct pcap_pkthdr *header; const u_char *pkt_data; printf(pktdump_ex: prints the packets of the network using WinPcap.n); printf( Usage: pktdump_ex -s sourcenn Examples:n pktdump_ex -s file:/c:/temp/file.acpn pktdump_ex -s rpcap:/DeviceNPF_
13、C8736017-F3C3-4373-94AC-9A34B7DAD998nn); if(argc next) printf(%d. %sn , +i, d-name); if (d-description) printf( (%s)n, d-description); else printf( (No description available)n); if (i=0) fprintf(stderr,No interfaces found! Exiting.n); return -1; printf(Enter the interface number (1-%d):,i); scanf(%d
14、, &inum); if (inum i) printf(nInterface number out of range.n); /* Free the device list */ pcap_freealldevs(alldevs); return -1; /* Jump to the selected adapter */ for (d=alldevs, i=0; inext, i+); /* Open the device */ if ( (fp= pcap_open(d-name, 100 /*snaplen*/, PCAP_OPENFLAG_PROMISCUOUS /*flags*/,
15、 20 /*read timeout*/, NULL /* remote authentication */, errbuf) ) = NULL) fprintf(stderr,nError opening adaptern); return -1; else / Do not check for the switch type (-s) if ( (fp= pcap_open(argv2, 100 /*snaplen*/, PCAP_OPENFLAG_PROMISCUOUS /*flags*/, 20 /*read timeout*/, NULL /* remote authenticati
16、on */, errbuf) ) = NULL) fprintf(stderr,nError opening source: %sn, errbuf); return -1; /* Read the packets */ while(res = pcap_next_ex( fp, &header, &pkt_data) = 0) if(res = 0) /* Timeout elapsed */ continue; /* print pkt timestamp and pkt len */ printf(%ld:%ld (%ld)n, header-ts.tv_sec, header-ts.t
17、v_usec, header-len); /* Print the packet */ for (i=1; (i caplen + 1 ) ; i+) printf(%.2x , pkt_datai-1); if ( (i % LINE_LEN) = 0) printf(n); printf(nn); if(res = -1) fprintf(stderr, Error reading the packets: %sn, pcap_geterr(fp); return -1; return 0; 数据包过滤器 这是一个更加完整的使用libpcap的范例程序,它显示了如何创建和设置过滤器,如何把
18、捕获保存到磁盘。这个程序在Win32和Unix平台下都能编译。Pcap_filter(pf.exe)是一个通用的数据包过滤程序:它的输入参数有数据包的源(可以是物理接口,或是一个文件),过滤器和一个输出文件。它会从源获取数据包,并对它们进行过滤,如果它们符合过滤器的要求,就把它们保存到输出文件,直到按下Ctrl+C,或者整个文件处理完毕。Pcap_filter不但可以根据一个特定的过滤器,来堆处理网络中的数据,而且可以从已经保存过的文件中提取数据包。输入和输出文件的格式都是libpcap兼容的格式,比如,WinDump,tcpdump和其他许多网络工具。 /* * Copyright (c)
19、1999 - 2005 NetGroup, Politecnico di Torino (Italy) * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. R
20、edistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other mate
21、rials provided with the distribution. * 3. Neither the name of the Politecnico di Torino, CACE Technologies * nor the names of its contributors may be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE CO
22、PYRIGHT HOLDERS AND CONTRIBUTORS * AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT
23、, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (IN
24、CLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include #include #include #define MAX_PRINT 80 #define MAX_LINE 16 void usage(); void main(int argc, char *argv) pcap_t *fp; char errbufPCAP_ERRBUF_SIZE; ch
25、ar *source=NULL; char *ofilename=NULL; char *filter=NULL; int i; pcap_dumper_t *dumpfile; struct bpf_program fcode; bpf_u_int32 NetMask; int res; struct pcap_pkthdr *header; const u_char *pkt_data; if (argc = 1) usage(); return; for(i=1;i argc; i+= 2) switch (argvi 1) case s: source=argvi+1; ; break
26、; case o: ofilename=argvi+1; ; break; case f: filter=argvi+1; ; break; / open a capture from the network if (source != NULL) if ( (fp= pcap_open(source, 1514 /*snaplen*/, PCAP_OPENFLAG_PROMISCUOUS /*flags*/, 20 /*read timeout*/, NULL /* remote authentication */, errbuf) ) = NULL) fprintf(stderr,nUna
27、ble to open the adapter.n); return; else usage(); if (filter != NULL) / We should loop through the adapters returned by the pcap_findalldevs_ex() / in order to locate the correct one. / / Lets do things simpler: we suppose to be in a C class network ;-) NetMask=0xffffff; /compile the filter if(pcap_compile(fp, &fcode, filter, 1, NetMask) 0) fprintf(stderr,nError compiling filter: wrong syntax.n); return; /set the filter if(pcap_setfilter(fp, &fcode)= 0) if(res = 0) /* Timeout elapsed */ continue; /save the packet on t
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1