网络数据包抓取以及流量分析.docx
- 文档编号:29011430
- 上传时间:2023-07-20
- 格式:DOCX
- 页数:21
- 大小:21.31KB
网络数据包抓取以及流量分析.docx
《网络数据包抓取以及流量分析.docx》由会员分享,可在线阅读,更多相关《网络数据包抓取以及流量分析.docx(21页珍藏版)》请在冰豆网上搜索。
网络数据包抓取以及流量分析
#include
#include
typedefstructmacaddress{
u_charmac1;
u_charmac2;
u_charmac3;
u_charmac4;
u_charmac5;
u_charmac6;
};
typedefstructmacheader{
macaddressdest;
macaddresssrc;
u_shorttype;
};
//IP地址32位,这里用4个字节来表示。
typedefstructipaddress{
u_charby1;
u_charby2;
u_charby3;
u_charby4;
};
//IP报文格式
typedefstructipbaowen{
u_charver_ihl;//首部长度和版本号
u_chartos;//服务类型
u_shorttlen;//报文总长度
u_shortident;//标识
u_shortflags_fo;//标志和片偏移
u_charttl;//生存时间
u_charproto;//协议类型
#defineIP_ICMP1
#defineIP_IGMP2
#defineIP_TCP6
#defineIP_UDP17
#defineIP_IGRP88
#defineIP_OSPF89
u_shortcrc;
ipaddresssaddr;
ipaddressdaddr;
};
typedefstructtcpheader{
u_shortsport;//源端口
u_shortdport;//目的端口
u_intth_seq;//序列号
u_intth_ack;//确认号
u_charth_lenand;//报文长度
u_charth_flags;//标志
#defineTH_FIN0x01
#defineTH_SYN0x02
#defineTH_RST0x04
#defineTH_PSH0x08
#defineTH_ACK0x10
#defineTH_URG0x20
u_shortth_win;//窗口
u_shortth_sum;//校验和
u_shortth_urp;//紧急
};
//UDP格式
typedefstructudpheader{
u_shortsport;//Sourceport源端口
u_shortdport;//Destinationport目的端口
u_shortuh_len;//Datagramlength用户数据包长度
u_shortuh_sum;//Checksum校验和
};
typedefstructudpnode{
ipaddresssaddr;
ipaddressdaddr;
u_shortsport;
u_shortdport;
u_shortlength;
u_intupnum;
u_intdownnum;
structudpnode*next;
structudpnode*pre;
};
typedefstructtcpnode{
ipaddresssaddr;
ipaddressdaddr;
u_shortsport;
u_shortdport;
u_shortlength;
u_intupnum;
u_intdownnum;
structtcpnode*next;
structtcpnode*pre;
};
#definetcphashtablelength10
#defineudphashtablelength10
udpnodeudphashtable[udphashtablelength];
tcpnodetcphashtable[tcphashtablelength];
voidinitudp()
{
for(inti=0;i { udphashtable[i].pre=udphashtable+i; udphashtable[i].next=NULL; udphashtable[i].length=0; } } voidinittcp() { for(inti=0;i { tcphashtable[i].pre=tcphashtable+i; tcphashtable[i].next=NULL; tcphashtable[i].length=0; } } inthash(inta,intb,intc,intd) { return(a%2+b%3+c%4+d%5); } voidpacket_handler(u_char*param,conststructpcap_pkthdr*header,constu_char*pkt_data); voiddispatcher_handler(u_char*,conststructpcap_pkthdr*,constu_char*); voidshowudphashtable(); voidshowtcphashtable(); ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// intmain() { FILE*PP; pcap_if_t*alldevs; pcap_if_t*d; intinum; inti=0; pcap_t*adhandle; charerrbuf[PCAP_ERRBUF_SIZE]; u_intnetmask; charpacket_filter[]="ip"; structbpf_programfcode; #defineLINE_LEN10 pcap_t*fp; charerrbuf2[PCAP_ERRBUF_SIZE]; charsource[PCAP_BUF_SIZE]; initudp();////////////////////////////////// inittcp();////////////////////////////////// //获取设备列表; if(pcap_findalldevs(&alldevs,errbuf)==-1)// { fprintf(stderr,"Error? in? pcap_findalldevs: ? %s\n",errbuf); exit (1); } //显示设备名及其描述 for(d=alldevs;d;d=d->next) { printf("%d.%s\n",++i,d->name);//设备名 printf("(%s)\n",d->description);//设备描述 } printf("适配器总共有%d个\n",i); if(i==0) { printf("\nNo? interfaces? found! ? Make? sure? WinPcap? is? installed.\n"); return-1; } //输入某个适配器; printf("Enterthedevicenumber(1-%d): ",i); scanf_s("%d",&inum); if(inum<=0||inum>i) { printf("\ndevicenumberoutofrange.\n"); pcap_freealldevs(alldevs); return-1; } //使d指向输入的那个; for(d=alldevs,i=0;i //打开指定的适配器; if((adhandle=pcap_open_live(d->name,65536,1,1000,errbuf))==NULL) { fprintf(stderr,"\nUnable? to? open? the? adapter.? %s? is? not? supported? by? WinPcap\n"); pcap_freealldevs(alldevs);/*? Free? the? device? list? */ return-1; } //检查链路层 if(pcap_datalink(adhandle)! =DLT_EN10MB) { fprintf(stderr,"\nThis? program? works? only? on? Ethernet? networks.\n"); /*? Free? the? device? list? */ pcap_freealldevs(alldevs); return-1; } /*获得接口第一个地址的掩码*/ if(d->addresses! =NULL)// netmask=((structsockaddr_in*)(d->addresses->netmask))->sin_addr.S_un.S_addr; else netmask=0xffffff; //编译过滤器 if(pcap_compile(adhandle,&fcode,packet_filter,1,netmask)<0){ fprintf(stderr,"\nUnabletocompilethepacketfilter.Checkthesyntax.\n"); /*? Free? the? device? list? */ pcap_freealldevs(alldevs); return-1; } //设置过滤器 if(pcap_setfilter(adhandle,&fcode)<0){ fprintf(stderr,"\nError? setting? the? filter.\n"); pcap_freealldevs(alldevs); return-1; } printf("\nlisteningon: %s...\n",d->description); pcap_freealldevs(alldevs); pcap_dumper_t*dumpfp; dumpfp=pcap_dump_open(adhandle,"data"); char[]="data"; //开始抓包//////////////////////////////////////////////////// pcap_loop(adhandle,100,packet_handler,(u_char*)dumpfp); pcap_close(adhandle); pcap_dump_close(dumpfp); /*根据新的WinPcap语法创建源字符串*/ if(pcap_createsrcstr(source,//variablethatwillkeepthesourcestring PCAP_SRC_FILE,//wewanttoopenafile NULL,//remotehost NULL,//portontheremotehost //nameofthewanttoopen errbuf//errorbuffer )! =0) { fprintf(stderr,"/nErrorcreatingasourcestring/n"); return-1; } /*打开捕捉文件*/ if((fp=pcap_open(source,//nameofthedevice 65536,//portionofthepackettocapture //65536guaranteesthatthewholepacketwillbecapturedonallthelinklayers PCAP_OPENFLAG_PROMISCUOUS,//promiscuousmode 1000,//readtimeout NULL,//authenticationontheremotemachine errbuf2//errorbuffer ))==NULL) { fprintf(stderr,"/nUnabletoopenthe",source); return-1; } showudphashtable(); showtcphashtable(); printf("hashtable----show----is----stopped\n"); //打开离线pcap文件,将其显示出来; pcap_loop(fp,0,dispatcher_handler,NULL); system("pause"); return0; } voidshowudphashtable() { printf("starttoshowudphashtable-------->\n"); printf("UDPhashtable: \n"); inti; for(i=0;i { udpnode*s; printf("key=%d: \n",i); s=udphashtable+i; while((s->next)! =NULL) { printf("\n"); s=s->next; printf("这是IP: %d.%d.%d.%d端口: %d------和-----IP: %d.%d.%d.%d端口: %d之间的连接\n", s->saddr.by1, s->saddr.by2, s->saddr.by3, s->saddr.by4, s->sport, s->daddr.by1, s->daddr.by2, s->daddr.by3, s->daddr.by4, s->dport ); printf("数据包总长度: %d字节上行数据包数目: %d个下行数据包数目: %d个\n", s->length, s->upnum, s->downnum ); } } printf("UDP显示完---------------------------------------------------------------------------------------------------\n"); } voidshowtcphashtable() { printf("begin: \n"); printf("TCPhashtable: "); inti; for(i=0;i { tcpnode*s; printf("%d\n",i); s=tcphashtable+i; while((s->next)! =NULL) { s=s->next; printf("目的端口%d->源端口%d->数据包总长度%d字节\n", s->dport, s->sport, s->length ); } } printf("TCP显示完--------------------------------------------------------------------------------------\n"); } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// voiddispatcher_handler(u_char*temp1,conststructpcap_pkthdr*header,constu_char*pkt_data) { u_inti=0; /*Printthepacket*/ for(i=1;i { printf("%x",pkt_data[i-1]); if((i%LINE_LEN)==30)printf("\n");//每30位一组换行一次; } printf("\n"); } intcompare(udpnode**p,udpnode**pd) { intflag=0; if((*pd)->daddr.by1==(*p)->daddr.by1)flag+=1; if((*pd)->daddr.by2==(*p)->daddr.by2)flag+=1; if((*pd)->daddr.by3==(*p)->daddr.by3)flag+=1; if((*pd)->daddr.by4==(*p)->daddr.by4)flag+=1; if((*pd)->saddr.by1==(*p)->saddr.by1)flag+=1; if((*pd)->saddr.by2==(*p)->saddr.by2)flag+=1; if((*pd)->saddr.by3==(*p)->saddr.by3)flag+=1; if((*pd)->saddr.by4==(*p)->saddr.by4)flag+=1; if((*pd)->sport==(*p)->sport)flag+=1; if((*pd)->dport==(*p)->dport)flag+=1; if(flag==10)flag=2; elseflag=0; intf=0; if((*pd)->daddr.by1==(*p)->saddr.by1)f+=1; if((*pd)->daddr.by2==(*p)->saddr.by2)f+=1; if((*pd)->daddr.by3==(*p)->saddr.by3)f+=1; if((*pd)->daddr.by4==(*p)->saddr.by4)f+=1; if((*pd)->saddr.by1==(*p)->daddr.by1)f+=1; if((*pd)->saddr.by2==(*p)->daddr.by2)f+=1; if((*pd)->saddr.by3==(*p)->daddr.by3)f+=1; if((*pd)->saddr.by4==(*p)->daddr.by4)f+=1; if((*pd)->sport! =(*p)->dport)f+=1; if((*pd)->dport! =(*p)->sport)f+=1; if(f==10)f=1; elsef=0; return(flag+f); } voidpacket_handler(u_char*dumpfp,conststructpcap_pkthdr*header,constu_char*pkt_data) { macheader*mh; ipbaowen*ih; tcpheader*th; udpheader*uh; u_intiplen=0; u_intkey=0; intflag=0; //定义源端口和目的端口; u_shortsport=0; u_shortdport=0; //Mac帧各个指针找到自己对应的位置; mh=(macheader*)pkt_data;//mac头 ih=(ipbaowen*)(pkt_data+14);//ip头 iplen=(ih->ver_ihl&0xf)*4;//ip层的长度 uh=(udpheader*)((u_char*)ih+iplen);//udp指针 th=(tcpheader*)((u_char*)ih+iplen);//tcp指针 //边收边存哈希 //printf("%d\n",ih->proto); //system("pause"); if((ih->proto)==17)//udp报文2 { udpnode*p; p=(udpnode*)malloc(sizeof(udpnode)); p->downnum=0; p->upnum=1; inta=0,b=0; a=(ih->saddr.by1)+(ih->saddr.by2)+(ih->saddr.by3)+(ih->saddr.by4); b=(ih->daddr.by1)+(ih->daddr.by2)+(ih->daddr.by3)+(ih->daddr.by4);
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 网络 数据包 抓取 以及 流量 分析