WinPcap programming (3) and winpcap Programming

Source: Internet
Author: User

WinPcap programming (3) and winpcap Programming

1. filter settings

Set the filter to get the desired package type. Like WireShark.

Process: Compile the filter and set the filter. Directly refer to the document code:

  

If (d-> addresses! = NULL)/* obtain the mask of the first address of the interface */netmask = (struct sockaddr_in *) (d-> addresses-> netmask)-> sin_addr.S_un.S_addr; else/* if this interface has no address, we assume that this interface is in a class C Network */netmask = 0 xffffff; compile the filter if (pcap_compile (adhandle, & fcode, "ip and tcp", 1, netmask) <0) {fprintf (stderr, "\ nUnable to compile the packet filter. check the syntax. \ n ");/* release the device list */pcap_freealldevs (alldevs); return-1;} set the filter if (pcap_setfilter (adhandle, & fcode) <0) {fprintf (stderr, "\ nError setting the filter. \ n ");/* release the device list */pcap_freealldevs (alldevs); return-1 ;}View Code

 

2. Analyze Data Packets

You only need to know how to construct and then how to handle it.

 

Source code:

# Define WIN32 # include "pcap. h "typedef struct mac {u_char byte1; u_char byte2; u_char byte3; u_char byte4; u_char byte5; u_char byte6;} mac; typedef struct eth_header {mac dmac; mac smac; u_short type;} eth_header;/* 4-byte IP Address */typedef struct ip_address {u_char byte1; u_char byte2; u_char byte3; u_char byte4;} ip_address; /* IPv4 header */typedef struct ip_header {u_char ver_ihl; // version (4 bits) + header length (4 bit S) u_char tos; // service Type (Type of service) u_short tlen; // Total length (Total length) u_short identification; // Identification u_short flags_fo; // Flags (3 bits) + segment offset (Fragment offset) (13 bits) u_char ttl; // Time to live u_char proto; // Protocol (Protocol) u_short crc; // Header checksum (Header checksum) ip_address saddr; // Source address (Source address) ip_address daddr; // Destination address) u_int op_pad; // Option and fill (Option + Padding)} ip_header;/* UDP header */typedef struct udp_header {u_short sport; // Source port (Source port) u_short dport; // Destination port (Destination port) u_short len; // UDP packet length (datatelength) u_short crc; // Checksum} udp_header; /* callback function prototype */void packet_handler2 (u_char * param, const struct pcap_pkthdr * header, const u_char * pkt_data); int main () {pcap_if_t * alldevs; release * d; int inum; int I = 0; pcap_t * adhandle; char errbuf [PCAP_ERRBUF_SIZE]; u_int netmask; char packet_filter [] = "ip"; struct bpf_program fcode; /* get the device list */if (pcap_findalldevs_ex (PCAP_SRC_IF_STRING, NULL, & alldevs, errbuf) =-1) {fprintf (stderr, "Error in pcap_findalldevs: % s \ n ", errbuf); exit (1);}/* print the list */for (d = alldevs; d = d-> next) {printf ("% d. % s ", ++ I, d-> name); if (d-> description) printf (" (% s )\ N ", d-> description); else printf (" (No description available) \ n ");} if (I = 0) {printf (" \ nNo interfaces found! Make sure WinPcap is installed. \ n "); return-1;} printf (" Enter the interface number (1-% d): ", I); scanf_s (" % d ", & inum ); if (inum <1 | inum> I) {printf ("\ nInterface number out of range. \ n ");/* release the device list */pcap_freealldevs (alldevs); return-1;}/* jump to the selected device */for (d = alldevs, I = 0; I <inum-1; d = d-> next, I ++);/* Open the adapter * // if (adhandle = pcap_open (d-> name, // device name // 65536, // part of the data packet to be captured/ /// 65535 ensure that all content of each data packet on different data link layers can be captured // PCAP_OPENFLAG_PROMISCUOUS, // mixed mode // 0, // read timeout // NULL, // remote machine verification // errbuf // Error Buffer Pool //) = NULL) if (adhandle = pcap_open_live (d-> name, 65536, PCAP_OPENFLAG_PROMISCUOUS, 0, errbuf) = NULL) {fprintf (stderr, "\ nUnable to open the adapter. % s is not supported by WinPcap \ n ");/* release the device list */pcap_freealldevs (alldevs); return-1;}/* check the data link layer for simplicity, we only consider Ethernet * /// If (pcap_datalink (adhandle )! = DLT_EN10MB) // {// fprintf (stderr, "\ nThis program works only on Ethernet networks. \ n "); // * release the device list * // pcap_freealldevs (alldevs); // return-1; //} if (d-> addresses! = NULL)/* obtain the mask of the first address of the interface */netmask = (struct sockaddr_in *) (d-> addresses-> netmask)-> sin_addr.S_un.S_addr; else/* if the interface does not have an address, assume a class C mask */netmask = 0 xffffff; // compile the filter if (pcap_compile (adhandle, & fcode, packet_filter, 1, netmask) <0) {fprintf (stderr, "\ nUnable to compile the packet filter. check the syntax. \ n ");/* release the device list */pcap_freealldevs (alldevs); return-1;} // set the filter if (pcap_setfilter (adha Ndle, & fcode) <0) {fprintf (stderr, "\ nError setting the filter. \ n ");/* release the device list */pcap_freealldevs (alldevs); return-1;} printf (" \ nlistening on % s... \ n ", d-> description);/* release the device list */pcap_freealldevs (alldevs);/* Start capturing */pcap_loop (adhandle, 0, packet_handler2, NULL ); system ("pause"); return 0;}/* callback function, which is called by libpcap */void packet_handler2 (u_char * param, const struct pcap_pkthdr * header, Const u_char * pkt_data) {struct tm ltime; char timestr [16]; time_t local_ TV _sec; eth_header * eh; ip_header * ih; udp_header * uh; u_int ip_len; u_short = 0, dport = 0; int I;/* converts the timestamp into a recognizable format */local_ TV _sec = header-> ts. TV _sec; localtime_s (& ltime, & local_ TV _sec); strftime (timestr, sizeof timestr, "% H: % M: % S", & ltime ); /* print the data packet Timestamp and length */printf ("Time Stamp: % s. %. 6d \ nLength: % d \ n ", timestr, header-> t S. TV _usec, header-> len); // * obtain the Ethernet frame header * // eh = (eth_header *) (pkt_data ); /// * position of the IP packet header obtained * // ih = (ip_header *) (pkt_data + // 14 ); // length of the Ethernet header // * obtain the location of the UDP header // The IP datagram header is 4 bits, measured in 32bit (4 bytes) // The maximum length of an IP header is "1111", that is, 15*4 = 60 bytes. The minimum IP Address Header length is 20 bytes. // * // Ip_len = (ih-> ver_ihl & 0xf) * 4; // uh = (udp_header *) (u_char *) ih + ip_len ); /// * convert the network byte sequence to the host byte sequence * // sport = ntohs (uh-> sport); // dport = ntohs (uh-> dport ); /* print the data of the Data Packet */printf ("\ nDATA:"); for (I = 0; I  

3. Sending a package is relatively simple.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.