前言
winpcap编译
环境搭建
- 下载并安装winpcap 4.1.3
这将会安装Driver和DLLS
The last official WinPcap release was 4.1.3
For the list of changes, refer to the changelog.
Version 4.1.3 Installer for Windows
Driver + DLLs
- 下载并安装WinPcap运行库
- 下载WinPcap开发包
使用
管理员权限双击运行\WpdPack\Examples-pcap\MakeaAll.sln
文件目录:WpdPack\Examples-pcap
- UDPdump udp包抓取
BPF过滤器:
char packet_filter[] = "port 8080"; 爬取所有8080端口的数据包
#ifdef _MSC_VER /* * we do not want the warnings about the old deprecated and unsecure CRT functions * since these examples can be compiled under *nix as well */ #define _CRT_SECURE_NO_WARNINGS #endif #include "pcap.h" /* 4 bytes IP address */ typedef struct ip_address { u_char byte1; u_char byte2; u_char byte3; u_char byte4; }ip_address; /* IPv4 header */ typedef struct ip_header { u_char ver_ihl; // Version (4 bits) + Internet header length (4 bits) u_char tos; // Type of service u_short tlen; // Total length u_short identification; // Identification u_short flags_fo; // Flags (3 bits) + Fragment offset (13 bits) u_char ttl; // Time to live u_char proto; // Protocol u_short crc; // Header checksum ip_address saddr; // Source address ip_address daddr; // Destination address u_int op_pad; // Option + Padding }ip_header; /* UDP header*/ typedef struct udp_header { u_short sport; // Source port u_short dport; // Destination port u_short len; // Datagram length u_short crc; // Checksum }udp_header; /* prototype of the packet handler */ void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data); void got_packet(u_char* param, const struct pcap_pkthdr* header, const u_char* pkt_data); int main() { pcap_if_t *alldevs; pcap_if_t *d; int inum; int i=0; pcap_t *adhandle; char errbuf[PCAP_ERRBUF_SIZE]; u_int netmask; char packet_filter[] = "port 8080"; struct bpf_program fcode; /* Retrieve the device list */ if(pcap_findalldevs(&alldevs, errbuf) == -1) { fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf); exit(1); } /* Print the list */ for(d=alldevs; d; d=d->next) { printf("%d. %s", ++i, d->name); if (d->description) printf(" (%s)\n", d->description); else printf(" (No description available)\n"); } if(i==0) { printf("\nNo interfaces found! Make sure WinPcap is installed.\n"); return -1; } printf("Enter the interface number (1-%d):",i); scanf("%d", &inum); /* Check if the user specified a valid adapter */ if(inum < 1 || inum > i) { printf("\nAdapter number out of range.\n"); /* Free the device list */ pcap_freealldevs(alldevs); return -1; } /* Jump to the selected adapter */ for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++); /* Open the adapter */ if ((adhandle= pcap_open_live(d->name, // name of the device 65536, // portion of the packet to capture. // 65536 grants that the whole packet will be captured on all the MACs. 1, // promiscuous mode (nonzero means promiscuous) 1000, // read timeout errbuf // error buffer )) == NULL) { fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n"); /* Free the device list */ pcap_freealldevs(alldevs); return -1; } /* Check the link layer. We support only Ethernet for simplicity. */ if(pcap_datalink(adhandle) != DLT_EN10MB) { fprintf(stderr,"\nThis program works only on Ethernet networks.\n"); /* Free the device list */ pcap_freealldevs(alldevs); return -1; } if(d->addresses != NULL) /* Retrieve the mask of the first address of the interface */ netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr; else /* If the interface is without addresses we suppose to be in a C class network */ netmask=0xffffff; //compile the filter if (pcap_compile(adhandle, &fcode, packet_filter, 1, netmask) <0 ) { fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n"); /* Free the device list */ pcap_freealldevs(alldevs); return -1; } //set the filter if (pcap_setfilter(adhandle, &fcode)<0) { fprintf(stderr,"\nError setting the filter.\n"); /* Free the device list */ pcap_freealldevs(alldevs); return -1; } printf("\nlistening on %s...\n", d->description); /* At this point, we don't need any more the device list. Free it */ pcap_freealldevs(alldevs); /* start the capture */ //pcap_loop(adhandle, 0, packet_handler, NULL); pcap_loop(adhandle, 0, got_packet, NULL); return 0; } /* Callback function invoked by libpcap for every incoming packet */ void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data) { struct tm *ltime; char timestr[16]; ip_header *ih; udp_header *uh; u_int ip_len; u_short sport,dport; time_t local_tv_sec; /* * unused parameter */ (VOID)(param); /* convert the timestamp to readable format */ local_tv_sec = header->ts.tv_sec; ltime=localtime(&local_tv_sec); strftime( timestr, sizeof timestr, "%H:%M:%S", ltime); /* print timestamp and length of the packet */ printf("%s.%.6d len:%d ", timestr, header->ts.tv_usec, header->len); /* retireve the position of the ip header */ ih = (ip_header *) (pkt_data + 14); //length of ethernet header /* retireve the position of the udp header */ ip_len = (ih->ver_ihl & 0xf) * 4; uh = (udp_header *) ((u_char*)ih + ip_len); /* convert from network byte order to host byte order */ sport = ntohs( uh->sport ); dport = ntohs( uh->dport ); /* print ip addresses and udp ports */ printf("%d.%d.%d.%d.%d -> %d.%d.%d.%d.%d\n", ih->saddr.byte1, ih->saddr.byte2, ih->saddr.byte3, ih->saddr.byte4, sport, ih->daddr.byte1, ih->daddr.byte2, ih->daddr.byte3, ih->daddr.byte4, dport); } /* Ethernet header */ struct ethheader { u_char ether_dhost[6]; /* destination host address */ u_char ether_shost[6]; /* source host address */ u_short ether_type; /* IP? ARP? RARP? etc */ }; /* IP Header */ struct ipheader { unsigned char iph_ihl : 4, iph_ver : 4; //IP Header length & Version. unsigned char iph_tos; //Type of service unsigned short int iph_len; //IP Packet length (Both data and header) unsigned short int iph_ident; //Identification unsigned short int iph_flag : 3, iph_offset : 13; //Flags and Fragmentation offset unsigned char iph_ttl; //Time to Live unsigned char iph_protocol; //Type of the upper-level protocol unsigned short int iph_chksum; //IP datagram checksum struct in_addr iph_sourceip; //IP Source address (In network byte order) struct in_addr iph_destip;//IP Destination address (In network byte order) }; /* TCP Header */ struct tcpheader { u_short tcp_sport; /* source port */ u_short tcp_dport; /* destination port */ u_int tcp_seq; /* sequence number */ u_int tcp_ack; /* acknowledgement number */ u_char tcp_offx2; /* data offset, rsvd */ #define TH_OFF(th) (((th)->tcp_offx2 & 0xf0) >> 4) u_char tcp_flags; #define TH_FIN 0x01 #define TH_SYN 0x02 #define TH_RST 0x04 #define TH_PUSH 0x08 #define TH_ACK 0x10 #define TH_URG 0x20 #define TH_ECE 0x40 #define TH_CWR 0x80 #define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR) u_short tcp_win; /* window */ u_short tcp_sum; /* checksum */ u_short tcp_urp; /* urgent pointer */ }; void got_packet(u_char* args, const struct pcap_pkthdr* header, const u_char* packet) { int i = 0; int size_data = 0; printf("\nGot a packet\n"); struct ethheader* eth = (struct ethheader*)packet; if (ntohs(eth->ether_type) == 0x800) { struct ipheader* ip = (struct ipheader*)(packet + sizeof(struct ethheader)); printf(" From: %s\n", inet_ntoa(ip->iph_sourceip)); printf(" To: %s\n", inet_ntoa(ip->iph_destip)); struct tcpheader* tcp = (struct tcpheader*)(packet + sizeof(struct ethheader) + sizeof(struct ipheader)); printf(" Source Port: %d\n", ntohs(tcp->tcp_sport)); printf(" Destination Port: %d\n", ntohs(tcp->tcp_dport)); switch (ip->iph_protocol) { case IPPROTO_TCP: printf(" Protocol: TCP\n"); break; case IPPROTO_UDP: printf(" Protocol: UDP\n"); break; case IPPROTO_ICMP: printf(" Protocol: ICMP\n"); break; default: printf(" Protocol: Others\n"); break; } //char* data = (char*)packet + sizeof(struct ethheader) + sizeof(struct ipheader) + sizeof(struct tcpheader); //size_data = ntohs(ip->iph_len) - (sizeof(struct ipheader) + sizeof(struct tcpheader)); //if (size_data > 0) { // printf(" Payload (%d bytes):\n", size_data); // for (i = 0; i < size_data; i++) { // if (isprint(*data)) // printf("%c", *data); // else // printf("."); // data++; // } //} } return; }
总结
以上就是今天要讲的内容,本文仅仅简单介绍了winpcap编译和使用。
参考:
https://blog.csdn.net/zhaoxinfan/article/details/6527454
