ProgrammingProject2 WinPcapProgramming(WinPcap抓包分析程序).docx

Project 2 WinPcap ProgrammingRequirements:Network data packet capture tool is the main method of analyzing network protocol and detecting faults, WinPcap is a network packet capture tool kit, which can capture data frames in network adapter level.1. understand the formation of the Ethernet data frame2. know the programming method of WinPcap 3. understand the inclusion relationships between the network packetsContents:Using the WinPcap library function to write the network data frame (Ethernet) capture program. First of all, it captures the data link frames through the network adapter and you can analyze the formations of upper package structure in advance, such as TCP/UDP, IP packages.Environment:Program running environment is built on Ethernet which uses TCP/IP protocol stack and the network operating system is Windows.Program development environment is VC+6.0.Steps:S1. Needs analysis:The function of WinPcap capturing data frames program:(1) The capture program has the ability to capture the frames of the local network adapter and display each field of the Ethernet frame.(2) The capture program has the ability to analyze the data from upper protocol.(3) The adapter is set to promiscuous mode, and receiving data frame for analysis.S2. Capture frame program development:Using VC+ to write data frame capture program and using WinPcap library functions to achieve the network adapter data Frame. The program, first of all, gets the adapter number and sets it in a promiscuous mode to receive all the data frames on the network. After setting the buffer, location, initializing the equipment in the driver, we start capturing data frame and display the various fields in the format of Ethernet frame, and further display the upper protocol data format.S3 Compile and Execute the program:The WinPcap capture program should be compiled, linked and executed. The program shows captured data frame and the upper protocol frames in a loop.Codes :WinPcap Program#define _CRT_SECURE_NO_WARNINGS#include pcap.h #include #pragma comment(lib,wpcap.lib) #pragma comment(lib,packet.lib) #pragma comment(lib,ws2_32.lib) /*以下是以太网协议格式*/struct ether_headeru_int8_t ether_dhost6; /目的Mac地址 u_int8_t ether_shost6; /源Mac地址 u_int16_t ether_type; /协议类型 ;struct ip_header#if defined(WORDS_BIENDIAN) u_int8_t ip_version : 4, ip_header_length : 4;#else u_int8_t ip_header_length : 4,ip_version : 4;#endif u_int8_t ip_tos;u_int16_t ip_length;u_int16_t ip_id;u_int16_t ip_off;u_int8_t ip_ttl;u_int8_t ip_protocol;u_int16_t ip_checksum;struct in_addr ip_souce_address;struct in_addr ip_destination_address;void ip_protool_packet_callback(u_char *argument, const struct pcap_pkthdr* packet_header, const u_char* packet_content)struct ip_header *ip_protocol;u_int header_length = 0;u_int offset;u_char tos;u_int16_t checksum;/MAC首部是14位的，加上14位得到IP协议首部 ip_protocol = (struct ip_header *) (packet_content + 14);checksum = ntohs(ip_protocol-ip_checksum);tos = ip_protocol-ip_tos;offset = ntohs(ip_protocol-ip_off);printf(-Ip-n);printf(Version Number: %dn, ip_protocol-ip_version);printf(Header Length: %dn, header_length);printf(Type of Service: %dn, tos);printf(Total Length: %dn, ntohs(ip_protocol-ip_length);printf(Identification: %dn, ntohs(ip_protocol-ip_id);printf(Fragment Offset: %dn, (offset & 0x1fff) * 8);printf(Time to Live: %dn, ip_protocol-ip_ttl);printf(Protocol Type: %dn, ip_protocol-ip_protocol);switch (ip_protocol-ip_protocol)case 1: printf(Upper Protocol is ICMP Protocoln); break;case 2: printf(Upper Protocol is IGMP Protocoln); break;case 6: printf(Upper Protocol is TCP Protocoln); break;case 17: printf(Upper Protocol is UDP Protocoln); break;default:break;printf(CheckSum: %dn, checksum);printf(Source IP Address: %sn, inet_ntoa(ip_protocol-ip_souce_address);printf(Destination IP Address: %sn, inet_ntoa(ip_protocol-ip_destination_address);void ethernet_protocol_packet_callback(u_char *argument, const struct pcap_pkthdr* packet_header, const u_char* packet_content)u_short ethernet_type;struct ether_header *ethernet_protocol;u_char *mac_string;static int packet_number = 1;printf(=n);printf(Capture Package Number: %dn, packet_number);printf(Package Length: %dn, packet_header-len);printf(-Ethernet-n);ethernet_protocol = (struct ether_header*)packet_content;/获得数据包内容 printf(Ethernet Type :);ethernet_type = ntohs(ethernet_protocol-ether_type);/获得以太网类型 printf(%04xn, ethernet_type);switch (ethernet_type)case 0x0800: printf(Upper Protocol is IP Protocoln); break;case 0x0806: printf(Upper Protocol is ARP Protocoln); break;case 0x8035: printf(Upper Protocol is RARP Protocoln); break;default:break;printf(MAC Frame Source Address: n);mac_string = ethernet_protocol-ether_shost;printf(%02x:%02x:%02x:%02x:%02x:%02xn, *mac_string, *(mac_string + 1), *(mac_string + 2), *(mac_string + 3), *(mac_string + 4), *(mac_string + 5);printf(MAC Frame Destination Address:n);mac_string = ethernet_protocol-ether_dhost;printf(%02x:%02x:%02x:%02x:%02x:%02xn, *mac_string, *(mac_string + 1), *(mac_string + 2), *(mac_string + 3), *(mac_string + 4), *(mac_string + 5);if (ethernet_type = 0x0800)/继续分析IP协议 ip_protool_packet_callback(argument, packet_header, packet_content);printf(-n);packet_number+;int main()pcap_if_t *alldevs;pcap_if_t *d;int inum;int i = 0;pcap_t* pcap_handle; /winpcap句柄 char error_contentPCAP_ERRBUF_SIZE; /存储错误信息 bpf_u_int32 net_mask; /掩码地址 bpf_u_int32 net_ip = 0; /网络地址 struct bpf_program bpf_filter; /BPF过滤规则 char bpf_filter_string = ip; /过滤规则字符串，只分析IPv4的数据包 /* 获取本机设备列表 */pcap_findalldevs(&alldevs, error_content);/* 打印列表 */for (d = alldevs; d; d = d-next)printf(%d. %s, +i, d-name);if (d-description)printf( (%s)n, d-description);elseprintf( (No description available)n);if (i = 0)printf(nNo interfaces found! Make sure WinPcap is installed.n);return -1;printf(Enter the Interface number (1-%d):, i);scanf(%d, &inum);if (inum i)printf(nInterface number out of range.n);/* 释放设备列表 */pcap_freealldevs(alldevs);return -1;/* 跳转到选中的适配器 */for (d = alldevs, i = 0; inext, i+);pcap_handle = pcap_open_live(d-name, / 设备名 65536, / 65535保证能捕获到不