您的位置：首页 > 理论基础 > 计算机网络
libpcap的简单使用--抓取特定类型和端口的网络数据

2017-09-08 16:08 543 查看
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include

using std::cout;
using std::endl;
using std::thread;
using std::vector;
using std::string;

//解析数据包
void getPacket(u_char * arg,const struct pcap_pkthdr *pkthdr,const u_char * packet){
unsigned char src_mac[18] = "";
unsigned char dst_mac[18] = "";
unsigned char src_addr[20] = "";
unsigned char dst_addr[20] = "";

unsigned char head_str[50] = "";
unsigned char body_str[512] = "";

vector split_vector;
char *p = NULL;
const char *split = "|";

int *id = (int *)arg;
cout << "id: " << ++(*id) << endl;
cout << "Packet length: " << pkthdr->len << endl;
cout << "Number of bytes: " << pkthdr->caplen << endl;
cout << "Recieved time: " << ctime((const time_t *)&pkthdr->ts.tv_sec);

if (pkthdr->len != 94)
{
cout << "wifi TanZhen message length error." << endl;
exit(1);
}

memcpy(head_str, (char *)packet, 42);
memcpy(body_str, (char *)packet + 42, 52);
sprintf((char *)dst_mac, "%02x:%02x:%02x:%02x:%02x:%02x", head_str[0], head_str[1], head_str[2], head_str[3], head_str[4], head_str[5]);
sprintf((char *)src_mac, "%02x:%02x:%02x:%02x:%02x:%02x", head_str[6], head_str[7], head_str[8], head_str[9], head_str[10], head_str[11]);

//消息头
if (head_str[12] == 0x08 && head_str[13] == 0x00)
{
printf("____________________IP Protocol____________________\n");
printf("MAC:%s >> %s\n", src_mac, dst_mac);
sprintf((char *)src_addr, "%02d.%02d.%02d.%02d", head_str[26], head_str[27], head_str[28], head_str[29]);
sprintf((char *)dst_addr, "%02d.%02d.%02d.%02d", head_str[30], head_str[31], head_str[32], head_str[33]);
printf("IP:%s >> %s\n", src_addr, dst_addr);

if (head_str[23] == 0x01)
{
printf("Type:ICMP\n");
}
else if (head_str[23] == 0x02)
{
printf("Type:IGMP\n");
}
else if (head_str[23] == 0x06)
{
printf("Type:TCP\n");
}
else if (head_str[23] == 0x11)
{
printf("Type:UDP\n");
}

printf("Port: %d >> %d\n", ntohs(*(unsigned short *)(head_str + 34)), ntohs(*(unsigned short *)(head_str + 36)));
}

//消息体
for (unsigned int i=42; ilen; ++i)
{
printf("%c", *(packet + i));
}
cout << endl;

//拆分消息体
p = strtok((char *)body_str, split);
while(p != NULL){
split_vector.push_back(p);
p = strtok(NULL, split);
}

cout << "split vector size:" << split_vector.size() << endl;
for (auto itr = split_vector.cbegin(); itr != split_vector.cend(); itr++){
cout << *itr << endl;
}

cout << "-------------------------------------------------------" << endl;
}

int main(int argc, char *argv[]){
char errBuf[PCAP_ERRBUF_SIZE] = {0};
char *device = nullptr;

//获取网络接口
device = pcap_lookupdev(errBuf);

if (device){
cout << "succeed get device: " << device << endl;
}
else{
cout << "error: " << errBuf << endl;
exit(1);
}

//打开网络接口
pcap_t *live_device = pcap_open_live(device, 65535, 1, 0, errBuf);//任何一个协议的一个数据包长度必然小于65535,1表示混杂模式，0表示一直等待数据包到来

if (!live_device){
cout << "error: pcap_open_live(): " << errBuf << endl;
exit(1);
}

//构造一个过滤器
struct bpf_program filter;
//编译过滤器
pcap_compile(live_device, &filter, "udp dst port 9900", 1, 0);//在wifi探针平台设置接收消息的服务器和端口
//设置过滤器
pcap_setfilter(live_device, &filter);

//循环获取数据
int id = 0;
pcap_loop(live_device, -1, getPacket, (u_char *)&id);//-1表示循环抓包

//关闭网络接口
pcap_close(live_device);

return 0;
}
内容来自用户分享和网络整理，不保证内容的准确性，如有侵权内容，可联系管理员处理
标签： 网络 libpcap udp
相关文章推荐
新的分享
章节导航