分析pcap包(基于UDP)
//c代码
#include
#include
#include
#include
#include
#include
#include
/* *.pcap file format = file header(24B) + pkt header(16B) + Frame
* Frame = Ethernet header(14B) + IP header(20B) + UDP header(8B) + appdata */
//enhernet header (14B)
typedef struct _eth_hdr
{
unsigned char dstmac[6]; //目标mac地址
unsigned char srcmac[6]; //源mac地址
unsigned short eth_type; //以太网类型
}eth_hdr;
//IP header 20B
typedef struct _ip_hdr
{
unsigned char ver_hlen; //版本
unsigned char tos; //服务类型
unsigned short tot_len; //总长度
unsigned short id; //标志
unsigned short frag_off; //分片偏移
unsigned char ttl; //生存时间
unsigned char protocol; //协议
unsigned short chk_sum; //检验和
struct in_addr srcaddr; //源IP地址
struct in_addr dstaddr; //目的IP地址
}ip_hdr;
//udp header 8B
typedef struct _udp_hdr
{
unsigned short src_port; //远端口号
unsigned short dst_port; //目的端口号
unsigned short uhl; //udp头部长度
unsigned short chk_sum; //16位udp检验和
}udp_hdr;
#define FILE_HEADER 24
#define FRAME_HEADER_LEN (sizeof(eth_hdr) + sizeof(ip_hdr) + sizeof(udp_hdr))
#define LOGLEN 2048
#define NEED_HEADER_INFO 1
int main(int argc, char **argv)
{
FILE *fp;
int fileOffset;
int pktHeaderLen;
char data[LOGLEN] = {0};
// struct pcap_file_header *fHeader;
struct pcap_pkthdr *pktHeader;
if (argc < 2) {
printf("usage: ./exe \*.pcap\\n");
exit(1);
} #ifdef NEED_HEADER_INFO
printf("nead header info\n");
eth_hdr *EthHeader;
ip_hdr *IPHeader;
udp_hdr *UDPHeader;
EthHeader = (eth\_hdr\*)malloc(sizeof(\*EthHeader));
IPHeader = (ip\_hdr\*)malloc(sizeof(\*IPHeader));
UDPHeader = (udp\_hdr\*)malloc(sizeof(\*UDPHeader));
memset(EthHeader, 0, sizeof(\*EthHeader));
memset(IPHeader, 0, sizeof(\*IPHeader));
memset(UDPHeader, 0, sizeof(\*UDPHeader)); #endif
pktHeader = (struct pcap_pkthdr*)malloc(sizeof(*pktHeader));
memset(pktHeader, 0, sizeof(*pktHeader));
fp = fopen(argv\[1\], "r");
if (fp == NULL) {
perror("open file error");
exit(-1);
}
openlog("test", LOG\_PID, 0);
fileOffset = FILE\_HEADER; //ingore file header
while (fseek(fp, fileOffset, SEEK\_SET) == 0) {
// can get time from pktheader
if (fread(pktHeader, 1, sizeof(\*pktHeader), fp) == 0) {
printf("file end\\n");
return 0;
}
fileOffset += 16 + pktHeader->len;
pktHeaderLen = pktHeader->len - FRAME\_HEADER\_LEN;
printf("%d\\n", pktHeaderLen);#ifdef NEED_HEADER_INFO
//get eth header…
if (fread(EthHeader, 1, sizeof(*EthHeader), fp) == 0) {
printf("file end\n");
return 0;
}
//get ip header...
if (fread(IPHeader, 1, sizeof(\*IPHeader), fp) == 0) {
printf("file end\\n");
return 0;
}
//get udp herader
if (fread(UDPHeader, 1, sizeof(\*UDPHeader), fp) == 0) {
printf("file end\\n");
return 0;
} #else
fseek(fp, FRAME_HEADER_LEN, SEEK_CUR); //ingore ether header
#endif
if (fread(data, 1, pktHeaderLen, fp) == 0) {
printf("file end\n");
return 0;
}
data[pktHeaderLen] = '\0';
printf("%s\\n", data);
sleep(1);
syslog(LOG\_SYSLOG | LOG\_INFO, "%s", data);
memset(data, 0, LOGLEN);
}
free(pktHeader); #ifdef NEED_HEADER_INFO
free(EthHeader);
free(IPHeader);
free(UDPHeader);
#endif
closelog();
fclose(fp);
return 0;
}
测试已通过
手机扫一扫
移动阅读更方便
你可能感兴趣的文章