libpcap--GTPv2协议的cap文件解析

来源：互联网发布：淘宝卖家插件推荐编辑：程序博客网时间：2024/06/05 02:14
#include #include #include #include #include #include #include #include #include #include #include #include using std::cout;using std::endl;using std::thread;using std::vector;using std::string;void getPacket(u_char * arg,const struct pcap_pkthdr *pkthdr,const u_char * packet);int main(int argc,char * argv [ ]){if (argc < 2){cout << "please input test filename\n";return 0;}cout << "test filename= " << argv[1] << endl;cout << "begin time= " << time(0) << endl;//读取libpcap的版本const char *version;version = pcap_lib_version();cout << version << endl;//打开cap文件char *dev = NULL;char errBuff[PCAP_ERRBUF_SIZE] = {0};pcap_t *handle = NULL;handle = pcap_open_offline(argv[1], errBuff);if (NULL == handle){cout << "Error: " << errBuff << endl;exit(1);}cout << "running pcap_next\n";//读取cap文件，打印抓取到的每一个包的概要struct pcap_pkthdr *pktHeader = NULL;int status = 0;const u_char *pktData = NULL;int id = 0;do{cout << "---------------------------------------------------------------------\n";cout << "status: " << status << endl;status = pcap_next_ex(handle, &pktHeader, &pktData);getPacket((u_char *)&id, pktHeader, pktData);}while(status == 1);pcap_close(handle);cout << "end time=" << time(0) << endl;return 0;}//解析数据包void getPacket(u_char * arg,const struct pcap_pkthdr *pkthdr,const u_char * packet){char src_mac[18] = "";char dst_mac[18] = "";char src_addr[20] = "";char dst_addr[20] = "";vector split_vector;char *p = NULL;const char *split = "|";int *id = (int *)arg;cout << "id: " << ++(*id) << endl;cout << "Packet length: " << pkthdr->len << endl;cout << "Number of bytes: " << pkthdr->caplen << endl;cout << "Recieved time: " << ctime((const time_t *)&pkthdr->ts.tv_sec);if (pkthdr->len < 42){cout << "wifi TanZhen message length error." << endl;exit(1);}sprintf(dst_mac, "%02x:%02x:%02x:%02x:%02x:%02x", *(packet + 0), *(packet + 1), *(packet + 2), *(packet + 3), *(packet + 4), *(packet + 5));sprintf(src_mac, "%02x:%02x:%02x:%02x:%02x:%02x", *(packet + 6), *(packet + 7), *(packet + 8), *(packet + 9), *(packet + 10), *(packet + 11));//消息头if (*(packet + 12) == 0x08 && *(packet + 13) == 0x00){printf("____________________IP Protocol____________________\n");printf("MAC:%s >> %s\n", src_mac, dst_mac);sprintf(src_addr, "%02d.%02d.%02d.%02d", *(packet + 26), *(packet + 27), *(packet + 28), *(packet + 29));sprintf(dst_addr, "%02d.%02d.%02d.%02d", *(packet + 30), *(packet + 31), *(packet + 32), *(packet + 33));printf("IP:%s >> %s\n", src_addr, dst_addr);if (*(packet + 23) == 0x01){printf("____________________ICMP____________________\n");}else if (*(packet + 23) == 0x02){printf("____________________IGMP____________________\n");}else if (*(packet + 23) == 0x06){printf("____________________TCP____________________\n");}else if (*(packet + 23) == 0x11){printf("____________________UDP____________________\n");}printf("Port: %d >> %d\n", ntohs(*(unsigned short *)(packet + 34)), ntohs(*(unsigned short *)(packet + 36)));}//GTPv2消息解析printf("________________GPRS Tunneling Protocol________________\n");printf("Flag:%02x\n", *(packet + 42));if (*(packet + 43) == 0x01){printf("type: Echo Request\n");}else if (*(packet + 43) == 0x02){printf("type: Echo Response\n");}else if (*(packet + 43) == 0x10){printf("type: Create PDP context request\n");}else if (*(packet + 43) == 0x11){printf("type: Create PDP context response\n");}else if (*(packet + 43) == 0x12){printf("type: Update PDP context request\n");}else if (*(packet + 43) == 0x13){printf("type: Update PDP context Response\n");}else if (*(packet + 43) == 0x14){printf("type: Delete PDP context request\n");}else if (*(packet + 43) == 0x15){printf("type: Delete PDP context Response\n");}else if (*(packet + 43) == 0x20){printf("type: Create Session Request\n");}else if (*(packet + 43) == 0x21){printf("type: Create Session Response\n");}else if (*(packet + 43) == 0x22){printf("type: Modify Bearer Request\n");}else if (*(packet + 43) == 0x23){printf("type: Modify Bearer Response\n");}else if (*(packet + 43) == 0x24){printf("type: Delete Session Request\n");}else if (*(packet + 43) == 0x25){printf("type: Delete Session Response\n");}else if (*(packet + 43) == 0x30){printf("type: Identification request\n");}else if (*(packet + 43) == 0x31){printf("type: Identification Response\n");}else if (*(packet + 43) == 0x32){printf("type: SGSN context request\n");}else if (*(packet + 43) == 0x33){printf("type: SGSN context reponse\n");}else if (*(packet + 43) == 0x34){printf("type: SGSN context acknowledegment\n");}else if (*(packet + 43) == 0x40){printf("type: Modify Bearer Command\n");}else if (*(packet + 43) == 0x46){printf("type: Downlink Data Notification Failure Indication\n");}else if (*(packet + 43) == 0x61){printf("type: Update Bearer Request\n");}else if (*(packet + 43) == 0x62){printf("type: Update Bearer Response\n");}else if (*(packet + 43) == 0x63){printf("type: Delete Bearer Request\n");}else if (*(packet + 43) == 0x64){printf("type: Delete Bearer Response\n");}else if (*(packet + 43) == 0x82){printf("type: Context Request, Tracking area update request\n");}else if (*(packet + 43) == 0x83){printf("type: Context Response\n");}else if (*(packet + 43) == 0x84){printf("type: Context Acknowledge\n");}else if (*(packet + 43) == 0x85){printf("type: Forward Relocation Request\n");}else if (*(packet + 43) == 0x8d){printf("type: Configuration Transfer Tunnel\n");}else if (*(packet + 43) == 0xa6){printf("type: Create Indirect Data Forwarding Tunnel Request\n");}else if (*(packet + 43) == 0xa7){printf("type: Create Indirect Data Forwarding Tunnel Response\n");}else if (*(packet + 43) == 0xa8){printf("type: Delete Indirect Data Forwarding Tunnel Request\n");}else if (*(packet + 43) == 0xa9){printf("type: Delete Indirect Data Forwarding Tunnel Response\n");}else if (*(packet + 43) == 0xaa){printf("type: Release Access Bearers Request\n");}else if (*(packet + 43) == 0xab){printf("type: Release Access Bearers Response\n");}else if (*(packet + 43) == 0xb0){printf("type: Downlink Data Notification\n");}else if (*(packet + 43) == 0xb1){printf("type: Downlink Data Notification Acknowledgement\n");}printf("Length: %d\n", ntohs(*(unsigned short *)(packet + 44)));printf("TEID:0x%02x%02x%02x%02x\n", *(packet + 46), *(packet + 47), *(packet + 48), *(packet + 49));printf("Sequence Number:0x00%02x%02x%02x\n", *(packet + 50), *(packet + 51), *(packet + 52));}
阅读全文
0 0