cap,pcap文件中的ipv4数据包转成ipv6数据包
来源:互联网 发布:北亚数据恢复中心 编辑:程序博客网 时间:2024/05/16 15:16
cap , pcap文件结构(解析),网上多得是,这里就不写了。 写这个,主要是工作中正好需要大量的ipv6数据包,但是ipv6数据包不太好找,干脆就直接写个简单的工具,把ipv4转成对应的ipv6,可用于测试。
cpp代码:
// Ipv4ToIpv6_pCap.cpp : 定义控制台应用程序的入口点。//#include "stdafx.h"#include <windows.h>#define DLT_EN10MB 1struct pcap_file_header {UINT32 magic;UINT16 version_major;UINT16 version_minor;UINT32 thiszone; /* gmt to local correction */UINT32 sigfigs; /* accuracy of timestamps */UINT32 snaplen; /* max length saved portion of each pkt */UINT32 linktype; /* data link type (LINKTYPE_*) */};struct pcap_pkthdr {struct timeval ts; /* time stamp */UINT32 caplen; /* length of portion present */UINT32 len; /* length this packet (off wire) */};struct EthernetPacket{char MacDst[6]; ///< 目的网卡物理地址char MacSrc[6]; ///< 源网卡物理地址unsigned short PacketType; ///< 包类型, ip或ARP等};struct PKT_IP{UINT8 uHeaderLen:4;UINT8 uVersion:4;UINT8 uServType;UINT16 uTotalLen;UINT16 uIdent;UINT16 uFragOffset;UINT8 uTTL;UINT8 uProtocol;UINT16 uCheckSum;UINT32 addSrc;UINT32 addDst;};struct PKT_IPV6{union{UINT32 Vfc;struct{UINT8 uClass:4;UINT8 uVersion:4;};};UINT16 uPayloadLength;UINT8 uNextHeader;UINT8 uHopLimit;UINT8 addrSrc[16];UINT8 addrDst[16];};inline UINT16 NTOH16(const UINT16& nData){return ((nData & 0xFF00) >> 8) | ((nData & 0x00FF) << 8);}inline UINT32 NTOH32(const UINT32& nData){return ((nData & 0xFF000000) >> 24)| ((nData & 0x00FF0000) >> 8)| ((nData & 0x0000FF00) << 8)| ((nData & 0x000000FF) << 24);}int _tmain(int argc, char* argv[]){if (argc != 3){printf("arg: inputfile, outputfile! \n");//getchar();return -1;}FILE* pFileIn = fopen(argv[1], "rb");FILE* pFileOut = fopen(argv[2], "wb");bool bSucces = false;do {if (NULL == pFileIn || NULL == pFileOut){printf("open file fail \n");break;}pcap_file_header fileheader;memset(&fileheader, 0, sizeof(pcap_file_header));fread(&fileheader, 1, sizeof(fileheader), pFileIn);if (DLT_EN10MB != fileheader.linktype){printf("only support enthernet catch packets! \n");break;}fwrite(&fileheader, 1, sizeof(fileheader), pFileOut);pcap_pkthdr pkHdr;UINT32 packetTotalCount = 0;UINT32 packetTran = 0;UINT8 packetBuffer[5*1024] = {};do {if (sizeof(pkHdr) == fread(&pkHdr, 1, sizeof(pkHdr), pFileIn)){if (pkHdr.caplen != pkHdr.len){// add //printf("pkHdr.caplen != pkHdr.len packetNum = %d \n", packetTotalCount+1);}if (pkHdr.caplen == fread(packetBuffer, 1, pkHdr.caplen, pFileIn) && pkHdr.caplen > sizeof(EthernetPacket)){EthernetPacket* pEPacket = (EthernetPacket*)packetBuffer;if (0x08 == pEPacket->PacketType) // ipv4{// PKT_IP* pIpHdr = (PKT_IP*)(packetBuffer + sizeof(EthernetPacket));pIpHdr->uTotalLen = NTOH16(pIpHdr->uTotalLen);if (pkHdr.caplen < pIpHdr->uTotalLen + sizeof(EthernetPacket)) // 后面有可能会有补的数据,所以caplen可以会大于后面的值{printf("len error! packetNum = %d \n", packetTotalCount+1);break;}pEPacket->PacketType = 0xDD86;PKT_IPV6 pktIpv6Hdr;memset(&pktIpv6Hdr, 0, sizeof(pktIpv6Hdr));pktIpv6Hdr.uVersion = 6;//pktIpv6Hdr.Vfc = CSNTOH32(pktIpv6Hdr.Vfc);UINT16 paylen = pIpHdr->uTotalLen - pIpHdr->uHeaderLen*4;pktIpv6Hdr.uPayloadLength = NTOH16(paylen);pktIpv6Hdr.uNextHeader = pIpHdr->uProtocol;pktIpv6Hdr.uHopLimit = pIpHdr->uTTL;memcpy(pktIpv6Hdr.addrSrc+12, &(pIpHdr->addSrc), 4);memcpy(pktIpv6Hdr.addrDst+12, &(pIpHdr->addDst), 4);pkHdr.caplen = sizeof(EthernetPacket) + sizeof(PKT_IPV6) + paylen;pkHdr.len = pkHdr.caplen;fwrite(&pkHdr, 1, sizeof(pkHdr), pFileOut); // 写pack headerfwrite(pEPacket, 1, sizeof(EthernetPacket), pFileOut); // 写etherfwrite(&pktIpv6Hdr, 1, sizeof(PKT_IPV6), pFileOut); // 写ipv6头UINT8* pOtherData = packetBuffer + sizeof(EthernetPacket) + pIpHdr->uHeaderLen*4;fwrite(pOtherData, 1, paylen, pFileOut); // 写剩下的数据packetTran++;}else{// 其他包,直接写入fwrite(&pkHdr, 1, sizeof(pkHdr), pFileOut);fwrite(packetBuffer, 1, pkHdr.caplen, pFileOut);}}else{printf("read packet caplen less packetNum = %d \n", packetTotalCount+1);break;}packetTotalCount++;}else{if (feof(pFileIn)){//printf("read end! \n");bSucces = true;}else{printf("Read less data! packetTotalCount = %d \n", packetTotalCount);}break;}} while (true/*!feof(pFileIn)*/);printf("totalPacket = %d, transPacket = %d\n", packetTotalCount, packetTran);} while (false);if (pFileIn){fclose(pFileIn);}if (pFileOut){fclose(pFileOut);}if (!bSucces){printf("Process %s fail! \n", argv[1]);DeleteFileA(argv[2]);}//getchar();//pcap_file_headerreturn 0;}
另外还有个批处理文件 .bat
@echo off ::cd %~dp0 set inputFolder=E:\work\vsproject\Ipv4ToIpv6_pCap\Debugset outPutFolder=E:\work\vsproject\Ipv4ToIpv6_pCap\Debug\newFolderset exepath=E:\work\vsproject\Ipv4ToIpv6_pCap\Debug\Ipv4ToIpv6_pCap.exeset suffix=_ipv6.capfor /f "delims=\" %%s in ('dir /b /a-d /o-d %inputFolder%\*.pcap,*.cap') do (echo -------------handle filename = %%s ------------%exepath% %inputFolder%\%%s %outPutFolder%\%%s%suffix%)pause
写得比较简单,但是用于测试,还是可以的
阅读全文
0 0
- cap,pcap文件中的ipv4数据包转成ipv6数据包
- python解析pcap文件中的http数据包
- IPv4与IPv6数据包格式
- cap数据包文件解析
- cap数据包文件解析
- cap数据包文件解析
- 使用libpcap库过滤pcap文件中的数据包
- Ubuntu16.04安装libpcap开发库对pcap文件中的数据包进行过滤
- cap数据包解析
- [CCIE笔记]IPv6——IPv6与IPv4数据包内容的变化
- 使用pcap捕捉网络数据包
- 使用Scapy分析pcap数据包
- pcap数据包转换成netflow
- 承载于以太网帧之上的数据包的解析——ARP、IPv4、IPv6
- pcap/cap文件关联wireshark
- WireShark下抓取IPv6数据包
- 数据包
- 数据包
- jQuery dataTable 个人使用的一点心得
- PHPExcel导出的问题,在PHP7中
- 智能指针学习笔记
- 专家:利用生物钟或治愈癌症 使治疗事半功倍
- mysql数据库用户权限详情
- cap,pcap文件中的ipv4数据包转成ipv6数据包
- mysql常见错误及分析及解决办法
- CF 858F Wizard's Tour (DFS)
- 大家好,给大家介绍一下,这是我老婆
- Spring boot,Spring cloud,Dubbo,Elasticsearch,Redis,ActiveMQ最新技术提升
- deep learning(coursera) week1 Introduction to deep learning
- 专家:利用生物钟或治愈癌症 使治疗事半功倍
- 使用layer.open时content属性传值记录
- HashSet、TreeSet和LinkedHashSet的区别