WinpCap安装与网络截包
来源:互联网 发布:王明亮 网络首发 编辑:程序博客网 时间:2024/05/19 01:29
WinpCap安装:
(一) 首先安装winpcap驱动,可以到winpcap官方网站上下载:http://www.winpcap.org/install/default.htm
安装winpcap驱动后:1. C:\WINDOWS\system32目录下自动生成: wpcap.dll,packet.dll
2. C:\WINDOWS\system32\drivers下自动生成:npf.sys
(二)winpcap-4.0.3配置环境:
在项目->XX属性,选择配置属性:1. c/c++->常规\附加包含目录:D:\WpdPack-4.0.3\Include
->预处理器\预处理器定义:WPCAP
2. 链接器->常规\附加库目录:D:\WpdPack-4.0.3\Lib
->输入\附加依赖项: Packet.lib wpcap.lib ws2_32.lib
网络截包:
获取截获数据包数据段长度
#include <stdlib.h>#include <stdio.h>#define WIN32 1#include "pcap.h"#include <windows.h>#pragma comment (lib,"wpcap.lib")#pragma comment(lib, "ws2_32.lib")CRITICAL_SECTION cs;typedef struct mac_hdr{unsigned char a;unsigned char b;unsigned char c;unsigned char d;unsigned char e;unsigned char f;unsigned char a1;unsigned char b2;unsigned char c3;unsigned char d4;unsigned char e5;unsigned char f6;short type;}MAC_HEADER;typedef struct tcp_hdr //定义TCP首部 { USHORT th_sport; //16位源端口 USHORT th_dport; //16位目的端口 ULONG th_seq; //32位序列号 ULONG th_ack; //32位确认号 UCHAR th_lenres; //4位首部长度/6位保留字 UCHAR th_flag; //6位标志位 USHORT th_win; //16位窗口大小 USHORT th_sum; //16位校验和 USHORT th_urp; //16位紧急数据偏移量 }TCP_HEADER; typedef struct ip_hdr //定义IP首部 { UCHAR h_verlen; //4位首部长度,4位IP版本号 UCHAR tos; //8位服务类型TOS USHORT total_len; //16位总长度(字节) USHORT ident; //16位标识 USHORT frag_and_flags; //3位标志位 UCHAR ttl; //8位生存时间 TTL UCHAR proto; //8位协议 (TCP, UDP 或其他) USHORT checksum; //16位IP首部校验和 ULONG sourceIP; //32位源IP地址 ULONG destIP; //32位目的IP地址 }IP_HEADER; void dispatcher_handler_send(u_char *, const struct pcap_pkthdr *, const u_char *);//void dispatcher_handler_recv(u_char *, const struct pcap_pkthdr *, const u_char *);DWORD Setoption(pcap_t *adhandle,char *express);DWORD WINAPI SendThread(LPVOID lparam);//DWORD WINAPI RecvThread(LPVOID lparam);//bool recvNotify = false;bool sendNotify = false;DWORD g_dwCount = 0;LARGE_INTEGER recvPacket,sendPacket;int main(){pcap_if_t *alldevs;pcap_if_t *d;int inum;int i=0;char errbuf[PCAP_ERRBUF_SIZE];DWORD dwThreadId;int error = 0;/* Retrieve the device list */if(pcap_findalldevs(&alldevs, errbuf) == -1){fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);return -1;} /* Print the list */ for(d=alldevs; d; d=d->next) { printf("%d. %s", ++i, d->name); if (d->description) printf(" (%s)\n", d->description); else printf(" (No description available)\n"); } if(i==0) { printf("\nNo interfaces found! Make sure WinPcap is installed.\n"); return -1; } printf("Enter the interface number (1-%d):",i); scanf("%d", &inum); if(inum < 1 || inum > i) { printf("\nInterface number out of range.\n"); pcap_freealldevs(alldevs); return -1; } /* Jump to the selected adapter */ for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++); InitializeCriticalSection(&cs);CreateThread(NULL,0,SendThread,d,0,&dwThreadId);//CreateThread(NULL,0,RecvThread,d -> name,0,&dwThreadId); printf("\nlistening on %s...\n", "world"); /* At this point, we don't need any more the device list. Free it */while(1){if(sendNotify){if(g_dwCount == 30){printf("the server has die!\n");TerminateProcess(SendThread,0);//关闭进程即关闭响应的端口break;}sendNotify = false;}Sleep(10);} pcap_freealldevs(alldevs); return 0;}DWORD WINAPI SendThread (LPVOID lparam){pcap_t *adhandle;struct bpf_program fcode;u_int netmask; pcap_if_t* pcap = (pcap_if_t*)lparam; printf("hello,world,%s\n",pcap->name); EnterCriticalSection(&cs);if ((adhandle= pcap_open_live(pcap->name,// name of the device 65536,// portion of the packet to capture. // 65536 grants that the whole packet will be captured on all the MACs. 1,// promiscuous mode (nonzero means promiscuous) 1000,// read timeout NULL// error buffer )) == NULL){fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", pcap->name);LeaveCriticalSection(&cs);return -1;}LeaveCriticalSection(&cs);if(pcap_datalink(adhandle) != DLT_EN10MB){fprintf(stderr,"\nThis program works only on Ethernet networks.\n");/* Free the device list *///pcap_freealldevs(alldevs);return -1;}if(pcap->addresses != NULL)/* Retrieve the mask of the first address of the interface */netmask=((struct sockaddr_in *)(pcap->addresses->netmask))->sin_addr.S_un.S_addr;else/* If the interface is without addresses we suppose to be in a C class network */netmask=0xffffff; if (pcap_compile(adhandle, &fcode, "tcp", 1, netmask) <0 ) { fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n"); return 0; }if (pcap_setfilter(adhandle, &fcode)<0) { fprintf(stderr,"\nError setting the filter.\n"); return 0; } pcap_loop(adhandle, 0, dispatcher_handler_send, NULL);return 0;/*pcap_t *adhandle;u_int netmask;struct bpf_program fcode;char errbuf[PCAP_ERRBUF_SIZE];char *device = (char *)lparam;EnterCriticalSection(&cs);if ((adhandle= pcap_open_live(device,// name of the device 65536,// portion of the packet to capture. // 65536 grants that the whole packet will be captured on all the MACs. 1,// promiscuous mode (nonzero means promiscuous) 1000,// read timeout errbuf// error buffer )) == NULL){fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", device);LeaveCriticalSection(&cs);return -1;}LeaveCriticalSection(&cs); netmask=0xffffff; //compile the filter // if (pcap_compile(adhandle, &fcode, "port 80 and tcp and ether src 44:37:E6:00:34:CD", 1, netmask) <0 ) if (pcap_compile(adhandle, &fcode, "tcp", 1, netmask) <0 ) { fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n"); return 0; } //set the filter if (pcap_setfilter(adhandle, &fcode)<0) { fprintf(stderr,"\nError setting the filter.\n"); return 0; } pcap_setmode(adhandle, MODE_STAT); printf("TCP traffic summary:\n"); struct timeval st_ts; pcap_loop(adhandle, 0, dispatcher_handler_send, (PUCHAR)&st_ts); pcap_close(adhandle); */}void dispatcher_handler_send(u_char *state, const struct pcap_pkthdr *header, const u_char *pkt_data){IP_HEADER *iph;TCP_HEADER *tcph;//MAC_HEADER *mach;u_int ip_len;int nIpLen,nTcpLen ;int nTotalLen;int nDataLen = 0;if ( NULL == pkt_data){ printf("can't get pkt_data");return;} //(VOID)(state);iph=(IP_HEADER *)(pkt_data+14);nTotalLen=nIpLen= ntohs(iph->total_len)+14;if(nIpLen>0) printf("ip_total_len = %d\n",nIpLen ); /* 获得IP数据包头部的位置 */ ip_len= (iph->h_verlen & 0xf) * 4;printf("ip_len is %d\n",ip_len); /* 获得tcp首部的位置 */tcph = (TCP_HEADER *) ((u_char*)iph + ip_len); nTcpLen = (tcph ->th_lenres>>4)*4 ;printf("tcplen = %d\n",nTcpLen);//printf("totalLen = %d\n",nTotalLen);nDataLen = nTotalLen - ip_len - nTcpLen; printf("datalen = %d\n",nDataLen);sendNotify = true;if(nDataLen == 0)g_dwCount++;elseg_dwCount = 0;}
- WinpCap安装与网络截包
- 基于Winpcap的Windows网络抓包与还原心得
- 网络抓包之WinPcap
- 使用WinPcap抓包分析网络协议
- 使用WinPcap抓包分析网络协议
- 使用WinPcap抓包分析网络协议
- 使用WinPcap抓包分析网络协议
- 自己手动制作WINPCAP绿色安装包
- Winpcap网络编程七之Winpcap学习教程,抓包,抓包!
- 基于Libpcap/Winpcap网络监听与过滤
- 解决winpcap安装与卸载的问题
- winpcap 安装
- WinpCap安装
- 《Winpcap的安装使用方法》及《winpcap开发包使用中的问题总结》
- 制作带有无界面winpcap的exe安装包
- Winpcap网络编程六之Winpcap学习教程,获取已安装设备的高级信息
- winpcap小窥-tcp包截取与转发
- WinPcap pcap_next_ex抓包
- 范堡 mysql innodb引擎的优化方法
- 执行时间计数宏
- android ui 调用setting方法
- DotNetBar中ComboTree显示整条路径信息
- VC操作Excel复制行
- WinpCap安装与网络截包
- .a link or .o link in Makefile
- JavaScript Try...Catch 语句
- 标准C++与线程
- zoj 2208
- ABAP 一些基本用法
- 常用的推荐算法
- PHP下switch-case 和 if-else效率的比较
- Java虚拟机 JVM的介绍