获取Ethereal抓包中数据得程序段

前提：

             libcap的库以及头文件：）

代码：

#include <stdio.h>
#include <pcap.h>
 
#define LINE_LEN 16

#define TS_SPLIT_VERSION     "1.00"
#define TS_SPLIT_PROG_VERSION    "EhterealCapDump V"TS_SPLIT_VERSION
#define TS_SPLIT_URL         "http://blog.csdn.net/da5le"
#define TS_SPLIT_COPYRIGHT   "(c) 2006  da5le  (xiaoguizi)"

typedef unsigned char u_char;
typedef __int32 int32_t;
typedef __int64 int64_t;
typedef unsigned __int64 u_int64_t;

/*
-- get bits out of buffer  (max 48 bit)
-- extended bitrange, so it's slower
-- return: value
*/

int64_t
getBits48 (u_char *buf, int32_t byte_offset, int32_t startbit, int32_t bitlen)
{
 u_char *b;
 u_int64_t v;
 u_int64_t mask;
 u_int64_t tmp;
 
 if (bitlen > 48) {
  //out_nl (1," Error: getBits48() request out of bound!!!! (report!!) /n");
  return 0xFEFEFEFEFEFEFEFE;
 }
 
 
 b = &buf[byte_offset + (startbit / 8)];
 startbit %= 8;
 
 
 // -- safe is 48 bitlen
 tmp = (u_int64_t)(
  ((u_int64_t)*(b  )<<48) + ((u_int64_t)*(b+1)<<40) +
  ((u_int64_t)*(b+2)<<32) + ((u_int64_t)*(b+3)<<24) +
  (*(b+4)<<16) + (*(b+5)<< 8) + *(b+6) );
 
 startbit = 56 - startbit - bitlen;
 tmp      = tmp >> startbit;
 mask     = ((u_int64_t)1 << bitlen) - 1; // 1ULL !!!
 v        = tmp & mask;
 
 return v;
}

unsigned long
getBits (u_char *buf, int32_t byte_offset, int32_t startbit, int32_t bitlen)
{
 u_char *b;
 unsigned long  v;
 unsigned long mask;
 unsigned long tmp_long;
 int32_t           bitHigh;
 
 /* For Byte Reading */
 b = &buf[byte_offset + (startbit >> 3)];
 startbit %= 8;
 
 switch ((bitlen-1) >> 3) {
 case -1: // -- <=0 bits: always 0
  return 0L;
  break;
  
 case 0:  // -- 1..8 bit
  tmp_long = (unsigned long)(
   (*(b  )<< 8) +  *(b+1) );
  bitHigh = 16;
  break;
  
 case 1:  // -- 9..16 bit
  tmp_long = (unsigned long)(
   (*(b  )<<16) + (*(b+1)<< 8) +  *(b+2) );
  bitHigh = 24;
  break;
  
 case 2:  // -- 17..24 bit
  tmp_long = (unsigned long)(
   (*(b  )<<24) + (*(b+1)<<16) +
   (*(b+2)<< 8) +  *(b+3) );
  bitHigh = 32;
  break;
  
 case 3:  // -- 25..32 bit
  // -- to be safe, we need 32+8 bit as shift range
  return (unsigned long) getBits48 (b, 0, startbit, bitlen);
  break;
  
 default: // -- 33.. bits: fail, deliver constant fail value
  //out_nl (1," Error: getBits() request out of bound!!!! (report!!) /n");
  return (unsigned long) 0xFEFEFEFE;
  break;
 }
 
 startbit = bitHigh - startbit - bitlen;
 tmp_long = tmp_long >> startbit;
 mask     = (1UL << bitlen) - 1;  // 1ULL !!!
 v        = tmp_long & mask;
 
 return v;
}

 
int main(int argc, char **argv) {
 
 pcap_t *fp;       // libpcap.lib
 char errbuf[PCAP_ERRBUF_SIZE];   // 256
 struct pcap_pkthdr *header;
 u_char *pkt_data;
 u_int i=0;
 int res;
 FILE* outfile;

/*Begin! For Test only, non business of this program*/
 {
 
#define structOffset(strVar,m) (size_t)&(((strVar*)0)->m)
 struct temStruct {
  u_int32_t a;
  u_char b;
  u_char c[10];
 };

 u_char *tempString, tempString1[20];
 struct temStruct temStructA;

 

 tempString = (u_char*)malloc(20);
 memset(tempString,0,20);
 printf("tempString %d/n",sizeof(tempString));
 printf("*tempString %d/n",sizeof(*tempString));
 printf("tempString1 %d/n",sizeof(tempString1));
 i =(struct temStruct*)0;
 //i = (((struct temStruct*)0)->b);
 i = structOffset(struct temStruct,c);
 i = 0;
 printf("%d/n",(size_t)&(((struct temStruct*)0)->b));
 printf("%d/n",structOffset(struct temStruct,a));

 }
/*End! For Test only, non business of this program*/

 

 if(argc != 2){
  
  printf("EtherealCapDump  - only UDP packet can be dumped!!!/n");
  printf("Version: %s/  (%s %s)/n", TS_SPLIT_PROG_VERSION,__DATE__,__TIME__);
  printf("         %s  /n",TS_SPLIT_URL);
  printf("         %s  /n",TS_SPLIT_COPYRIGHT);
  printf("usage: %s filename", argv[0]);
  return -1;
  
 }
 
 /* Open a capture file and get the GlobalHeader*/
 if ( (fp = pcap_open_offline(argv[1], errbuf) ) == NULL)
 {
  fprintf(stderr,"/nError opening dump file/n");
  return -1;
 }
 
 /*Open output file*/
 outfile = fopen("out.mpg","ab+");
 if (outfile == NULL) {
  fprintf(stderr,"/nError opening dump output file/n");
  return -1;
 }

 i = 0;
 /* Retrieve the packets from the file */
 while((res = pcap_next_ex( fp, &header, &pkt_data)) >= 0){
  /* print pkt timestamp and pkt len */
  printf("%ld:%ld (%ld)/n", header->ts.tv_sec, header->ts.tv_usec, header->len);         
  
  /*Parse Packet and output Raw data*/
  {
   u_int32_t pid = getBits (pkt_data+42, 0,11,13);
   printf("pid: %u",pid);
  }
  
  res = -1;
  /* while(1) {
   res++;     
   if (pkt_data[header->caplen-1-res] != 0x00)
    break;
   else
    pkt_data[header->caplen-1-res] = 0xff;

   if (res>=header->caplen-42)
    break;
  }
   */
  // Captured rubish data cause TEI erro by TSreadlite,,, sigh!@ alexis, debug is boring and tired work
  //if (i++>725)
  {/*Save Raw Data Alexis*/
   fwrite(pkt_data+42,header->caplen-42,1,outfile);

   /* 
   if (i>730) {
    fclose(outfile);
    outfile = fopen("out.mpg","ab+");
   }*/
  }
 
  //memset(pkt_data, 0xff,header->caplen);
  /* Print the packet */
  /*for (i=1; (i < header->caplen + 1 ) ; i++)
  {
   printf("%.2x ", pkt_data[i-1]);
   if ( (i % LINE_LEN) == 0) printf("/n");
  }*/
  
  printf("/n/n");    
 }
 
 
 if(res == -1){
  printf("Error reading the packets: %s/n", pcap_geterr(fp));
 }

 if (outfile)
  fclose(outfile);

 
 return 0;
}