协议分析器设计源代码

#includestdio.h#includestdlib.h#includepcap.h#includeerrno.h#includesys/socket.h#includenetinet/in.h#includearpa/inet.htypedefunsignedcharUCHAR;typedefunsignedshortUSHORT;voidpcap_handle(u_char*user,conststructpcap_pkthdr*header,constu_char*pkt_data);typedefstruct{//定义以太帧的头部数据类型UCHARDestMac[6];UCHARSrcMac[6];UCHAREtype[2];}ETHHEADER;typedefstruct{//IP头部的数据类型UCHARheader_len:4;UCHARversion:4;UCHARtos:8;//typeofserviceUSHORTtotal_len:16;//lengthofthepacketUSHORTident:16;//uniqueidentifierUSHORTflags:16;UCHARttl:8;UCHARproto:8;//protocol(IP,TCP,UDPetc)USHORTchecksum:16;UCHARsourceIP[4];UCHARdestIP[4];}IPHEADER;typedefstruct{//定义端口数据类型用于解析TCP和UDP中的源端口和目的端口USHORTsrcPort;USHORTdecPort;}PORT;char*Proto[]={Reserved,ICMP,IGMP,GGP,IP,ST,TCP,UCL,EGP,IGP,BBN-RCC-MON,NVP-II,PUP,ARGUS,EMCON,XNET,CHAOS,UDP,MUX,DCN-MEAS,HMP,PRM,XNS-IDP,TRUNK-1,TRUNK-2,LEAF-1,LEAF-2,RDP,IRTP,ISO-TP4,NETBLT,MFE-NSP,MERIT-INP,SEP,3PC,IDPR,XTP,DDP,IDPR-CMTP,TP++,IL,SIP,SDRP,SIP-SR,SIP-FRAG,IDRP,RSVP,GRE,MHRP,BNA,SIPP-ESP,SIPP-AH,I-NLSP,SWIPE,NHRP,unassigned,unassigned,unassigned,unassigned,unassigned,unassigned,anyhostinternalprotocol,CFTP,anylocalnetwork,SAT-EXPAK,KRYPTOLAN,RVD,IPPC,anydistributedfilesystem,SAT-MON,VISA,IPCV,CPNX,CPHB,WSN,PVP,BR-SAT-MON,SUN-ND,WB-MON,WB-EXPAK,ISO-IP,VMTP,SECURE-VMTP,VINES,TTP,NSFNET-IGP,DGP,TCF,IGRP,OSPFIGP,Sprite-RPC,LARP,MTP,AX.25,IPIP,MICP,SCC-SP,ETHERIP,ENCAP,anyprivateencryptionscheme,GMTP};intnpacketnum;intmain(intargc,char*argv[]){char*device=eth0;charerrbuf[PCAP_ERRBUF_SIZE];pcap_t*phandle;bpf_u_int32ipaddress,ipmask;structbpf_programfcode;intdatalink;fprintf(stderr,inputfilteris%s\n,argv[1]);if((device=pcap_lookupdev(errbuf))==NULL){perror(errbuf);return0;}else{fprintf(stderr,device:%s\n,device);}phandle=pcap_open_live(device,200,0,500,errbuf);if(phandle==NULL){perror(errbuf);return0;}if(pcap_lookupnet(device,&ipaddress,&ipmask,errbuf)==-1){perror(errbuf);return0;}else{charnet[INET_ADDRSTRLEN],mask[INET_ADDRSTRLEN];if(inet_ntop(AF_INET,&ipaddress,net,sizeof(net))==NULL){perror(inet_ntop);}elseif(inet_ntop(AF_INET,&ipmask,mask,sizeof(net))==NULL){perror(inet_ntop);}fprintf(stderr,IPAddress:%s,NetworkMask:%s\n,net,mask);}intbflag=1;while(bflag){fprintf(stderr,InputPacketFilter:);//charfilterString[1024];//scanf(%s,filterString);//if(pcap_compile(phandle,&fcode,filterString,0,ipmask)==-1){if(pcap_compile(phandle,&fcode,argv[1],0,ipmask)==-1){fprintf(stderr,pcap_compile:%s,pleaseinputagain\n,pcap_geterr(phandle));}elsebflag=0;}if(pcap_setfilter(phandle,&fcode)==-1){fprintf(stderr,pcap_setfilter:%s\n,pcap_geterr(phandle));return0;}if((datalink=pcap_datalink(phandle))==-1){fprintf(stderr,pcap_datalink:%s\n,pcap_geterr(phandle));return0;}printf(datalink=%d\n,datalink);//capture_packet(datalink,phandle,fcode);npacketnum=1;pcap_loop(phandle,0,pcap_handle,NULL);//return1;}//voiddispatcher_handler(u_char*user,conststructpcap_pkthdr*header,constu_char*pkt_data)voidpcap_handle(u_char*user,conststructpcap_pkthdr*header,constu_char*pkt_data){ETHHEADER*eth_header=(ETHHEADER*)pkt_data;//解析数据包的以太帧头部fprintf(stderr,BeginAnalysis%dPacket\n,npacketnum++);fprintf(stderr,packetlength:%ld\n,header-len);if(header-len=14)//解析数据包的IP头部{IPHEADER*ip_header=(IPHEADER*)(pkt_data+14);//解析出协议类型charstrtype[100];if(ip_header-proto99)strcpy(strtype,IP/UNKNOWN);elsestrcpy(strtype,Proto[ip_header-proto]);fprintf(stderr,SourceMAC:%02X-%02X-%02X-%02X-%02X-%02X,eth_header-SrcMac[0],eth_header-SrcMac[1],eth_header-SrcMac[2],eth_header-SrcMac[3],eth_header-SrcMac[4],eth_header-SrcMac[5]);//提取源MAC地址fprintf(stderr,DestMAC:%02X-%02X-%02X-%02X-%02X-%02X\n,eth_header-DestMac[0],eth_header-DestMac[1],eth_header-DestMac[2],eth_header-DestMac[3],eth_header-DestMac[4],eth_header-DestMac[5]);//提取目的MAC地址//提取源IP地址fprintf(stderr,SourceIP:%d.%d.%d.%d,ip_header-sourceIP[0],ip_header-sourceIP[1],ip_header-sourceIP[2],ip_header-sourceIP[3]);//提取目的IP地址fprintf(stderr,DestIP:%d.%d.%d.%d\n,ip_header-destIP[0],ip_header-destIP[1],ip_header-destIP[2],ip_header-destIP[3]);//显示协议类型fprintf(stderr,Protocol:%s\n,strtype);if((strcmp(TCP,strtype)==0)||(strcmp(UDP,strtype)==0)){//如果协议是UDP,TCP解析端口号PORT*port=(PORT*)(pkt_data+14+20);fprintf(stderr,SourcePort:%d,ntohs(port-srcPort));fprintf(stderr,DestPort:%d\n,ntohs(port-decPort));}//显示数据帧的内容u_char*p=pkt_data;inti;fprintf(stderr,Packetcontentis:\n);for(i=0;i(int)header-len;i++){fprintf(stderr,%02X,*p++);if((i+1)%25==0)fprintf(stderr,\r\n);}fprintf(stderr,\nENDAnalysisPacket\n);}}