ARP 协议数据包的捕获解析设计与
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
{
}
if(inum<1||inum>i)
printf("\nInterface number out of range.\n");
}
/* print devices list */ for (d = alldevs;d != NULL; d = d->next ) { printf("%d. %s",++i,d->name); if (d->description) printf("(%s)\n",d->description); else printf("(No description avaliable)\n"); } if (i == 0) { printf("\nNo interfaces found! Make sure Winpcap is installed.\n"); return -1; } printf("Enter the interface number(1-%d):",i); scanf("%d",&inum);
if(fout.tellp()!=0) fout<<endl; fout<<"\t\tARP request(1)/replay(2) on "<<ctime(&t); cout<<"sour IP Addr"<<" "<<"Sour MAC Address" <<" "<<"Des IP Addr"<<" "<<"Des MAC Address" <<" "<<"OP"<<" "<<"Time"<<endl; fout<<"Sour IP Addr"<<" "<<"Sour MAC Address" <<" "<<"Des IP Addr"<<" "<<"Des MAC Address" <<" "<<"OP"<<" "<<"Time"<<endl; //释放设备列表 pcap_freealldevs(alldevs);
以混乱模式打开网络设备
for(d=alldevs;d;d=d->next) { //以混杂模式打开网卡,接受所有的帧
if((adhandle= pcap_open_live(d->name,1000,1,300,errbuf)) == NULL)
{ cout<<"\nUnable to open the adapter."; pcap_freealldevs(alldevs); //释放设备列表
//循环捕获ARP包,并进行解析
//开始捕获MAC帧 int result; //时间到返回结果 while((result=pcap_next_ex(adhandle, &header, &pkt_data)) >= 0) { if(result==0) continue; packet_handler(header,pkt_data,cout); //解析ARP包,输出结果 packet_handler(header,pkt_data,fout); //输出到文件 } return 0;
ARP 协议数据包的捕获解析 设计与实现
李彦婵、赵玉翠
一、ARP数据包结构
struct arppkt{ unsigned short hdtyp; unsigned short protyp; unsigned char hdsize; unsigned char prosize; unsigned short op; u_char smac[6]; u_char sip[4]; u_char dmac[6]; u_char dip[4]; }; //硬件地址 //协议类型 //硬件地址长度 //协议地址长度 //操作值 //源MAC地址 //源IP地址 //目的MAC地址 //目的IP地址
二、获取网卡列表
/* -1) get local devices */
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING,NULL,&alldevs,errbuf) ==
{
fprintf(stderr,"Error in pcap_findalldevs_ex:%s\n",errbuf); exit(1);
{ cout<Fra Baidu bibliotek"\nUnable to compile the packet filter. Check the syntax.\n"; pcap_freealldevs(alldevs); return 0;
}
//设置过滤器 if (pcap_setfilter(adhandle, &fcode)<0) { cout<<"\nError setting the filter.\n"; pcap_freealldevs(alldevs); return 0; } cout<<"\t\tlistening on "<<d->description<<"..."<<endl<<endl; ofstream fout(argv[1],ios::app); //日志记录文件 //加入日期记录 time_t t; time(&t); fout.seekp(0,ios::end);
}
return 0;
} if(pcap_datalink(adhandle) == DLT_EN10MB && d->addresses != NULL) break; if(d==NULL) cout<<"\nNO interfaces found! Make sure winpcap is installed.\n"; return 0;
}
} {
编辑过滤器并设置过滤器,只捕获ARP数据 包
//获得子网掩码 netmask=((sockaddr_in *) (d->addresses->netmask))->sin_addr.S_un.S_addr; //调试过滤器,只捕获ARP包
if(pcap_compile(adhandle, &fcode,packet_filter,1,netmask) <0)