开源项目之WinpCap 抓包
WinPcap是用于网络封包抓取的一套工具,可适用于32位的操作平台上解析网络封包,包含了核心的封包过滤,一个底层动态链接库,和一个高层系统函数库,及可用来直接存取封包的应用程序界面。 效果如图:
编译项目时需要用到WpdPack开发包(已放到源码包中)。
主要源码1:
//抓包线程UINT CCapPackDlg::CapThread(LPVOID lpParameter){CCapPackDlg *this2;pcap_t *adhandle;char errbuf[PCAP_ERRBUF_SIZE];pcap_dumper_t *dumpfile;struct pcap_pkthdr *header;const u_char *data;DWORD res;bool bExit;static long i=0,j=0;bool bFilter=false;//true表示过滤掉ListData List;struct ether_header *eth;u_char* mac_string;struct iphead *IPHead;struct arphead *ARPHead;in_addr ipaddr;this2=(CCapPackDlg *)lpParameter;i=0;j=0;//开启设备if((adhandle= pcap_open_live(this2->AdapterName,65536,1 ,10,errbuf)) == NULL){::MessageBox(0,"不能打开网络适配器,请在网卡设置中经行设置","错误",0);EnterCriticalSection(&(this2->csThreadStop));this2->bThreadStop=true;LeaveCriticalSection(&(this2->csThreadStop));SetEvent(this2->eThreadStart);return 0; }dumpfile=pcap_dump_open(adhandle,this2->CapFilePath);if(dumpfile==NULL){::MessageBox(0,"不能打开记录文件","错误",0);EnterCriticalSection(&(this2->csThreadStop));this2->bThreadStop=true;LeaveCriticalSection(&(this2->csThreadStop));SetEvent(this2->eThreadStart);return 0;}EnterCriticalSection(&(this2->csThreadStop));this2->bThreadStop=false;LeaveCriticalSection(&(this2->csThreadStop));SetEvent(this2->eThreadStart);//::MessageBox(0,"开始抓包","ok",0);while(1){EnterCriticalSection(&(this2->csThreadStop));bExit=this2->bThreadStop;LeaveCriticalSection(&(this2->csThreadStop));if(bExit)return 0;res = pcap_next_ex(adhandle,&header,&data);if(res==0){Sleep(100);continue;}else if(res<0){break;}pcap_dump((u_char *)dumpfile, header, data);eth=(ether_header *)data;mac_string=eth->ether_shost;sprintf(List.sMac,"%02X:%02X:%02X:%02X:%02X:%02X",*mac_string,*(mac_string+1),*(mac_string+2),*(mac_string+3),*(mac_string+4),*(mac_string+5));mac_string=eth->ether_dhost;sprintf(List.dMac,"%02X:%02X:%02X:%02X:%02X:%02X",*mac_string,*(mac_string+1),*(mac_string+2),*(mac_string+3),*(mac_string+4),*(mac_string+5));ltoa(header->caplen,List.Len,10);memcpy(List.Text,data,45);//数据不含以太网头List.Text[45]='\0';this2->DecodeChar(List.Text,45);switch(ntohs(eth->ether_type)){case ETHERTYPE_ARP:if(!this2->FilterSet.bAllProtocol && !this2->FilterSet.bArp){bFilter=true;break;}strcpy(List.Protocol,"ARP");ARPHead=(arphead *)(data+14);sprintf(List.sIP,"%d.%d.%d.%d",ARPHead->arp_source_ip_address[0],ARPHead->arp_source_ip_address[1],ARPHead->arp_source_ip_address[2],ARPHead->arp_source_ip_address[3]);sprintf(List.dIP,"%d.%d.%d.%d",ARPHead->arp_destination_ip_address[0],ARPHead->arp_destination_ip_address[1],ARPHead->arp_destination_ip_address[2],ARPHead->arp_destination_ip_address[3]);strcpy(List.sPort,"--");strcpy(List.dPort,"--");break;case ETHERTYPE_REVARP: strcpy(List.Protocol,"RARP");break;case ETHERTYPE_IP:IPHead=(iphead *)(data+14);ipaddr=IPHead->ip_souce_address;sprintf(List.sIP,"%d.%d.%d.%d",ipaddr.S_un.S_un_b.s_b1,ipaddr.S_un.S_un_b.s_b2,ipaddr.S_un.S_un_b.s_b3,ipaddr.S_un.S_un_b.s_b4);IPHead->ip_destination_address;sprintf(List.dIP,"%d.%d.%d.%d",ipaddr.S_un.S_un_b.s_b1,ipaddr.S_un.S_un_b.s_b2,ipaddr.S_un.S_un_b.s_b3,ipaddr.S_un.S_un_b.s_b4);switch(IPHead->ip_protocol){case 1:if(!this2->FilterSet.bAllProtocol && !this2->FilterSet.bIcmp){bFilter=true;break;}strcpy(List.Protocol,"ICMP");strcpy(List.sPort,"--");strcpy(List.dPort,"--");break;case 6:if(!this2->FilterSet.bAllProtocol && !this2->FilterSet.bTcp){bFilter=true;break;}strcpy(List.Protocol,"TCP");sprintf(List.sPort,"%d",ntohs( ((tcphead *)(data+16+20))->th_sport ));sprintf(List.dPort,"%d",ntohs( ((tcphead *)(data+16+20))->th_dport ));break;case 17:if(!this2->FilterSet.bAllProtocol && !this2->FilterSet.bUdp){bFilter=true;break;}strcpy(List.Protocol,"UDP");sprintf(List.sPort,"%d",ntohs( ((udphead *)(data+16+20))->udp_source_port ));sprintf(List.dPort,"%d",ntohs( ((udphead *)(data+16+20))->udp_destinanion_port ));break;default:strcpy(List.Protocol,"未知IP包");strcpy(List.sIP,"----------");strcpy(List.dIP,"----------");strcpy(List.sPort,"--");strcpy(List.dPort,"--");break;}break;case ETHERTYPE_PUP:strcpy(List.Protocol,"PUP");strcpy(List.sIP,"----------");strcpy(List.dIP,"----------");strcpy(List.sPort,"--");strcpy(List.dPort,"--");break;default:strcpy(List.Protocol,"未知以太包");strcpy(List.sIP,"----------");strcpy(List.dIP,"----------");strcpy(List.sPort,"--");strcpy(List.dPort,"--");break;}if(bFilter){j++;List.Falg=true;}else{i++;j++;List.Falg=false;}ltoa(i,List.ID,10);ltoa(j,List.TotalPacket,10);SendMessageTimeout(this2->m_hWnd,WM_UPDATE_LIST,(WPARAM)&List,0,SMTO_BLOCK,1000,&res);bFilter=false;}return 0;}这只是对WpdPack开发包的应用!
学习的目的是成熟!~
源码下载(附带WpdPack开发包)