ARPSpoofing教程（四）

本程序的主要目标是展示如何解析所捕获的数据包的协议首部。

这个程序可以称为UDPdump，打印一些网络上传输的UDP数据的信息。

  1:  #include"pcap.h"
  2:  typedef struct ip_address{
  3:      u_char byte1,byte2,byte3,byte4;
  4:  }ip_address;
  5:  typedef struct ip_header{
  6:      u_char ver_ihl;      // 版本 (4 bits) + 首部长度 (4 bits)
  7:      u_char tos;          // 服务类型(Type of service)
  8:      u_short tlen;        // 总长(Total length)
  9:      u_short idenfication;
 10:      u_short flags_fo;
 11:      u_char ttl;
 12:      u_char proto;
 13:      u_short crc;
 14:      ip_address saddr;
 15:      ip_address daddr;
 16:      u_int op_pad;
 17:  }ip_header;
 18:
 19:  //UDP head
 20:  typedef struct udp_header{
 21:      u_short sport;       // 源端口(Source port)
 22:      u_short dport;       // 目的端口(Destination port)
 23:      u_short len;         // UDP数据包长度(Datagram length)
 24:      u_short crc;         // 校验和(Checksum)
 25:  }udp_header;
 26:  //每次捕获到数据包时，libpcap都会自动调用这个回调函数
 27:  void packet_handler(u_char *param,const pcap_pkthdr*header,const u_char *ptk_data){
 28:
 29:      char timestr[16];
 30:      //将时间戳转换成可识别的格式
 31:      time_t local_tv_sec=header->ts.tv_sec;
 32:      tm *ltime=localtime(&local_tv_sec);
 33:      strftime( timestr, sizeof timestr, "%H:%M:%S", ltime);
 34:      printf("%s,%.6d len:%d
",timestr,header->ts.tv_usec,header->len);
 35:
 36:      ip_header *iphead=(ip_header*)(ptk_data+14);
 37:      u_int ip_len=(iphead->ver_ihl&0xf)*4;
 38:      udp_header *udphead=(udp_header*)((u_char*)iphead+ip_len);
 39:      u_short sport=ntohs(udphead->sport);
 40:      u_short dport=ntohs(udphead->dport);
 41:      printf("%d.%d.%d.%d.%d -> %d.%d.%d.%d.%d
",
 42:          iphead->saddr.byte1,
 43:          iphead->saddr.byte2,
 44:          iphead->saddr.byte3,
 45:          iphead->saddr.byte4,
 46:          sport,
 47:          iphead->daddr.byte1,
 48:          iphead->daddr.byte2,
 49:          iphead->daddr.byte3,
 50:          iphead->daddr.byte4,
 51:          dport);
 52:
 53:  }
 54:  int main(){
 55:      pcap_if_t *alldevs;
 56:      pcap_t *adhandle;
 57:      char errbuf[PCAP_ERRBUF_SIZE];
 58:      u_int netmask=0;
 59:      bpf_program fcode;
 60:      char packet_filter[]="ip and udp";
 61:
 62:      if(pcap_findalldevs_ex(PCAP_SRC_IF_STRING,NULL,&alldevs,errbuf)==-1){
 63:          fprintf(stderr,"Error in pcap_findalldevs: %s
",errbuf);
 64:          exit(1);
 65:      }
 66:
 67:      //print device list
 68:      int count=1;
 69:      for(pcap_if_t *d=alldevs;d!=NULL;d=d->next){
 70:          printf("%d. %s",count++,d->name);
 71:          printf("(%s)
",d->description);
 72:      }
 73:      if(count==1) {
 74:          printf("No interface found! Make sure WinPcap is isntalled
");
 75:          return -1;
 76:      }
 77:      int num;
 78:      printf("Enter the interface number:(1-%d): ",count);
 79:      scanf("%d",&num);
 80:      if(num<1||num>count){
 81:          printf("Out Of Range
");
 82:          pcap_freealldevs(alldevs);
 83:          return -1;
 84:      }
 85:      pcap_if_t *d=alldevs;
 86:      // 跳转到选中的适配器
 87:      for(int i=0;i<num-1;i++,d=d->next);
 88:      // 设备名
 89:      // 65535保证能捕获到不同数据链路层上的每个数据包的全部内容
 90:      // 混杂模式
 91:      // 读取超时时间
 92:      // 远程机器验证
 93:      // 错误缓冲池
 94:      adhandle=pcap_open(d->name,65536,PCAP_OPENFLAG_PROMISCUOUS,1000,NULL,errbuf);
 95:      if(adhandle==NULL){
 96:          fprintf(stderr,"Unable to open the adapter %s",d->name);
 97:          return -1;
 98:      }
 99:      if (pcap_datalink(adhandle)!=DLT_EN10MB){
100:          fprintf(stderr,"This program works only on Ethernet network.
");
101:          pcap_freealldevs(alldevs);
102:          return -1;
103:      }
104:
105:
106:      if(d->addresses!=NULL)
107:          netmask=((sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;
108:      else
109:          netmask=0xffffff;
110:      printf("debug: %d
",netmask);
111:      if(pcap_compile(adhandle,&fcode,packet_filter,1,netmask)<0){
112:          fprintf(stderr,"Error setting thr filter
");
113:          pcap_freealldevs(alldevs);
114:          return -1;
115:      }
116:      printf("Listening on %s...
",d->description);
117:
118:      pcap_freealldevs(alldevs);
119:      //开始捕获
120:      pcap_loop(adhandle,0,packet_handler,NULL);
121:
122:
123:  }

试验结果：