1.使用标准C库提供了abort()和exit()两个函数,强行终止程序的运行,<stdlib.h>。
2.使用assert(断言)宏调用,<assert.h>。
3.使用errno全局变量,<errno.h>。
4.使用goto跳转。
5.使用setjmp,longjmp跳转。
#pragma pack(push, 1)typedef struct pcap_hdr_s {
unsigned int magic_number /* magic number */
unsigned short version_major /* major version number */
unsigned short version_minor /* minor version number */
int thiszone /* GMT to local correction */
unsigned int sigfigs /* accuracy of timestamps */
unsigned int snaplen /* max length of captured packets, in octets */
unsigned int network /* data link type */
} pcap_hdr_t
typedef struct pcaprec_hdr_s {
unsigned int ts_sec /* timestamp seconds */
unsigned int ts_usec /* timestamp microseconds */
unsigned int incl_len /* number of octets of packet saved in file */
unsigned int orig_len /* actual length of packet */
} pcaprec_hdr_t
typedef struct {
unsigned short src_mac[3]
unsigned short dst_mac[3]
unsigned short pkt_type
} ethernet_hdr_t
typedef struct {
unsigned char hdr_dwcnt :4
unsigned char version :4
unsigned char ech :2
unsigned char dscp :6
unsigned short len
unsigned short ident
unsigned short frag_offset :13
unsigned short flags :3
unsigned char ttl
unsigned char proto
unsigned short crc
unsigned int src_addr
unsigned int dst_addr
} ipproto_hdr_t
typedef struct {
unsigned short srcport
unsigned short dstport
unsigned int pktnum
unsigned int acknum
unsigned char flags1 :1
unsigned char reserved :3
unsigned char hdr_dwcnt :4
unsigned char flags2 :8
unsigned short wndsize
unsigned short crc
unsigned short ptr
} tcpproto_hdr_t
#pragma pack(pop)
#include <stdio.h>
#include <stdlib.h>
void Revert(void* val, int len)
{
char tmp
char* sp = (char*) val
char* ep = sp + len - 1
while(sp < ep) {
tmp = *sp
*sp = *ep
*ep = tmp
++sp
--ep
}
}
void MakeIPStr(char* output, unsigned long nbsaddr)
{
unsigned char b1, b2, b3, b4
b1 = nbsaddr & 0xff
b2 = (nbsaddr >> 8) & 0xff
b3 = (nbsaddr >> 16) & 0xff
b4 = (nbsaddr >> 24) & 0xff
sprintf(output, "%d.%d.%d.%d", b1, b2, b3, b4)
}
int main()
{
FILE* fp
pcap_hdr_t gheader
fp = fopen("c:\\11.pcap", "rb")
fread(&gheader, sizeof(gheader), 1, fp)
for() {
pcaprec_hdr_t pheader
unsigned char* pdata
unsigned char* ppdata
if (fread(&pheader, sizeof(pheader), 1, fp) == 1) {
pdata = (unsigned char*) malloc(pheader.orig_len)
fread(pdata, pheader.orig_len, 1, fp)
ppdata = pdata
/* ethernet header */ {
ethernet_hdr_t* ethhdr = (ethernet_hdr_t*) ppdata
Revert(ðhdr->src_mac[0], 2)
Revert(ðhdr->src_mac[1], 2)
Revert(ðhdr->src_mac[2], 2)
Revert(ðhdr->dst_mac[0], 2)
Revert(ðhdr->dst_mac[1], 2)
Revert(ðhdr->dst_mac[2], 2)
Revert(ðhdr->pkt_type, 2)
printf("from mac: %04x%04x%04x to mac: %04x%04x%04x\n",
ethhdr->src_mac[0], ethhdr->src_mac[1], ethhdr->src_mac[2],
ethhdr->dst_mac[0], ethhdr->dst_mac[1], ethhdr->dst_mac[2]
)
ppdata += sizeof(*ethhdr)
if (ethhdr->pkt_type == 0x800)
/* ip header */ {
ipproto_hdr_t* iphdr = (ipproto_hdr_t*)ppdata
char ipbuf1[24], ipbuf2[24]
MakeIPStr(ipbuf1, iphdr->src_addr)
MakeIPStr(ipbuf2, iphdr->dst_addr)
printf("addr from: %s to %s\n", ipbuf1, ipbuf2)
printf("ttl: %d\n", iphdr->ttl)
ppdata += iphdr->hdr_dwcnt * 4
if (iphdr->proto == 0x06) { /* tcp */
tcpproto_hdr_t* tcphdr = (tcpproto_hdr_t*)ppdata
Revert(&tcphdr->srcport, 2)
Revert(&tcphdr->dstport, 2)
printf("tcp, port from %d to %d\n", tcphdr->srcport, tcphdr->dstport)
ppdata += tcphdr->hdr_dwcnt * 4
puts("data:")
/* print data */{
int nDataLen = pdata + pheader.orig_len - ppdata
int i
for (i = 0 i < nDataLen ++i) {
printf("%02x ", ppdata[i])
if (i % 16 == 15) puts("")
}
puts("")
}
}
}
puts("")
}
free(pdata)
} else
break
}
fclose(fp)
return 0
}
真麻烦……
这个给你参考
超文本传输协议冒号两个斜杠wiki点wireshark点org斜杠Development斜杠LibpcapFileFormat
