基于winpcap的嗅探器设计与实现 - 图文

{ struct tcphdr *tcph = (struct tcphdr*)pkt; data->tcph = (struct tcphdr*)malloc(sizeof(struct tcphdr)); if(NULL == data->tcph) return -1; data->tcph->ack_seq = tcph->ack_seq; data->tcph->check = tcph->check; data->tcph->doff = tcph->doff; data->tcph->res1 = tcph->res1; data->tcph->cwr = tcph->cwr; data->tcph->ece = tcph->ece; data->tcph->urg = tcph->urg; data->tcph->ack = tcph->ack; data->tcph->psh = tcph->psh; data->tcph->rst = tcph->rst; data->tcph->syn = tcph->syn; data->tcph->fin = tcph->fin; data->tcph->dport = ntohs(tcph->dport); data->tcph->seq = tcph->seq; data->tcph->sport = ntohs(tcph->sport); data->tcph->urg_ptr = tcph->urg_ptr; data->tcph->window= tcph->window; data->tcph->opt = tcph->opt; //http?? if(ntohs(tcph->dport) == 80 || ntohs(tcph->sport)==80) { npacket->n_http++; strcpy(data->pktType,\); } else{ npacket->n_tcp++; strcpy(data->pktType,\); } return 1; }

/*分析传输层：UDP*/

int analyze_udp(const u_char* pkt,datapkt *data,struct pktcount *npacket) { struct udphdr* udph = (struct udphdr*)pkt; data->udph = (struct udphdr*)malloc(sizeof(struct udphdr)); if(NULL == data->udph ) return -1; data->udph->check = udph->check; data->udph->dport = ntohs(udph->dport);

data->udph->len = ntohs(udph->len); data->udph->sport = ntohs(udph->sport); strcpy(data->pktType,\); npacket->n_udp++; return 1; }

//将数据包以十六进制方式打印出来

void print_packet_hex(const u_char* pkt,int size_pkt,CString *buf) { int i=0,j = 0,rowcount; u_char ch; char tempbuf[256]; memset(tempbuf,0,256); for(i = 0;iAppendFormat(_T(\ \),(u_int)i); rowcount = (size_pkt-i) > 16 ? 16 : (size_pkt-i); for (j = 0; j < rowcount; j++) buf->AppendFormat(_T(\ \),(u_int)pkt[i+j]); if(rowcount <16) for(j=rowcount;j<16;j++) buf->AppendFormat(_T(\ \)); for (j = 0; j < rowcount; j++) {

ch = pkt[i+j];

ch = isprint(ch) ? ch : '.'; buf->AppendFormat(_T(\),ch); } buf->Append(_T(\)); if(rowcount<16) return; }

}

七、设计结果

嗅探器运行初始界面如图2所示

图2.整体结构

嗅探器开始运行后界面如图3所示

图3.运行时的界面

八、软件使用说明

① 选择网卡

② 设置过滤器

③ 点击开始，程序运行 ④ 查看您需要的信息