解析ARP数据包
2009-03-20 08:26
211 查看
//#include<windows.h>
#pragma comment(lib,"Ws2_32.lib");
//#pragma comment(lib,"wpcap.lib");
#pragma comment(lib, "wpcap.lib");
#include "pcap.h"
#include <fstream.h>
#include <iomanip.h>
#include <conio.h>
#include "remote-ext.h "
struct arppkt{
unsigned short hdtyp;//硬件类型,值0001表示其为Ethernet
unsigned short protyp;//协议类型,值0800表示上层协议为IP
unsigned char hdsize;//硬件地址长度,值为06
unsigned char prosize;//协议地址长度,值为04
unsigned short op;//操作值:0001/0002分别表示arp请求/应答
u_char smac[6];//源mac地址6B
u_char sip[4];//源IP地真址
u_char dmac[6];//目标mac地址
u_char dip[4];// 目标IP
};
void packet_handler(const pcap_pkthdr *header,const u_char *pkt_data,ostream &out);
void main(int argc,char *argv[])
{
/* if(argc!=2)
{
cout<<"Usage:arpparse logfilename"<<endl;
cout<<"Press any key to continue."<<endl;
_getch();
return ;
}*/
pcap_if_t *alldevs;
pcap_if_t *d;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
u_int netmask;
char packet_filter[]="ether proto //arp";
struct bpf_program fcode;
struct pcap_pkthdr *header;
u_char *pkt_data;
if(pcap_findalldevs(&alldevs,errbuf)==-1)
{
cout<<"Error in pcap_findalldevs"<<errbuf;
return;
}
for(d=alldevs;d;d=d->next)
{
if((adhandle=pcap_open_live(d->name,1000,1,300,errbuf))==NULL)
{
cout<<"/nUnable to open the adapter.";
pcap_freealldevs(alldevs);
return;
}
if(pcap_datalink(adhandle)==DLT_EN10MB&&d->addresses!=NULL)
break;
}
if(d==NULL)
{
cout<<"/nNo interfaces found! Make sure winpcap is intalled./n";
return ;
}
//
netmask=((sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;
if(pcap_compile(adhandle,&fcode,packet_filter,1,netmask)<0)
{
cout<<"/nUnable to complie the packet filter .check the syntax./n";
pcap_freealldevs(alldevs);
return;
}
if(pcap_setfilter(adhandle,&fcode)<0)
{
cout<<"/nError setting the filter./n";
pcap_freealldevs(alldevs);
return;
}
cout<<"/t/tlistening on"<<d->description<<"..."<<endl<<endl;
ofstream fout(argv[1],ios::app);
time_t t;
time(&t);
fout.seekp(0,ios::end);
if(fout.tellp()!=0)
fout<<endl;
fout<<"/t/tARP request(1)/reply(2) on"<<time(&t);
cout<<"Sour IP Addr"<<" "<<"Sour MAC Address"<<" "
<<"Des IP Addr"<<" "<<"Des MAC Address"<<" "
<<"OP"<<" "<<"Time"<<endl;
fout<<"Sour IP Addr"<<" "<<"Sour MAC Address"<<" "
<<"Des IP Addr"<<" "<<"Des MAC Address"<<" "
<<"OP"<<" "<<"Time"<<endl;
pcap_freealldevs(alldevs);
int result;
while((result=pcap_next_ex(adhandle,&header,&pkt_data))>=0)
{
if(result==0)
continue;
packet_handler(header,pkt_data,cout);
packet_handler(header,pkt_data,fout);
}
}
void packet_handler(const pcap_pkthdr *header,const u_char *pkt_data,ostream &out)
{
arppkt *arph=(arppkt *)(pkt_data+14);
for(int i=0;i<3;i++)
out<<int(arph->sip[i])<<'.';
out.setf(ios::left);
out<<setw(3)<<int(arph->sip[3])<<" ";
out.unsetf(ios::left);
char oldfillchar=out.fill('0');
out.setf(ios::uppercase);
for(i=0;i<5;i++)
out<<hex<<setw(2)<<int(arph->smac[i])<<'-';
cout<<hex<<setw(2)<<int(arph->smac[5])<<" ";
out.fill(oldfillchar);
out.unsetf(ios::hex|ios::uppercase);
for(i=0;i<3;i++)
out<<int(arph->dip[i])<<'-';
out.setf(ios::left);
out<<setw(3)<<int(arph->dip[3])<<" ";
out.unsetf(ios::left);
out.fill('0');
out.setf(ios::uppercase);
for(i=0;i<5;i++)
out<<hex<<setw(2)<<int(arph->dmac[i])<<'-';
out<<hex<<setw(2)<<int(arph->dmac[5])<<" ";
out.fill(oldfillchar);
out.unsetf(ios::hex|ios::uppercase);
out<<ntohs(arph->op)<<" ";
struct tm *ltime;
ltime=localtime(&header->ts.tv_sec);
out.fill('0');
out<<ltime->tm_hour<<":"<<setw(2)<<ltime->tm_min<<':'<<setw(2)<<ltime->tm_sec;
out.fill(oldfillchar);
out<<endl;
}
#pragma comment(lib,"Ws2_32.lib");
//#pragma comment(lib,"wpcap.lib");
#pragma comment(lib, "wpcap.lib");
#include "pcap.h"
#include <fstream.h>
#include <iomanip.h>
#include <conio.h>
#include "remote-ext.h "
struct arppkt{
unsigned short hdtyp;//硬件类型,值0001表示其为Ethernet
unsigned short protyp;//协议类型,值0800表示上层协议为IP
unsigned char hdsize;//硬件地址长度,值为06
unsigned char prosize;//协议地址长度,值为04
unsigned short op;//操作值:0001/0002分别表示arp请求/应答
u_char smac[6];//源mac地址6B
u_char sip[4];//源IP地真址
u_char dmac[6];//目标mac地址
u_char dip[4];// 目标IP
};
void packet_handler(const pcap_pkthdr *header,const u_char *pkt_data,ostream &out);
void main(int argc,char *argv[])
{
/* if(argc!=2)
{
cout<<"Usage:arpparse logfilename"<<endl;
cout<<"Press any key to continue."<<endl;
_getch();
return ;
}*/
pcap_if_t *alldevs;
pcap_if_t *d;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
u_int netmask;
char packet_filter[]="ether proto //arp";
struct bpf_program fcode;
struct pcap_pkthdr *header;
u_char *pkt_data;
if(pcap_findalldevs(&alldevs,errbuf)==-1)
{
cout<<"Error in pcap_findalldevs"<<errbuf;
return;
}
for(d=alldevs;d;d=d->next)
{
if((adhandle=pcap_open_live(d->name,1000,1,300,errbuf))==NULL)
{
cout<<"/nUnable to open the adapter.";
pcap_freealldevs(alldevs);
return;
}
if(pcap_datalink(adhandle)==DLT_EN10MB&&d->addresses!=NULL)
break;
}
if(d==NULL)
{
cout<<"/nNo interfaces found! Make sure winpcap is intalled./n";
return ;
}
//
netmask=((sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;
if(pcap_compile(adhandle,&fcode,packet_filter,1,netmask)<0)
{
cout<<"/nUnable to complie the packet filter .check the syntax./n";
pcap_freealldevs(alldevs);
return;
}
if(pcap_setfilter(adhandle,&fcode)<0)
{
cout<<"/nError setting the filter./n";
pcap_freealldevs(alldevs);
return;
}
cout<<"/t/tlistening on"<<d->description<<"..."<<endl<<endl;
ofstream fout(argv[1],ios::app);
time_t t;
time(&t);
fout.seekp(0,ios::end);
if(fout.tellp()!=0)
fout<<endl;
fout<<"/t/tARP request(1)/reply(2) on"<<time(&t);
cout<<"Sour IP Addr"<<" "<<"Sour MAC Address"<<" "
<<"Des IP Addr"<<" "<<"Des MAC Address"<<" "
<<"OP"<<" "<<"Time"<<endl;
fout<<"Sour IP Addr"<<" "<<"Sour MAC Address"<<" "
<<"Des IP Addr"<<" "<<"Des MAC Address"<<" "
<<"OP"<<" "<<"Time"<<endl;
pcap_freealldevs(alldevs);
int result;
while((result=pcap_next_ex(adhandle,&header,&pkt_data))>=0)
{
if(result==0)
continue;
packet_handler(header,pkt_data,cout);
packet_handler(header,pkt_data,fout);
}
}
void packet_handler(const pcap_pkthdr *header,const u_char *pkt_data,ostream &out)
{
arppkt *arph=(arppkt *)(pkt_data+14);
for(int i=0;i<3;i++)
out<<int(arph->sip[i])<<'.';
out.setf(ios::left);
out<<setw(3)<<int(arph->sip[3])<<" ";
out.unsetf(ios::left);
char oldfillchar=out.fill('0');
out.setf(ios::uppercase);
for(i=0;i<5;i++)
out<<hex<<setw(2)<<int(arph->smac[i])<<'-';
cout<<hex<<setw(2)<<int(arph->smac[5])<<" ";
out.fill(oldfillchar);
out.unsetf(ios::hex|ios::uppercase);
for(i=0;i<3;i++)
out<<int(arph->dip[i])<<'-';
out.setf(ios::left);
out<<setw(3)<<int(arph->dip[3])<<" ";
out.unsetf(ios::left);
out.fill('0');
out.setf(ios::uppercase);
for(i=0;i<5;i++)
out<<hex<<setw(2)<<int(arph->dmac[i])<<'-';
out<<hex<<setw(2)<<int(arph->dmac[5])<<" ";
out.fill(oldfillchar);
out.unsetf(ios::hex|ios::uppercase);
out<<ntohs(arph->op)<<" ";
struct tm *ltime;
ltime=localtime(&header->ts.tv_sec);
out.fill('0');
out<<ltime->tm_hour<<":"<<setw(2)<<ltime->tm_min<<':'<<setw(2)<<ltime->tm_sec;
out.fill(oldfillchar);
out<<endl;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Windows下使用winpcap-2.2arp探测局域网内主机(接收并解析arp数据包)
- ARP 数据包解析(转载)
- 承载于以太网帧之上的数据包的解析——ARP、IPv4、IPv6
- C++解析ARP数据包(可选网卡)
- 承载于以太网帧之上的数据包的解析——ARP、IPv4、IPv6
- 数据包的解析程序
- ARP原理是什么及ARP攻击的过程解析
- IP数据包分析与解析
- (转)手把手教你玩转ARP包(三)【数据包的游戏系列之一】
- 九度1475 - IP数据包解析(北邮)
- 网络基本知识(1) ARP解析
- 九度题库 1475:IP数据包解析(北京邮电大学2012机试)
- ARP地址解析过程(同一子网和不同子网)
- 《TCP/IP详解卷1:协议》第4章 ARP:地址解析协议-读书笔记
- 手把手教你玩转ARP包(二)【数据包的游戏系列之一】
- VS C++ 服务端解析WebSocket数据包
- 解析代理ARP的具体工作过程
- 解析Winpcap截获的数据包