离线抓取开心网和墨迹天气数据（pcap包，linux平台）

#include <stdio.h>
#include <stdlib.h>
#include <pcap.h>
#include <arpa/inet.h>
#include <string.h>
#include <regex.h>

//链路层数据包
typedef struct {
u_char DestMac[6];
u_char SrcMac[6];
u_char Etype[2];
}ETHHEADER;
//IP
typedef struct {
int header_len:4;
int version:4;
u_char tos:8;
int total_len:16;
int ident:16;
int flags:16;
u_char ttl:8;
u_char proto:8;
int checksum:16;
u_char sourceIP[4];
u_char destIP[4];
}IPHEADER;
int sign[8]={0};

char *Proto[]={
"Reserved","ICMP","IGMP","GGP","IP","ST","TCP"
};

void analys_moji(const u_char data[])
{
int i,q,w;
regmatch_t pm[2];
const size_t nm=2;
regex_t reg;
const char *pp1="kaixin001";
regcomp(®,pp1,REG_ICASE);
i=regexec(®,data,nm,pm,REG_NOTBOL);
if(i==0){
for(q=0;q<nm;q++){
for(w=pm[q].rm_so;w<pm[q].rm_eo;++w)
printf("%c",data[w]);
}
}
regfree(®);
}

void analys_kaixinwang(const u_char data[])
{
int i,q,w;
regmatch_t pm[2];
const size_t nm=2;
regex_t reg;

if (sign[1]==0)
{
const char *pp1="uid%3D[0-9]*";
regcomp(®,pp1,REG_ICASE);
i=regexec(®,data,nm,pm,0);
if(i==0)
{
printf("user_id=");
for(q=0;q<nm;q++)
{
for(w=pm[q].rm_so+6;w<pm[q].rm_eo;++w)
printf("%c",data[w]);
}
sign[1]=1;
printf("\n");
}
regfree(®);
}

if (sign[2]==0)
{
const char *pp2="device_name=(%..){1,}";
regcomp(®,pp2,REG_ICASE);
i=regexec(®,data,nm,pm,0);
if(i==0)
{
for(q=0;q<=nm;q++)
{
for(w=pm[q].rm_so;w<pm[q].rm_eo;++w)
printf("%c",data[w]);
}
sign[2]=1;
printf("\n");
}
regfree(®);
}

if (sign[3]==0)
{
const char *pp3="consumer_key=[a-z0-9]*";
regcomp(®,pp3,REG_ICASE);
i=regexec(®,data,nm,pm,0);
if(i==0)
{
for(q=0;q<=nm;q++)
{
for(w=pm[q].rm_so;w<pm[q].rm_eo;++w)
printf("%c",data[w]);
}
sign[3]=1;
printf("\n");
}
regfree(®);
}

if (sign[4]==0)
{
const char *pp4="x%3D[0-9]*\.[0-9]*%26y%3D[0-9]*\.[0-9]*";
regcomp(®,pp4,REG_ICASE);
i=regexec(®,data,nm,pm,0);
if(i==0)
{
for(q=0;q<=nm;q++)
{
for(w=pm[q].rm_so;w<pm[q].rm_eo;++w)
if (data[w]=='x')
{
printf("latitude=" );
w=w+3;
}
else if(data[w]=='%')
{
printf("   longtitude=");
w=w+6;
}
else
printf("%c",data[w]);
}
sign[4]=1;
printf("\n");
}
regfree(®);
}

if (sign[5]==0)
{
const char *pp5="version%3D[a-z]*.{5}";
regcomp(®,pp5,REG_ICASE);
i=regexec(®,data,nm,pm,0);
if(i==0)
{
printf("version = \n");
for(q=0;q<=nm;q++)
{
for(w=pm[q].rm_so+10;w<pm[q].rm_eo;++w)
printf("%c",data[w]);
}
sign[5]=1;
printf("\n");
}
regfree(®);
}

if (sign[6]==0)
{
const char *pp6="device_name=(%..){1,}";
regcomp(®,pp6,REG_ICASE);
i=regexec(®,data,nm,pm,0);
if(i==0)
{
for(q=0;q<=nm;q++)
{
for(w=pm[q].rm_so;w<pm[q].rm_eo;++w)
printf("%c",data[w]);
}
sign[6]=1;
printf("\n");
}
regfree(®);
}

if (sign[7]==0)
{
const char *pp7="device_name=(%..){1,}";
regcomp(®,pp7,REG_ICASE);
i=regexec(®,data,nm,pm,0);
if(i==0)
{
for(q=0;q<=nm;q++)
{
for(w=pm[q].rm_so;w<pm[q].rm_eo;++w)
printf("%c",data[w]);
}
sign[7]=1;
printf("\n");
}
regfree(®);
}

}

void pcap_handle_w(u_char* user,const struct pcap_pkthdr* header,const u_char* pkt_data)
{
if (header->len>=14)
{
IPHEADER *ip_header=(IPHEADER*)(pkt_data+14);
char ch[(int)header->len];
int i;
for ( i =0; i < (int)header->len; ++i)
{
if(isprint(pkt_data[i]))
ch[i]=pkt_data[i];
else
ch[i]='.';
}
analys_kaixinwang(ch);
}
}

int main(int argc, char **argv)
{
char *device="eth0";
char errbuf[1024];
pcap_t *phandle;
bpf_u_int32 ipaddress,ipmask;
struct bpf_program fcode;
int datalink;
int q,v,w=0,g=-1;
device="wlan0";

phandle=pcap_open_offline("test2.pcapng",errbuf);
if(phandle==NULL)
perror(errbuf);
if(pcap_lookupnet(device,&ipaddress,&ipmask,errbuf)==-1)
{
perror(errbuf);
return 1;
}
else
{
char ip[INET_ADDRSTRLEN],mask[INET_ADDRSTRLEN];
if(inet_ntop(AF_INET,&ipaddress,ip,sizeof(ip))==NULL)
perror("inet_ntop error");
else if(inet_ntop(AF_INET,&ipmask,mask,sizeof(mask))==NULL)
perror("inet_ntop error");
}
pcap_loop(phandle,-1,pcap_handle_w,NULL);
return 0;
}