这里先说一下pcap文件的内容详解。
首先是关于数据外的内容,主要包含了文件头,和数据首部
https://blog.csdn.net/ytx2014214081/article/details/80112277
然后是每部分的结构讲解
https://blog.csdn.net/qq_29022265/article/details/91531086
上面的两篇博客写的都很详细。
然后就是
数据部分,这部分的结构体主要是
帧部分数据--ip部分数据---udp头部的数据--data部分
下面话不多说,上代码:
#include <stdlib.h> #include <stdio.h> #include <pcap.h> #include <string.h> #include <netinet/in.h> #include <time.h> typedef signed int uint32; typedef unsigned short uint16; typedef unsigned char uint8; typedef signed int int32; typedef unsigned char mac_addr_t[6]; /* *.pcap file format = file header(24B) + pkt header(16B) + Frame * Frame = Ethernet header(14B) + IP header(20B) + UDP header(8B) + appdata */
//enhernet header (14B) typedef struct _eth_hdr { mac_addr_t dst_mac; mac_addr_t src_mac; uint16 type_length; }eth_hdr; //IP header 20B typedef struct _ip_hdr { uint8 ver_hlen; uint8 tos; uint16 tot_len; uint16 id; uint16 frag_off; uint8 ttl; uint8 protocol; uint16 chk_sum; uint32 srcaddr; uint32 dstaddr; }ip_hdr; //udp header 8B typedef struct _udp_hdr { uint16 src_port; uint16 dst_port; uint16 total_len; uint16 chk_sum; }udp_hdr;
//24b typedef struct _file_header{ uint32 magic_number; //magic number uint16 version_major; //major version number uint16 version_minor; //minor version number int32 thiszone; //GMT to local correction int32 sigfigs; //accuracy of timestamps int32 snaplen; //max length of captured packets in bytes int32 network; //data link type }file_header; //16b typedef struct _pcap_header{ uint32 ts_sec; //timestamp seconds uint32 ts_usec; //timestamp microsecod uint32 incl_len; //number of octets of pcaket saved in file uint32 orig_len; //actual length of packet }pcap_header;
int main() //remove unused arguments from the main function { //printf("sizeof :int %lu,unsigned int %lu ,char %lu,unsigned char %lu,short :%lu,unsigned short %lu,in_addr %lu",sizeof(int),sizeof(int),sizeof(unsigned int),sizeof(char),sizeof(unsigned char),sizeof(short),sizeof(unsigned short),sizeof(struct in_addr)); FILE* fp; char data[LOGLEN] = {0}; //assume the data cache size int src_port,dst_port,checksum,totallen; char src_ip[1024]={0}; char dst_ip[1024]={0}; struct pcap_pkthdr* pktHeader;// this part is pcap header and size 24b #ifdef NEED_HEADER_INFO printf("nead header info "); eth_hdr* EthHeader; //16 head 14 tail 2 ip_hdr* IPHeader; //20b udp_hdr* UDPHeader; //8b file_header* FILHeader; //24b pcap_header *PCPHeader; //16b FILHeader = (file_header *) malloc (sizeof(*FILHeader)); EthHeader = ( eth_hdr * ) malloc ( sizeof ( * EthHeader ));//this part of the code is for initialization IPHeader = ( ip_hdr * ) malloc ( sizeof ( * IPHeader )); UDPHeader = (udp_hdr*)malloc(sizeof(*UDPHeader)); PCPHeader = (pcap_header*)malloc(sizeof(*PCPHeader)); memset(FILHeader,0,sizeof(*FILHeader)); memset(EthHeader, 0, sizeof(*EthHeader));//replace the last sizeof(n )bytes in EthHeader of zeros memset(IPHeader, 0, sizeof(*IPHeader)); memset(UDPHeader, 0, sizeof(*UDPHeader)); memset(PCPHeader,0,sizeof(*PCPHeader)); #endif //pktHeader = (struct pcap_pkthdr*)malloc(sizeof(*pktHeader)); //memset(pktHeader, 0, sizeof(*pktHeader)); fp = fopen("test2.pcap", "r"); if (fp == NULL) { perror("open file error"); exit(-1); } //char data[1024]={0}; fseek(fp,24,SEEK_SET);//first remove the header of the pcap file. int i = 0 ; // fread(PCPHeader,16,1,fp); while (fread(PCPHeader,16,1,fp)!=0){ //then remove the data of the header int datasize = PCPHeader->incl_len-44; //the size of the data fread(EthHeader,16,1,fp); //the frame head size fread(IPHeader,20,1,fp); //ip part data size fread(UDPHeader,8,1,fp); //udp packet header data size inet_ntop(2,(void*)&(IPHeader->srcaddr),src_ip,16); //converts the data in the structure to a string inet_ntop(2,(void*)&(IPHeader->dstaddr),dst_ip,16); //the same to before src_port=ntohs(UDPHeader->src_port); //the porrt in the udp packet structure is converted to an int for output dst_port=ntohs(UDPHeader->dst_port); checksum=ntohs(UDPHeader->chk_sum); totallen=ntohs(UDPHeader->total_len); fread(data,1,datasize,fp); printf("%s ",data); i++; } printf("%d",i);//calculate how many pieces of data are in the pcap file free(pktHeader);//free up space in the structure #ifdef NEED_HEADER_INFO free(EthHeader); free(IPHeader); free(UDPHeader); #endif fclose(fp); return 0; }