学步园

贴到这里就乱了，放到vi 应该就好了，我自己测试了，还过的去，编译时记的加 -lpcap 哦

#include<stdio.h> #include<pcap.h> #include<stdlib.h> #include<errno.h> #include<sys/socket.h> #include<arpa/inet.h> #include<netinet/in.h> #include<netinet/if_ether.h> #include<netinet/ether.h> #include<net/ethernet.h> #include<time.h>   #define MAXSTRINGSIZE 256 #define NIPQUAD(addr) /     ((unsigned char *)&addr)[0], /     ((unsigned char *)&addr)[1], /     ((unsigned char *)&addr)[2], /     ((unsigned char *)&addr)[3]   static long long total=0; static long long total2=0;          static long long ipc=0; static long long ipl=0; static long long tcc=0; static long long tcl=0; static long long udc=0; static long long udl=0; static long long icc=0; static long long arc=0; static long long arl=0; static time_t t1,t2; static int atotal;                                                                                                                                     struct my_ip {    u_int8_t ip_vhl;                          /*IP棣栭儴鐨勭増鏈彿鍜岄暱搴?/    #define IP_V(ip) (((ip)->ip_vhl&0xf0)>>4) /*璁＄畻鐗堟湰鍙?/    #define IP_HL(ip) ((ip)->ip_vhl&0x0f)     /*璁＄畻闀垮害*/    u_int8_t ip_tos;                          /*鏈嶅姟绫诲瀷*/    u_int16_t ip_len;                         /*鎬婚暱搴?*/    u_int16_t ip_id;                          /*鏍囪瘑*/    u_int16_t ip_off;                         /*3浣嶆爣蹇楀拰13浣嶇墖鍋忕Щ*/    #define IP_DF 0x4000    #define IP_MF 0x2000    #define IP_OFFMASK 0x1fff    u_int8_t ip_ttl;                          /* 鐢熷瓨鏃堕棿*/    u_int8_t ip_p;                            /* 鍗忚*/    u_int16_t ip_sum;                         /* 棣栭儴妫€楠屽拰 */    struct in_addr ip_src,ip_dst;             /*婧怚P鍦板潃鐩殑IP鍦板潃*/ };   u_char * handle_ARP(const u_char * packet,int i) {        arc++;        arl+=42;        const struct ether_arp * arphe;/*ARP包头*/               arphe=(struct ether_arp *)(packet+sizeof(struct ether_header));        if(i)        fprintf(stdout,"ARP ");        else fprintf(stdout,"RARP ");          fprintf(stdout,"From IP:%d.%d.%d.%d ",NIPQUAD(arphe->arp_spa));        fprintf(stdout,"To:%d.%d.%d.%d/n",NIPQUAD(arphe->arp_tpa));          return NULL; }   /*分析IP首部内容*/                                                             u_char *  handle_IP(u_char * useless,const struct pcap_pkthdr * pkthdr,                         const u_char * packet) {        struct my_ip *ip;        struct tcphdr *tcph;        struct udphdr *udph;        u_short srcport,dstport;        char protocol[MAXSTRINGSIZE];               u_int length=pkthdr->len;        u_int hlen,off,version;        int i;        int len;          /*IP指针指向ip数据报报头*/        ip=(struct my_ip *)(packet +sizeof(struct ether_header));        length-=sizeof(struct ether_header);                                                                                                                                                       if(length<sizeof(struct my_ip))        {               printf("truncated ip %d",length);               return NULL;      }                                                                                                                                                     len=ntohs(ip->ip_len);          ipc++;        ipl+=(len+14);        hlen=IP_HL(ip);      version=IP_V(ip);                                                                                                                                                     if(version!=4)/*检查版本号*/      {                  fprintf(stdout,"Unknown version %d/n",version);                  return NULL;      }        if(hlen<5)/*IP首部长度至少为20个字节,4个字节为单位*/        {               fprintf(stdout,"bad-hlen %d /n",hlen);        }          if(length<len)/*检查长度是否一致*/        {               printf("/n truncated IP -%d bytes missing/n",len-length);        }          off=ntohs(ip->ip_off);               fprintf(stdout,"From IP:%s ",inet_ntoa(ip->ip_src));        fprintf(stdout,"  To IP: %s HeadL:%d V:%d TL:%d OF: %d Pr:%hd/n",                             inet_ntoa(ip->ip_dst),hlen,version,len,off,ip->ip_p);          if(ip->ip_p==1)/*ICMP*/        {               icc++;               //strcpy(protocol,"tcp");               srcport=dstport=0;        }        else if(ip->ip_p==6)/*TCP*/        {               tcc++;               tcl+=(len+14);               //strcpy(protocol,"tcp");               tcph=(struct tcphdr *)(packet+sizeof(struct ether_header)+4*len);               //srcport=ntohs(tcph->source);               //dstport=ntohs(tcph->dest);        }        else if(ip->ip_p==17)/*UDP*/        {               udc++;               udl+=(len+14);               //strcpy(protocol,"udp");               udph=(struct udphdr *)(packet+sizeof(struct ether_header)+4*len);               //srcport=ntohs(udph->source);               //dstport=ntohs(udph->dest);          }        return NULL; }   /* callback function that is passed to pcap_loop()and    each time a packet is received*/ void my_callback(u_char *useless,          const struct pcap_pkthdr * pkthdr,const u_char *packet) {        struct ether_header *eptr;        int i;        eptr=(struct ether_header *)packet;          fprintf(stdout,"ethernet header source:%s",                      ether_ntoa(eptr->ether_shost));        fprintf(stdout,"  destination: %s/n",                      ether_ntoa(eptr->ether_dhost));          u_int16_t type=(ntohs(eptr->ether_type));        if(type==ETHERTYPE_IP)        {               printf("THIS IS IP PACKET/n");               handle_IP(useless,pkthdr,packet);        }        else if(type==ETHERTYPE_ARP)        {               i=1;               handle_ARP(packet,i);        }        else if(type==ETHERTYPE_REVARP)        {               i=0;               handle_ARP(packet,i);        }        else printf("%d/n",type);        }     int main(int argc,char **argv) {        char *dev;/*设备名*/        char errbuf[PCAP_ERRBUF_SIZE];/*用来存放错误信息*/        pcap_t *descr;/*网络设备描述符*/        const u_char *packet;        struct pcap_pkthdr hdr;/*包结构体*/        struct ehter_header *eptr;/*以太网数据包头部指针*/        struct in_addr ipv4addr;/*ipv4地址*/        bpf_u_int32 netp;/*网络地址*/        bpf_u_int32 maskp;/*子网隐码*/                                                                                                                                                       /*if(argc !=2)        {               fprintf(stdout,"Usage:%s numpackets/n",argv[0]);               return 0;        }*/        /*查找网卡*/                                                                                                                                      dev=pcap_lookupdev(errbuf);        if(dev==NULL)        {               printf("%s/n",errbuf);               exit(1);        }        /*打开设备,得到描述符*/                                                                descr=pcap_open_live(dev,BUFSIZ,1,-1,errbuf);        if(descr==NULL)        {               printf("pcap_open_live():%s/n",errbuf);               exit(1);        }        /*得到网络IP及掩码*/        if(pcap_lookupnet(dev, &netp, &maskp, errbuf) == -1 )        {               printf("pcap_lookupnet:%s ",errbuf);               exit(1);        }          ipv4addr.s_addr=netp;        printf("device name:%s ",dev);        printf("net:%s ",inet_ntoa(ipv4addr));        ipv4addr.s_addr=maskp;        printf("mask:%s/n",inet_ntoa(ipv4addr));        /* get the start time*/         t1=time(&t2);                                                                                         /*开始包的处理*/                                                                   if(pcap_loop(descr,-1,my_callback,NULL)<0)        {               fprintf(stderr,"pcap_loop:%s/n",pcap_geterr(descr));               return(1);        }        pcap_close(descr);               return 0; }