贴到这里就乱了,放到vi 应该就好了,我自己测试了,还过的去,编译时记的加 -lpcap 哦
#include<stdio.h> #include<pcap.h> #include<stdlib.h> #include<errno.h> #include<sys/socket.h> #include<arpa/inet.h> #include<netinet/in.h> #include<netinet/if_ether.h> #include<netinet/ether.h> #include<net/ethernet.h> #include<time.h> #define MAXSTRINGSIZE 256 #define NIPQUAD(addr) / ((unsigned char *)&addr)[0], / ((unsigned char *)&addr)[1], / ((unsigned char *)&addr)[2], / ((unsigned char *)&addr)[3] static long long total=0; static long long total2=0; static long long ipc=0; static long long ipl=0; static long long tcc=0; static long long tcl=0; static long long udc=0; static long long udl=0; static long long icc=0; static long long arc=0; static long long arl=0; static time_t t1,t2; static int atotal; struct my_ip { u_int8_t ip_vhl; /*IP棣栭儴鐨勭増鏈彿鍜岄暱搴?/ #define IP_V(ip) (((ip)->ip_vhl&0xf0)>>4) /*璁$畻鐗堟湰鍙?/ #define IP_HL(ip) ((ip)->ip_vhl&0x0f) /*璁$畻闀垮害*/ u_int8_t ip_tos; /*鏈嶅姟绫诲瀷*/ u_int16_t ip_len; /*鎬婚暱搴?*/ u_int16_t ip_id; /*鏍囪瘑*/ u_int16_t ip_off; /*3浣嶆爣蹇楀拰13浣嶇墖鍋忕Щ*/ #define IP_DF 0x4000 #define IP_MF 0x2000 #define IP_OFFMASK 0x1fff u_int8_t ip_ttl; /* 鐢熷瓨鏃堕棿*/ u_int8_t ip_p; /* 鍗忚*/ u_int16_t ip_sum; /* 棣栭儴妫€楠屽拰 */ struct in_addr ip_src,ip_dst; /*婧怚P鍦板潃鐩殑IP鍦板潃*/ }; u_char * handle_ARP(const u_char * packet,int i) { arc++; arl+=42; const struct ether_arp * arphe;/*ARP包头*/ arphe=(struct ether_arp *)(packet+sizeof(struct ether_header)); if(i) fprintf(stdout,"ARP "); else fprintf(stdout,"RARP "); fprintf(stdout,"From IP:%d.%d.%d.%d ",NIPQUAD(arphe->arp_spa)); fprintf(stdout,"To:%d.%d.%d.%d/n",NIPQUAD(arphe->arp_tpa)); return NULL; } /*分析IP首部内容*/ u_char * handle_IP(u_char * useless,const struct pcap_pkthdr * pkthdr, const u_char * packet) { struct my_ip *ip; struct tcphdr *tcph; struct udphdr *udph; u_short srcport,dstport; char protocol[MAXSTRINGSIZE]; u_int length=pkthdr->len; u_int hlen,off,version; int i; int len; /*IP指针指向ip数据报报头*/ ip=(struct my_ip *)(packet +sizeof(struct ether_header)); length-=sizeof(struct ether_header); if(length<sizeof(struct my_ip)) { printf("truncated ip %d",length); return NULL; } len=ntohs(ip->ip_len); ipc++; ipl+=(len+14); hlen=IP_HL(ip); version=IP_V(ip); if(version!=4)/*检查版本号*/ { fprintf(stdout,"Unknown version %d/n",version); return NULL; } if(hlen<5)/*IP首部长度至少为20个字节,4个字节为单位*/ { fprintf(stdout,"bad-hlen %d /n",hlen); } if(length<len)/*检查长度是否一致*/ { printf("/n truncated IP -%d bytes missing/n",len-length); } off=ntohs(ip->ip_off); fprintf(stdout,"From IP:%s ",inet_ntoa(ip->ip_src)); fprintf(stdout," To IP: %s HeadL:%d V:%d TL:%d OF: %d Pr:%hd/n", inet_ntoa(ip->ip_dst),hlen,version,len,off,ip->ip_p); if(ip->ip_p==1)/*ICMP*/ { icc++; //strcpy(protocol,"tcp"); srcport=dstport=0; } else if(ip->ip_p==6)/*TCP*/ { tcc++; tcl+=(len+14); //strcpy(protocol,"tcp"); tcph=(struct tcphdr *)(packet+sizeof(struct ether_header)+4*len); //srcport=ntohs(tcph->source); //dstport=ntohs(tcph->dest); } else if(ip->ip_p==17)/*UDP*/ { udc++; udl+=(len+14); //strcpy(protocol,"udp"); udph=(struct udphdr *)(packet+sizeof(struct ether_header)+4*len); //srcport=ntohs(udph->source); //dstport=ntohs(udph->dest); } return NULL; } /* callback function that is passed to pcap_loop()and each time a packet is received*/ void my_callback(u_char *useless, const struct pcap_pkthdr * pkthdr,const u_char *packet) { struct ether_header *eptr; int i; eptr=(struct ether_header *)packet; fprintf(stdout,"ethernet header source:%s", ether_ntoa(eptr->ether_shost)); fprintf(stdout," destination: %s/n", ether_ntoa(eptr->ether_dhost)); u_int16_t type=(ntohs(eptr->ether_type)); if(type==ETHERTYPE_IP) { printf("THIS IS IP PACKET/n"); handle_IP(useless,pkthdr,packet); } else if(type==ETHERTYPE_ARP) { i=1; handle_ARP(packet,i); } else if(type==ETHERTYPE_REVARP) { i=0; handle_ARP(packet,i); } else printf("%d/n",type); } int main(int argc,char **argv) { char *dev;/*设备名*/ char errbuf[PCAP_ERRBUF_SIZE];/*用来存放错误信息*/ pcap_t *descr;/*网络设备描述符*/ const u_char *packet; struct pcap_pkthdr hdr;/*包结构体*/ struct ehter_header *eptr;/*以太网数据包头部指针*/ struct in_addr ipv4addr;/*ipv4地址*/ bpf_u_int32 netp;/*网络地址*/ bpf_u_int32 maskp;/*子网隐码*/ /*if(argc !=2) { fprintf(stdout,"Usage:%s numpackets/n",argv[0]); return 0; }*/ /*查找网卡*/ dev=pcap_lookupdev(errbuf); if(dev==NULL) { printf("%s/n",errbuf); exit(1); } /*打开设备,得到描述符*/ descr=pcap_open_live(dev,BUFSIZ,1,-1,errbuf); if(descr==NULL) { printf("pcap_open_live():%s/n",errbuf); exit(1); } /*得到网络IP及掩码*/ if(pcap_lookupnet(dev, &netp, &maskp, errbuf) == -1 ) { printf("pcap_lookupnet:%s ",errbuf); exit(1); } ipv4addr.s_addr=netp; printf("device name:%s ",dev); printf("net:%s ",inet_ntoa(ipv4addr)); ipv4addr.s_addr=maskp; printf("mask:%s/n",inet_ntoa(ipv4addr)); /* get the start time*/ t1=time(&t2); /*开始包的处理*/ if(pcap_loop(descr,-1,my_callback,NULL)<0) { fprintf(stderr,"pcap_loop:%s/n",pcap_geterr(descr)); return(1); } pcap_close(descr); return 0; }