分析pcap包（基于UDP）

//c代码#include <stdlib.h> #include <stdio.h> #include <pcap.h> #include <string.h> #include <netinet/in.h> #include <time.h> #include <syslog.h> /* *.pcap file format = file header(24B) + pkt header(16B) + Frame * Frame = Ethernet header(14B) + IP header(20B) + UDP header(8B) + appdata */ //enhernet header (14B) typedef struct _eth_hdr { unsigned char dstmac[6]; //目标mac地址 unsigned char srcmac[6]; //源mac地址 unsigned short eth_type; //以太网类型 }eth_hdr; //IP header 20B typedef struct _ip_hdr { unsigned char ver_hlen; //版本 unsigned char tos; //服务类型 unsigned short tot_len; //总长度 unsigned short id; //标志 unsigned short frag_off; //分片偏移 unsigned char ttl; //生存时间 unsigned char protocol; //协议 unsigned short chk_sum; //检验和 struct in_addr srcaddr; //源IP地址 struct in_addr dstaddr; //目的IP地址 }ip_hdr; //udp header 8B typedef struct _udp_hdr { unsigned short src_port; //远端口号 unsigned short dst_port; //目的端口号 unsigned short uhl; //udp头部长度 unsigned short chk_sum; //16位udp检验和 }udp_hdr; #define FILE_HEADER 24 #define FRAME_HEADER_LEN (sizeof(eth_hdr) + sizeof(ip_hdr) + sizeof(udp_hdr)) #define LOGLEN 2048 #define NEED_HEADER_INFO 1 int main(int argc, char **argv) { FILE *fp; int fileOffset; int pktHeaderLen; char data[LOGLEN] = {0}; // struct pcap_file_header *fHeader; struct pcap_pkthdr *pktHeader; if (argc < 2) { printf("usage: ./exe *.pcap\n"); exit(1); } #ifdef NEED_HEADER_INFO printf("nead header info\n"); eth_hdr *EthHeader; ip_hdr *IPHeader; udp_hdr *UDPHeader; EthHeader = (eth_hdr*)malloc(sizeof(*EthHeader)); IPHeader = (ip_hdr*)malloc(sizeof(*IPHeader)); UDPHeader = (udp_hdr*)malloc(sizeof(*UDPHeader)); memset(EthHeader, 0, sizeof(*EthHeader)); memset(IPHeader, 0, sizeof(*IPHeader)); memset(UDPHeader, 0, sizeof(*UDPHeader)); #endif pktHeader = (struct pcap_pkthdr*)malloc(sizeof(*pktHeader)); memset(pktHeader, 0, sizeof(*pktHeader)); fp = fopen(argv[1], "r"); if (fp == NULL) { perror("open file error"); exit(-1); } openlog("test", LOG_PID, 0); fileOffset = FILE_HEADER; //ingore file header while (fseek(fp, fileOffset, SEEK_SET) == 0) { // can get time from pktheader if (fread(pktHeader, 1, sizeof(*pktHeader), fp) == 0) { printf("file end\n"); return 0; } fileOffset += 16 + pktHeader->len; pktHeaderLen = pktHeader->len - FRAME_HEADER_LEN; printf("%d\n", pktHeaderLen); #ifdef NEED_HEADER_INFO //get eth header... if (fread(EthHeader, 1, sizeof(*EthHeader), fp) == 0) { printf("file end\n"); return 0; } //get ip header... if (fread(IPHeader, 1, sizeof(*IPHeader), fp) == 0) { printf("file end\n"); return 0; } //get udp herader if (fread(UDPHeader, 1, sizeof(*UDPHeader), fp) == 0) { printf("file end\n"); return 0; } #else fseek(fp, FRAME_HEADER_LEN, SEEK_CUR); //ingore ether header #endif if (fread(data, 1, pktHeaderLen, fp) == 0) { printf("file end\n"); return 0; } data[pktHeaderLen] = '\0'; printf("%s\n", data); sleep(1); syslog(LOG_SYSLOG | LOG_INFO, "%s", data); memset(data, 0, LOGLEN); } free(pktHeader); #ifdef NEED_HEADER_INFO free(EthHeader); free(IPHeader); free(UDPHeader); #endif closelog(); fclose(fp); return 0; }

 

  测试已通过