#include "pac_ana.h"
using namespace std;
std::map<std::string, int> counter;
struct ip_v4_address
u_char byte1;
u_char byte2;
u_char byte3;
u_char byte4;
struct ip_v6_address
u_short part1;
u_short part2;
u_short part3;
u_short part4;
u_short part5;
u_short part6;
u_short part7;
u_short part8;
struct mac_address
u_char byte1;
u_char byte2;
u_char byte3;
u_char byte4;
u_char byte5;
u_char byte6;
struct ethernet_header
mac_address des_mac_addr;
mac_address src_mac_addr;
u_short type;
struct ip_v4_header
u_char ver_ihl;
u_char tos;
u_short tlen;
u_short identification;
u_short flags_fo;
u_char ttl;
u_char proto;
u_short checksum;
ip_v4_address src_ip_addr;
ip_v4_address des_ip_addr;
u_int op_pad;
struct ip_v6_header
u_int32_t ver_trafficclass_flowlabel;
u_short payload_len;
u_char next_head;
u_char ttl;
ip_v6_address src_ip_addr;
ip_v6_address dst_ip_addr;
struct arp_header
u_short hardware_type;
u_short protocol_type;
u_char hardware_length;
u_char protocol_length;
u_short operation_code;
mac_address source_mac_addr;
ip_v4_address source_ip_addr;
mac_address des_mac_addr;
ip_v4_address des_ip_addr;
struct tcp_header
u_short sport;
u_short dport;
u_int sequence;
u_int acknowledgement;
u_char offset;
u_char flags;
u_short windows;
u_short checksum;
u_short urgent_pointer;
struct udp_header
u_short sport;
u_short dport;
u_short len;
u_short checksum;
struct icmp_header
u_char type;
u_char code;
u_short checksum;
u_short id;
u_short sequence;
int main()
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i = 0;
int pktnum;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
u_int netmask = 0xffffff;;
struct bpf_program fcode;
if (pcap_findalldevs(&alldevs, errbuf) == -1)
fprintf(stderr, "Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
for (d = alldevs; d; d = d->next)
cout << ++i << "." << d->name;
if (d->description)
cout << d->description << endl;
cout << " (No description available)" << endl;
if (i == 0)
cout << "\nNo interfaces found! Make sure WinPcap is installed." << endl;
return -1;
cout << "Enter the interface number (1-" << i << "): ";
cin >> inum;
if (inum < 1 || inum > i)
cout << "\nInterface number out of range." << endl;
pcap_freealldevs(alldevs);
return -1;
for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
if ((adhandle = pcap_open_live(d->name,
65536,
1,
1000,
errbuf
)) == NULL)
fprintf(stderr, "\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
pcap_freealldevs(alldevs);
return -1;
cout << "listening on " << d->description << "...." << endl;
pcap_freealldevs(alldevs);
if (pcap_compile(adhandle, &fcode, "ip or arp", 1, netmask) < 0)
fprintf(stderr, "\nUnable to compile the packet filter. Check the syntax.\n");
pcap_close(adhandle);
return -1;
if (pcap_setfilter(adhandle, &fcode) < 0)
fprintf(stderr, "\nError setting the filter.\n");
pcap_close(adhandle);
return -1;
cout << "please input the num of packets you want to catch(0 for keeping catching): ";
cin >> pktnum;
cout << endl;
pcap_loop(adhandle, pktnum, packet_handler, NULL);
pcap_close(adhandle);
getchar();
return 0;
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
struct tm *ltime;
char timestr[16];
time_t local_tv_sec;
local_tv_sec = header->ts.tv_sec;
ltime = localtime(&local_tv_sec);
strftime(timestr, sizeof timestr, "%H:%M:%S", ltime);
cout << B_DIVISION << "time:" << timestr << ","
<< header->ts.tv_usec << " len:" << header->len << B_DIVISION<<endl;
ethernet_package_handler(param, header, pkt_data);
void ethernet_package_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
ethernet_header* eh = (ethernet_header*)pkt_data;
cout << DIVISION << "以太网协议分析结构" << DIVISION << endl;
u_short type = ntohs(eh->type);
cout << "类型:0x" << hex << type;
cout << setbase(10);
switch (type)
case 0x0800:
cout << " (IPv4)" << endl;
break;
case 0x86DD:
cout << "(IPv6)" << endl;
break;
case 0x0806:
cout << " (ARP)" << endl;
break;
case 0x0835:
cout << " (RARP)" << endl;
default:
break;
cout << "目的地址:" << int(eh->des_mac_addr.byte1) << ":"
<< int(eh->des_mac_addr.byte2) << ":"
<< int(eh->des_mac_addr.byte3) << ":"
<< int(eh->des_mac_addr.byte4) << ":"
<< int(eh->des_mac_addr.byte5) << ":"
<< int(eh->des_mac_addr.byte6) << endl;
cout << "源地址:" << int(eh->src_mac_addr.byte1) << ":"
<< int(eh->src_mac_addr.byte2) << ":"
<< int(eh->src_mac_addr.byte3) << ":"
<< int(eh->src_mac_addr.byte4) << ":"
<< int(eh->src_mac_addr.byte5) << ":"
<< int(eh->src_mac_addr.byte6) << endl;
switch (type)
case 0x0800:
ip_v4_package_handler(param, header, pkt_data);
break;
case 0x0806:
arp_package_handler(param, header, pkt_data);
break;
case 0x86DD:
ip_v6_package_handler(param, header, pkt_data);
break;
default:
break;
cout << endl << endl;
void arp_package_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
arp_header* ah;
ah = (arp_header*)(pkt_data + 14);
cout << DIVISION << "ARP协议分析结构" << DIVISION << endl;
u_short operation_code = ntohs(ah->operation_code);
cout << "硬件类型:" << ntohs(ah->hardware_type) << endl;
cout << "协议类型:0x" << hex << ntohs(ah->protocol_type) << endl;
cout << setbase(10);
cout << "硬件地址长度:" << int(ah->hardware_length) << endl;
cout << "协议地址长度:" << int(ah->protocol_length) << endl;
switch (operation_code)
case 1:
cout << "ARP请求协议" << endl;
break;
case 2:
cout << "ARP应答协议" << endl;
break;
case 3:
cout << "ARP请求协议" << endl;
break;
case 4:
cout << "RARP应答协议" << endl;
break;
default:
break;
cout << "源IP地址:"
<< int(ah->source_ip_addr.byte1) << "."
<< int(ah->source_ip_addr.byte2) << "."
<< int(ah->source_ip_addr.byte3) << "."
<< int(ah->source_ip_addr.byte4) << endl;
cout << "目的IP地址:"
<< int(ah->des_ip_addr.byte1) << "."
<< int(ah->des_ip_addr.byte2) << "."
<< int(ah->des_ip_addr.byte3) << "."
<< int(ah->des_ip_addr.byte4) << endl;
add_to_map(counter, ah->source_ip_addr);
print_map(counter);
void ip_v4_package_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
ip_v4_header *ih;
ih = (ip_v4_header *)(pkt_data + 14);
cout << DIVISION << "IPv4协议分析结构" << DIVISION << endl;
cout << "版本号:" << ((ih->ver_ihl & 0xf0) >> 4) << endl;
cout << "首部长度:" << (ih->ver_ihl & 0xf) << "("
<< ((ih->ver_ihl & 0xf)<<2) << "B)" << endl;
cout << "区别服务:" << int(ih->tos) << endl;
cout << "总长度:" << ntohs(ih->tlen) << endl;
cout << "标识:" << ntohs(ih->identification) << endl;
cout << "标志:" << ((ih->flags_fo & 0xE000) >> 12) << endl;
cout << "片偏移:" << (ih->flags_fo & 0x1FFF) << "("
<< ((ih->flags_fo & 0x1FFF) << 3) << "B)" <<endl;
cout << "生命周期:" << int(ih->ttl) << endl;
cout << "协议:";
switch (ih->proto)
case 6:
cout << "TCP" << endl;
break;
case 17:
cout << "UDP" << endl;
break;
case 1:
cout << "ICMP" << endl;
break;
default:
cout << endl;
break;
cout << "校验和:" << ntohs(ih->checksum) << endl;
cout << "源IP地址:"
<< int(ih->src_ip_addr.byte1) << "."
<< int(ih->src_ip_addr.byte2) << "."
<< int(ih->src_ip_addr.byte3) << "."
<< int(ih->src_ip_addr.byte4) << endl;
cout << "目的IP地址:"
<< int(ih->des_ip_addr.byte1) << "."
<< int(ih->des_ip_addr.byte2) << "."
<< int(ih->des_ip_addr.byte3) << "."
<< int(ih->des_ip_addr.byte4) << endl;
switch (ih->proto)
case 6:
tcp_package_handler(param, header, pkt_data);
break;
case 17:
udp_package_handler(param, header, pkt_data);
break;
case 1:
icmp_package_handler(param, header, pkt_data);
break;
default:
break;
add_to_map(counter, ih->src_ip_addr);
print_map(counter);
void ip_v6_package_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
ip_v6_header *ih;
ih = (ip_v6_header *)(pkt_data + 14);
int version = (ih->ver_trafficclass_flowlabel & 0xf0000000) >> 28;
int traffic_class = ntohs((ih->ver_trafficclass_flowlabel & 0x0ff00000) >> 20);
int flow_label = ih->ver_trafficclass_flowlabel & 0x000fffff;
cout << "版本号:" << version << endl;
cout << "通信量类:" << traffic_class << endl;
cout << "流标号:" << flow_label << endl;
cout << "有效载荷:" << ntohs(ih->payload_len) << endl;
cout << "下一个首部:" << int(ih->next_head) << endl;
cout << "跳数限制:" << int(ih->ttl) << endl;
cout << "源IP地址:"
<< int(ih->src_ip_addr.part1) << ":"
<< int(ih->src_ip_addr.part2) << ":"
<< int(ih->src_ip_addr.part3) << ":"
<< int(ih->src_ip_addr.part4) << ":"
<< int(ih->src_ip_addr.part5) << ":"
<< int(ih->src_ip_addr.part6) << ":"
<< int(ih->src_ip_addr.part7) << ":"
<< int(ih->src_ip_addr.part8) << endl;
cout << "目的IP地址:"
<< int(ih->dst_ip_addr.part1) << ":"
<< int(ih->dst_ip_addr.part2) << ":"
<< int(ih->dst_ip_addr.part3) << ":"
<< int(ih->dst_ip_addr.part4) << ":"
<< int(ih->dst_ip_addr.part5) << ":"
<< int(ih->dst_ip_addr.part6) << ":"
<< int(ih->dst_ip_addr.part7) << ":"
<< int(ih->dst_ip_addr.part8) << endl;
switch (ih->next_head)
case 6:
tcp_package_handler(param, header, pkt_data);
break;
case 17:
udp_package_handler(param, header, pkt_data);
break;
case 58:
icmp_package_handler(param, header, pkt_data);
break;
default:
break;
add_to_map(counter, ih->src_ip_addr);
print_map(counter);
void udp_package_handler(u_char* param, const struct pcap_pkthdr *header, const u_char *pkt_data)
udp_header *uh;
uh = (udp_header *)(pkt_data + 20 + 14);
cout << DIVISION << "UDP协议分析结构" << DIVISION << endl;
cout << "源端口:" << ntohs(uh->sport) << endl;
cout << "目的端口:" << ntohs(uh->dport) << endl;
cout << "长度:" << ntohs(uh->len) << endl;
cout << "检验和:" << ntohs(uh->checksum) << endl;
void tcp_package_handler(u_char* param, const struct pcap_pkthdr *header, const u_char *pkt_data)
tcp_header* th;
th = (tcp_header*)(pkt_data + 14 + 20);
cout << DIVISION << "TCP协议分析结构" << DIVISION << endl;
cout << "源端口:" << ntohs(th->sport) << endl;
cout << "目的端口:" << ntohs(th->dport) << endl;
cout << "序号:" << ntohl(th->sequence) << endl;
cout << "确认号:" << ntohl(th->acknowledgement) << endl;
cout << "数据偏移:" << ((th->offset & 0xf0) >> 4) << "("
<< ((th->offset & 0xf0) >> 2) << "B)"<< endl;
cout << "标志:" ;
if (th->flags & 0x01)
cout << "FIN ";
if (th->flags & 0x02)
cout << "SYN ";
if (th->flags & 0x04)
cout << "RST ";
if (th->flags & 0x08)
cout << "PSH ";
if (th->flags & 0x10)
cout << "ACK ";
if (th->flags & 0x20)
cout << "URG ";
cout << endl;
cout << "窗口:" << ntohs(th->windows) << endl;
cout << "检验和:" << ntohs(th->checksum) << endl;
cout << "紧急指针:" << ntohs(th->urgent_pointer) << endl;
void icmp_package_handler(u_char* param, const struct pcap_pkthdr *header, const u_char *pkt_data)
icmp_header* ih;
ih = (icmp_header*)(pkt_data + 14 + 20);
cout << DIVISION << "ICMP协议分析结构" << DIVISION << endl;
cout << "ICMP类型:" << ih->type;
switch (ih->type)
case 8:
cout << "ICMP回显请求协议" << endl;
break;
case 0:
cout << "ICMP回显应答协议" << endl;
break;
default:
break;
cout << "ICMP代码:" << ih->code << endl;
cout << "标识符:" << ih->id << endl;
cout << "序列码:" << ih->sequence << endl;
cout << "ICMP校验和:" << ntohs(ih->checksum) << endl;
void add_to_map(map<string, int> &counter, ip_v4_address ip)
string ip_string;
int amount = 0;
map<string,int>::iterator iter;
ip_string = to_string(ip.byte1) + "."
+ to_string(ip.byte2) + "."
+ to_string(ip.byte3) + "."
+ to_string(ip.byte4);
iter = counter.find(ip_string);
if (iter != counter.end())
amount = iter->second;
counter.insert_or_assign(ip_string, ++amount);
void add_to_map(map<string, int> &counter, ip_v6_address ip)
string ip_string;
int amount = 0;
map<string, int>::iterator iter;
ip_string = to_string(ip.part1) + ":"
+ to_string(ip.part2) + ":"
+ to_string(ip.part3) + ":"
+ to_string(ip.part4) + ":"
+ to_string(ip.part5) + ":"
+ to_string(ip.part6) + ":"
+ to_string(ip.part7) + ":"
+ to_string(ip.part8);
iter = counter.find(ip_string);
if (iter != counter.end())
amount = iter->second;
counter.insert_or_assign(ip_string, ++amount);
void print_map(map<string, int> counter)
map<string, int>::iterator iter;
cout << DIVISION << "流量统计" << DIVISION << endl;
cout << "IP" << setfill(' ')<<setw(45) << "流量" << endl;
for (iter = counter.begin(); iter != counter.end(); iter++)
cout << iter->first << setfill('.') << setw(45-iter->first.length()) << iter->second<<endl;
计算机网络实验,直接把电饭锅塞嘴里一.实验目的随着计算机网络技术的飞速发展,网络为社会经济做出越来越多的贡献,可以说计算机网络的发展已经成为现代社会进步的一个重要标志。但同时,计算机犯罪、黑客攻击、病毒入侵等恶性事件也频频发生。网络数据包捕获、监听与分析技术是网络安全维护的一个基本技术同时也是网络入侵的核心手段。通过基于网络数据包的截获和协议分析,对网络上传输的数据包进行捕获,可以获取网络上传输的非法信息,对维护网络安全起到重大作用。本次实验的主要目的有:理解协议在通信中的作用;掌握抓包软件的开
这是我本学期的网络编程课程设计,是基于winpcap的抓包程序,用MFC实现。
本程序基于winpcap,可以实现抓包类型的选择,如ARP,IP,TCP,UDP,ICMP。一般网上的抓包程序都是利用原始套接字,而基于原始套接字的抓包程序是无法抓到网络层一下的包的,如ARP包。本程序实现的任意类型的抓包。
资源中含有1.程序源码 2.winpcap安装程序3.课程设计文档4.VC++设置说明。内容非常丰富。
本程序界面清晰实用,一目了然,容易上手。把抓包函数放到线程中,避免的主线程无响应。
此文件包含一体化的基于vc++6.0的MFC程序设计制作出来的windows扫描技术,采用WinPcap,实现了端口扫描,局域网监控,本地流量监控。
包含论文以及源码,经编译通过。
可能需要其他安装文件支持vc6的最后sdk,地址在下面
1.前言 2
2 Winpcap 网络扫描 2
2.1原理说明 2
2.2WinpCap常用函数说明 3
2.3 WinpCap内部构造说明 5
2.4基于WinPcap 捕获数据包的原理 6
2.5基于WinpCap实现 6
2.5.1数据截取 8
2.5.2关与网络流量 13
2.5.3关于本地信息的显示 15
3.基于socket的端口扫描 17
3.1 socket(套接字)编程原理 17
3.2套接字函数的分析 18
3.3 SOCKET端口扫描的程序思想 20
3.4基于SOCKET程序扫描的实现 20
4. 总结 21
5.参考文献 22
6.附录 23
收到此文件后,请按如下步骤安装
1.安装支持vc6的最新sdk(可选,可跳过,如果不能编译的话可补上步骤1)
2.按WinPcap的配置以及安装文件里面描述的方法先安装WinPcap_4_0_2.exe,其他按照Winpcap.doc安装方法里面的说明进行
4.如果自行编译时候出现问题,请在下面查找应对措施
5.免责申明,本文系本人自行编写,免费共享,切勿用于商业用途,仅供参考,因此产生的法律问题本人一律不负责,此资源仅做参考
winpcap开发包在使用中还是会有一些容易被忽略的问题的,由于这些问题可能让您在开发中产生一些莫名奇妙的结果。
首先,我们从winpcap的环境配置中可能出现的错误开始。
winpcap开发环境需要是windows操作系统,而且必须安装winpcap驱动才可以调试您的程序。
如果您的程序调试出现类式如下问题:can't find wpcap.dll................
C++ winpcap网络抓包代码实现,以及抓包内容解析。
c++实现抓包代码
1.安装winpcap(windows packet capture)是windows平台下一个免费,公共的网络访问系统。开发winpcap这个项目的目的在于为win32应用程序提供访问网络底层的能力。它用于windows系统下的直接的网络编程。Winpcap提供了一个强大的编程接口,它很容易地在各个操作系统之间进行移植。
百度网盘:
链接:https://pan.baidu.com/s/1ot7H3Vz_KBvdmYKjJqu
一、WinPcap介绍
winpcap(windows packet capture)是windows平台下一个免费,公共的网络访问系统。开发winpcap这个项目的目的在于为win32应用程序提供访问网络底层的能力。
它用于windows系统下的直接的网络编程,有如下几个功能:
捕获原始数据包,包括在共享网络上各主机发送/接收的以及相互之间交换的数据;
在数据包发往应用程序之前,按照自定义的规则将某些特殊的数据包过滤掉;
在网络上发送原始的数据包;
收集网络通信过程中的统计信息。
如果想详细了解可以去
1、安装winpcap
地址:http://www.winpcap.org/install/default.htm =》安装软件
地址:http://www.winpcap.org/archive =》下载package开发包wpdPack
a) 执行安装包,这样你的机子就能运行winpcap程序了
b)解压开发包,在VC6.0的Tools-->Option-->Directories的I
新的一年工作的第一天想对过去两个月的学习做一个总结,这段时间对自我的认识和工作的心态发生了变化。对工作更加认真了,也意识到自己的责任。言归正传,下面的程序是基于winpcap的网络抓包与还原,望一同学习交流,
涉及到的内容:
1)WinPcap库
2)MFC(花的时间较多,但感觉没有学到什么)
WinPcap是一个基于Win32平台的,用于捕获网络数据包并进行分析的开源库。
大多数网络应用程序通过被广泛使用的操作系统元件来访问网络,比如sockets。这是一种简单的实现方式,因为操作系统已经妥善处理了底层具体实现细节(比如协议处理,封装数据包等等),并且提供了一个与读写文件类似的、令人熟悉的接口。
然而,有些时候,这种“简单的方式”并不能满足任务的需求,因为有些应用程序需
