typedef unsigned char u8_t;
typedef signed char s8_t;
typedef unsigned short u16_t;
typedef signed short s16_t;
typedef unsigned long u32_t;
typedef signed long s32_t;struct ether_header
{
u8_t ether_dhost[6];
u8_t ether_shost[6];
u16_t ether_type;
};void callback(u_char *user_data,
const struct pcap_pkthdr *packet_header,
const u_char *packet_content)
{
u_short ethernet_type;
struct ether_header *ethernet_protocol;
u_char *mac_string;
static int packet_number = 1; printf("**************************************************\n");
printf("捕获第%d个以太网数据包\n", packet_number);
printf("捕获时间:\n");
//printf("%s", ctime((const time_t*)&packet_header->ts.tv_sec));
printf("数据包长度:\n");
printf("%d\n", packet_header->len); printf("----------- 以太网协议 ------------\n");
ethernet_protocol = (struct ether_header*)packet_content;
printf("以太网类型:\n");
ethernet_type = ntohs(ethernet_protocol->ether_type);
printf("x\n", ethernet_type);
switch (ethernet_type)
{
case 0x0800:
printf("上层协议为IP协议\n");
break;
case 0x0806:
printf("上层协议是ARP协议\n");
break;
case 0x8035:
printf("上层协议为RARP协议\n");
break;
default:
break;
} printf("源以太网地址: \n");
mac_string = ethernet_protocol->ether_shost;
for (int i = 0; i < 6;i++)
{
printf("%d:", mac_string[i]);
}
printf(" \n"); printf("目的以太网地址: \n");
mac_string = ethernet_protocol->ether_dhost;
for (int j = 0; j <6; j++)
{
printf("%d:", mac_string[j]);
}
printf(" \n");
printf("**************************************************\n");
packet_number++;
} int _tmain(int argc, _TCHAR* argv[])
{
//定义指针
pcap_t *fp;
//开辟空间
char errbuf[PCAP_ERRBUF_SIZE];
int i = 0;
//定义指针
pcap_if_t *alldevs;
//定义指针
pcap_if_t *d;
//定义变量
int inum;
//实例结构体
struct bpf_program bpf_filter;
char bpf_filter_string[] = "tcp";
bpf_u_int32 net_mask;
bpf_u_int32 net_ip; if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
fprintf(stderr, "查找所有的devs错误: %s\n", errbuf);
return -1;
}
//打印所有的devs
for (d = alldevs; d; d = d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description){
printf(" (%s)\n", d->description);
}
else{
printf(" (No description available)\n");
}
} if (i == 0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return -2;
} printf("选择网卡 (1-%d):", i);
scanf_s("%d", &inum);
if (inum < 1 || inum > i)
{
printf("\n输入范围1-3.\n");
//释放所有接口
pcap_freealldevs(alldevs);
return -3;
} for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++); {
pcap_lookupnet(d->name, &net_ip, &net_mask, errbuf);
}
if ((fp = pcap_open_live(d->name, // 设备名称
65536, // 要捕获的数据包的一部分。在这种情况下没有关系
1, // 混杂模式(非零均值的混杂)
1000, // 读超时
errbuf // 错误缓冲
)) == NULL)
{
fprintf(stderr, "\n无法打开适配器。%s不支持网络 \n", d->name);
return -4;
}
if (pcap_compile(fp, &bpf_filter, bpf_filter_string, 0, net_mask) < 0)
{
fprintf(stderr, "\n无法编译包筛选器。检查语法 .\n");
return -5;
}
pcap_setfilter(fp, &bpf_filter);
if (pcap_datalink(fp) != DLT_EN10MB){
return -6;
}
//监听
pcap_loop(fp, -1, callback, NULL);
pcap_close(fp); return 0;
}