由于使用“pCap”库转储网络流量,我编写了一个 C 控制台程序。我想从这个二进制文件中获取数据包信息(例如protocol-type,sender-ip等)。
我的代码:
#include "stdafx.h"
#include <pcap.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#ifndef WIN32
#include <sys/socket.h>
#include <netinet/in.h>
#else
#include <winsock.h>
#endif
#define LINE_LEN 16
void dispatcher_handler(u_char *, const struct pcap_pkthdr *, const u_char *);
int main(int argc, char **argv)
{
pcap_t *fp;
char errbuf[PCAP_ERRBUF_SIZE];
char source[PCAP_BUF_SIZE];
if(argc != 2){
printf("usage: %s filename", argv[0]);
return -1;
}
/* Create the source string according to the new WinPcap syntax */
if(pcap_createsrcstr(source, // variable that will keep the source string
PCAP_SRC_FILE, // we want to open a file
NULL, // remote host
NULL, // port on the remote host
argv[1], // name of the file we want to open
errbuf // error buffer
) != 0)
{
fprintf(stderr, "\nError creating a source string\n");
return -1;
}
/* Open the capture file */
if((fp = pcap_open(source, // name of the device
65536, // portion of the packet to capture
// 65536 guarantees that the whole packet will be captured on all the link layers
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode
1000, // read timeout
NULL, // authentication on the remote machine
errbuf // error buffer
)) == NULL)
{
fprintf(stderr, "\nUnable to open the file %s.\n", source);
return -1;
}
// read and dispatch packets until EOF is reached
pcap_loop(fp, 0, dispatcher_handler, NULL);
return 0;
}
void dispatcher_handler(u_char *temp1,
const struct pcap_pkthdr *header, const u_char *pkt_data)
{
u_int i = 0;
/* print pkt timestamp and pkt len */
printf("%ld:%ld (%ld)\n", header->ts.tv_sec, header->ts.tv_usec, header->len);
/* Print the packet */
for(i = 1; (i < header->caplen + 1); i++)
{
printf("%.2x ", pkt_data[i - 1]);
if((i % LINE_LEN) == 0) printf("\n");
}
printf("\n\n");
}
如何从流量文件中清楚地读取交通信息(不是十六进制代码)?
答案 0 :(得分:1)
用于检查流量文件,首先我们需要将其保存为十六进制文件结构:
printf("%.2x ", pkt_data[i - 1]);
之后我们可以分析十六进制字符串。 它的工作100%!