我是winpcap和c ++的绝对新手。我想读取转储文件,更改某些数据包的MAC地址并删除其他数据包。所以最后,我的文件只应该包含更改的数据包(与以前相同的文件,只有没有'不重要'的包)。
我使用Qt Creator,mingw,c ++和winpcap(当然)。
到目前为止有效:从文件中读取,显示mac / ip /我想要的任何内容。 什么不起作用:编辑数据包。
我使用一些结构来读取数据包中的数据:
struct pcap_hdr_s {
public:
uint32_t magic_number; /* magic number */
uint16_t version_major; /* major version number */
uint16_t version_minor; /* minor version number */
int32_t thiszone; /* GMT to local correction */
uint32_t sigfigs; /* accuracy of timestamps */
uint32_t snaplen; /* max length of captured packets, in octets */
uint32_t network; /* data link type */
};
struct pcaprec_hdr_s {
public:
uint32_t ts_sec; /* timestamp seconds */
uint32_t ts_usec; /* timestamp microseconds */
uint32_t incl_len; /* number of octets of packet saved in file */
uint32_t orig_len; /* actual length of packet */
} ;
struct ip_address{
public:
u_char byte1;
u_char byte2;
u_char byte3;
u_char byte4;
};
struct mac_adress{
public:
u_char mac1;
u_char mac2;
u_char mac3;
u_char mac4;
u_char mac5;
u_char mac6;
};
/*Ethernet header*/
struct eth_header{
public:
mac_adress dst_mac;
mac_adress src_mac;
uint16_t type;
};
/* IPv4 header */
struct ip_header{
public:
u_char ver_ihl; // Version (4 bits) + Internet header length (4 bits)
u_char tos; // Type of service
u_short tlen; // Total length
u_short identification; // Identification
u_short flags_fo; // Flags (3 bits) + Fragment offset (13 bits)
u_char ttl; // Time to live
u_char proto; // Protocol
u_short crc; // Header checksum
ip_address* saddr; // Source address
ip_address* daddr; // Destination address
//u_int op_pad; // Option + Padding --> optional
};
/* UDP header*/
struct udp_header{
public:
u_short sport; // Source port
u_short dport; // Destination port
u_short len; // Datagram length
u_short crc; // Checksum
};
这是我编辑数据包的代码:
void changeMAC(QString wantedMac, QString file){
const u_char *pkt_data;
struct pcap_pkthdr *header;
pcap_t *pd;
pcap_dumper_t *pdumper;
eth_header *ethHeader;
ip_header *ipHeader;
int res = 0;
QString check;
pd = pcap_open_dead(DLT_EN10MB, 65535);
/*output file = input file*/
pdumper = pcap_dump_open(pd, qPrintable(file));
while((res = pcap_next_ex(pd, &header, &pkt_data)) >= 0){//iterate through the packets in the file
ipHeader = (ip_header *)(pkt_data + 14);
if(ipHeader->proto == 17){ //I only have a look at udp
ethHeader = (eth_header *)(pkt_data); //check if this is the MAC I want to cahnge
check.clear();
check.append(ethHeader->dst_mac.mac1);
check.append(ethHeader->dst_mac.mac2);
check.append(ethHeader->dst_mac.mac3);
check.append(ethHeader->dst_mac.mac4);
check.append(ethHeader->dst_mac.mac5);
check.append(ethHeader->dst_mac.mac6);//'check' contains the current MAC of the packet
if(wantedMac.contains(check.toAscii().toHex())){ //if 'check' contains the MAC I was looking for
/*
* Create fake IP header and put UDP header
* and payload in place
* --> how to do this for all wanted packets?
*/
pcap_dump((u_char *)pdumper, header, pkt_data); //write changed packet to file
}
else{
//delete the packet --> how?
}
}
}
pcap_close(pd);
pcap_dump_close(pdumper);
}
我已经看过this了,它有所帮助,但直到这一点。我的代码是我到目前为止所有的代码。
编辑:作为第一步,如果我能够将编辑后的数据包保存在第二个文件中,而不是数据包来自的文件中,我也会很高兴。但是如何编辑呢?
答案 0 :(得分:0)
好的,我自己想出了什么。它可能不是最优雅的解决方案,但它确实有效。
QString string;
QStringList mac;
int result=0;
bool ok;
QChar d
string=mac[0];//first part of mac address to string
for(int i=0; i<string.length();i++){//string to ascii hex and int
d=string.toUInt(&ok,16);
result=d.unicode();
}
ethHeader->dst_mac.macPart1=result;//allocate, go on for next part of macaddress