在c中显示数据包的内容

时间:2011-03-03 07:31:43

标签: c

我正在捕获网络中的数据包,打印数据包值我已经定义了以太网ip和tcp的结构,我首先打印整个数据包然后根据结构打印数据包数据它跳过前4个字节数据包并打印下一个6字节作为目标地址ans等,为什么它跳过前4个字节?由于这个我得到错误的结果

    void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
    {
        int i,a[4],mul_value;
        struct classifier *ptr_fltr;

        ptr_fltr = (struct classifier*)(packet);

        int PacketLength = header->len;
        for(i = 0; i < PacketLength; i++)
        printf("%3X", packet[i]);

        printf("destination host");
        for(i = 0; i < 6; i++)
        printf("%3x",ptr_fltr->pktFltr.mac.ether_dhost[i]);
        printf("\n");

        printf("source host");
        for(i = 0; i < 6; i++)
        printf("%3x",ptr_fltr->pktFltr.mac.ether_shost[i]);

    .
    .
    .
    .
    }

这些是结构

        struct packet_filter
    {
        struct mac_filter mac;
        struct ip_filter ip;
        union {
            struct udp_filter proto;
        }protocol;
    }__attribute__((packed));


    struct mac_filter
    {
        u_char ether_dhost[ETHER_ADDR_LEN];
        u_char ether_shost[ETHER_ADDR_LEN];
        u_short ether_type;
    }__attribute__ ((packed));

    struct ip_filter
    {
        u_char ip_vhl;
        u_char ip_tos; /* type of service */
        u_short ip_len; /* total length */
        u_short ip_id; /* identification */
        u_short ip_off; /* fragment offset field */
        u_char ip_ttl; /* time to live */
        u_char ip_p; /* protocol */
        u_short ip_sum; /* checksum */
        struct in_addr ip_src; /* source and dest address */
        struct in_addr ip_dst; /* source and dest address */
    }__attribute__((packed));

struct node
    {
        int n; 
        struct classifier keys[M-1]; /*array of keys*/
        struct node *p[M]; 
    }__attribute__((packed));

输出

    i have put some part of the o/p
    0 14 85 A5 1B  1  0 19 D1 A3  7 25  8  0 45 10  1 54 A6 CA 40  0 40  6 2D CC AC 1C  6 6E AC 1C  6 57  0 16 91 57 EA AB
    destination host 1b  1  0 19 d1 a3
    source host  7 25  8  0 45 10

但目的地主机应为0 14 85 A5 1B 1

1 个答案:

答案 0 :(得分:1)

不要使用自定义结构,只需将指针包含到包含数据包类型结构的缓冲区,然后从那里开始工作。 IIRC libpcap发出以太网数据包,因此以下代码应以十六进制打印以太网数据包类型,目标和源MAC地址以及有效负载:

void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) {
    struct mac_filter *p = (struct mac_filter *) packet;
    const unsigned int data_len = (header->len - sizeof *p);
    const u_char *data = (packet + sizeof *p);
    int i = 0;

    printf("Type: %04hx\n", p->ether_type);

    printf(
        "Destination: %02X:%02X:%02X:%02X:%02X:%02X\n"
        p->ether_dhost[0], p->ether_dhost[1], p->ether_dhost[2],
        p->ether_dhost[3], p->ether_dhost[4], p->ether_dhost[5],
    );

    printf(
        "Sender:      %02X:%02X:%02X:%02X:%02X:%02X\n"
        p->ether_shost[0], p->ether_shost[1], p->ether_shost[2],
        p->ether_shost[3], p->ether_shost[4], p->ether_shost[5],
    );

    for (i = 0; i < data_len; i++) {
        printf("  %02x", data[i] & 0xff);
    }        
    printf("\n");
}
相关问题
最新问题