网络抓包以及进行简单数据分析

  经过了好几天的网络编程学习,熟悉了套接字的使用,今天需要我们做的是:实现简单的抓包软件并且对数据进行简单分析,实现校验和使用的回滚算法的编写:

  下面是简单的抓包软件及分析数据的代码,通过这个程序,我们可以更深层次的了解网络的运行机制,以及数据是怎样在网络中进行传送:

  1 #include <stdio.h>
  2 #include <string.h>
  3 #include <sys/socket.h>
  4 #include <netinet/in.h>
  5 #include <linux/ip.h>
  6 #include <linux/udp.h>
  7 #include <linux/if_ether.h>
  8 
  9 void show_mac(unsigned char *data);
 10 void show_ip(unsigned char *data);
 11 void show_udp(unsigned char *data);
 12 void show_app(unsigned char *data);
 13 
 14 int main()
 15 {
 16     /*接收所有经过该网卡的包*/
 17     int fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
 18     if(fd < 0) {
 19         perror("socket");
 20         return 1;
 21     }
 22 
 23     int ret = 0;
 24     int i = 0;
 25     unsigned char buff[1024] = {0};
 26     while(1) {
 27         memset(buff, 0, 1024);
 28         ret = read(fd, buff, 1024);//将接收的包存在数组里面
 29         printf("%d\n", strlen(buff));
 30         if(ret < 0) {
 31             perror("read");
 32             continue;
 33         }
 34     if(ret < 42) {//不处理错误的包
 35         continue;
 36     } 
 37     printf("socrce ip is:\t %x\t%x\t%x\t%x\n",
 38             buff[14 + 12], buff[14 + 13],
 39             buff[14 + 14], buff[14 + 15]);
 40     printf("dest ip is:\t %x\t%x\t%x\t%x\n",
 41             buff[14 + 16], buff[14 + 17],
 42             buff[14 + 18], buff[14 + 19]);
 43     
 44     if(buff[14 + 19] != 102) {//只处理发给本机的包
 45         continue;
 46     }
 47     
 48     for(i = 0; i < ret; i++) {
 49         printf("%x\t", buff[i]);
 50         if(i % 8 == 0) {
 51             printf("\n");
 52         }
 53     }    
 54     printf("\n\n\n");
 55     show_mac(buff);
 56     break;        
 57         
 58     }
 59 
 60     return 0;
 61 }
 62 
 63 void show_mac(unsigned char *data)
 64 {
 65     printf("----------------eth--------------------\n");
 66     struct ethhdr *eth = (struct ethhdr *)data;
 67     printf("destination eth addr: %x:%x:%x:%x:%x:%x\n",
 68         eth->h_dest[0], eth->h_dest[1],
 69         eth->h_dest[2], eth->h_dest[3],
 70         eth->h_dest[4], eth->h_dest[5]);
 71     printf("source eth addr: %x:%x:%x:%x:%x:%x\n",
 72         eth->h_source[0], eth->h_source[1],
 73         eth->h_source[2], eth->h_source[3],
 74         eth->h_source[4], eth->h_source[5]);
 75     printf("protocol is: %04x\n", ntohs(eth->h_proto));
 76     if(ntohs(eth->h_proto) == 0x0800) {
 77         show_ip(data + sizeof(struct ethhdr));
 78     }
 79     else {
 80         printf("unkonw mac protocol\n");
 81     }
 82 
 83 }
 84 
 85 void show_ip(unsigned char *data)
 86 {
 87     printf("----------------ip--------------------\n");
 88     struct iphdr *ip = (struct iphdr *)data; 
 89     printf("version is %d\n", ip->version);
 90     printf("head len is %d\n", ip->ihl * 4);
 91     printf("total len is %d\n", ntohs(ip->tot_len));
 92     printf("ttl is %d\n", ip->ttl);
 93     printf("protocol is %d\n", ip->protocol);
 94     printf("check is %x\n", ip->check);
 95     printf("saddr is %s\n", inet_ntoa(ip->saddr));
 96     printf("daddr is %s\n", inet_ntoa(ip->daddr));
 97     if(ip->protocol == 17) {
 98         show_udp(data + sizeof(struct iphdr));
 99     }
100     else {
101         printf("unkown ip procotol\n");
102     }
103     
104 }
105 
106 void show_udp(unsigned char *data)
107 {
108     printf("----------------udp--------------------\n");
109     struct udphdr *udp = (struct udphdr *)data;
110     printf("source port %d\n", htons(udp->source));
111     printf("dest port %d\n", htons(udp->dest));
112     printf("udp len %d\n", htons(udp->len));
113     printf("check %x\n", htons(udp->check));
114 
115     show_app(data + sizeof(struct udphdr));
116 }
117 
118 void show_app(unsigned char *data)
119 {
120     printf("data is %s\n", data);
121 }

  下面是校验和回滚算法的代码:

 1 #include <stdio.h>
 2 #include <linux/if_ether.h>
 3 
 4 unsigned short check_sum(unsigned char *data, int len);
 5 
 6 int main() 
 7 {
 8     //7af7
 9     unsigned char data[1024] = {
10     0x45, 0x00,
11     0x00, 0x20, 0x00, 0x00, 0x40, 0x00, 0x40, 0x11,
12     0x00, 0x00, 0xc0, 0xa8, 0x1f, 0x44, 0xc0, 0xa8,
13     0x1f, 0x41
14     };
15     
16     printf("check sum is %x\n", check_sum(data, 20));
17 }
18 
19 unsigned short check_sum(unsigned char *data, int len)
20 {
21     unsigned long sum = 0;
22     unsigned long ret = 0;
23     unsigned short *tmp = (unsigned short *)data;
24     unsigned short buff[1024] = {0};
25 
26     //以两字节为单位反复累加
27     while(len > 1) {
28         sum = sum +  *tmp++;
29         len = len - 2;
30     }
31     
32     //如果是单数,加最后一个
33     if(len) {
34         sum = sum + *tmp;
35     }
36 
37     //将累加和的高位与低位相加,直至高位为0(回滚)
38     ret = (sum & 0x00ff0000) >> 16;
39     if(ret != 0) {
40         sum = sum + ret;
41            ret = (sum & 0x00ff0000) >> 16;   
42     }
43     
44     return ntohs(~sum);            
45 }

 

posted @ 2015-08-29 12:00  zhangwju  阅读(1685)  评论(0编辑  收藏  举报