十年江湖一夕梦

#define    ETHERNETTYPE_IP        8
#define IPTYPE_TCP        6
#define IPTYPE_UDP        17
#define ETH_LEN                    6                       /* Octets in one ethernet addr     */
#define IP_LEN            4        /* Octecs in one IP addr     */

#define ETHERHEADER_LEN        14

/* Ethernet header */
struct ethernet_header {
  u_int8_t  ether_dhost[ETH_LEN];    /* destination eth addr    */
  u_int8_t  ether_shost[ETH_LEN];    /* source ether addr    */
  u_int16_t ether_type;                /* packet type ID field    */
};

/* IP header */
struct ip_header {
    u_int ip_hl:4, /* version */
       ip_v:4; /* header length */
    u_char ip_tos:8; /* type of service */
    u_short ip_len:16; /* total length */
    u_short ip_id:16; /* identification */
    //ip_flag:3, /* flag */
    #define IP_RF 0×8000 /* reserved fragment flag */
    #define IP_DF 0×4000 /* dont fragment flag */
    #define IP_MF 0×2000 /* more fragments flag */
    #define IP_OFFMASK 0×1fff /* mask for fragmenting bits */
    u_short ip_off:16; /* fragment offset field */
    u_char ip_ttl:8; /* time to live */
    u_char ip_p:8; /* protocol */
    u_short ip_sum:16; /* checksum */
    u_int8_t ip_src[IP_LEN],ip_dst[IP_LEN]; /* source and dest address */
};

/* TCP header */
struct tcp_header {
    u_int16_t th_sport:16; /* source port */
    u_int16_t th_dport:16; /* destination port */
    u_int th_seq:32; /* sequence number */
    u_int th_ack:32; /* acknowledgement number */
    u_int th_off:4, /* data offset */
    th_x2:6; /* (unused) */
    u_char th_flags:6;
    #define TH_FIN 0×01
    #define TH_SYN 0×02
    #define TH_RST 0×04
    #define TH_PUSH 0×08
    #define TH_ACK 0×10
    #define TH_URG 0×20
    #define TH_ECE 0×40
    #define TH_CWR 0×80
    #define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)
    u_short th_win:16; /* window */
    u_short th_sum:16; /* checksum */
    u_short th_urp:16; /* urgent pointer */
};

/*
  show the protocal address,port and the length of a package
  compile method: g++ filter.cpp -lpcap -o filter
  feuvan@smth
//*******************************************/
#include <pcap.h>
#include <stdio.h>
#include "filter.h"

int main(int argc, char *argv[])
{
    pcap_t *handle;                     /* Session handle */
    char *dev;                     /* The device to sniff on */
    char errbuf[PCAP_ERRBUF_SIZE];             /* Error string */
    struct bpf_program filter;                       /* The compiled filter */
    char filter_str[] = "";                          /* The filter expression */
    bpf_u_int32 mask;                                /* Our netmask */
    bpf_u_int32 net;                                 /* Our IP */
    struct pcap_pkthdr header;                       /* The header that pcap gives us */
    const u_char *packet;                            /* The actual packet */

    struct ethernet_header *ethernet;                /* The ethernet header */
    struct ip_header *ip;                            /* The IP header */
    struct tcp_header *tcp;                          /* The TCP header */
    struct udp_header *udp;                          /* The UDP header */

    /* Define the device */
    dev = pcap_lookupdev(errbuf);
    printf("Found device:%s\n",dev);
    /* Find the properties for the device */
    pcap_lookupnet(dev, &net, &mask, errbuf);
    /* Open the session in promiscuous mode */
    handle = pcap_open_live(dev, BUFSIZ, 1, 0, errbuf);
    /* Compile and apply the filter */
    pcap_compile(handle, &filter, NULL , 1 , 0);
    pcap_setfilter(handle, &filter);

    printf("Only for ethernet. Press Ctrl+C to quit\n");

    while(1)
    {
        packet = pcap_next(handle, &header);
        ethernet = (struct ethernet_header*)(packet);
        if(ethernet->ether_type == ETHERNETTYPE_IP) /*IP datagrame*/
        {
            ip = (struct ip_header*)(packet + ETHERHEADER_LEN);
            /*
            printf("ip_hl=%d\n",ip->ip_hl);
            printf("ip_tos=%d\n",ip->ip_tos);
            printf("ip_len=%d\n",ip->ip_len);
            printf("ip_id=%d\n",ip->ip_id);
            printf("ip_off=%d\n",ip->ip_off);
            printf("ip_ttl=%d\n",ip->ip_ttl);
            printf("ip_p=%d\n",ip->ip_p);
            printf("ip_sum=%d\n",ip->ip_checksum);
            */
            //printf("ip_v=%d ip_hl=%d\n",ip->ip_v,ip->ip_hl);
            /*
            int x=0;
            for (;x<header.len;x++)
            {
                printf("%02X",(packet+ETHERHEADER_LEN)[x]);
                if (x % 8 == 7)
                    printf(" ");
                if (x % 32 == 31)
                    printf("\n");
            }
            /*****/
            if(ip->ip_p == IPTYPE_TCP)
            {
                tcp = (struct tcp_header*)(packet + ETHERHEADER_LEN + ip->ip_hl*4);
                printf("%d.%d.%d.%d(%x %x %x %x %x %x):%d %s",ip->ip_src[0],ip->ip_src[1],ip->ip_src[2],ip->ip_src[3],
                ethernet->ether_shost[0],ethernet->ether_shost[1],ethernet->ether_shost[2],ethernet->ether_shost[3],
                ethernet->ether_shost[4],ethernet->ether_shost[5],tcp->th_sport,"tcp");

                printf(" -> %d.%d.%d.%d(%x %x %x %x %x %x):%d length:%d\n",ip->ip_dst[0],ip->ip_dst[1],ip->ip_dst[2],
                ip->ip_dst[3],ethernet->ether_dhost[0],ethernet->ether_dhost[1],ethernet->ether_dhost[2],
                ethernet->ether_dhost[3],ethernet->ether_dhost[4],ethernet->ether_dhost[5],tcp->th_dport,header.len);
            }
            else if(ip->ip_p == IPTYPE_UDP)
            {
                continue;
                udp = (struct udp_header*)(packet +ETHERHEADER_LEN + ip->ip_hl*4);
                printf("%d.%d.%d.%d(%x %x %x %x %x %x):%d %s",ip->ip_src[0],ip->ip_src[1],ip->ip_src[2],ip->ip_src[3],
                ethernet->ether_shost[0],ethernet->ether_shost[1],ethernet->ether_shost[2],ethernet->ether_shost[3],
                ethernet->ether_shost[4],ethernet->ether_shost[5],udp->th_sport,"udp");