struct pcap_pkthdr *header,const u_char *packet)
{
const struct db_ip *ip; /* The IP header */
int size_ip;
u_int offset;
u_char tos;
u_int16_t checksum;
/* define/compute ip header offset */
ip = (struct db_ip*)(packet + SIZE_ETHERNET);
size_ip = IP_HL(ip)*4;
if (size_ip < 20) {
printf("*Invalid IP header length: %u bytes\n", size_ip);
return;
}
checksum=ntohs(ip->ip_sum);
tos=ip->ip_tos;
offset=ntohs(ip->ip_off);
/* print source and destination IP addresses */
printf("-------IP Protocol (Network Layer)---------\n");
printf("IP Version:%d\n",IP_V(ip));
printf("Header Length:%d\n",size_ip);
printf("TOS:%d\n",tos);
printf("Total length:%d\n",ntohs(ip->ip_len));
printf("Identification:%d\n",ntohs(ip->ip_id));
printf("Offset:%d\n",(offset & 0x1fff)*8);
printf("TTL:%d\n",ip->ip_ttl);
printf("Header checksum:%d\n",checksum);
printf(" From: %s", inet_ntoa(ip->ip_src));
printf(" To: %s\n", inet_ntoa(ip->ip_dst));
/* determine protocol */
size_ip=size_ip+SIZE_ETHERNET;
switch(ip->ip_p) {
case IPPROTO_TCP:
got_tcp_package(args,header,packet,size_ip);
break;
case IPPROTO_UDP:
got_udp_package(args,header,packet,size_ip);
break;
default:
printf(" Protocol: unknown\n");
break;
}
return;
}
/*
* dissect/print ethernet packet
*/
void
got_ethernet_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
static int count = 1; /* packet counter */
/* declare pointers to packet headers */
const struct db_ethernet *ethernet; /* The ethernet header [1] */
u_short ethernet_type;
u_char *mac_string;
printf("================The %d package is captured.======================\n",count);
count++;
printf("-------Ethernet Protocol (Link Layer)---------\n");
/* get ethernet header */
ethernet = (struct db_ethernet*)(packet);
printf("Mac Source Address is:\n");
mac_string=(u_char*)ethernet->ether_shost;
printf("%02x:%02x:%02x:%02x:%02x:%02x\n",*mac_string,*(mac_string+1),*(mac_string+2),*(mac_string+3),*(mac_string+4),*(mac_string+5));
printf("Mac Destination Address is:\n");
mac_string=(u_char*)ethernet->ether_dhost;
printf("%02x:%02x:%02x:%02x:%02x:%02x\n",*mac_string,*(mac_string+1),*(mac_string+2),*(mac_string+3),*(mac_string+4),*(mac_string+5));
ethernet_type=ntohs(ethernet ->ether_type);
switch(ethernet_type)
{
case 0x0800: got_ip_package(args,header,packet);break;
case 0x0806: printf("The network layer is ARP protocol\n");break;
case 0x0835: printf("The network layer is RARP protocol\n");break;
default:break;
}
return;
}
/*function implement end*/
/*main function,entrance for system*/
int main(int argc, char **argv)
{
char *dev = NULL; /* capture device name */
char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */
pcap_t *handle; /* packet capture handle */
char filter_exp[] = "ip";
//char filter_exp[] = "ip host 127.0.0.1";/*port 3306*//* filter expression [3] */
struct bpf_program fp; /* compiled filter program (expression) */
bpf_u_int32 mask; /* subnet mask */
bpf_u_int32 net; /* ip */
int num_packets = -1; /* number of packets to capture ,-1 is loop*/
print_app_banner();
/* check for capture device name on command-line */
if (argc == 2) {
dev = argv[1]