USHORT opcode; // 操作代码,ARPOP_REQUEST为请求,ARPOP_REPLY为响应
UCHAR smac[6]; // 源MAC地址 UCHAR saddr[4]; // 源IP地址 UCHAR dmac[6]; // 目的MAC地址 UCHAR daddr[4]; // 目的IP地址 } ARPHeader, *PARPHeader; /* 4 bytes IP address */ typedef struct ip_address{ u_char byte1; u_char byte2; u_char byte3; u_char byte4; }ip_address;
/* IPv4 header */
typedef struct ip_header{
u_char ver_ihl; // Version (4 bits) + Internet header length (4 bits) u_char tos; // Type of service u_short tlen; // Total length u_short identification; // Identification
u_short flags_fo; // Flags (3 bits) + Fragment offset (13 bits) u_char ttl; // Time to live u_char proto; // Protocol
u_short crc; // Header checksum ip_address saddr; // Source address
ip_address daddr; // Destination address u_int op_pad; // Option + Padding }ip_header; /* UDP header*/
typedef struct udp_header{
u_short sport; // Source port
u_short dport; // Destination port u_short len; // Datagram length u_short crc; // Checksum }udp_header;
/* prototype of the packet handler */
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data);//回调函数 int main() {
pcap_if_t *alldevs;//获取到的设备列表 pcap_if_t *d;//指向的一个网络设备
int inum;//保存用户选择的用于捕获数据的网络适配器编号 int i=0;
pcap_t *adhandle;//用于捕获数据的Winpcap会话句柄 char errbuf[PCAP_ERRBUF_SIZE];//错误缓冲区 u_int netmask;
char packet_filter[] = \
struct bpf_program fcode;//bpf过滤代码结构 //Retrieve the device list 获得设备列表
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)//pcap_findalldevs_ex 获得本地计算机上所有的网络设备列表设备列表 {
fprintf(stderr,\打印每个网络设备的信息 exit(1); }
/* Print the list */
for(d=alldevs; d; d=d->next) {
printf(\ if (d->description)
printf(\ else
printf(\ }
if(i==0) {
printf(\ return -1; }
printf(\ scanf(\
if(inum < 1 || inum > i) {
printf(\ /* Free the device list */
pcap_freealldevs(alldevs);//释放网络设备链表 return -1; }
//跳转到已选设备
for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++); /* 打开适配器 */
if ( (adhandle= pcap_open(d->name, // name of the device 设备名
65536, // portion of the packet to capture. 要捕获的数据包的部分
// 65536 grants that the whole packet will be captured on all the MACs.65536保证能捕获到不同数据链路层上的每个数据包上的全
部内容
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode 混杂模式
1000, // read timeout 读取超时时间
NULL, // remote authentication 远程机器验证 errbuf // error buffer ) ) == NULL) {
fprintf(stderr,\to open the adapter. %s is not supported by WinPcap\\n\
/* Free the device list */ pcap_freealldevs(alldevs); return -1; }
/* Check the link layer. We support only Ethernet for simplicity. */ if(pcap_datalink(adhandle) != DLT_EN10MB)//pcap_datalink检查数据链路层 {
fprintf(stderr,\ /* Free the device list */ pcap_freealldevs(alldevs); return -1; }
if(d->addresses != NULL)
/* Retrieve the mask of the first address of the interface */ netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr; else /* If the interface is without addresses we suppose to be in a C class network */
netmask=0xffffff; //compile the filter
if (pcap_compile(adhandle, &fcode, packet_filter, 1, netmask) <0 ) {
fprintf(stderr,\to compile the packet filter. Check the syntax.\\n\
/* Free the device list */ pcap_freealldevs(alldevs); return -1; }
//set the filter
if (pcap_setfilter(adhandle, &fcode)<0) {
fprintf(stderr,\ /* Free the device list */
pcap_freealldevs(alldevs); return -1; }
printf(\ //发送arp包
u_char ucFrame[100]; // 设置Ethernet头
u_char arDestMac[6]={0xff,0xff,0xff,0xff,0xff,0xff}; u_char arSourceMac[6]={0x00,0x1F,0x16,0x26,0x33,0xF8}; ETHeader eh = { 0 };
memcpy(eh.dhost, arDestMac, 6);//memcpy内存拷贝函数,从源src所指的内存地址的起始位置开始拷贝n个字节到目标dest所指的内存地址的起始位置中 memcpy(eh.shost, arSourceMac, 6); eh.type = ::htons(ETHERTYPE_ARP); memcpy(ucFrame, &eh, sizeof(eh)); // 设置Arp头
ARPHeader ah = { 0 };
ah.hrd = htons(ARPHRD_ETHER);
ah.eth_type = htons(ETHERTYPE_IP); ah.maclen = 6; ah.iplen = 4;
ah.opcode = htons(ARPOP_REQUEST);
ULONG32 sIPAddr=inet_addr(\ ULONG32 dIPAddr=inet_addr(\ memcpy(ah.smac, arSourceMac, 6); memcpy(ah.saddr, &sIPAddr, 4); memcpy(ah.dmac, arDestMac, 6); memcpy(ah.daddr, &dIPAddr, 4); int n=255; while(n) {
char str[100];
sprintf(str,\ dIPAddr=inet_addr(str);
memcpy(ah.daddr, &dIPAddr, 4);
memcpy(&ucFrame[sizeof(ETHeader)], &ah, sizeof(ah)); if (pcap_sendpacket(adhandle, ucFrame, 42) != 0) {
fprintf(stderr,\sending the packet: %s\\n\pcap_geterr(adhandle));//pcap_geterr获取错误消息 return 3; } n=n-1; }
/* At this point, we don't need any more the device list. Free it */ pcap_freealldevs(alldevs); /* start the capture */
pcap_loop(adhandle, 0, packet_handler, NULL); return 0; }
/* Callback function invoked by libpcap for every incoming packet */ void packet_handler(u_char *param, const struct pcap_pkthdr *header,
const u_char *pkt_data)//param指定的参数user,header收到的数据包头,pkt_data接收到的数据包内容 {
struct tm *ltime; char time[16];
char *timestr=time; ARPHeader *ih; udp_header *uh; u_int ip_len;
u_short sport,dport; time_t local_tv_sec; /*
* Unused variable */
(VOID)(param);
/* convert the timestamp to readable format */ local_tv_sec = header->ts.tv_sec; //localtime_s(<ime, &local_tv_sec);
// strftime( timestr, sizeof timestr, \ ltime = localtime(&local_tv_sec);
// strftime( timestr, sizeof timestr, \ timestr=asctime( ltime );
/* print timestamp and length of the packet */ // printf(\
/* retireve the position of the ip header */
ih = (ARPHeader *) (pkt_data +14); //length of ethernet header in_addr saddr;// in_addr用来表示一个32位的IPv4地址. memcpy(&saddr,ih->saddr,sizeof(ULONG32)); /* print ip addresses and udp ports */ if(ih->opcode == htons(ARPOP_REPLY))
{ printf(\将网络地址转换成“.”点隔的字符串格式
u_char sMac[6]={0xff,0xff,0xff,0xff,0xff,0xff}; memcpy(sMac,ih->smac,6);
printf(\
sMac[0],sMac[1],sMac[2],sMac[3],sMac[4],sMac[5]);
} }