winpcap捕捉到的包,分析时出的问题
void packet_handler(u_char * param,const struct pcap_pkthdr * header,const u_char * pkt_data)
{
if(kbhit())
return ;
//struct tm * ltime;
//char timestr[16];
////转换时间戳格式
//ltime = localtime(&header->ts.tv_sec);
//strftime(timestr,sizeof(timestr),"%H:%M:%S",ltime);
//printf("%s,%.6d len:%d \n",timestr,header->ts.tv_usec,header->len);
pEH = (EthernetHdr *)pkt_data;
printf("%x-%x-%x-%x-%x-%x",
pEH->srcaddr[0],pEH->srcaddr[1],pEH->srcaddr[2],pEH->srcaddr[3],pEH->srcaddr[4],pEH->srcaddr[5]);
printf("----------");
printf("%x-%x-%x-%x-%x-%x",
pEH->destaddr[0],pEH->destaddr[1],pEH->destaddr[2],pEH->destaddr[3],pEH->destaddr[4],pEH->destaddr[5]);
printf("protocol:%x",pEH->protype);
printf("\n");
Sleep(200);
}
//以太网帧头部
//类型0800 IP数据报
//类型0806 ARP请求/应答
//类型8035 RARP请求/应答
typedef struct _ethernethdr
{
unsigned char destaddr[6]; //6byte的目的硬件地址
unsigned char srcaddr[6]; //6byte的源硬件地址
unsigned short protype; //2byte的协议类型
}EthernetHdr;
分析的结果,协议显示的都6488或是608,是哪个出的问题呢。