关于winpcap抓包的问题?
我做的是基于winpcap和nmap对目标主机进行操作系统探测。构造好的13个特定数据包已经能准备发送(为了简单期间,采用的是固定的ip和mac),下面需要做的是对目标主机的应答包进行解析,获取相关信息,现在的问题是,
“捕获到一个数据包进行解析时,我不知道怎么来判断,这个包是目标主机针对那13个数据包中哪个包的回应。”
程序的框架如下,哪位高手能帮我解决一下,看看我程序的框架存在哪些问题,需要做怎样的修改。高分酬谢!!
我正在做毕设,快要答辩了,很急,谢谢,或者哪位大侠有“基于winpcap和nmap对目标主机进行操作系统探测”的相关资料,不访也告诉我,定会高分答谢的!!
看着有点长,其实框架很简单,一眼就看明白了
#include"winsock2.h"
#include"pcap.h"
#include "remote-ext.h"
#include <string>;
#include "windows.h"
#include <iostream>
using namespace std;
struct eh
{
unsigned char eh_dst[6]; // Destination address
unsigned char eh_src[6]; // Source address
unsigned short eh_type; // Ethernet type
};
struct iph
{
unsigned char verlen; /*IP version & length */
unsigned char tos; /*IP type of service*/
unsigned short totallength;/*Total length*/
unsigned short ide; /*Unique identifier */
unsigned short offset; /*Fragment offset field*/
unsigned char ttl; /*Time to live*/
unsigned char protocol; /*Protocol(TCP, UDP, etc.)*/
unsigned short checksum; /*IP checksum*/
unsigned int srcaddr; /*Source address*/
unsigned int dstaddr; /*Destination address*/
};
struct tcph
{
unsigned short srcport;
unsigned short dstport;
unsigned int seqno;
unsigned int ackno;
unsigned char offset;
unsigned char flags;
unsigned short window;
unsigned short checksum;
unsigned short urgptr;
unsigned short MSS; //最大报文长度,长度为4字节
unsigned short Window_Scale; //窗口扩大因子,只出现在含有SYN标志的报文里,长度为3字节
unsigned short Timestamp; //时间戳值,长度为10字节
unsigned short SACK_Permit; /*发送方建立连接时在SYN包里发送一个SACK-Permit,
表示在今后的传输中希望收到SACK选项,长度为2字节*/
unsigned short EOL;
};
struct udpheader //udp头部
{
unsigned short srcport; //源端口号
unsigned short dstport; //目的端口号
unsigned short totallength; //总长度
unsigned short checksum; //校验和
};
struct pseudo //伪头部
{
unsigned int srcaddr; //源ip地址
unsigned int dstaddr; //目的ip地址
unsigned char padzero; //0
unsigned char protocol; //协议号
unsigned short tcplength; //长度
};
int cal_chksum(const void *bufv, int length) //校验和计算
{}
///////////////////////////////////TCP序列号测试分析/////////////////////////////////////////////////
//第一个序列号测试
void pk1_packet_callback(u_char *argument,const struct pcap_pkthdr *packet_header,
const u_char* packet_content)
{
//struct pcap_pkthdr protocol_header; //数据包头部信息
struct tcph *tcp_protocol; //TCP协议变量
struct iph *ip_protocol; //IP协议变量
u_int pk1_sequence; //tcp序列号
int ip_len; //IP头部长度
int id_df;
u_int tcp_headerlen; //tcp头部长度
u_short wind; // 窗口大小
u_int acknowledgement; //确认号
u_int flag;
u_char flagsbiaoshi[7]; //标记
u_char ops[7]; //回复的选项标识
char DF; //分片标识 “Y”或者“N”
string ACK; //应答序列号类型
char Resp;
ip_protocol=(struct iph*)(packet_content+14); //获得IP协议内容
ip_len=(ip_protocol->verlen& 0x0f)*4; //获得IP头部长度
tcp_protocol=(struct tcph*)(packet_content+14+ip_len); //获得TCP协议内容
cout<<"====********====" <<endl;
}
//第二个序列号测试
void pk2_packet_callback(u_char *argument,const struct pcap_pkthdr *packet_header,
const u_char* packet_content)
{}
//第三个序列号测试
void pk3_packet_callback(u_char *argument,const struct pcap_pkthdr *packet_header,
const u_char* packet_content)
{}
//第四个序列号测试
void pk4_packet_callback(u_char *argument,const struct pcap_pkthdr *packet_header,
const u_char* packet_content)
{}
//第五个序列号测试
void pk5_packet_callback(u_char *argument,const struct pcap_pkthdr *packet_header,
const u_char* packet_content)
{}
void pk6_packet_callback(u_char *argument,const struct pcap_pkthdr *packet_header,
const u_char* packet_content)
{}
///////////////////////////////////T2-T7探测分析/////////////////////////////////////////////////
void T2_packet_callback(u_char *argument,const struct pcap_pkthdr *packet_header,
const u_char* packet_content)
{}
void T3_packet_callback(u_char *argument,const struct pcap_pkthdr *packet_header,
const u_char* packet_content)
{}
void T4_packet_callback(u_char *argument,const struct pcap_pkthdr *packet_header,
const u_char* packet_content)
{}
void T5_packet_callback(u_char *argument,const struct pcap_pkthdr *packet_header,
const u_char* packet_content)
{}
void T6_packet_callback(u_char *argument,const struct pcap_pkthdr *packet_header,
const u_char* packet_content)
{}
void T7_packet_callback(u_char *argument,const struct pcap_pkthdr *packet_header,
const u_char* packet_content)
{}
///////////////////////////////////UDP探测分析/////////////////////////////////////////////////
void udp_packet_callback(u_char *argument,const struct pcap_pkthdr *packet_header,
const u_char* packet_content)
{}