18,356
社区成员
发帖
与我相关
我的任务
分享请教 WINPCAP 抓的包不完整,少了一部分。
抓的包和HTTP Analyzer抓到的包对比发现后面的没有抓到。
贴上代码:
DWORD WINAPI GetHttpThreadFun(LPVOID pThreadStruct)
{
lpthread p=(lpthread)pThreadStruct;
char cnt=0;
CString BaoWen="";
pcap_t *adhandle;
char i=0;
char errbuf[PCAP_ERRBUF_SIZE];
/* 打开选择的网卡 */
if ( (adhandle= pcap_open(WanKaName, // 设备名
65536, // 指定要捕捉的数据包的部分
// 65536 保证所有在链路层上的包都能够被抓到
PCAP_OPENFLAG_PROMISCUOUS, // 混杂模式
1000, // 读数据的超时时间
NULL, // 远程机器的授权
errbuf // 错误缓冲区
) ) == NULL)
{
return 0;
}
struct pcap_pkthdr *pheader; // packet header
const u_char * pkt_data; // packet data
int res;
while((res = pcap_next_ex(adhandle, &pheader, &pkt_data)) >= 0)
{
if(res == 0)
continue; // read time out//
ether_header * eheader = (ether_header*)pkt_data; // transform packet data to ethernet header //
if(eheader->ether_type == htons(ETHERTYPE_IP))
{ //ip packet only
ip_header * ih = (ip_header*)(pkt_data+14); // get ip header //
if(ih->proto == htons(TCP_PROTOCAL))
{ // tcp packet only //
int ip_len = ntohs(ih->tlen); // get ip length, it contains header and body //
int find_http = false;
char* ip_pkt_data = (char*)ih;
int n = 0;
char buffer[BUFFER_MAX_LENGTH];
int bufsize = 0;
for(; n<ip_len; n++)
{
// http get or post request //
if(!find_http && ((n+3<ip_len && strncmp(ip_pkt_data+n,"GET",strlen("GET")) ==0 )
|| (n+4<ip_len && strncmp(ip_pkt_data+n,"POST",strlen("POST")) == 0)) )
find_http = true;
// http response //
if(!find_http && n+8<ip_len && strncmp(ip_pkt_data+n,"HTTP/1.1",strlen("HTTP/1.1"))==0)
find_http = true;
// if http is found //
if(find_http)
{
buffer[bufsize] = ip_pkt_data[n]; // copy http data to buffer //
bufsize ++;
}
}
// print http content //
if(find_http)
{
buffer[bufsize] = '\0';
CString sHttp;
sHttp=buffer;
CStdioFile File;
CString cs="",s;
if((-1!=sHttp.Find(_T("SSAuth:")))&&(-1!=sHttp.Find(_T("HDDINFO:"))))
{
File.Open("http.txt",CFile::modeCreate|CFile::modeNoTruncate|CFile::modeReadWrite);//如果文件事先不存在的话,就需要CFile::modeCreate,否则就不需要。
File.SeekToEnd();
cs+=sHttp;
cs+="\n";
File.WriteString(cs);
// MessageBox(cs);
File.Close();
// MessageBoxTimeout(this->GetSafeHwnd(), sHttp, _T("http报文"), MB_ICONINFORMATION, GetSystemDefaultLangID(), 3000);
//MessageBox(sHttp);
// int ret = MessageBoxTimeoutA(p->hwnd, sHttp, _T("http报文"), MB_OKCANCEL, 0, 2*1000);
// pcap_freealldevs(alldevs);
// return;
((CPdgDownDlg*)(p->pDlg))->GetDlgItem(IDC_EDIT1)->SetWindowText(sHttp);
// GetDlgItem(IDC_EDIT1)
}
}
}
}
}
return 0;
}
贴上代码:
DWORD WINAPI GetHttpThreadFun(LPVOID pThreadStruct)
{
lpthread p=(lpthread)pThreadStruct;
char cnt=0;
CString BaoWen="";
pcap_t *adhandle;
char i=0;
char errbuf[PCAP_ERRBUF_SIZE];
/* 打开选择的网卡 */
if ( (adhandle= pcap_open(WanKaName, // 设备名
65536, // 指定要捕捉的数据包的部分
// 65536 保证所有在链路层上的包都能够被抓到
PCAP_OPENFLAG_PROMISCUOUS, // 混杂模式
1000, // 读数据的超时时间
NULL, // 远程机器的授权
errbuf // 错误缓冲区
) ) == NULL)
{
return 0;
}
struct pcap_pkthdr *pheader; // packet header
const u_char * pkt_data; // packet data
int res;
while((res = pcap_next_ex(adhandle, &pheader, &pkt_data)) >= 0)
{
if(res == 0)
continue; // read time out//
ether_header * eheader = (ether_header*)pkt_data; // transform packet data to ethernet header //
if(eheader->ether_type == htons(ETHERTYPE_IP))
{ //ip packet only
ip_header * ih = (ip_header*)(pkt_data+14); // get ip header //
if(ih->proto == htons(TCP_PROTOCAL))
{ // tcp packet only //
int ip_len = ntohs(ih->tlen); // get ip length, it contains header and body //
int find_http = false;
char* ip_pkt_data = (char*)ih;
int n = 0;
char buffer[BUFFER_MAX_LENGTH];
int bufsize = 0;
for(; n<ip_len; n++)
{
// http get or post request //
if(!find_http && ((n+3<ip_len && strncmp(ip_pkt_data+n,"GET",strlen("GET")) ==0 )
|| (n+4<ip_len && strncmp(ip_pkt_data+n,"POST",strlen("POST")) == 0)) )
find_http = true;
// http response //
if(!find_http && n+8<ip_len && strncmp(ip_pkt_data+n,"HTTP/1.1",strlen("HTTP/1.1"))==0)
find_http = true;
// if http is found //
if(find_http)
{
buffer[bufsize] = ip_pkt_data[n]; // copy http data to buffer //
bufsize ++;
}
}
// print http content //
if(find_http)
{
buffer[bufsize] = '\0';
CString sHttp;
sHttp=buffer;
CStdioFile File;
CString cs="",s;
if((-1!=sHttp.Find(_T("SSAuth:")))&&(-1!=sHttp.Find(_T("HDDINFO:"))))
{
File.Open("http.txt",CFile::modeCreate|CFile::modeNoTruncate|CFile::modeReadWrite);//如果文件事先不存在的话,就需要CFile::modeCreate,否则就不需要。
File.SeekToEnd();
cs+=sHttp;
cs+="\n";
File.WriteString(cs);
// MessageBox(cs);
File.Close();
// MessageBoxTimeout(this->GetSafeHwnd(), sHttp, _T("http报文"), MB_ICONINFORMATION, GetSystemDefaultLangID(), 3000);
//MessageBox(sHttp);
// int ret = MessageBoxTimeoutA(p->hwnd, sHttp, _T("http报文"), MB_OKCANCEL, 0, 2*1000);
// pcap_freealldevs(alldevs);
// return;
((CPdgDownDlg*)(p->pDlg))->GetDlgItem(IDC_EDIT1)->SetWindowText(sHttp);
// GetDlgItem(IDC_EDIT1)
}
}
}
}
}
return 0;
}
...全文
请发表友善的回复…
发表回复
GZZXBCXM2005 2015-10-13
- 打赏
- 举报
应该是>1500 分片发包的缘故,不知道赵4老师贴那代码干嘛
GZZXBCXM2005 2015-10-09
- 打赏
- 举报
是特殊字符的原因,老师可否简单解说下?
赵4老师 2015-10-08
- 打赏
- 举报
void HexDump(char *buf,int len,int addr) {
int i,j,k;
char binstr[80];
for (i=0;i<len;i++) {
if (0==(i%16)) {
sprintf(binstr,"%08x -",i+addr);
sprintf(binstr,"%s %02x",binstr,(unsigned char)buf[i]);
} else if (15==(i%16)) {
sprintf(binstr,"%s %02x",binstr,(unsigned char)buf[i]);
sprintf(binstr,"%s ",binstr);
for (j=i-15;j<=i;j++) {
sprintf(binstr,"%s%c",binstr,('!'<buf[j]&&buf[j]<='~')?buf[j]:'.');
}
printf("%s\n",binstr);
} else {
sprintf(binstr,"%s %02x",binstr,(unsigned char)buf[i]);
}
}
if (0!=(i%16)) {
k=16-(i%16);
for (j=0;j<k;j++) {
sprintf(binstr,"%s ",binstr);
}
sprintf(binstr,"%s ",binstr);
k=16-k;
for (j=i-k;j<i;j++) {
sprintf(binstr,"%s%c",binstr,('!'<buf[j]&&buf[j]<='~')?buf[j]:'.');
}
printf("%s\n",binstr);
}
}
GZZXBCXM2005 2015-10-08
- 打赏
- 举报
求指点啊,还没有结束假期?
GZZXBCXM2005 2015-10-05
- 打赏
- 举报
