int openpcapfile(pcap_t **pcapout, char *filename) {
pcap_t *pcap;
char errbuf[PCAP_ERRBUF_SIZE];
char source[PCAP_BUF_SIZE];
/* Create the source string according to the new WinPcap syntax */
if ( pcap_createsrcstr( source, // variable that will keep the source string
PCAP_SRC_FILE, // we want to open a file
NULL, // remote host
NULL, // port on the remote host
filename, // name of the file we want to open
errbuf // error buffer
) != 0)
{
fprintf(stderr,"\nError creating a source string\n");
return -1;
}
/* Open the capture file */
if ( (pcap = pcap_open(source, // name of the device
65536, // portion of the packet to capture
// 65536 guarantees that the whole packet will be captured on all the link layers
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode
1000, // read timeout
NULL, // authentication on the remote machine
errbuf // error buffer
) ) == NULL)
{
fprintf(stderr,"\nUnable to open %s: %s\n", filename, errbuf);
return -1;
}
*pcapout = pcap;
return 0;
}
GList *
get_remote_interface_list(const char *hostname, const char *port,
int auth_type, const char *username,
const char *passwd, int *err, char **err_str)
{
struct pcap_rmtauth auth;
char source[PCAP_BUF_SIZE];
char errbuf[PCAP_ERRBUF_SIZE];
GList *result;
if (pcap_createsrcstr(source, PCAP_SRC_IFREMOTE, hostname, port,
NULL, errbuf) == -1) {
*err = CANT_GET_INTERFACE_LIST;
if (err_str != NULL)
*err_str = cant_get_if_list_error_message(errbuf);
return NULL;
}
auth.type = auth_type;
auth.username = g_strdup(username);
auth.password = g_strdup(passwd);
result = get_interface_list_findalldevs_ex(source, &auth, err, err_str);
g_free(auth.username);
g_free(auth.password);
return result;
}
int add_stream_from_pcap(char *file_path)
{
pcap_t *fp;
char errbuf[PCAP_ERRBUF_SIZE];
char source[PCAP_BUF_SIZE];
struct pcap_pkthdr *header;
const u_char *pkt_data;
t_stream t_stream_tmp;
/* Create the source string according to the new WinPcap syntax */
if ( pcap_createsrcstr( source, // variable that will keep the source string
PCAP_SRC_FILE, // we want to open a file
NULL, // remote host
NULL, // port on the remote host
file_path, // name of the file we want to open
errbuf // error buffer
) != 0)
{
WinPrintf(hwnd_frame, "Error creating a source string");
return -1;
}
/* Open the capture file */
if ( (fp= pcap_open(source, // name of the device
65536, // portion of the packet to capture
// 65536 guarantees that the whole packet will be captured on all the link layers
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode
1000, // read timeout
NULL, // authentication on the remote machine
errbuf // error buffer
) ) == NULL)
{
WinPrintf(hwnd_frame, "打开文件失败:\n%s\n可能是抓包存档文件损坏或格式不支持", source);
return -1;
}
while (pcap_next_ex(fp, &header, &pkt_data)>0)
{
if (nr_cur_stream>=MAX_STREAM_NUM)
{
err_msg_box("已达最大流数目 %d", MAX_STREAM_NUM);
break;
}
init_stream(&t_stream_tmp);
t_stream_tmp.len=header->caplen;
memcpy(t_stream_tmp.data, pkt_data, t_stream_tmp.len);
t_stream_tmp.err_flags = build_err_flags((void *)(t_stream_tmp.data), t_stream_tmp.len);
add_stream(&t_stream_tmp);
}
pcap_close(fp);
re_populate_items();
return 0;
}
int main(int argc, char **argv)
{
pcap_t *fp;
char errbuf[PCAP_ERRBUF_SIZE];
char source[PCAP_BUF_SIZE];
if(argc != 2){
printf("usage: %s filename", argv[0]);
return -1;
}
/* Create the source string according to the new WinPcap syntax */
if ( pcap_createsrcstr( source, // variable that will keep the source string
PCAP_SRC_FILE, // we want to open a file
NULL, // remote host
NULL, // port on the remote host
argv[1], // name of the file we want to open
errbuf // error buffer
) != 0)
{
fprintf(stderr,"\nError creating a source string\n");
return -1;
}
/* Open the capture file */
if ( (fp= pcap_open(source, // name of the device
65536, // portion of the packet to capture
// 65536 guarantees that the whole packet will be captured on all the link layers
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode
1000, // read timeout
NULL, // authentication on the remote machine
errbuf // error buffer
) ) == NULL)
{
fprintf(stderr,"\nUnable to open the file %s.\n", source);
return -1;
}
// read and dispatch packets until EOF is reached
pcap_loop(fp, 0, dispatcher_handler, NULL);
return 0;
}
int main(int argc, char **argv) {
pcap_t *fp;
struct pcap_pkthdr *header;
const u_char *pkt_data;
char errbuf[PCAP_ERRBUF_SIZE];
char source[PCAP_BUF_SIZE];
int res;
log_file = fopen("log.txt", "w");
WRITE_TO_LOG("Start main");
if(argc!=2) {
fprintf(stderr, "Usage: %s filename", argv[0]);
exit(EXIT_FAILURE);
}
/*Create the source string from the filename*/
WRITE_TO_LOG("Creating the source string from the filename");
if(pcap_createsrcstr(
source, //To keep source string
PCAP_SRC_FILE, //We're opening a file
NULL, //Remote host
NULL, //Port on the remote host
argv[1], //Name of the file to be opened
errbuf) != 0)
{
fprintf(stderr, "\nError creating source string: %s", errbuf);
exit(EXIT_FAILURE);
}
/*Open the capture file*/
WRITE_TO_LOG("Open the capture file");
if((fp=pcap_open(
source, //Device name
65536, //Portion of the packet to be captured
PCAP_OPENFLAG_PROMISCUOUS, //Promiscuous mode
1000, //Read timeout
NULL, //Authentication on remote host
errbuf))==NULL)
{
fprintf(stderr, "\nUnable to open the file %s: %s", argv[1], errbuf);
exit(EXIT_FAILURE);
}
WRITE_TO_LOG("Calling dispatch handler");
while((res=pcap_next_ex(fp, &header, &pkt_data))>=0) {
dispatch_handler(NULL, header, pkt_data);
}
if(res==-1) {
fprintf(stderr, "Error opening the file for reading packets: %s\n", pcap_geterr(fp));
exit(EXIT_FAILURE);
}
//pcap_loop(fp, 0, dispatch_handler, NULL);
WRITE_TO_LOG("Calling perform_regex");
perform_regex("regex_list.txt", "C:\\smtp_dump_output.txt");
//perform_regex("regex_list.txt", "C:\\agentlog.txt");
Sleep(10000);
WRITE_TO_LOG("Exiting..");
fclose(log_file);
}
main(int argc, char **argv)
{
pcap_t *fp;
char errbuf[PCAP_ERRBUF_SIZE];
char source[PCAP_BUF_SIZE];
struct pcap_pkthdr *header;
const u_char *pkt_data;
u_int i=0;
int res;
if(argc != 2)
{
printf("usage: %s filename", argv[0]);
return -1;
}
/* Create the source string according to the new WinPcap syntax */
if ( pcap_createsrcstr( source, // variable that will keep the source string
PCAP_SRC_FILE, // we want to open a file
NULL, // remote host
NULL, // port on the remote host
argv[1], // name of the file we want to open
errbuf // error buffer
) != 0)
{
fprintf(stderr,"\nError creating a source string\n");
return -1;
}
/* Open the capture file */
if ( (fp= pcap_open(source, // name of the device
65536, // portion of the packet to capture
// 65536 guarantees that the whole packet will be captured on all the link layers
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode
1000, // read timeout
NULL, // authentication on the remote machine
errbuf // error buffer
) ) == NULL)
{
fprintf(stderr,"\nUnable to open the file %s.\n", source);
return -1;
}
/* Retrieve the packets from the file */
while((res = pcap_next_ex( fp, &header, &pkt_data)) >= 0)
{
/* print pkt timestamp and pkt len */
printf("%ld:%ld (%ld)\n", header->ts.tv_sec, header->ts.tv_usec, header->len);
/* Print the packet */
for (i=1; (i < header->caplen + 1 ) ; i++)
{
printf("%.2x ", pkt_data[i-1]);
if ( (i % LINE_LEN) == 0) printf("\n");
}
printf("\n\n");
}
if (res == -1)
{
printf("Error reading the packets: %s\n", pcap_geterr(fp));
}
return 0;
}
void main(int argc, char **argv)
{
pcap_t *indesc,*outdesc;
char errbuf[PCAP_ERRBUF_SIZE];
char source[PCAP_BUF_SIZE];
FILE *capfile;
int caplen, sync;
u_int res;
pcap_send_queue *squeue;
struct pcap_pkthdr *pktheader;
u_char *pktdata;
float cpu_time;
u_int npacks = 0;
/* Check the validity of the command line */
if (argc <= 2 || argc >= 5)
{
usage();
return;
}
/* Retrieve the length of the capture file */
capfile=fopen(argv[1],"rb");
if(!capfile){
printf("Capture file not found!\n");
return;
}
fseek(capfile , 0, SEEK_END);
caplen= ftell(capfile)- sizeof(struct pcap_file_header);
fclose(capfile);
/* Chek if the timestamps must be respected */
if(argc == 4 && argv[3][0] == 's')
sync = TRUE;
else
sync = FALSE;
/* Open the capture */
/* Create the source string according to the new WinPcap syntax */
if ( pcap_createsrcstr( source, // variable that will keep the source string
PCAP_SRC_FILE, // we want to open a file
NULL, // remote host
NULL, // port on the remote host
argv[1], // name of the file we want to open
errbuf // error buffer
) != 0)
{
fprintf(stderr,"\nError creating a source string\n");
return;
}
/* Open the capture file */
if ( (indesc= pcap_open(source, 65536, PCAP_OPENFLAG_PROMISCUOUS, 1000, NULL, errbuf) ) == NULL)
{
fprintf(stderr,"\nUnable to open the file %s.\n", source);
return;
}
/* Open the output adapter */
if ( (outdesc= pcap_open(argv[2], 100, PCAP_OPENFLAG_PROMISCUOUS, 1000, NULL, errbuf) ) == NULL)
{
fprintf(stderr,"\nUnable to open adapter %s.\n", source);
return;
}
/* Check the MAC type */
if (pcap_datalink(indesc) != pcap_datalink(outdesc))
{
printf("Warning: the datalink of the capture differs from the one of the selected interface.\n");
printf("Press a key to continue, or CTRL+C to stop.\n");
getchar();
}
/* Allocate a send queue */
squeue = pcap_sendqueue_alloc(caplen);
/* Fill the queue with the packets from the file */
while ((res = pcap_next_ex( indesc, &pktheader, &pktdata)) == 1)
{
if (pcap_sendqueue_queue(squeue, pktheader, pktdata) == -1)
{
printf("Warning: packet buffer too small, not all the packets will be sent.\n");
break;
}
npacks++;
}
if (res == -1)
{
printf("Corrupted input file.\n");
pcap_sendqueue_destroy(squeue);
return;
}
/* Transmit the queue */
cpu_time = (float)clock ();
if ((res = pcap_sendqueue_transmit(outdesc, squeue, sync)) < squeue->len)
{
printf("An error occurred sending the packets: %s. Only %d bytes were sent\n", pcap_geterr(outdesc), res);
}
cpu_time = (clock() - cpu_time)/CLK_TCK;
printf ("\n\nElapsed time: %5.3f\n", cpu_time);
printf ("\nTotal packets generated = %d", npacks);
printf ("\nAverage packets per second = %d", (int)((double)npacks/cpu_time));
printf ("\n");
/* free the send queue */
pcap_sendqueue_destroy(squeue);
/* Close the input file */
pcap_close(indesc);
/*
* lose the output adapter
* IMPORTANT: remember to close the adapter, otherwise there will be no guarantee that all the
* packets will be sent!
*/
pcap_close(outdesc);
return;
}
int pcap_findalldevs_ex(const char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf)
{
int type;
char name[PCAP_BUF_SIZE], path[PCAP_BUF_SIZE], filename[PCAP_BUF_SIZE];
size_t pathlen;
size_t stringlen;
pcap_t *fp;
char tmpstring[PCAP_BUF_SIZE + 1]; /* Needed to convert names and descriptions from 'old' syntax to the 'new' one */
pcap_if_t *lastdev; /* Last device in the pcap_if_t list */
pcap_if_t *dev; /* Device we're adding to the pcap_if_t list */
/* List starts out empty. */
(*alldevs) = NULL;
lastdev = NULL;
if (strlen(source) > PCAP_BUF_SIZE)
{
pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "The source string is too long. Cannot handle it correctly.");
return -1;
}
/*
* Determine the type of the source (file, local, remote)
* There are some differences if pcap_findalldevs_ex() is called to list files and remote adapters.
* In the first case, the name of the directory we have to look into must be present (therefore
* the 'name' parameter of the pcap_parsesrcstr() is present).
* In the second case, the name of the adapter is not required (we need just the host). So, we have
* to use a first time this function to get the source type, and a second time to get the appropriate
* info, which depends on the source type.
*/
if (pcap_parsesrcstr(source, &type, NULL, NULL, NULL, errbuf) == -1)
return -1;
switch (type)
{
case PCAP_SRC_IFLOCAL:
if (pcap_parsesrcstr(source, &type, NULL, NULL, NULL, errbuf) == -1)
return -1;
/* Initialize temporary string */
tmpstring[PCAP_BUF_SIZE] = 0;
/* The user wants to retrieve adapters from a local host */
if (pcap_findalldevs(alldevs, errbuf) == -1)
return -1;
if (*alldevs == NULL)
{
pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
"No interfaces found! Make sure libpcap/Npcap is properly installed"
" on the local machine.");
return -1;
}
/* Scan all the interfaces and modify name and description */
/* This is a trick in order to avoid the re-implementation of the pcap_findalldevs here */
dev = *alldevs;
while (dev)
{
char *localdesc, *desc;
/* Create the new device identifier */
if (pcap_createsrcstr(tmpstring, PCAP_SRC_IFLOCAL, NULL, NULL, dev->name, errbuf) == -1)
return -1;
/* Delete the old pointer */
free(dev->name);
/* Make a copy of the new device identifier */
dev->name = strdup(tmpstring);
if (dev->name == NULL)
{
pcap_fmt_errmsg_for_errno(errbuf,
PCAP_ERRBUF_SIZE, errno,
"malloc() failed");
pcap_freealldevs(*alldevs);
return -1;
}
/*
* Create the description.
*/
if ((dev->description == NULL) || (dev->description[0] == 0))
localdesc = dev->name;
else
localdesc = dev->description;
if (pcap_asprintf(&desc, "%s '%s' %s",
PCAP_TEXT_SOURCE_ADAPTER, localdesc,
PCAP_TEXT_SOURCE_ON_LOCAL_HOST) == -1)
{
pcap_fmt_errmsg_for_errno(errbuf,
PCAP_ERRBUF_SIZE, errno,
"malloc() failed");
pcap_freealldevs(*alldevs);
return -1;
}
/* Now overwrite the description */
free(dev->description);
dev->description = desc;
dev = dev->next;
}
return 0;
case PCAP_SRC_FILE:
{
#ifdef _WIN32
WIN32_FIND_DATA filedata;
HANDLE filehandle;
#else
struct dirent *filedata;
DIR *unixdir;
#endif
if (pcap_parsesrcstr(source, &type, NULL, NULL, name, errbuf) == -1)
return -1;
/* Check that the filename is correct */
stringlen = strlen(name);
/* The directory must end with '\' in Win32 and '/' in UNIX */
#ifdef _WIN32
#define ENDING_CHAR '\\'
#else
#define ENDING_CHAR '/'
#endif
if (name[stringlen - 1] != ENDING_CHAR)
{
name[stringlen] = ENDING_CHAR;
name[stringlen + 1] = 0;
stringlen++;
}
/* Save the path for future reference */
pcap_snprintf(path, sizeof(path), "%s", name);
pathlen = strlen(path);
#ifdef _WIN32
/* To perform directory listing, Win32 must have an 'asterisk' as ending char */
if (name[stringlen - 1] != '*')
{
name[stringlen] = '*';
name[stringlen + 1] = 0;
}
filehandle = FindFirstFile(name, &filedata);
if (filehandle == INVALID_HANDLE_VALUE)
{
pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' exist?", path);
return -1;
}
#else
/* opening the folder */
unixdir= opendir(path);
/* get the first file into it */
filedata= readdir(unixdir);
if (filedata == NULL)
{
pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' exist?", path);
return -1;
}
#endif
/* Add all files we find to the list. */
do
{
#ifdef _WIN32
/* Skip the file if the pathname won't fit in the buffer */
if (pathlen + strlen(filedata.cFileName) >= sizeof(filename))
continue;
pcap_snprintf(filename, sizeof(filename), "%s%s", path, filedata.cFileName);
#else
if (pathlen + strlen(filedata->d_name) >= sizeof(filename))
continue;
pcap_snprintf(filename, sizeof(filename), "%s%s", path, filedata->d_name);
#endif
fp = pcap_open_offline(filename, errbuf);
if (fp)
{
/* allocate the main structure */
dev = (pcap_if_t *)malloc(sizeof(pcap_if_t));
if (dev == NULL)
{
pcap_fmt_errmsg_for_errno(errbuf,
PCAP_ERRBUF_SIZE, errno,
"malloc() failed");
pcap_freealldevs(*alldevs);
return -1;
}
/* Initialize the structure to 'zero' */
memset(dev, 0, sizeof(pcap_if_t));
/* Append it to the list. */
if (lastdev == NULL)
{
/*
* List is empty, so it's also
* the first device.
*/
*alldevs = dev;
}
else
{
/*
* Append after the last device.
*/
lastdev->next = dev;
}
/* It's now the last device. */
lastdev = dev;
/* Create the new source identifier */
if (pcap_createsrcstr(tmpstring, PCAP_SRC_FILE, NULL, NULL, filename, errbuf) == -1)
{
pcap_freealldevs(*alldevs);
return -1;
}
dev->name = strdup(tmpstring);
if (dev->name == NULL)
{
pcap_fmt_errmsg_for_errno(errbuf,
PCAP_ERRBUF_SIZE, errno,
"malloc() failed");
pcap_freealldevs(*alldevs);
return -1;
}
/*
* Create the description.
*/
if (pcap_asprintf(&dev->description,
"%s '%s' %s", PCAP_TEXT_SOURCE_FILE,
filename, PCAP_TEXT_SOURCE_ON_LOCAL_HOST) == -1)
{
pcap_fmt_errmsg_for_errno(errbuf,
PCAP_ERRBUF_SIZE, errno,
"malloc() failed");
pcap_freealldevs(*alldevs);
return -1;
}
pcap_close(fp);
}
}
#ifdef _WIN32
while (FindNextFile(filehandle, &filedata) != 0);
#else
while ( (filedata= readdir(unixdir)) != NULL);
#endif
#ifdef _WIN32
/* Close the search handle. */
FindClose(filehandle);
#endif
return 0;
}
case PCAP_SRC_IFREMOTE:
return pcap_findalldevs_ex_remote(source, auth, alldevs, errbuf);
default:
pcap_strlcpy(errbuf, "Source type not supported", PCAP_ERRBUF_SIZE);
return -1;
}
}
void CMyListView::Capoffline(CString m_open_filepath)//文件读取操作函数
{
char errbuf[PCAP_ERRBUF_SIZE];
char source[1024];
// struct pcap_pkthdr *header;//网络包头
const u_char *pkt_data;//数据报数据
CString m_packetlen;//数据包长度
CString m_protocol;//数据包协议
CString m_count1;//数据包计数
u_int i=0;
pcap_t *fp;
int m_count=0;
struct pcap_pkthdr* protocol_header;//协议头
int res;
if (pcap_createsrcstr(source, // variable that will keep the source string
PCAP_SRC_FILE, // we want to open a file
NULL, // remote host
NULL, // port on the remote host
m_open_filepath, // name of the file we want to open
errbuf // error buffer
) != 0)
{
AfxMessageBox(errbuf);
}
if ((fp=pcap_open(source, // name of the device
65536, // portion of the packet to capture
// 65536 guarantees that the whole packet will be captured on all the link layers
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode
1000, // read timeout
NULL, // authentication on the remote machine
errbuf // error buffer
) ) == NULL)
{
AfxMessageBox(errbuf);
}
m_mydata=(mydata*)malloc((m_mystruct.m_count-1)*sizeof(mydata));//数据包个数
while((res = pcap_next_ex(fp,&protocol_header,&pkt_data))>=0)
{
if (protocol_header->len==0) continue;
m_mydata[m_count].len=protocol_header->len;
m_mydata[m_count].pkt_data=(unsigned char*)malloc(protocol_header->len);
memcpy(m_mydata[m_count].pkt_data,pkt_data,protocol_header->len);
m_packetlen.Format("%d",protocol_header->len);
m_protocol=Packetanalyse(pkt_data);//协议分析
m_count1.Format("%d",m_count+1);//对要添加的信息做格式化处理
CListCtrl &m_list=GetListCtrl();//以下是对ListView添加信息
m_list.InsertItem(m_count,m_count1);
m_list.SetItemText(m_count,1,ctime((const time_t*)&protocol_header->ts.tv_sec));
m_list.SetItemText(m_count,2,m_packetlen);
m_list.SetItemText(m_count,3,inet_ntoa(ip_saddress));
m_list.SetItemText(m_count,4,inet_ntoa(ip_daddress));
m_list.SetItemText(m_count,5,m_mystruct.m_sourcemac);
m_list.SetItemText(m_count,6,m_mystruct.m_destinanionmac);
m_list.SetItemText(m_count,7,m_protocol);
m_list.SetItemText(m_count,8,m_info);
m_count++;
}
}
