以前写的一个TCP报文分析程序

#include<stdio.h>
#include<sys/types.h>
#include<sys/stat.h>
#include<fcntl.h>
#include<unistd.h>
#include <arpa/inet.h>

#define FILE_OPEN_FLAGS  O_RDWR
#define buffer_length    1518

int main(int argc, char* argv[])
{
  unsigned char raw_content[buffer_length];
  unsigned char txt_content[buffer_length*2];
  unsigned char a;
  unsigned char b;
  unsigned char c;
  int  file_descriptor=0;
  int  file_length;
  int index;
  int raw_index=0;
  int mac_header_length=6+6+2;
  int ip_header_length;
  int ip_packet_length;
  int tcp_header_index=0;
  int tcp_header_length=0;
  int data_length=0;
  char*  data=NULL;
  if(argc<=1)
  {
   printf("sorry please input filename...\n");
   printf("--------------------------------------------------\n");
   return 0;
  }
  
  file_descriptor=open(argv[1],FILE_OPEN_FLAGS);
  file_length=read(file_descriptor,txt_content,buffer_length*10);
  printf("read file ok,read %d characters ...\n",file_length);
  close(file_descriptor);
  printf("begin to translage content to 0 1...\n");
  for(index=0;index<file_length;index++)
  {
    if(index % 2 ==0)
	{
	//给a赋值
       if(txt_content[index]>='0' && txt_content[index] <='9')
	   {
	      a=txt_content[index]-'0';
	   }
	   else
	   {
	      a=txt_content[index]-'a'+10;
	   }
	}
	else
	{
	 //给b赋值
	    if(txt_content[index]>='0' && txt_content[index] <='9')
	   {
	      b=txt_content[index]-'0';
	   }
	   else
	   {
	      b=txt_content[index]-'a'+10;
	   }
	}
	if(index%2==1)
	{
	 //此时可以转换了
	 a=a<<4;
	 c=a|b;
	 raw_content[raw_index++]=c;
	}
	
  }
  if(index%2 == 1)
  {
   b =0;
   a=a<<4;
   c=a|b;
   raw_content[raw_index++]=c;
   printf("this should never be occured...\n");
  }
  
  printf("translate to 0 1 ok,total number:%d...\n",raw_index);  
  printf("now begin to parse file...\n\n\n");
  //翻译网卡
  
  printf("\nDestination:0x ");
  printf("%x:",raw_content[0]);printf("%x:",raw_content[1]);printf("%x:",raw_content[2]);printf("%x:",raw_content[3]);printf("%x:",raw_content[4]);printf("%x",raw_content[5]);
   printf("\nSource:0x ");
  printf("%x:",raw_content[6]);printf("%x:",raw_content[7]);printf("%x:",raw_content[8]);printf("%x:",raw_content[9]);printf("%x:",raw_content[10]);printf("%x",raw_content[11]);
  
  //翻译网络层协议
  printf("\n Type:");
  if(raw_content[12]==0x08&& raw_content[13]==0x00)
  {
   printf("IP (ox0800)");
  }
  else
  if(raw_content[12]==0x08&& raw_content[13]==0x06)
  {
   printf("ARP(ox0806)");
   return 1;
  }
  else
  if(raw_content[12]==0x80&& raw_content[13]==0x35)
  {
   printf("RARP(0x8035)");
   return 1;
  }
  else
  if(raw_content[12]==0x86&& raw_content[13]==0xdd)
  {
   printf("IP(ox86dd)");
   return 1;
  }
  printf("\n");  printf("\n");  printf("\n");
  //开始解析4位版本和4位首部长度
  a=raw_content[14];
  a=a>>4;
  printf("Version:%d\n",a);
  //开始解析4位首部长度
  a=raw_content[14]&0x0f;
  ip_header_length=a<<2;
  printf("Header Length:%d bytes\n",ip_header_length);
  //开始解析服务类型
  printf("TOS:null\n");
  //开始解析总长度
  ip_packet_length=raw_content[16]*256+raw_content[17];
  printf("Total Length:%d\n",ip_packet_length);
  //16位标识
  printf("Identification:0x");
  printf("%x",raw_content[18]);
  printf("%x(%d)\n",raw_content[19],raw_content[18]*256+raw_content[19]);
  
  a=raw_content[20];
  a=a>>5;
  printf("Reserved Bit:");
  printf("%s\n",a>=4?" 1 Set":" 0 Not Set");
  a=a%4;
  printf("Dont't fragment:");
  printf("%s\n",a>=2?" 1 Set":" 0 Not Set");
  a=a%2;
  printf("More fragments:");
  printf("%s\n",a>=1?" 1 Set":" 0 Not Set");
  a=raw_content[20];
  a=a<<3;
  a=a>>3;
  printf("fragment offset:%d\n",a*256+raw_content[21]);
  //开始解析8位生存时间
  printf("Time to live:%d\n",raw_content[22]);
  switch(raw_content[23])
  {
   case 0x06:
             printf("Protocol:TCP (0x06)");break;
   case 0x84:
             printf("Protocol:SCTP (0x84)");break;
   case 0x11:
             printf("Protocol:UDP(0x11)");break;
   case 0x02:
             printf("Protocol:IGMP(ox02)");break;
  }
  
  printf("Header checksum:0x%x%x\n",raw_content[24],raw_content[25]);
  //开始解析源IP
  printf("Source:%d.%d.%d.%d\n",raw_content[26],raw_content[27],raw_content[28],raw_content[29]);
  printf("Destination:%d.%d.%d.%d\n",raw_content[30],raw_content[31],raw_content[32],raw_content[33]);
  
  tcp_header_index=14+ip_header_length;
    printf("\n");  printf("\n");
  //开始解析源头端口
  printf("Source port:%d(%d)\n",raw_content[tcp_header_index+0]*256+raw_content[tcp_header_index+1],raw_content[tcp_header_index+0]*256+raw_content[tcp_header_index+1]);
  printf("Destination port:%d(%d)\n",raw_content[tcp_header_index+2]*256+raw_content[tcp_header_index+3],raw_content[tcp_header_index+2]*256+raw_content[tcp_header_index+3]);
  printf("sequence number:%d\n",raw_content[tcp_header_index+4]*256*256*256+raw_content[tcp_header_index+5]*256*256+raw_content[tcp_header_index+6]*256+raw_content[tcp_header_index+7]);
  printf("Acknowledgement number:%d\n",raw_content[tcp_header_index+8]*256*256*256+raw_content[tcp_header_index+9]*256*256+raw_content[tcp_header_index+10]*256+raw_content[tcp_header_index+11]);
  
  //4位首部长度
  a=raw_content[tcp_header_index+12];
  a=a&0xf0;
  a=a>>2;
  tcp_header_length=a;
  printf("Header length:%d bytes\n",tcp_header_length);
  a=raw_content[tcp_header_index+13];
  a=a<<2;
  a=a>>2;
  printf("Flags:0x%x\n",a);
  if(a>=128)
  printf("1....... Congestion Window Reduced(CWR): Set\n");
  else
  printf("0....... Congestion Window Reduced(CWR): Not Set\n");
  
  a=a%128;
  if(a>=64)
  printf(".1...... ECN-Echo: Set\n");
  else
  printf(".0...... ECN-Echo: Not Set\n");
  
  a=a%64;
  if(a>=32)
  printf("..1..... Urgent: Set\n");
  else
  printf("..0..... Urgent: Not Set\n");
  
  a=a%32;
  if(a>=16)
  printf("...1.... Acknowledgement: Set\n");
  else
  printf("...0.... Acknowledgement: Not Set\n");
  
  a=a%16;
  if(a>=8)
  printf("....1... Push: Set\n");
  else
  printf("....0... Push: Not Set\n");
  
  a=a%8;
  if(a>=4)
  printf(".....1.. Reset: Set\n");
  else
  printf(".....0.. Reset: Not Set\n");
  
  a=a%4;
  if(a>=2)
  printf("......1. Syn: Set\n");
  else
  printf("......0. Syn: Not Set\n");
  
  a=a%2;
  if(a>=1)
  printf(".......1 Fin: Set\n");
  else
  printf(".......0 Fin: Not Set\n");
  
  printf("Window Size:%d\n",raw_content[tcp_header_index+14]*256+raw_content[tcp_header_index+15]);
  printf("Checksum:0x%x%x\n",raw_content[tcp_header_index+16],raw_content[tcp_header_index+17]);
  data_length=ip_packet_length-ip_header_length-tcp_header_length;
  printf("\n\nApplication Data Length:%d \n",data_length);
  data=raw_content+mac_header_length+ip_header_length+tcp_header_length;
  data[data_length]='\0';
  printf("Application Data:%s\n",data);
  printf(".............................................................................................................................\n");
  
  
}

写了一个适合自己分析报文的程序。

你可能感兴趣的:(tcpdump,tcp,wireshark)