解析ARP数据包

 //#include<windows.h>
#pragma comment(lib,"Ws2_32.lib");
//#pragma comment(lib,"wpcap.lib");
#pragma comment(lib, "wpcap.lib");

#include "pcap.h"
#include <fstream.h>
#include <iomanip.h>
#include <conio.h>
#include  "remote-ext.h "

struct arppkt{
 unsigned short hdtyp;//硬件类型,值0001表示其为Ethernet
 unsigned short protyp;//协议类型,值0800表示上层协议为IP
 unsigned char hdsize;//硬件地址长度,值为06
 unsigned char prosize;//协议地址长度,值为04
 unsigned short op;//操作值:0001/0002分别表示arp请求/应答
 u_char smac[6];//源mac地址6B
 u_char sip[4];//源IP地真址
 u_char dmac[6];//目标mac地址
 u_char dip[4];// 目标IP

};
void packet_handler(const pcap_pkthdr *header,const u_char *pkt_data,ostream &out);
void main(int argc,char *argv[])
{
/* if(argc!=2)
 {
  cout<<"Usage:arpparse logfilename"<<endl;
  cout<<"Press any key to continue."<<endl;
  _getch();
  return ;
 }*/
 pcap_if_t *alldevs;
 pcap_if_t *d;
 pcap_t *adhandle;
 char errbuf[PCAP_ERRBUF_SIZE];
 u_int netmask;
 char packet_filter[]="ether proto //arp";
 struct bpf_program fcode;
 struct pcap_pkthdr *header;
  u_char *pkt_data;
 if(pcap_findalldevs(&alldevs,errbuf)==-1)
 {
  cout<<"Error in pcap_findalldevs"<<errbuf;
  return;
 }
 for(d=alldevs;d;d=d->next)
 {
  if((adhandle=pcap_open_live(d->name,1000,1,300,errbuf))==NULL)
  {
   cout<<"/nUnable to open the adapter.";
   pcap_freealldevs(alldevs);
   return;
  }
  if(pcap_datalink(adhandle)==DLT_EN10MB&&d->addresses!=NULL)
   break;
 }
 if(d==NULL)
 {
  cout<<"/nNo interfaces found! Make sure winpcap is intalled./n";
  return ;
 }
 //
 netmask=((sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;
 if(pcap_compile(adhandle,&fcode,packet_filter,1,netmask)<0)
 {
  cout<<"/nUnable to complie the packet filter .check the syntax./n";
  pcap_freealldevs(alldevs);
  return;
 }
 if(pcap_setfilter(adhandle,&fcode)<0)
 {
  cout<<"/nError setting the filter./n";
  pcap_freealldevs(alldevs);
  return;
 }
 cout<<"/t/tlistening on"<<d->description<<"..."<<endl<<endl;

 ofstream fout(argv[1],ios::app);
 time_t t;
 time(&t);
 fout.seekp(0,ios::end);
 if(fout.tellp()!=0)
  fout<<endl;
 fout<<"/t/tARP request(1)/reply(2) on"<<time(&t);
 cout<<"Sour IP Addr"<<"  "<<"Sour MAC Address"<<"  "
  <<"Des IP Addr"<<"  "<<"Des MAC Address"<<"  "
  <<"OP"<<"  "<<"Time"<<endl;
  fout<<"Sour IP Addr"<<"  "<<"Sour MAC Address"<<"  "
  <<"Des IP Addr"<<"  "<<"Des MAC Address"<<"  "
  <<"OP"<<"  "<<"Time"<<endl;
  pcap_freealldevs(alldevs);
  int result;
  while((result=pcap_next_ex(adhandle,&header,&pkt_data))>=0)
  {
   if(result==0)
    continue;
   packet_handler(header,pkt_data,cout);
   packet_handler(header,pkt_data,fout);
  }
  
} 
void packet_handler(const pcap_pkthdr *header,const u_char *pkt_data,ostream &out)
{
 arppkt *arph=(arppkt *)(pkt_data+14);
 for(int i=0;i<3;i++)
  out<<int(arph->sip[i])<<'.';
 out.setf(ios::left);
 out<<setw(3)<<int(arph->sip[3])<<" ";
 out.unsetf(ios::left);

 char oldfillchar=out.fill('0');
 out.setf(ios::uppercase);
 for(i=0;i<5;i++)
  out<<hex<<setw(2)<<int(arph->smac[i])<<'-';
 cout<<hex<<setw(2)<<int(arph->smac[5])<<" ";
 out.fill(oldfillchar);

 out.unsetf(ios::hex|ios::uppercase);
 for(i=0;i<3;i++)
  out<<int(arph->dip[i])<<'-';
 out.setf(ios::left);
 out<<setw(3)<<int(arph->dip[3])<<" ";
 out.unsetf(ios::left);

 out.fill('0');
 out.setf(ios::uppercase);
 for(i=0;i<5;i++)
  out<<hex<<setw(2)<<int(arph->dmac[i])<<'-';
 out<<hex<<setw(2)<<int(arph->dmac[5])<<" ";
 out.fill(oldfillchar);
 out.unsetf(ios::hex|ios::uppercase);
 out<<ntohs(arph->op)<<" ";
 struct tm *ltime;
 ltime=localtime(&header->ts.tv_sec);
 out.fill('0');
 out<<ltime->tm_hour<<":"<<setw(2)<<ltime->tm_min<<':'<<setw(2)<<ltime->tm_sec;
 out.fill(oldfillchar);
 out<<endl;
}