数据包分析
想要知道如何解析IP数据包,就要知道不同的IP数据包的包头结构,于是我们上⽹查查资料:
以太网数据包
ARP数据包
IPv4
IPv6
TCP
UDP
ICMP
ICMPv6
根据以上数据包头结构,我们就有了我们的protocol.h文件,声明各种数据包:
#ifndef PROTOCOL_H
#define PROTOCOL_H
#define HAVE_REMOTE
#define PROTO_ICMP 1
#define PROTO_TCP 6
#define PROTO_UDP 17
#include <iostream>
#include <QObject>
#include "_bsd_types.h"
#include "pcap.h"
using namespace std;
//IPV4
typedef struct ip_address{
u_char byte1;
u_char byte2;
u_char byte3;
u_char byte4;
}ip_address;
typedef struct ipv6_address
{
u_char byte1;
u_char byte2;
u_char byte3;
u_char byte4;
u_char byte5;
u_char byte6;
u_char byte7;
u_char byte8;
}ipv6_address;
typedef struct ipv4_header{
u_char ver_ihl;
u_char tos;
u_short tlen;
u_short Identification;
u_short flags_fo;
u_char ttl;
u_char proto;
u_short crc;
ip_address srcaddr;
ip_address dstaddr;
u_int op_pad;
}ipv4_header;
typedef struct ipv6_header{
u_int ver:4,
flowtype:8,
flowtip:20;
u_short len;
u_char pnext;
u_char lim;
ipv6_address srcaddr;
ipv6_address dstaddr;
}ipv6_header;
typedef struct tcp_header{
u_short srcport;
u_short dstport;
u_int seq;
u_int ack_seq;
u_short resl:4,
doff:4,
fin:1,
syn:1,
pst:1,
psh:1,
ack:1,
urg:1,
ece:1,
cwr:1;
u_short window;
u_short check;
u_short urg_ptr;
u_int opt;
}tcp_header;
typedef struct udp_header{
u_short srcport;
u_short dstport;
u_short tlen;
u_short crc;
}udp_header;
typedef struct icmp_header{
u_char type;
u_char code;
u_char seq;
u_char crc;
}icmp_header;
typedef struct icmp6_header{
u_char type;
u_char code;
u_char seq;
u_char crc;
u_char op_type;
u_char op_len;
u_char op_ethaddr[6];
}icmp6_header;
typedef struct pkg_count{
int n_tcp;
int n_udp;
int n_icmp;
int n_icmp6;
int n_http;
int n_arp;
int n_ipv4;
int n_ipv6;
int n_other;
int n_ttl;
}pkg_count;
typedef struct arp_header{
u_short hardware;
u_short proto;
u_char ml;
u_char ipl;
u_short opt;
u_char sm[6];
ip_address sip;
u_char dm[6];
ip_address dip;
}arp_hearder;
typedef struct eth_header{
u_char smac[6];
u_char dmac[6];
u_short type;
}eth_header;
typedef struct pkg_data
{
QString pkgtype;
int time[6];
int len;
eth_header *ethh;
ipv4_header *ipv4h;
ipv6_header *ipv6h;
arp_header *arph;
udp_header *udph;
tcp_header *tcph;
icmp_header *icmph;
icmp6_header *icmp6;
void *apph;
}pkg_data;
#endif // PROTOCOL_H
再对数据包的结构进行了解后,我们就需要对这些包进行解析,所以我们需要一个packettools类,里面用静态函数写出包的解析,供我们在别的地方调用:
#ifndef PACKETTOOLS_H
#define PACKETTOOLS_H
#include <QObject>
#include <QTextEdit>
#include "protocol.h"
#include "iostream"
using namespace std;
class PacketTools
{
public:
static int unpcak_Frame(const u_char *pkg,
pkg_data *data,
pkg_count *pkgCnts);
static int unpcak_Arp(const u_char *pkg,
pkg_data *data,
pkg_count *pkgCnts);
static int unpack_Ip(const u_char *pkg,
pkg_data *data,
pkg_count *pkgCnts);
static int unpack_Ipv6(const u_char *pkg,
pkg_data *data,
pkg_count *pkgCnts);
static int unpack_Icmp(const u_char *pkg,
pkg_data *data,
pkg_count *pkgCnts);
static int unpack_Icmp6(const u_char *pkg,
pkg_data *data,
pkg_count *pkgCnts);
static int unpack_Tcp(const u_char *pkg,
pkg_data *data,
pkg_count *pkgCnts);
static int unpack_Udp(const u_char *pkg,
pkg_data *data,
pkg_count *pkgCnts);
static int pack_Print(u_char *pkg,
int size,
QTextEdit *edit);
};
#endif // PACKETTOOLS_H
主要一点就是要知道父类数据包的type字段对子类数据包的分类,然后将数据包拷贝储存到全局容器里面。
