{
AfxMessageBox("Unable to set the adapter to promiscuous mode");
return - 1;
}
if (PacketSetBuff(lpadapter, 500 *1024) == FALSE)
{
AfxMessageBox("PacketSetBuff Error");
return - 1;
}
if (PacketSetReadTimeout(lpadapter, 0) == FALSE)
{
AfxMessageBox("Unable to set the timeout");
return - 1;
}
if ((lppacketr = PacketAllocatePacket()) == FALSE)
{
AfxMessageBox("PacketAllocatePacket receive Error");
return - 1;
}
PacketInitPacket(lppacketr, (char*)recvbuf, sizeof(recvbuf));
while (1)
{
if (PacketReceivePacket(lpadapter, lppacketr, TRUE) == FALSE)
{
return - 1;
}
GetData(lppacketr);
}
return 0;
}
其中调用的函数GetData()用于解析由PacketReceivePacket()函数收到的报文,关于分析ARP_REPLY报文以便获得局域网主机列表的代码如下:
void GetData(LPPACKET lp)
{
ULONG ulbytesreceived, off;
ETHDR *eth;
ARPHDR *arp;
PIPHDR ip;
char *buf, *pChar, *base;
struct bpf_hdr *hdr;
ulbytesreceived = lp->ulBytesReceived;
buf = (char*)lp->Buffer;
off = 0;
while (off < ulbytesreceived)
{
hdr = (struct bpf_hdr*)(buf + off);
off += hdr->bh_hdrlen;
pChar = (char*)(buf + off);
base = pChar;
off = Packet_WORDALIGN(off + hdr->bh_caplen);
eth = (PETHDR)pChar;
arp = (PARPHDR)(pChar + sizeof(ETHDR));
if (eth->eh_type == htons(ETH_IP))
{
ip = (PIPHDR)(pChar + sizeof(ETHDR));
for (int i = 0; i < oldHstIndex; i++)
{
if ((oldHostList[i].ip == ip->sourceip || oldHostList[i].ip == ip->destip) && oldHostList[i].sniffer == 1)
{
packetList[currentPktIndex].srcIp = ip->sourceip;
packetList[currentPktIndex].desIp = ip->destip;
packetList[currentPktIndex].protocol = ip->proto;
switch (ip->proto)
{
case IPPROTO_TCP:
共15页: 上一页 [1] [2] [3] [4] [5] [6] 7 [8] [9] [10] [11] [12] [13] [14] [15] 下一页
|
