ip包流量监控代码
/********************************************** *输出统计的 IP 数据包信息, *列出源地址、目的地址、不同协议类型的 IP 包数量 ***********************************************/ void IPstatistic() {
ptail->sour_ip = pt.sourceip; ptail->dest_ip = pt.destip; ptail->protocol = pt.proto; ptail->num = 1; pHead = ptail; ptail->next = NULL; }
else {
/*********************************************** *从第一个包开始扫描, *如果存在相同目的地址、源地址和协议类型的 IP 包, *则让那个结点的记数累加 ************************************************/
{ printf("原始 socket 绑定失败\n");
return -1; }
//用 WSAloctl()将网卡设置为混杂模式,接收所有流过的 IP 包 DWORD dwValue = 1; DWORD dwBufferLen[20]; DWORD dwBufferInLen = 1; DWORD dwBytesReturned = 0;
*****************************************/ char *getProtocol(BYTE Pro_type) {
switch(Pro_type) { case 1:
return "ICMP"; case 2:
return "IGMP"; case 6:
return "TCP"; case 8:
unsigned char h_lenver; 度 (4 bits)
unsigned char tos;
service) unsigned short total_len; unsigned short ident; unsigned short frag_and_flags;
+ 段偏移量(Fragment offset) (13 bits) unsigned char ttl;
}//if
//将输入的时间参数转换为 int 型 int second = atoi(argv[1]);
//调用 WSAStartup 函数初始化 Winsock DLL,返回 0 为初始化成功 WSADATA wsData;
if (WSAStartup(MAKEWORD(2,2), &wsData)!=0) {
*****************************************/ void AddNode(ipHead pt)
{
//捕获 IP 包列表 printf("%-.16s\t\t",inet_ntoa(*(in_addr*)&(pt.sourceip))); printf("%-.16s\t",inet_ntoa(*(in_addr*)&(pt.destip))); printf("%s\n",getProtocol(pt.proto));
printf("初始化失败\n"); return -1; }//if
//创建 Raw Socket,INVALID_SOCKET 为无效 SOCKET SOCKET sock;
if ((sock=WSASocket(AF_INET, SOCK_RAW, IPPROTO_IP,NULL,0,WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET)
return "EGP"; case 17:
return "UDP"; case 41:
return "IPv6"; case 89:
return "OSPF"; default:
return "UNKNOWN"; } }
/**************************************** *把捕获的 IP 包插入链表
*IP 地址通过 gethostbyname()获得
*******************************************************/
sockaddr_in
addr_in;
addr_in.sin_family = AF_INET;
addr_in.sin_port = htons(8000);
#pragma comment(lib,"WS2_32")
#define BUFFER_SIZE 65535 #define IO_RCVALL _WSAIOW(IOC_VENDOR,1)
/****************** *IP 数据报头结构
*******************/ struct ipHead {
ipNode *pt = pHead;
while (pt != NULL) {
printf("%-.16s\t\t",inet_ntoa(*(in_addr*)&(pt->sour_ip))); printf("%-.16s\t",inet_ntoa(*(in_addr*)&(pt->dest_ip))); printf("%s\t\t",getProtocol(pt->protocol)); printf("%u\n",pt->num);
/************************************************ *当指针到达链表末尾时,插入新的 IP 包, *计数置一,表尾指针置空 *************************************************/
if (pTemp == NULL) {
unsigned char unsigned short
checksum) unsigned int
proto; checksum;
sourceip;
unsigned int address)
unsigned int };
destip; op_pad;
// 版本 (4 bits) + 首部长
// 服务类型(Type of
ipNode *pTemp=pHead; while (pTemp) {
if ((pTemp->sour_ip == pt.sourceip)&&(pTemp->dest_ip == pt.destip)
&&(pTemp->protocol == pt.proto)) {
pTemp->num++; break; } pTemp = pTemp->next; }
{ printf("创建 Raw Socket 失败\n"); return -1;
}//if
//设置套接口的选项 BOOL flag = TRUE;
if (setsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char*)&flag,sizeof(flag)) == SOCKET_ERROR)
// 选项和填充
/*******************
*IP 链表结构
********************/
struct ipNode
{ unsigned int
sour_ip;
unsigned int dest_ip;
unsigned char protocol;
intБайду номын сангаас
num;
struct ipNode *next;
// 总长(Total length) // 标识(Identification) // 标志位(Flags) (3 bits)
// 存活时间(Time to live)
// 协议(Protocol) // 首部校验和(Header
// 源地址(Source address)
// 目的地址(Destination
/****************************************** *如果表头指针为空,将首个 IP 包插入链表头, *表头指针后移,表尾指针置空 *******************************************/
if (pHead == NULL) {
ptail = new ipNode;
addr_in.sin_addr = *(in_addr *)pHost->h_addr_list[0];
//int bind(SOCKET s,const struct sockaddr FAR * name,int namelen);
//把原始 socket 绑定到本地网卡上
if (bind(sock, (sockaddr*)&addr_in,sizeof(addr_in)) == SOCKET_ERROR)
{ printf("设置套接口选项失败\n"); return -1;
}
//获取本机机器名 char localName[256];
if (gethostname(localName, 256) == SOCKET_ERROR) {
