自学内容网 自学内容网

Qt开发网络嗅探器03

数据包分析

想要知道如何解析IP数据包,就要知道不同的IP数据包的包头结构,于是我们上⽹查查资料:

以太网数据包

ARP数据包

在这里插入图片描述

IPv4

IPv6

在这里插入图片描述

TCP

在这里插入图片描述

UDP

在这里插入图片描述

ICMP

在这里插入图片描述

ICMPv6

在这里插入图片描述
根据以上数据包头结构,我们就有了我们的protocol.h文件,声明各种数据包:

#ifndef PROTOCOL_H
#define PROTOCOL_H
#define HAVE_REMOTE
#define PROTO_ICMP 1
#define PROTO_TCP 6
#define PROTO_UDP 17
#include <iostream>
#include <QObject>
#include "_bsd_types.h"
#include "pcap.h"
using namespace std;
//IPV4
typedef struct ip_address{
    u_char byte1;
    u_char byte2;
    u_char byte3;
    u_char byte4;
}ip_address;

typedef struct ipv6_address
{
    u_char byte1;
    u_char byte2;
    u_char byte3;
    u_char byte4;
    u_char byte5;
    u_char byte6;
    u_char byte7;
    u_char byte8;
}ipv6_address;

typedef struct ipv4_header{
    u_char ver_ihl;
    u_char tos;
    u_short tlen;
    u_short Identification;
    u_short flags_fo;
    u_char ttl;
    u_char proto;
    u_short crc;
    ip_address srcaddr;
    ip_address dstaddr;
    u_int op_pad;
}ipv4_header;

typedef struct ipv6_header{
    u_int ver:4,
        flowtype:8,
        flowtip:20;
    u_short len;
    u_char pnext;
    u_char lim;
    ipv6_address srcaddr;
    ipv6_address dstaddr;
}ipv6_header;

typedef struct tcp_header{
    u_short srcport;
    u_short dstport;
    u_int seq;
    u_int ack_seq;
    u_short resl:4,
        doff:4,
        fin:1,
        syn:1,
        pst:1,
        psh:1,
        ack:1,
        urg:1,
        ece:1,
        cwr:1;
    u_short window;
    u_short check;
    u_short urg_ptr;
    u_int opt;
}tcp_header;

typedef struct udp_header{
    u_short srcport;
    u_short dstport;
    u_short tlen;
    u_short crc;
}udp_header;

typedef struct icmp_header{
    u_char type;
    u_char code;
    u_char seq;
    u_char crc;
}icmp_header;

typedef struct icmp6_header{
    u_char type;
    u_char code;
    u_char seq;
    u_char crc;
    u_char op_type;
    u_char op_len;
    u_char op_ethaddr[6];
}icmp6_header;

typedef struct pkg_count{
    int n_tcp;
    int n_udp;
    int n_icmp;
    int n_icmp6;
    int n_http;
    int n_arp;
    int n_ipv4;
    int n_ipv6;
    int n_other;
    int n_ttl;
}pkg_count;

typedef struct arp_header{
    u_short hardware;
    u_short proto;
    u_char ml;
    u_char ipl;
    u_short opt;
    u_char sm[6];
    ip_address sip;
    u_char dm[6];
    ip_address dip;
}arp_hearder;

typedef struct eth_header{
    u_char smac[6];
    u_char dmac[6];
    u_short type;
}eth_header;

typedef struct pkg_data
{
    QString pkgtype;
    int time[6];
    int len;
    
    eth_header *ethh;
    
    ipv4_header *ipv4h;
    ipv6_header *ipv6h;
    arp_header *arph;
    
    udp_header *udph;
    tcp_header *tcph;
    icmp_header *icmph;
    icmp6_header *icmp6;

    void *apph;
    
}pkg_data;




#endif // PROTOCOL_H

再对数据包的结构进行了解后,我们就需要对这些包进行解析,所以我们需要一个packettools类,里面用静态函数写出包的解析,供我们在别的地方调用:

#ifndef PACKETTOOLS_H
#define PACKETTOOLS_H
#include <QObject>
#include <QTextEdit>
#include "protocol.h"
#include "iostream"

using namespace std;

class PacketTools
{
public:
    static int unpcak_Frame(const u_char *pkg,
                             pkg_data *data,
                             pkg_count *pkgCnts);


    static int unpcak_Arp(const u_char *pkg,
                           pkg_data *data,
                           pkg_count *pkgCnts);

    static int unpack_Ip(const u_char *pkg,
                          pkg_data *data,
                          pkg_count *pkgCnts);

    static int unpack_Ipv6(const u_char *pkg,
                           pkg_data *data,
                           pkg_count *pkgCnts);

    static int unpack_Icmp(const u_char *pkg,
                            pkg_data *data,
                            pkg_count *pkgCnts);

    static int unpack_Icmp6(const u_char *pkg,
                            pkg_data *data,
                            pkg_count *pkgCnts);

    static int unpack_Tcp(const u_char *pkg,
                           pkg_data *data,
                           pkg_count *pkgCnts);

    static int unpack_Udp(const u_char *pkg,
                           pkg_data *data,
                           pkg_count *pkgCnts);

    static int pack_Print(u_char *pkg,
                           int size,
                          QTextEdit *edit);
};

#endif // PACKETTOOLS_H

主要一点就是要知道父类数据包的type字段对子类数据包的分类,然后将数据包拷贝储存到全局容器里面。


原文地址:https://blog.csdn.net/H520xcodenodev/article/details/140596188

免责声明:本站文章内容转载自网络资源,如本站内容侵犯了原著者的合法权益,可联系本站删除。更多内容请关注自学内容网(zxcms.com)!