1

我是 winpcap 和 c++ 的绝对初学者。我想读取转储文件,更改某些数据包的 MAC 地址并删除其他数据包。所以最后,我的文件应该只包含更改的数据包(与以前相同的文件,只是没有“不重要”的数据包)。

我使用 Qt Creator、mingw、c++ 和 winpcap(当然)。

到目前为止有效的方法:从文件中读取,显示我想要的 mac/ip/whatever。什么不起作用:编辑数据包。

我使用一些结构从数据包中读取数据:

struct pcap_hdr_s {
public:
uint32_t magic_number;   /* magic number */
uint16_t version_major;  /* major version number */
uint16_t version_minor;  /* minor version number */
int32_t  thiszone;       /* GMT to local correction */
uint32_t sigfigs;        /* accuracy of timestamps */
uint32_t snaplen;        /* max length of captured packets, in octets */
uint32_t network;        /* data link type */
};

struct pcaprec_hdr_s {
public:
uint32_t ts_sec;         /* timestamp seconds */
uint32_t ts_usec;        /* timestamp microseconds */
uint32_t incl_len;       /* number of octets of packet saved in file */
uint32_t orig_len;       /* actual length of packet */
} ;

struct ip_address{
public:
u_char byte1;
u_char byte2;
u_char byte3;
u_char byte4;
};

struct mac_adress{
public:
u_char mac1;
u_char mac2;
u_char mac3;
u_char mac4;
u_char mac5;
u_char mac6;
};

/*Ethernet header*/
struct eth_header{
public:
mac_adress dst_mac;
mac_adress src_mac;
uint16_t type;
};

/* IPv4 header */
struct ip_header{
public:
u_char  ver_ihl;        // Version (4 bits) + Internet header length (4 bits)
u_char  tos;            // Type of service
u_short tlen;           // Total length
u_short identification; // Identification
u_short flags_fo;       // Flags (3 bits) + Fragment offset (13 bits)
u_char  ttl;            // Time to live
u_char  proto;          // Protocol
u_short crc;            // Header checksum
ip_address* saddr;      // Source address
ip_address* daddr;      // Destination address
//u_int   op_pad;         // Option + Padding --> optional
};

/* UDP header*/
struct udp_header{
public:
u_short sport;          // Source port
u_short dport;          // Destination port
u_short len;            // Datagram length
u_short crc;            // Checksum
};

到目前为止,这是我用于编辑数据包的代码:

void changeMAC(QString wantedMac, QString file){
const u_char *pkt_data;
struct pcap_pkthdr *header;
pcap_t *pd;
pcap_dumper_t *pdumper;
eth_header *ethHeader;
ip_header *ipHeader;
int res = 0;
QString check;

pd = pcap_open_dead(DLT_EN10MB, 65535);

/*output file = input file*/
pdumper = pcap_dump_open(pd, qPrintable(file));

while((res = pcap_next_ex(pd, &header, &pkt_data)) >= 0){//iterate through the packets in the file
    ipHeader = (ip_header *)(pkt_data + 14);
    if(ipHeader->proto == 17){ //I only have a look at udp
        ethHeader = (eth_header *)(pkt_data); //check if this is the MAC I want to cahnge

        check.clear();
        check.append(ethHeader->dst_mac.mac1);
        check.append(ethHeader->dst_mac.mac2);
        check.append(ethHeader->dst_mac.mac3);
        check.append(ethHeader->dst_mac.mac4);
        check.append(ethHeader->dst_mac.mac5);
        check.append(ethHeader->dst_mac.mac6);//'check' contains the current MAC of the packet

        if(wantedMac.contains(check.toAscii().toHex())){ //if 'check' contains the MAC I was looking for
            /*
            * Create fake IP header and put UDP header
            * and payload in place
            * --> how to do this for all wanted packets?
            */

            pcap_dump((u_char *)pdumper, header, pkt_data); //write changed packet to file
         }
         else{
         //delete the packet --> how?
         }
    }
}
pcap_close(pd);
pcap_dump_close(pdumper);
}

我看过这个,它有帮助,但到目前为止。到目前为止,我的代码就是我所拥有的。

编辑:作为第一步,如果我能够将编辑的数据包保存在第二个文件中,而不是数据包来自的文件中,我也会很高兴。但是如何编辑它们?

4

1 回答 1

0

好吧,我自己想出了一些东西。它可能不是最优雅的解决方案,但它确实有效。

QString string;
QStringList mac;
int result=0;
bool ok;
QChar d

string=mac[0];//first part of mac address to string

for(int i=0; i<string.length();i++){//string to ascii hex and int
    d=string.toUInt(&ok,16);
    result=d.unicode();
}

ethHeader->dst_mac.macPart1=result;//allocate, go on for next part of macaddress
于 2013-01-31T10:43:47.827 回答