2

我正在使用一个应用程序,它为我提供数据包的 IP、TCP 或 UDP 标头信息。现在我正在寻找一个库,它可以解析这些标头并返回有关它的信息,例如端口和 IP 地址。

有没有任何书面或内置的方法可以做到这一点?或者我应该自己写一个解析器?

谢谢。

4

2 回答 2

1

Linux 头文件中有 C 结构定义。(Windows/OSX 可能有类似的标头,尽管您可以调整 Linux 标头。)

例如/usr/include/netinet/ip.h:

struct iphdr
  {
#if __BYTE_ORDER == __LITTLE_ENDIAN
    unsigned int ihl:4;
    unsigned int version:4;
#elif __BYTE_ORDER == __BIG_ENDIAN
    unsigned int version:4;
    unsigned int ihl:4;
#else
# error "Please fix <bits/endian.h>"
#endif
    u_int8_t tos;
    u_int16_t tot_len;
    u_int16_t id;
    u_int16_t frag_off;
    u_int8_t ttl;
    u_int8_t protocol;
    u_int16_t check;
    u_int32_t saddr;
    u_int32_t daddr;
    /*The options start here. */
  };

/usr/include/netinet/udp.h:

/* UDP header as specified by RFC 768, August 1980. */

struct udphdr
{
  __extension__ union
  {
    struct
    {
      u_int16_t uh_sport;               /* source port */
      u_int16_t uh_dport;               /* destination port */
      u_int16_t uh_ulen;                /* udp length */
      u_int16_t uh_sum;         /* udp checksum */
    };
    struct
    {
      u_int16_t source;
      u_int16_t dest;
      u_int16_t len;
      u_int16_t check;
    };
  };
};

/usr/include/netinet/tcp.h:

/*
 * TCP header.
 * Per RFC 793, September, 1981.
 */
struct tcphdr
  {
    __extension__ union
    {
      struct
      {
        u_int16_t th_sport;             /* source port */
        u_int16_t th_dport;             /* destination port */
        tcp_seq th_seq;         /* sequence number */
        tcp_seq th_ack;         /* acknowledgement number */
# if __BYTE_ORDER == __LITTLE_ENDIAN
        u_int8_t th_x2:4;               /* (unused) */
        u_int8_t th_off:4;              /* data offset */
# endif
# if __BYTE_ORDER == __BIG_ENDIAN
        u_int8_t th_off:4;              /* data offset */
        u_int8_t th_x2:4;               /* (unused) */
# endif
        u_int8_t th_flags;
# define TH_FIN 0x01
# define TH_SYN 0x02
# define TH_RST 0x04
# define TH_PUSH        0x08
# define TH_ACK 0x10
# define TH_URG 0x20
        u_int16_t th_win;               /* window */
        u_int16_t th_sum;               /* checksum */
        u_int16_t th_urp;               /* urgent pointer */
      };
      struct
      {
        u_int16_t source;
        u_int16_t dest;
        u_int32_t seq;
        u_int32_t ack_seq;
# if __BYTE_ORDER == __LITTLE_ENDIAN
        u_int16_t res1:4;
        u_int16_t doff:4;
        u_int16_t fin:1;
        u_int16_t syn:1;
        u_int16_t rst:1;
        u_int16_t psh:1;
        u_int16_t ack:1;
        u_int16_t urg:1;
        u_int16_t res2:2;
# elif __BYTE_ORDER == __BIG_ENDIAN
        u_int16_t doff:4;
        u_int16_t res1:4;
        u_int16_t res2:2;
        u_int16_t urg:1;
        u_int16_t ack:1;
        u_int16_t psh:1;
        u_int16_t rst:1;
        u_int16_t syn:1;
        u_int16_t fin:1;
# else
#  error "Adjust your <bits/endian.h> defines"
# endif
        u_int16_t window;
        u_int16_t check;
        u_int16_t urg_ptr;
      };
    };
};
于 2018-04-19T09:12:59.477 回答
0

有libtrace:http: //research.wand.net.nz/software/libtrace.php

此示例代码对 http 数据包进行计数:

transport = trace_get_transport(packet, &proto, &remaining);
if (proto != 6) return;
tcp = (libtrace_tcp_t *)transport;
if ((ntohs(tcp->source) == 80) || (ntohs(tcp->dest) == 80)) count += 1;
于 2013-09-02T19:29:58.317 回答