[問題] 網路封包監測程式之問

看板C_and_CPP (C/C++)作者stupidsteve (傻康)時間15年前 (2010/08/03 11:30)推噓0(0推 0噓 2→)

留言2則, 2人參與討論串1/1

我想問一個小問題我是使用XP BCB2007 寫一個程式是使用winsock來監測封包的程式其中抓取封包是使用recv()這個function 我發現一個問題就是一般來說 ethernet網路傳輸的封包最大不會超過1500 byte 可是我監測出來的封包 network layer的header中的total length往往超過1500.... 甚至到了幾萬= =... 所以我下載了wireshark這個免費的封包監測軟體來比對我發現他同個ID number的封包有數個 tot_len都≦150 全部的資料長度加起來最後加上header 的20 byte 剛好會等於我抓的同一個ID_num封包的tot_length 所以我猜測我寫的程式會把封包組合後再接收請問我要怎麼修改成他那樣?? 以下是我剛才"測試用"的程式碼 (收大資料的時候 tot_len果然都≧1500) //--------------------------------------------------------------------------- #include <vcl.h> #pragma hdrstop #pragma warning( disable: 4996 ) #include <winsock2.h> #include <windows.h> #include "Test.h" #pragma comment( lib, "ws2_32.lib" ) //--------------------------------------------------------------------------- #pragma package(smart_init) #pragma resource "*.dfm" #define LS_HI_PART(x) ((x>>4) & 0x0F) #define LS_LO_PART(x) ((x) & 0x0F) #define LS_MAX_PACKET_SIZE 65535 #ifndef SIO_RCVALL #define SIO_RCVALL _WSAIOW(IOC_VENDOR,1) #endif typedef struct _IP_HEADER_ { BYTE ver_ihl; // Version (4 bits) and Internet Header Length (4 bits) BYTE type; // Type of Service (8 bits) WORD length; // Total size of packet (header + data)(16 bits) WORD packet_id; // (16 bits) WORD flags_foff; // Flags (3 bits) and Fragment Offset (13 bits) BYTE time_to_live; // (8 bits) BYTE protocol; // (8 bits) WORD hdr_chksum; // Header check sum (16 bits) DWORD source_ip; // Source Address (32 bits) DWORD destination_ip; // Destination Address (32 bits) DWORD Option_Padding; // (32 bits) } IPHEADER; bool tmp=false; TForm1 *Form1; //--------------------------------------------------------------------------- __fastcall TForm1::TForm1(TComponent* Owner) : TForm(Owner) { } //--------------------------------------------------------------------------- void get_this_machine_ip(char *_retIP)//////////取得本機IP { char host_name[128]; struct hostent *hs; struct in_addr in; memset( host_name, 0x00, sizeof(host_name) ); gethostname(host_name,128); hs = gethostbyname(host_name); memcpy( &in, hs->h_addr, hs->h_length ); strcpy( _retIP, inet_ntoa(in) ); } void __fastcall TForm1::Button1Click(TObject *Sender) { struct sockaddr_in sock_sniff; SOCKET sniff_socket = -1; WSAData sa_data; int optval = 1; DWORD dwLen = 0; char packet[LS_MAX_PACKET_SIZE]; WORD ver; IPHEADER *ip_header = NULL; char ipSrc[20], ipDest[20], thisIP[20]; int iRet = 0,i=0; ver = MAKEWORD(2,2);//設定Windows sockets 2.2版 WSAStartup(ver, &sa_data); sniff_socket = socket( AF_INET, SOCK_RAW, IPPROTO_IP ); if ( sniff_socket == SOCKET_ERROR ) { exit(-1); } memset( thisIP, 0x00, sizeof(thisIP) ); get_this_machine_ip(thisIP); sock_sniff.sin_family = AF_INET; sock_sniff.sin_port = htons(0); sock_sniff.sin_addr.s_addr = inet_addr(thisIP); if ( bind( sniff_socket, (struct sockaddr *)&sock_sniff, sizeof(sock_sniff) ) == SOCKET_ERROR ) { exit(-2); } if ( WSAIoctl( sniff_socket, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwLen, NULL, NULL ) == SOCKET_ERROR ) { exit(-3); } if (!tmp) { tmp=true; while (tmp) { iRet = recv( sniff_socket, packet, LS_MAX_PACKET_SIZE, 0 ); ip_header = (IPHEADER *)packet; if ( iRet < sizeof(IPHEADER) ) continue; if ( LS_HI_PART(ip_header->ver_ihl) != 4 ) continue; ListBox1->Items->Add(ntohs(ip_header->length)); Application->ProcessMessages(); } } if (tmp) { tmp=false; } } //--------------------------------------------------------------------------- -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 118.168.81.236