libpcap--GTPv2协议的cap文件解析

#include 
   
   
    
    
#include 
    
    
     
     
#include 
     
     
      
      
#include 
      
      
       
       
#include 
       
       
         #include 
        
          #include 
         
           #include 
          
            #include 
           
             #include 
            
              #include 
             
               #include 
              
                using std::cout; using std::endl; using std::thread; using std::vector; using std::string; void getPacket(u_char * arg,const struct pcap_pkthdr *pkthdr,const u_char * packet); int main(int argc,char * argv [ ]) { if (argc < 2){ cout << "please input test filename\n"; return 0; } cout << "test filename= " << argv[1] << endl; cout << "begin time= " << time(0) << endl; //读取libpcap的版本 const char *version; version = pcap_lib_version(); cout << version << endl; //打开cap文件 char *dev = NULL; char errBuff[PCAP_ERRBUF_SIZE] = {0}; pcap_t *handle = NULL; handle = pcap_open_offline(argv[1], errBuff); if (NULL == handle){ cout << "Error: " << errBuff << endl; exit(1); } cout << "running pcap_next\n"; //读取cap文件,打印抓取到的每一个包的概要 struct pcap_pkthdr *pktHeader = NULL; int status = 0; const u_char *pktData = NULL; int id = 0; do{ cout << "---------------------------------------------------------------------\n"; cout << "status: " << status << endl; status = pcap_next_ex(handle, &pktHeader, &pktData); getPacket((u_char *)&id, pktHeader, pktData); }while(status == 1); pcap_close(handle); cout << "end time=" << time(0) << endl; return 0; } //解析数据包 void getPacket(u_char * arg,const struct pcap_pkthdr *pkthdr,const u_char * packet){ char src_mac[18] = ""; char dst_mac[18] = ""; char src_addr[20] = ""; char dst_addr[20] = ""; vector 
               
                 split_vector; char *p = NULL; const char *split = "|"; int *id = (int *)arg; cout << "id: " << ++(*id) << endl; cout << "Packet length: " << pkthdr->len << endl; cout << "Number of bytes: " << pkthdr->caplen << endl; cout << "Recieved time: " << ctime((const time_t *)&pkthdr->ts.tv_sec); if (pkthdr->len < 42) { cout << "wifi TanZhen message length error." << endl; exit(1); } sprintf(dst_mac, "%02x:%02x:%02x:%02x:%02x:%02x", *(packet + 0), *(packet + 1), *(packet + 2), *(packet + 3), *(packet + 4), *(packet + 5)); sprintf(src_mac, "%02x:%02x:%02x:%02x:%02x:%02x", *(packet + 6), *(packet + 7), *(packet + 8), *(packet + 9), *(packet + 10), *(packet + 11)); //消息头 if (*(packet + 12) == 0x08 && *(packet + 13) == 0x00) { printf("____________________IP Protocol____________________\n"); printf("MAC:%s >> %s\n", src_mac, dst_mac); sprintf(src_addr, "%02d.%02d.%02d.%02d", *(packet + 26), *(packet + 27), *(packet + 28), *(packet + 29)); sprintf(dst_addr, "%02d.%02d.%02d.%02d", *(packet + 30), *(packet + 31), *(packet + 32), *(packet + 33)); printf("IP:%s >> %s\n", src_addr, dst_addr); if (*(packet + 23) == 0x01) { printf("____________________ICMP____________________\n"); } else if (*(packet + 23) == 0x02) { printf("____________________IGMP____________________\n"); } else if (*(packet + 23) == 0x06) { printf("____________________TCP____________________\n"); } else if (*(packet + 23) == 0x11) { printf("____________________UDP____________________\n"); } printf("Port: %d >> %d\n", ntohs(*(unsigned short *)(packet + 34)), ntohs(*(unsigned short *)(packet + 36))); } //GTPv2消息解析 printf("________________GPRS Tunneling Protocol________________\n"); printf("Flag:%02x\n", *(packet + 42)); if (*(packet + 43) == 0x01){ printf("type: Echo Request\n"); } else if (*(packet + 43) == 0x02){ printf("type: Echo Response\n"); } else if (*(packet + 43) == 0x10){ printf("type: Create PDP context request\n"); } else if (*(packet + 43) == 0x11){ printf("type: Create PDP context response\n"); } else if (*(packet + 43) == 0x12){ printf("type: Update PDP context request\n"); } else if (*(packet + 43) == 0x13){ printf("type: Update PDP context Response\n"); } else if (*(packet + 43) == 0x14){ printf("type: Delete PDP context request\n"); } else if (*(packet + 43) == 0x15){ printf("type: Delete PDP context Response\n"); } else if (*(packet + 43) == 0x20){ printf("type: Create Session Request\n"); } else if (*(packet + 43) == 0x21){ printf("type: Create Session Response\n"); } else if (*(packet + 43) == 0x22){ printf("type: Modify Bearer Request\n"); } else if (*(packet + 43) == 0x23){ printf("type: Modify Bearer Response\n"); } else if (*(packet + 43) == 0x24){ printf("type: Delete Session Request\n"); } else if (*(packet + 43) == 0x25){ printf("type: Delete Session Response\n"); } else if (*(packet + 43) == 0x30){ printf("type: Identification request\n"); } else if (*(packet + 43) == 0x31){ printf("type: Identification Response\n"); } else if (*(packet + 43) == 0x32){ printf("type: SGSN context request\n"); } else if (*(packet + 43) == 0x33){ printf("type: SGSN context reponse\n"); } else if (*(packet + 43) == 0x34){ printf("type: SGSN context acknowledegment\n"); } else if (*(packet + 43) == 0x40){ printf("type: Modify Bearer Command\n"); } else if (*(packet + 43) == 0x46){ printf("type: Downlink Data Notification Failure Indication\n"); } else if (*(packet + 43) == 0x61){ printf("type: Update Bearer Request\n"); } else if (*(packet + 43) == 0x62){ printf("type: Update Bearer Response\n"); } else if (*(packet + 43) == 0x63){ printf("type: Delete Bearer Request\n"); } else if (*(packet + 43) == 0x64){ printf("type: Delete Bearer Response\n"); } else if (*(packet + 43) == 0x82){ printf("type: Context Request, Tracking area update request\n"); } else if (*(packet + 43) == 0x83){ printf("type: Context Response\n"); } else if (*(packet + 43) == 0x84){ printf("type: Context Acknowledge\n"); } else if (*(packet + 43) == 0x85){ printf("type: Forward Relocation Request\n"); } else if (*(packet + 43) == 0x8d){ printf("type: Configuration Transfer Tunnel\n"); } else if (*(packet + 43) == 0xa6){ printf("type: Create Indirect Data Forwarding Tunnel Request\n"); } else if (*(packet + 43) == 0xa7){ printf("type: Create Indirect Data Forwarding Tunnel Response\n"); } else if (*(packet + 43) == 0xa8){ printf("type: Delete Indirect Data Forwarding Tunnel Request\n"); } else if (*(packet + 43) == 0xa9){ printf("type: Delete Indirect Data Forwarding Tunnel Response\n"); } else if (*(packet + 43) == 0xaa){ printf("type: Release Access Bearers Request\n"); } else if (*(packet + 43) == 0xab){ printf("type: Release Access Bearers Response\n"); } else if (*(packet + 43) == 0xb0){ printf("type: Downlink Data Notification\n"); } else if (*(packet + 43) == 0xb1){ printf("type: Downlink Data Notification Acknowledgement\n"); } printf("Length: %d\n", ntohs(*(unsigned short *)(packet + 44))); printf("TEID:0x%02x%02x%02x%02x\n", *(packet + 46), *(packet + 47), *(packet + 48), *(packet + 49)); printf("Sequence Number:0x00%02x%02x%02x\n", *(packet + 50), *(packet + 51), *(packet + 52)); } 
                
               
              
             
            
           
          
         
       
      
      
     
     
    
    
   
   
posted @ 2017-09-08 16:11  书灯  阅读(33)  评论(0)    收藏  举报  来源