求win2000下sniffer的源码 如题 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 ////////////////////////////////////////////////////////////////////////// // c的 源代码 // // IpDump For Win2K by Shotgun // // // // Released: [2001.4] // // Author: [Shotgun] // // Homepage: // // [http://IT.Xici.Net] // // [http://www.Patching.Net] // // // ////////////////////////////////////////////////////////////////////////// #include <stdio.h> #include <string.h> #include <Winsock2.h> #include <mstcpip.h> #define STATUS_FAILED 0xFFFF //定义异常出错代码 #define MAX_PACK_LEN 65535 //接收的最大IP报文 #define MAX_ADDR_LEN 16 //点分十进制地址的最大长度 #define MAX_PROTO_TEXT_LEN 16 //子协议名称(如"TCP")最大长度 #define MAX_PROTO_NUM 12 //子协议数量 #define MAX_HOSTNAME_LAN 255 //最大主机名长度 #define CMD_PARAM_HELP true typedef struct _iphdr { unsigned char h_lenver; //4位首部长度+4位IP版本号 unsigned char tos; //8位服务类型TOS unsigned short total_len; //16位总长度(字节) unsigned short ident; //16位标识 unsigned short frag_and_flags; //3位标志位 unsigned char ttl; //8位生存时间 TTL unsigned char proto; //8位协议 (TCP, UDP 或其他) unsigned short checksum; //16位IP首部校验和 unsigned int sourceIP; //32位源IP地址 unsigned int destIP; //32位目的IP地址 }IP_HEADER; typedef struct _tcphdr //定义TCP首部 { USHORT th_sport; //16位源端口 USHORT th_dport; //16位目的端口 unsigned int th_seq; //32位序列号 unsigned int th_ack; //32位确认号 unsigned char th_lenres; //4位首部长度/6位保留字 unsigned char th_flag; //6位标志位 USHORT th_win; //16位窗口大小 USHORT th_sum; //16位校验和 USHORT th_urp; //16位紧急数据偏移量 }TCP_HEADER; typedef struct _udphdr //定义UDP首部 { unsigned short uh_sport; //16位源端口 unsigned short uh_dport; //16位目的端口 unsigned short uh_len; //16位长度 unsigned short uh_sum; //16位校验和 } UDP_HEADER; typedef struct _icmphdr //定义ICMP首部 { BYTE i_type; //8位类型 BYTE i_code; //8位代码 USHORT i_cksum; //16位校验和 USHORT i_id; //识别号(一般用进程号作为识别号) USHORT i_seq; //报文序列号 ULONG timestamp; //时间戳 }ICMP_HEADER; typedef struct _protomap //定义子协议映射表 { int ProtoNum; char ProtoText[MAX_PROTO_TEXT_LEN]; }PROTOMAP; PROTOMAP ProtoMap[MAX_PROTO_NUM]={ //为子协议映射表赋值 { IPPROTO_IP , "IP " }, { IPPROTO_ICMP , "ICMP" }, { IPPROTO_IGMP , "IGMP" }, { IPPROTO_GGP , "GGP " }, { IPPROTO_TCP , "TCP " }, { IPPROTO_PUP , "PUP " }, { IPPROTO_UDP , "UDP " }, { IPPROTO_IDP , "IDP " }, { IPPROTO_ND , "NP " }, { IPPROTO_RAW , "RAW " }, { IPPROTO_MAX , "MAX " }, { NULL , "" } }; SOCKET SockRaw; char TcpFlag[6]={'F','S','R','P','A','U'}; //定义TCP标志位 bool ParamTcp =false; // -t关注TCP 报文 bool ParamUdp =false; // -u关注UDP 报文 bool ParamIcmp =false; // -i关注ICMP报文 bool ParamDecode=true; // -d对协议进行解码 char *strFromIpFilter=NULL; // 源IP地址过滤 char *strDestIpFilter=NULL; // 目的地址过滤 int DecodeIpPack(char *,int); int DecodeTcpPack(char *); int DecodeUdpPack(char *); int DecodeIcmpPack(char *); void CheckSockError(int,char*); char * CheckProtocol(int); void usage(void); bool GetCmdLine(int, char **); void main(int argc, char ** argv) { int iErrorCode; char RecvBuf[MAX_PACK_LEN] = {0}; usage(); if(GetCmdLine(argc, argv)==CMD_PARAM_HELP) exit(0); //初始化SOCKET WSADATA wsaData; iErrorCode = WSAStartup(MAKEWORD(2,1),&wsaData); CheckSockError(iErrorCode, "WSAStartup"); SockRaw = socket(AF_INET , SOCK_RAW , IPPROTO_IP); CheckSockError(SockRaw, "socket"); //获取本机IP地址 char FAR name[MAX_HOSTNAME_LAN]; iErrorCode = gethostname(name, MAX_HOSTNAME_LAN); CheckSockError(iErrorCode, "gethostname"); struct hostent FAR * pHostent; pHostent = (struct hostent * )malloc(sizeof(struct hostent)); pHostent = gethostbyname(name); SOCKADDR_IN sa; sa.sin_family = AF_INET; sa.sin_port = htons(6000); memcpy(&sa.sin_addr.S_un.S_addr, pHostent->h_addr_list[0], pHostent->h_length); iErrorCode = bind(SockRaw, (PSOCKADDR)&sa, sizeof(sa)); CheckSockError(iErrorCode, "bind"); //设置SOCK_RAW为SIO_RCVALL,以便接收所有的IP包 DWORD dwBufferLen[10] ; DWORD dwBufferInLen = 1 ; DWORD dwBytesReturned = 0 ; iErrorCode=WSAIoctl(SockRaw, SIO_RCVALL,&dwBufferInLen, sizeof(dwBufferInLen), &dwBufferLen, sizeof(dwBufferLen),&dwBytesReturned , NULL , NULL ); CheckSockError(iErrorCode, "Ioctl"); //侦听IP报文 while(1) { memset(RecvBuf, 0, sizeof(RecvBuf)); iErrorCode = recv(SockRaw, RecvBuf, sizeof(RecvBuf), 0); CheckSockError(iErrorCode, "recv"); iErrorCode = DecodeIpPack(RecvBuf, iErrorCode); CheckSockError(iErrorCode, "Decode"); } } //IP解包程序 int DecodeIpPack(char *buf, int iBufSize) { IP_HEADER *pIpheader; int iProtocol, iTTL; char szProtocol[MAX_PROTO_TEXT_LEN]; char szSourceIP[MAX_ADDR_LEN], szDestIP[MAX_ADDR_LEN]; SOCKADDR_IN saSource, saDest; pIpheader = (IP_HEADER *)buf; //Check Proto iProtocol = pIpheader->proto; strncpy(szProtocol, CheckProtocol(iProtocol), MAX_PROTO_TEXT_LEN); if((iProtocol==IPPROTO_TCP) && (!ParamTcp)) return true; if((iProtocol==IPPROTO_UDP) && (!ParamUdp)) return true; if((iProtocol==IPPROTO_ICMP) && (!ParamIcmp)) return true; //Check Source IP saSource.sin_addr.s_addr = pIpheader->sourceIP; strncpy(szSourceIP, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN); if (strFromIpFilter) if (strcmp(strFromIpFilter,szSourceIP)) return true; //Check Dest IP saDest.sin_addr.s_addr = pIpheader->destIP; strncpy(szDestIP, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN); if (strDestIpFilter) if (strcmp(strDestIpFilter,szDestIP)) return true; iTTL = pIpheader->ttl; //Output printf("%s ", szProtocol); printf("%s->%s ", szSourceIP, szDestIP); printf("bytes=%d TTL=%d ",iBufSize,iTTL); //Calculate IP Header Length int iIphLen = sizeof(unsigned long) * (pIpheader->h_lenver & 0xf); //Decode Sub Protocol:TCP, UDP, ICMP, etc switch(iProtocol) { case IPPROTO_TCP :DecodeTcpPack(buf+iIphLen);break; case IPPROTO_UDP :DecodeUdpPack(buf+iIphLen);break; case IPPROTO_ICMP :DecodeIcmpPack(buf+iIphLen);break; default :break; } //printf("\n"); return true; } //SOCK错误处理程序 void CheckSockError(int iErrorCode, char *pErrorMsg) { if(iErrorCode==SOCKET_ERROR) { printf("%s Error:%d\n", pErrorMsg, GetLastError()); closesocket(SockRaw); exit(0); } } //协议识别程序 char * CheckProtocol(int iProtocol) { for(int i=0; i<MAX_PROTO_NUM; i++) if(ProtoMap[i].ProtoNum==iProtocol) return ProtoMap[i].ProtoText; return ""; } //TCP解包程序 int DecodeTcpPack(char * TcpBuf) { TCP_HEADER * pTcpHeader; int i; pTcpHeader = (TCP_HEADER * )TcpBuf; printf("Port:%d->%d ", ntohs(pTcpHeader->th_sport),ntohs(pTcpHeader->th_dport)); unsigned char FlagMask = 1; for( i=0; i<6; i++ ) { if((pTcpHeader->th_flag) & FlagMask) printf("%c",TcpFlag[i]); else printf("-"); FlagMask=FlagMask<<1; } printf("\n"); return true; } //UDP解包程序 int DecodeUdpPack(char * UdpBuf) { UDP_HEADER *pUdpHeader; pUdpHeader = (UDP_HEADER * )UdpBuf; printf("Port:%d->%d ", ntohs(pUdpHeader->uh_sport), ntohs(pUdpHeader->uh_dport)); printf("Len=%d\n", ntohs(pUdpHeader->uh_len)); return true; } //ICMP解包程序 int DecodeIcmpPack(char * IcmpBuf) { ICMP_HEADER *pIcmpHeader; pIcmpHeader = (ICMP_HEADER * )IcmpBuf; printf("Type:%d,%d ", pIcmpHeader->i_type,pIcmpHeader->i_code); printf("ID=%d SEQ=%d\n", pIcmpHeader->i_id, pIcmpHeader->i_seq); return true; } //命令行参数处理 bool GetCmdLine(int argc, char ** argv) { if (argc<2) return CMD_PARAM_HELP; for(int i=1;i<argc;i++) { if(argv[i][0]!='/') return CMD_PARAM_HELP; else switch (argv[i][1]) { case 't': case 'T': ParamTcp=true; break; case 'u': case 'U': ParamUdp=true; break; case 'i': case 'I': ParamIcmp=true; break; case 'p': case 'P': ParamDecode=true; break; case 'f': case 'F': { strFromIpFilter=(char*)malloc(16*sizeof(char)); memset(strFromIpFilter,0,16*sizeof(char)); strcpy(strFromIpFilter,argv[i]+3); break; } case 'd': case 'D': { strDestIpFilter=(char*)malloc(16*sizeof(char)); memset(strDestIpFilter,0,16*sizeof(char)); strcpy(strDestIpFilter,argv[i]+3); break; } } } printf("\nWill Sniffer"); if(ParamTcp) printf(" TCP"); if(ParamUdp) printf(" Udp"); if(ParamIcmp) printf(" ICMP"); if(strFromIpFilter) printf(" FromIp:%s",strFromIpFilter); if(strDestIpFilter) printf(" DestIp:%s",strDestIpFilter); printf("\n\tCTRL+C to quit\nStart:\n"); return (!CMD_PARAM_HELP); } //使用说明 void usage(void) { printf("GUNiffer\n"); printf("\tSinffer for Win2K By Shotgun (Ver 0.2)\n"); printf("\[email protected]\n"); printf("\thttp://It.Xici.Net\n"); printf("\thttp://www.Patching.Net\n\n"); printf("USAGE:\n"); printf("\t/t Output TCP Packets\n"); printf("\t/u Output UDP Packets\n"); printf("\t/i Output ICMP Packets\n"); printf("\t/p Decode Packets (default OFF)\n"); printf("\t/f: fromIP Output Packets FromIp=fromIP (default ALL)\n"); printf("\t/d: destIP Output Packets DestIp=destIP (default ALL)"); printf("\nExample:\n"); printf("\tGUNiffer.exe /d>IpPack.log\n"); printf("\tGUNiffer.exe /t /u /f:192.168.15.231\n"); } GUNiffer的代码网上到处都有linux下基于libpacp的源代码也很多 看看这个贴子http://expert.csdn.net/Expert/topic/2333/2333459.xml?temp=.5194361 请问 Calculated fields 如何使用 一个分布式开发的常见问题 在这里有些问题需要用图像来表达,应当如何作?? 如何定义Brush 散分,无需理由 DLL中的子窗体 散分,求助!!!Delphi基于SQL的图像存取!!! 关于unit单元文件的结构问题 为什么出错? 如何编程使开始菜单中的"运行"和"关闭系统"项消失 为什么我的delphi没有提示!救急!在线等! 动态创建框架Frame的初始化问题?
// c的 源代码 //
// IpDump For Win2K by Shotgun //
// //
// Released: [2001.4] //
// Author: [Shotgun] //
// Homepage: //
// [http://IT.Xici.Net] //
// [http://www.Patching.Net] //
// //
//////////////////////////////////////////////////////////////////////////
#include <stdio.h>
#include <string.h>
#include <Winsock2.h>
#include <mstcpip.h> #define STATUS_FAILED 0xFFFF //定义异常出错代码
#define MAX_PACK_LEN 65535 //接收的最大IP报文
#define MAX_ADDR_LEN 16 //点分十进制地址的最大长度
#define MAX_PROTO_TEXT_LEN 16 //子协议名称(如"TCP")最大长度
#define MAX_PROTO_NUM 12 //子协议数量
#define MAX_HOSTNAME_LAN 255 //最大主机名长度
#define CMD_PARAM_HELP true typedef struct _iphdr
{
unsigned char h_lenver; //4位首部长度+4位IP版本号
unsigned char tos; //8位服务类型TOS
unsigned short total_len; //16位总长度(字节)
unsigned short ident; //16位标识
unsigned short frag_and_flags; //3位标志位
unsigned char ttl; //8位生存时间 TTL
unsigned char proto; //8位协议 (TCP, UDP 或其他)
unsigned short checksum; //16位IP首部校验和
unsigned int sourceIP; //32位源IP地址
unsigned int destIP; //32位目的IP地址
}IP_HEADER; typedef struct _tcphdr //定义TCP首部
{
USHORT th_sport; //16位源端口
USHORT th_dport; //16位目的端口
unsigned int th_seq; //32位序列号
unsigned int th_ack; //32位确认号
unsigned char th_lenres; //4位首部长度/6位保留字
unsigned char th_flag; //6位标志位
USHORT th_win; //16位窗口大小
USHORT th_sum; //16位校验和
USHORT th_urp; //16位紧急数据偏移量
}TCP_HEADER; typedef struct _udphdr //定义UDP首部
{
unsigned short uh_sport; //16位源端口
unsigned short uh_dport; //16位目的端口
unsigned short uh_len; //16位长度
unsigned short uh_sum; //16位校验和
} UDP_HEADER; typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号(一般用进程号作为识别号)
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER; typedef struct _protomap //定义子协议映射表
{
int ProtoNum;
char ProtoText[MAX_PROTO_TEXT_LEN];
}PROTOMAP; PROTOMAP ProtoMap[MAX_PROTO_NUM]={ //为子协议映射表赋值
{ IPPROTO_IP , "IP " },
{ IPPROTO_ICMP , "ICMP" },
{ IPPROTO_IGMP , "IGMP" },
{ IPPROTO_GGP , "GGP " },
{ IPPROTO_TCP , "TCP " },
{ IPPROTO_PUP , "PUP " },
{ IPPROTO_UDP , "UDP " },
{ IPPROTO_IDP , "IDP " },
{ IPPROTO_ND , "NP " },
{ IPPROTO_RAW , "RAW " },
{ IPPROTO_MAX , "MAX " },
{ NULL , "" } }; SOCKET SockRaw;
char TcpFlag[6]={'F','S','R','P','A','U'}; //定义TCP标志位
bool ParamTcp =false; // -t关注TCP 报文
bool ParamUdp =false; // -u关注UDP 报文
bool ParamIcmp =false; // -i关注ICMP报文
bool ParamDecode=true; // -d对协议进行解码
char *strFromIpFilter=NULL; // 源IP地址过滤
char *strDestIpFilter=NULL; // 目的地址过滤 int DecodeIpPack(char *,int);
int DecodeTcpPack(char *);
int DecodeUdpPack(char *);
int DecodeIcmpPack(char *);
void CheckSockError(int,char*);
char * CheckProtocol(int);
void usage(void);
bool GetCmdLine(int, char **);
void main(int argc, char ** argv)
{
int iErrorCode;
char RecvBuf[MAX_PACK_LEN] = {0};
usage();
if(GetCmdLine(argc, argv)==CMD_PARAM_HELP) exit(0);
//初始化SOCKET
WSADATA wsaData;
iErrorCode = WSAStartup(MAKEWORD(2,1),&wsaData);
CheckSockError(iErrorCode, "WSAStartup");
SockRaw = socket(AF_INET , SOCK_RAW , IPPROTO_IP);
CheckSockError(SockRaw, "socket");
//获取本机IP地址
char FAR name[MAX_HOSTNAME_LAN];
iErrorCode = gethostname(name, MAX_HOSTNAME_LAN);
CheckSockError(iErrorCode, "gethostname");
struct hostent FAR * pHostent;
pHostent = (struct hostent * )malloc(sizeof(struct hostent));
pHostent = gethostbyname(name);
SOCKADDR_IN sa;
sa.sin_family = AF_INET;
sa.sin_port = htons(6000);
memcpy(&sa.sin_addr.S_un.S_addr, pHostent->h_addr_list[0], pHostent->h_length);
iErrorCode = bind(SockRaw, (PSOCKADDR)&sa, sizeof(sa));
CheckSockError(iErrorCode, "bind");
//设置SOCK_RAW为SIO_RCVALL,以便接收所有的IP包
DWORD dwBufferLen[10] ;
DWORD dwBufferInLen = 1 ;
DWORD dwBytesReturned = 0 ;
iErrorCode=WSAIoctl(SockRaw, SIO_RCVALL,&dwBufferInLen, sizeof(dwBufferInLen),
&dwBufferLen, sizeof(dwBufferLen),&dwBytesReturned , NULL , NULL );
CheckSockError(iErrorCode, "Ioctl");
//侦听IP报文
while(1)
{
memset(RecvBuf, 0, sizeof(RecvBuf));
iErrorCode = recv(SockRaw, RecvBuf, sizeof(RecvBuf), 0);
CheckSockError(iErrorCode, "recv");
iErrorCode = DecodeIpPack(RecvBuf, iErrorCode);
CheckSockError(iErrorCode, "Decode");
}
} //IP解包程序
int DecodeIpPack(char *buf, int iBufSize)
{
IP_HEADER *pIpheader;
int iProtocol, iTTL;
char szProtocol[MAX_PROTO_TEXT_LEN];
char szSourceIP[MAX_ADDR_LEN], szDestIP[MAX_ADDR_LEN];
SOCKADDR_IN saSource, saDest;
pIpheader = (IP_HEADER *)buf;
//Check Proto
iProtocol = pIpheader->proto;
strncpy(szProtocol, CheckProtocol(iProtocol), MAX_PROTO_TEXT_LEN);
if((iProtocol==IPPROTO_TCP) && (!ParamTcp)) return true;
if((iProtocol==IPPROTO_UDP) && (!ParamUdp)) return true;
if((iProtocol==IPPROTO_ICMP) && (!ParamIcmp)) return true;
//Check Source IP
saSource.sin_addr.s_addr = pIpheader->sourceIP;
strncpy(szSourceIP, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN);
if (strFromIpFilter)
if (strcmp(strFromIpFilter,szSourceIP)) return true;
//Check Dest IP
saDest.sin_addr.s_addr = pIpheader->destIP;
strncpy(szDestIP, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN);
if (strDestIpFilter)
if (strcmp(strDestIpFilter,szDestIP)) return true;
iTTL = pIpheader->ttl;
//Output
printf("%s ", szProtocol);
printf("%s->%s ", szSourceIP, szDestIP);
printf("bytes=%d TTL=%d ",iBufSize,iTTL);
//Calculate IP Header Length
int iIphLen = sizeof(unsigned long) * (pIpheader->h_lenver & 0xf);
//Decode Sub Protocol:TCP, UDP, ICMP, etc
switch(iProtocol)
{
case IPPROTO_TCP :DecodeTcpPack(buf+iIphLen);break;
case IPPROTO_UDP :DecodeUdpPack(buf+iIphLen);break;
case IPPROTO_ICMP :DecodeIcmpPack(buf+iIphLen);break;
default :break;
}
//printf("\n");
return true;
} //SOCK错误处理程序
void CheckSockError(int iErrorCode, char *pErrorMsg)
{
if(iErrorCode==SOCKET_ERROR)
{
printf("%s Error:%d\n", pErrorMsg, GetLastError());
closesocket(SockRaw);
exit(0);
} } //协议识别程序
char * CheckProtocol(int iProtocol)
{
for(int i=0; i<MAX_PROTO_NUM; i++)
if(ProtoMap[i].ProtoNum==iProtocol)
return ProtoMap[i].ProtoText;
return "";
} //TCP解包程序
int DecodeTcpPack(char * TcpBuf)
{
TCP_HEADER * pTcpHeader;
int i;
pTcpHeader = (TCP_HEADER * )TcpBuf;
printf("Port:%d->%d ", ntohs(pTcpHeader->th_sport),ntohs(pTcpHeader->th_dport));
unsigned char FlagMask = 1;
for( i=0; i<6; i++ )
{
if((pTcpHeader->th_flag) & FlagMask) printf("%c",TcpFlag[i]);
else printf("-");
FlagMask=FlagMask<<1;
}
printf("\n");
return true;
} //UDP解包程序
int DecodeUdpPack(char * UdpBuf)
{
UDP_HEADER *pUdpHeader;
pUdpHeader = (UDP_HEADER * )UdpBuf;
printf("Port:%d->%d ", ntohs(pUdpHeader->uh_sport), ntohs(pUdpHeader->uh_dport));
printf("Len=%d\n", ntohs(pUdpHeader->uh_len));
return true;
} //ICMP解包程序
int DecodeIcmpPack(char * IcmpBuf)
{
ICMP_HEADER *pIcmpHeader;
pIcmpHeader = (ICMP_HEADER * )IcmpBuf;
printf("Type:%d,%d ", pIcmpHeader->i_type,pIcmpHeader->i_code);
printf("ID=%d SEQ=%d\n", pIcmpHeader->i_id, pIcmpHeader->i_seq);
return true;
} //命令行参数处理
bool GetCmdLine(int argc, char ** argv)
{
if (argc<2) return CMD_PARAM_HELP;
for(int i=1;i<argc;i++)
{
if(argv[i][0]!='/') return CMD_PARAM_HELP;
else switch (argv[i][1])
{
case 't':
case 'T': ParamTcp=true; break;
case 'u':
case 'U': ParamUdp=true; break;
case 'i':
case 'I': ParamIcmp=true; break;
case 'p':
case 'P': ParamDecode=true; break;
case 'f':
case 'F':
{
strFromIpFilter=(char*)malloc(16*sizeof(char));
memset(strFromIpFilter,0,16*sizeof(char));
strcpy(strFromIpFilter,argv[i]+3);
break;
}
case 'd':
case 'D':
{
strDestIpFilter=(char*)malloc(16*sizeof(char));
memset(strDestIpFilter,0,16*sizeof(char));
strcpy(strDestIpFilter,argv[i]+3);
break;
}
}
}
printf("\nWill Sniffer");
if(ParamTcp) printf(" TCP");
if(ParamUdp) printf(" Udp");
if(ParamIcmp) printf(" ICMP");
if(strFromIpFilter) printf(" FromIp:%s",strFromIpFilter);
if(strDestIpFilter) printf(" DestIp:%s",strDestIpFilter);
printf("\n\tCTRL+C to quit\nStart:\n");
return (!CMD_PARAM_HELP);
} //使用说明
void usage(void)
{
printf("GUNiffer\n");
printf("\tSinffer for Win2K By Shotgun (Ver 0.2)\n");
printf("\[email protected]\n");
printf("\thttp://It.Xici.Net\n");
printf("\thttp://www.Patching.Net\n\n");
printf("USAGE:\n");
printf("\t/t Output TCP Packets\n");
printf("\t/u Output UDP Packets\n");
printf("\t/i Output ICMP Packets\n");
printf("\t/p Decode Packets (default OFF)\n");
printf("\t/f: fromIP Output Packets FromIp=fromIP (default ALL)\n");
printf("\t/d: destIP Output Packets DestIp=destIP (default ALL)");
printf("\nExample:\n");
printf("\tGUNiffer.exe /d>IpPack.log\n");
printf("\tGUNiffer.exe /t /u /f:192.168.15.231\n");
}
linux下基于libpacp的源代码也很多
http://expert.csdn.net/Expert/topic/2333/2333459.xml?temp=.5194361