要求:适用WIN98,可用VPACKET。VXD
不要死循环,要用消息
对IP包有详细的分析,分离出SOURCE IP,DESTNATION IP,SOURCE PORT,DESTNATION PORT,DATA(数据内容)我现在很急啊,拜托各位了!!!
有的请发到[email protected]
不要死循环,要用消息
对IP包有详细的分析,分离出SOURCE IP,DESTNATION IP,SOURCE PORT,DESTNATION PORT,DATA(数据内容)我现在很急啊,拜托各位了!!!
有的请发到[email protected]
回myling(阿德) 你给的源码capture_ip我也有,只能用于WIN2K,对于WIN98要麻烦点,要用到驱动,所以呢,本问题还未完!TO BE CONTIUNED……
[email protected]
发了,查收
[email protected]
给我1000000000000000000000000000000000000000分!!!
>_<
多谢多谢,好兄弟
[email protected]
在下面的地址下载
http://winpcap.polito.it
[email protected]
不好意思,我老是上不了http://winpcap.polito.it
麻烦您了,以后自会报答!
[email protected]
收到。ths。
Windows, Messages,Classes,winsock,sysutils;
const
WM_CapIp = WM_USER + 200; STATUS_FAILED =$FFFF; //定义异常出错代码
MAX_PACK_LEN =65535; //接收的最大IP报文
MAX_ADDR_LEN =16; //点分十进制地址的最大长度
MAX_PROTO_TEXT_LEN =16; //子协议名称(如"TCP")最大长度
MAX_PROTO_NUM =12; //子协议数量
MAX_HOSTNAME_LAN =255; //最大主机名长度
CMD_PARAM_HELP =true; IOC_IN =$80000000;
IOC_VENDOR =$18000000;
IOC_out =$40000000;
SIO_RCVALL =IOC_IN or IOC_VENDOR or 1;// or IOC_out;
SIO_RCVALL_MCAST =IOC_IN or IOC_VENDOR or 2;
SIO_RCVALL_IGMPMCAST =IOC_IN or IOC_VENDOR or 3;
SIO_KEEPALIVE_VALS =IOC_IN or IOC_VENDOR or 4;
SIO_ABSORB_RTRALERT =IOC_IN or IOC_VENDOR or 5;
SIO_UCAST_IF =IOC_IN or IOC_VENDOR or 6;
SIO_LIMIT_BROADCASTS =IOC_IN or IOC_VENDOR or 7;
SIO_INDEX_BIND =IOC_IN or IOC_VENDOR or 8;
SIO_INDEX_MCASTIF =IOC_IN or IOC_VENDOR or 9;
SIO_INDEX_ADD_MCAST =IOC_IN or IOC_VENDOR or 10;
SIO_INDEX_DEL_MCAST =IOC_IN or IOC_VENDOR or 11;
type tcp_keepalive=record
onoff:Longword;
keepalivetime:Longword;
keepaliveinterval:Longword;
end;// New WSAIoctl Options//IP头
type
_iphdr=record
h_lenver :byte; //4位首部长度+4位IP版本号
tos :char; //8位服务类型TOS
total_len :char; //16位总长度(字节)
ident :word; //16位标识
frag_and_flags :word; //3位标志位
ttl :byte; //8位生存时间 TTL
proto :byte; //8位协议 (TCP, UDP 或其他)
checksum :word; //16位IP首部校验和
sourceIP :Longword; //32位源IP地址
destIP :Longword; //32位目的IP地址
end;
IP_HEADER=_iphdr; type _tcphdr=record //定义TCP首部
TCP_Sport :word; //16位源端口
TCP_Dport :word; //16位目的端口
th_seq :longword; //32位序列号
th_ack :longword; //32位确认号
th_lenres :byte; //4位首部长度/6位保留字
th_flag :char; //6位标志位
th_win :word; //16位窗口大小
th_sum :word; //16位校验和
th_urp :word; //16位紧急数据偏移量
end;
TCP_HEADER=_tcphdr;
type _udphdr=record //定义UDP首部
uh_sport :word; //16位源端口
uh_dport :word; //16位目的端口
uh_len :word; //16位长度
uh_sum :word; //16位校验和
end;
UDP_HEADER=_udphdr;
i_type :byte; //8位类型
i_code :byte; //8位代码
i_cksum :word; //16位校验和
i_id :word; //识别号(一般用进程号作为识别号)
// i_seq :word; //报文序列号
timestamp :word; //时间戳
end;
ICMP_HEADER=_icmphdr; type _protomap=record //定义子协议映射表
ProtoNum :integer;
ProtoText :array[0..MAX_PROTO_TEXT_LEN] of char;
end;
TPROTOMAP=_protomap;type
ESocketException = class(Exception);
TWSAStartup = function (wVersionRequired: word;
var WSData: TWSAData): Integer; stdcall;
TOpenSocket = function (af, Struct, protocol: Integer): TSocket; stdcall;
TInet_addr = function (cp: PChar): u_long; stdcall;
Thtons = function (hostshort: u_short): u_short; stdcall;
TConnect = function (s: TSocket; var name: TSockAddr;
namelen: Integer): Integer; stdcall;
TWSAIoctl = function (s: TSocket; cmd: DWORD;lpInBuffer: PCHAR;
dwInBufferLen:DWORD;lpOutBuffer: PCHAR; dwOutBufferLen: DWORD;
lpdwOutBytesReturned: LPDWORD;lpOverLapped: POINTER;
lpOverLappedRoutine: POINTER): Integer; stdcall;
TCloseSocket = function (s: TSocket): Integer; stdcall;
Tsend = function( s:TSOCKET; buf:pchar;Len:integer;flags:integer):Integer;stdcall;
Trecv = function( s:TSOCKET; var buf;Len:integer;flags:integer):Integer;stdcall;
TWSAAsyncSelect =function (s: TSocket; HWindow: HWND; wMsg: u_int; lEvent: Longint): Integer; stdcall;
TWSACleanup =function():integer;stdcall;
TOnCap = procedure(ip,proto,sourceIP,destIP,SourcePort,DestPort: string;
header:pchar;header_size:integer;data:pchar;data_size:integer) of object;
TOnError = procedure(Error : string) of object;
private
Fhand_dll :HModule; // Handle for mpr.dll
FWindowHandle : HWND;
FOnCap :TOnCap; //捕捉数据的事件
FOnError :TOnError; //发生错误的事件
Fsocket :array of Tsocket;
FActiveIP :array of string;//存放可用的IP FWSAStartup : TWSAStartup;
FOpenSocket : TOpenSocket;
FInet_addr : TInet_addr;
Fhtons : Thtons;
FConnect : TConnect;
FCloseSocket : TCloseSocket;
Fsend :Tsend;
FWSAIoctl :TWSAIoctl;
Frecv :Trecv;
FWSACleanup :TWSACleanup;
FWSAAsyncSelect :TWSAAsyncSelect; protected
procedure WndProc(var MsgRec: TMessage);
function DecodeIpPack(ip:string;buf:pchar;iBufSize:integer):integer; //IP解包函数
// function DecodeTcpPack(TcpBuf:pchar;iBufSize:integer):integer; //TCP解包函数
//function DecodeUdpPack(p:pchar;i:integer):integer; //UDP解包函数
//function DecodeIcmpPack(p:pchar;i:integer):integer; //ICMP解包函数
function CheckProtocol(iProtocol:integer):string; //协议检查
procedure cap_ip(socket_no:integer);
procedure get_ActiveIP; //得当前的IP列表
procedure set_socket_state; //设置网卡状态
function CheckSockError(iErrorCode:integer):boolean; //出错处理函数
public
Fpause :boolean;//暂停
Finitsocket :boolean;//是否已初始化
constructor Create(Owner : TComponent); override;
destructor Destroy; override;
function init_socket:boolean;//初始化
procedure StartCap;//开始捕捉
procedure pause; //暂停
procedure StopCap;//结束捕捉
property Handle : HWND read FWindowHandle;
published
property OnCap : TOnCap read FOnCap write FOnCap;
property OnError : TOnError read FOnError write FOnError;
end;procedure Register;
procedure Register;
begin
RegisterComponents('Standard', [Tcap_ip]);
end;end.////////////////////////////////////////////////////////////////////////////
unit cap_main;interfaceuses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
cap_ip, StdCtrls, ExtCtrls, Grids, ComCtrls, Buttons, Menus;type
Tmy_data=record
buf:array of char;
end;type
TForm1 = class(TForm)
BitBtn1: TBitBtn;
BitBtn2: TBitBtn;
BitBtn3: TBitBtn;
BitBtn4: TBitBtn;
PageControl1: TPageControl;
TabSheet1: TTabSheet;
TabSheet2: TTabSheet;
StringGrid1: TStringGrid;
Splitter1: TSplitter;
Edit2: TEdit;
Label1: TLabel;
Panel1: TPanel;
Memo1: TMemo;
Splitter2: TSplitter;
Memo2: TMemo;
BitBtn5: TBitBtn;
Label2: TLabel;
Edit1: TEdit;
ComboBox1: TComboBox;
Label7: TLabel;
ComboBox2: TComboBox;
Label8: TLabel;
BitBtn6: TBitBtn;
procedure FormCreate(Sender: TObject);
procedure cap_ip1Cap(ip, proto, sourceIP, destIP, SourcePort,
DestPort: String; header: PChar; header_size: Integer; data: PChar;
data_size: Integer);
procedure BitBtn1Click(Sender: TObject);
procedure BitBtn2Click(Sender: TObject);
procedure BitBtn3Click(Sender: TObject);
procedure StringGrid1Click(Sender: TObject);
procedure BitBtn5Click(Sender: TObject);
procedure BitBtn6Click(Sender: TObject);
procedure BitBtn4Click(Sender: TObject);
procedure FormClose(Sender: TObject; var Action: TCloseAction);
private
{ Private declarations }
public
function check_filter(proto, sourceIP, destIP, SourcePort,DestPort: String;data: PChar;data_size: Integer):boolean;
end;var
Form1: TForm1;
buf_list:array of Tmy_data;
filter_str:string;
cap_ip1:Tcap_ip;
implementation{$R *.DFM}procedure TForm1.FormCreate(Sender: TObject);
begin
with StringGrid1.Rows[0] do
begin
Add('协议类型');
Add('源地址');
Add('源端口');
Add('目的地址');
Add('目的端口');
Add('数据大小');
Add('数据内容');
end;
setlength(buf_list,strtoint(edit2.text));
cap_ip1:=Tcap_ip.Create(self);
cap_ip1.OnCap:=cap_ip1Cap;
end;
var
i:integer;
temp_str:string;
begin
result:=true;
if filter_str='' then
begin
result:=false;
exit;
end;
if (filter_str='排除协议'+proto) then exit;
if (filter_str='排除源地址'+sourceIP) then exit;
if (filter_str='排除源端口'+SourcePort) then exit;
if (filter_str='排除目的地址'+destIP) then exit;
if (filter_str='排除目的端口'+DestPort) then exit; if (ComboBox2.text='包含') and (ComboBox1.Text<>'内容') then
begin
if (filter_str='包含协议'+proto) then begin result:=false;exit;end;
if (filter_str='包含源地址'+sourceIP) then begin result:=false;exit;end;
if (filter_str='包含源端口'+SourcePort) then begin result:=false;exit;end;
if (filter_str='包含目的地址'+destIP) then begin result:=false;exit;end;
if (filter_str='包含目的端口'+DestPort) then begin result:=false;exit;end;
result:=true;exit;
end; if (filter_str<>'包含内容') then
begin
result:=false;exit;
end;
setlength(buf_list[StringGrid1.RowCount-2].buf,data_size);
copymemory(buf_list[StringGrid1.RowCount-2].buf,data,data_size);
temp_str:='';
for i:=0 to data_size-1 do
temp_str:=temp_str+buf_list[StringGrid1.RowCount-2].buf[i];
temp_str:=AnsiLowerCase(temp_str); if (filter_str='包含内容') then
begin
if pos(AnsiLowerCase(edit1.text),temp_str)>0 then
begin
result:=false; exit;
end else
begin
result:=true; exit;
end;
end else
if (filter_str='排除内容') then
begin
if pos(AnsiLowerCase(edit1.text),temp_str)>0 then
begin
result:=true; exit;
end else
begin
result:=false; exit;
end;
end;
result:=false;
end;procedure TForm1.cap_ip1Cap(ip, proto, sourceIP, destIP, SourcePort,
DestPort: String; header: PChar; header_size: Integer; data: PChar;
data_size: Integer);
begin
if check_filter(proto,sourceIP, destIP, SourcePort,DestPort, data,data_size) then exit;
with StringGrid1 do
begin
Cells[0,StringGrid1.RowCount-1]:=proto;
Cells[1,StringGrid1.RowCount-1]:=sourceIP;
Cells[2,StringGrid1.RowCount-1]:=SourcePort;
Cells[3,StringGrid1.RowCount-1]:=destIP;
Cells[4,StringGrid1.RowCount-1]:=DestPort;
Cells[5,StringGrid1.RowCount-1]:=inttostr(data_size);
Cells[6,StringGrid1.RowCount-1]:=data;
end;
setlength(buf_list[StringGrid1.RowCount-2].buf,data_size);
copymemory(buf_list[StringGrid1.RowCount-2].buf,data,data_size);
if (StringGrid1.RowCount>strtoint(edit2.text)) then
StringGrid1.RowCount:=2
else
begin
StringGrid1.RowCount:=StringGrid1.RowCount+1;
StringGrid1.Rows[StringGrid1.RowCount].Clear;
end; stringgrid1.toprow:=StringGrid1.RowCount- StringGrid1.VisibleRowCount;
end;procedure TForm1.BitBtn1Click(Sender: TObject);
begin
cap_ip1.StartCap;
end;procedure TForm1.BitBtn2Click(Sender: TObject);
begin
cap_ip1.pause;
if cap_ip1.Fpause then
BitBtn2.Caption:='继续捕捉'
else
BitBtn2.Caption:='暂停捕捉';
end;procedure TForm1.BitBtn3Click(Sender: TObject);
begin
cap_ip1.StopCap;
end;procedure TForm1.StringGrid1Click(Sender: TObject);
var text_str,hex_str,all_str:string;
i:integer;
no: Integer;
begin
memo1.lines.Clear;
memo2.lines.Clear;
text_str:='';hex_str:='';all_str:='';
i:=0;
while i<= high(buf_list[stringgrid1.Selection.Top-1].buf) do
begin
no:=ord(buf_list[stringgrid1.Selection.Top-1].buf[i]);
hex_str:=hex_str+format('%0.2x',[no])+' ';
if no<20 then
begin
text_str:=text_str+'.';
all_str:=all_str+'.';
end else
begin
text_str:=text_str+buf_list[stringgrid1.Selection.Top-1].buf[i];
all_str:=all_str+buf_list[stringgrid1.Selection.Top-1].buf[i];
end; if ((i mod 8)=7) then
begin
memo1.lines.add(hex_str+' | '+text_str);
text_str:='';hex_str:='';
end;
inc(i);
end;
if hex_str<>'' then
memo1.lines.add(hex_str+format('%'+inttostr(24-length(hex_str))+'s',[' '])+' | '+text_str); memo2.lines.Add(all_str);
end;
procedure TForm1.BitBtn5Click(Sender: TObject);
begin
StringGrid1.RowCount:=2;
StringGrid1.Rows[1].Clear;
end;procedure TForm1.BitBtn6Click(Sender: TObject);
begin
filter_str:='';
if (ComboBox2.text='') or (ComboBox1.Text='') or (edit1.Text='') then
showmessage('内容不全!') else
if ComboBox1.Text='内容' then
filter_str:=self.ComboBox2.text+self.ComboBox1.Text
else
filter_str:=self.ComboBox2.text+self.ComboBox1.Text+AnsiUpperCase(edit1.Text);end;procedure TForm1.BitBtn4Click(Sender: TObject);
begin
close;
end;procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
cap_ip1.Free;
end;end.
驱动网上的,
这上面有些人很牛的。
去看看吧
比这边专业多了。