1. 首頁
  2. 問答
  3. 如何解碼包數據,數據包分析

如何解碼包數據,數據包分析

2012-07-09 85 views
0

我需要我的項目幫助。我不擅長這一點。這裏是我的服務器接收器。這個編碼是爲物理pc完成的。基本上,物理pc中的這種編碼是從虛擬接收器接收數據包。有用。但不知何故,我在解碼數據包信息方面遇到了問題,而我在這一切中都是小菜鳥。如何解碼包數據,數據包分析

#define HAVE_REMOTE 
#define MAX_BUF_SIZE 1024 
#define snprintf _snprintf 
#define ETH_ALEN 6 
#define IP_ALEN 4 
#define ARP_REQUEST 1 
#define ARP_REPLY 2 

#include <stdlib.h> 
#include <stdio.h> 
#include <winsock2.h> 
#include <pcap.h> 

#pragma comment(lib, "wpcap.lib") 
#pragma comment(lib, "Ws2_32.lib") 


// A sample of the select() return value 
int recvfromTimeOutUDP(SOCKET socket, long sec, long usec) 
{ 
    // Setup timeval variable 
    struct timeval timeout; 
    struct fd_set fds; 

    timeout.tv_sec = sec; 
    timeout.tv_usec = usec; 
    // Setup fd_set structure 
    FD_ZERO(&fds); 
    FD_SET(socket, &fds); 
    // Return value: 
    // -1: error occurred 
    // 0: timed out 
    // > 0: data ready to be read 
    return select(0, &fds, 0, 0, &timeout); 
} 


int main(int argc, char **argv) 
{ 
    WSADATA   wsaData; 
    SOCKET    ReceivingSocket; 
    SOCKADDR_IN  ReceiverAddr; 
    int    Port = 5150; 
    char   ReceiveBuf[6000]; 
    int    BufLength = 6000; 
    SOCKADDR_IN  SenderAddr; 
    int    SenderAddrSize = sizeof(SenderAddr); 
    int    ByteReceived = 5, SelectTiming, ErrorCode; 
    char ch = 'Y'; 

// Initialize Winsock version 2.2 
if(WSAStartup(MAKEWORD(2,2), &wsaData) != 0) 
{ 
    printf("Server: WSAStartup failed with error %ld\n", WSAGetLastError()); 
    return -1; 
} 
else 
     printf("Server: The Winsock DLL status is %s.\n", wsaData.szSystemStatus); 

     // Create a new socket to receive datagrams on. 
     ReceivingSocket = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); 

     if (ReceivingSocket == INVALID_SOCKET) 
     { 
     printf("Server: Error at socket(): %ld\n", WSAGetLastError()); 
     // Clean up 
     WSACleanup(); 
     // Exit with error 
     return -1; 
     } 
     else 
     printf("Server: socket() is OK!\n"); 

     // Set up a SOCKADDR_IN structure that will tell bind that we 
     // want to receive datagrams from all interfaces using port 5150. 

     // The IPv4 family 
     ReceiverAddr.sin_family = AF_INET; 
     // Port no. 5150 
     ReceiverAddr.sin_port = htons(Port); 
     // From all interface (0.0.0.0) 
     ReceiverAddr.sin_addr.s_addr = htonl(INADDR_ANY); 

     // Associate the address information with the socket using bind. 
     // At this point you can receive datagrams on your bound socket. 
     if (bind(ReceivingSocket, (SOCKADDR *)&ReceiverAddr, sizeof(ReceiverAddr)) == SOCKET_ERROR) 
     { 
        printf("Server: bind() failed! Error: %ld.\n", WSAGetLastError()); 
        // Close the socket 
        closesocket(ReceivingSocket); 
        // Do the clean up 
        WSACleanup(); 
        // and exit with error 
        return -1; 
       } 
       else 
       printf("Server: bind() is OK!\n"); 

     // Some info on the receiver side... 
     getsockname(ReceivingSocket, (SOCKADDR *)&ReceiverAddr, (int *)sizeof(ReceiverAddr)); 

     printf("Server: Receiving IP(s) used: %s\n", inet_ntoa(ReceiverAddr.sin_addr)); 
     printf("Server: Receiving port used: %d\n", htons(ReceiverAddr.sin_port)); 
     printf("Server: I\'m ready to receive a datagram...\n"); 

     SelectTiming = recvfromTimeOutUDP(ReceivingSocket, 100, 0); 

     switch (SelectTiming) 
     { 
     case 0: 
      // Timed out, do whatever you want to handle this situation 
      printf("Server: Timeout while waiting for client!...\n"); 
      break; 
     case -1: 
      // Error occurred, maybe we should display an error message? 
      // Need more tweaking here and the recvfromTimeOutUDP()... 
      printf("Server: Some error encountered with code number: %ld\n", WSAGetLastError()); 
      break; 
     default: 
      { 
        while (1) 


        { 
         // Call recvfrom() to get it then display the received data... 
         ByteReceived = recvfrom(ReceivingSocket, ReceiveBuf, BufLength, 
               0, (SOCKADDR *)&SenderAddr, &SenderAddrSize); 
         if (ByteReceived > 0) 
         { 
          printf("\n\nServer: Total Bytes received: %d\n", ByteReceived); 
          printf("Server: The data is \"%s\"\n", ReceiveBuf); 
         } 
         else if (ByteReceived <= 0) 
          printf("Server: Connection closed with error code: %ld\n", 
             WSAGetLastError()); 
         else 
          printf("Server: recvfrom() failed with error code: %d\n", 
            WSAGetLastError()); 

         // Some info on the sender side 
         getpeername(ReceivingSocket, (SOCKADDR *)&SenderAddr, &SenderAddrSize); 
         printf("Server: Sending IP used: %s\n", inet_ntoa(SenderAddr.sin_addr)); 
         printf("Server: Sending port used: %d\n", htons(SenderAddr.sin_port)); 

         printf("TIME -", ReceiveBuf); 
        } 

      } 





     } 



     // When your application is finished receiving datagrams close the socket. 
      printf("Server: Finished receiving. Closing the listening socket...\n"); 
      if (closesocket(ReceivingSocket) != 0) 
       printf("Server: closesocket() failed! Error code: %ld\n", WSAGetLastError()); 
      else 
       printf("Server: closesocket() is OK...\n"); 

     // When your application is finished call WSACleanup. 
     printf("Server: Cleaning up...\n"); 
     if(WSACleanup() != 0) 
      printf("Server: WSACleanup() failed! Error code: %ld\n", WSAGetLastError()); 
     else 
      printf("Server: WSACleanup() is OK\n"); 
     // Back to the system 
     // system("PAUSE"); 
     return 0; 
}

下面是例子,我在我的物理PC CLI獲得。我相信這是從虛擬接收器接收數據包的數據包。我很困惑如何解碼成

時間|發件人Mac地址|目標Mac地址|數據包長度|以太網類型|源地址|目標IP地址

Server: Total Bytes received: 4000 
Server: The data is "Time : 10:32:24.759385 
0050568214540064403a1c000800450000285aeb40007f06b0c4ac10a40bac10f3f3c0990d3d740222860176142f5010054e40620000000000000000" 
Server: Sending IP used: 172.16.243.243 
Server: Sending port used: 59079 


Server: Total Bytes received: 4000 
Server: The data is "Time : 10:32:24.759385 
0050568214540064403a1c000800450000285aeb40007f06b0c4ac10a40bac10f3f3c0990d3d740222860176142f5010054e40620000000000000000" 
Server: Sending IP used: 172.16.243.243 
Server: Sending port used: 59080

如何解碼數據包信息分析?

解碼它,就像這樣。

時間|發件人Mac地址|目標Mac地址|數據包長度|以太網類型|源地址|目標IP地址

來源

2012-07-09 Khein

+0

聽起來像是你不知道接收到的數據包的格式? – ciphor 2012-07-10 15:20:11

+0

@ciphor亞..新的這一點。謝謝,會閱讀關於數據報。 – Khein 2012-07-11 13:17:20

回答

0

您可能將數據寫入字節緩衝區以發送它。接收到數據後,您只需按照您寫入的方式從接收緩衝區讀回數據。我們只能看到您的接收代碼,所以我們只能猜測您發送的內容,但可以舉例說,您將4 x 4字節的整數寫入char緩衝區,然後通過套接字發送。接收代碼將需要做類似

int iData1 = 0; 
    int iData2 = 0; 
    int iData3 = 0; 
    int iData4 = 0; 
    char* szIt = ReceiveBuff;   // set a pointer to start of receive buffer 
    memcpy(&iData1,szIt,sizeof(int); // memcpy first item 
    szIt += sizeof(int);    // point to location in buffer of next item 
    memcpy(&iData2,szIt,sizeof(int); // memcpy second.... 
    szIt += sizeof(int); 

    // Now do the rest of the data items until you have read 
    // everything in the packet

等等的下一個項目。如果你有不同的類型,那麼你需要按照這些類型的大小來增加指針。還有其他的方法可以做同樣的事情,但這會起作用。這樣做時需要考慮的一件非常重要的事情就是您發送和接收的機器的耐心。你可以強制你的數據編寫大型的程序,以便客戶知道並且可以處理它,如果它本身就是一點點的。

重要的是您發送的數據的順序和在客戶端以相同的方式解釋您的字節緩衝區。

希望這有助於

來源

2012-07-09 10:11:38 mathematician1975

+0

嘿!感謝您的提示!我嘗試,但它沒有工作。它沒有收到緩衝區。你有沒有任何例子或這類網站?非常感謝。 – Khein 2012-07-10 05:51:11

+0

如果您沒有收到緩衝區聽起來像問題可能在您的客戶端代碼中。 – mathematician1975 2012-07-10 11:32:35

相關問題

 相關問題