Qt开发网络嗅探器03

数据包分析

想要知道如何解析IP数据包，就要知道不同的IP数据包的包头结构，于是我们上⽹查查资料：

以太网数据包

ARP数据包

IPv4

IPv6

TCP

UDP

ICMP

ICMPv6

根据以上数据包头结构，我们就有了我们的protocol.h文件，声明各种数据包：

#ifndef PROTOCOL_H
#define PROTOCOL_H
#define HAVE_REMOTE
#define PROTO_ICMP 1
#define PROTO_TCP 6
#define PROTO_UDP 17
#include <iostream>
#include <QObject>
#include "_bsd_types.h"
#include "pcap.h"
using namespace std;
//IPV4
typedef struct ip_address{u_char byte1;u_char byte2;u_char byte3;u_char byte4;
}ip_address;typedef struct ipv6_address
{u_char byte1;u_char byte2;u_char byte3;u_char byte4;u_char byte5;u_char byte6;u_char byte7;u_char byte8;
}ipv6_address;typedef struct ipv4_header{u_char ver_ihl;u_char tos;u_short tlen;u_short Identification;u_short flags_fo;u_char ttl;u_char proto;u_short crc;ip_address srcaddr;ip_address dstaddr;u_int op_pad;
}ipv4_header;typedef struct ipv6_header{u_int ver:4,flowtype:8,flowtip:20;u_short len;u_char pnext;u_char lim;ipv6_address srcaddr;ipv6_address dstaddr;
}ipv6_header;typedef struct tcp_header{u_short srcport;u_short dstport;u_int seq;u_int ack_seq;u_short resl:4,doff:4,fin:1,syn:1,pst:1,psh:1,ack:1,urg:1,ece:1,cwr:1;u_short window;u_short check;u_short urg_ptr;u_int opt;
}tcp_header;typedef struct udp_header{u_short srcport;u_short dstport;u_short tlen;u_short crc;
}udp_header;typedef struct icmp_header{u_char type;u_char code;u_char seq;u_char crc;
}icmp_header;typedef struct icmp6_header{u_char type;u_char code;u_char seq;u_char crc;u_char op_type;u_char op_len;u_char op_ethaddr[6];
}icmp6_header;typedef struct pkg_count{int n_tcp;int n_udp;int n_icmp;int n_icmp6;int n_http;int n_arp;int n_ipv4;int n_ipv6;int n_other;int n_ttl;
}pkg_count;typedef struct arp_header{u_short hardware;u_short proto;u_char ml;u_char ipl;u_short opt;u_char sm[6];ip_address sip;u_char dm[6];ip_address dip;
}arp_hearder;typedef struct eth_header{u_char smac[6];u_char dmac[6];u_short type;
}eth_header;typedef struct pkg_data
{QString pkgtype;int time[6];int len;eth_header *ethh;ipv4_header *ipv4h;ipv6_header *ipv6h;arp_header *arph;udp_header *udph;tcp_header *tcph;icmp_header *icmph;icmp6_header *icmp6;void *apph;}pkg_data;#endif // PROTOCOL_H

再对数据包的结构进行了解后，我们就需要对这些包进行解析，所以我们需要一个packettools类，里面用静态函数写出包的解析，供我们在别的地方调用：

#ifndef PACKETTOOLS_H
#define PACKETTOOLS_H
#include <QObject>
#include <QTextEdit>
#include "protocol.h"
#include "iostream"using namespace std;class PacketTools
{
public:static int unpcak_Frame(const u_char *pkg,pkg_data *data,pkg_count *pkgCnts);static int unpcak_Arp(const u_char *pkg,pkg_data *data,pkg_count *pkgCnts);static int unpack_Ip(const u_char *pkg,pkg_data *data,pkg_count *pkgCnts);static int unpack_Ipv6(const u_char *pkg,pkg_data *data,pkg_count *pkgCnts);static int unpack_Icmp(const u_char *pkg,pkg_data *data,pkg_count *pkgCnts);static int unpack_Icmp6(const u_char *pkg,pkg_data *data,pkg_count *pkgCnts);static int unpack_Tcp(const u_char *pkg,pkg_data *data,pkg_count *pkgCnts);static int unpack_Udp(const u_char *pkg,pkg_data *data,pkg_count *pkgCnts);static int pack_Print(u_char *pkg,int size,QTextEdit *edit);
};#endif // PACKETTOOLS_H

主要一点就是要知道父类数据包的type字段对子类数据包的分类，然后将数据包拷贝储存到全局容器里面。