1、pcap_if,和pcap_if_t是一样的/* * Item in a list of interfaces. */struct pcap_if { struct pcap_if *next; char *name; /* name to hand to "pcap_open_live()" */ char *description; /* textual description of interface, or NULL */ struct pcap_addr *addresses; bpf_u_int32 ...
printf("Address:%s\n",iptos(((struct sockaddr_in *)a->addr)->sin_addr.s_addr)); } if (a->netmask){ printf("\tNetmask: %s\n",iptos(((struct sockaddr_in *)a->netmask)->sin_addr.s_addr)); } if (a->broadaddr){ printf("\tBroadcast Address: %s\n",iptos(((struct sockadd...
Descriptor of an open capture instance(一个打开的捕获实例的描述符?)这个结构对用户是不透明的。 3)、typedef pcap_dumper pcap_dumper_t libpcap保存文件的描述符。 4)、typedef pcap_if pcap_if_t 网卡链表的一个元素; 5)、typedef pcap_addr pcap_addr_t 网卡地址的表示; 6)、typedef void (*pcap_h...
/* checksum */ struct in_addr ip_src,ip_dst; /* source and dest address */ }; #define IP_HL(ip) (((ip)->ip_vhl) & 0x0f) #define IP_V(ip) (((ip)->ip_vhl) >> 4) /* TCP header */ typedef u_int tcp_seq; struct sniff_tcp { u_short th_sport; /* source port *...
pcap_addr * next 指向下一个地址的指针 sockaddr * addr IP地址 sockaddr * netmask 子网掩码 sockaddr * broadaddr 广播地址 sockaddr * dstaddr 目的地址 */ pcap_addr_t *a; //网络适配器的地址用来存储变量 for(a = d->addresses;a;a = a->next){ ...
(AF_INET, &ipHeader->daddr, dest_ip, INET_ADDRSTRLEN);printf("Received TCP SYN packet from %s:%u to %s:%u\n",source_ip, ntohs(tcpHeader->source),dest_ip, ntohs(tcpHeader->dest));}}}int main2(int argc, char *argv[]){char *dev, errbuf[PCAP_ERRBUF_SIZE];dev = pcap_lookupdev...
("check: %x\n", ip->check);50addr.s_addr = ip->saddr;51printf("saddr: %s\n", inet_ntoa(addr));52addr.s_addr = ip->daddr;53printf("daddr: %s\n", inet_ntoa(addr));54}5556/*Display TCP Header*/57voidshow_tcphdr(structtcphdr *tcp)58{59printf("---tcp---\n");60prin...
// IP datagram checksumstruct in_addr iph_sourceip;// Source IP addressstruct in_addr iph_destip;// Destination IP address};struct tcphdr{unsigned short sport;// 源端口unsigned short dport;// 目标端口unsigned int seq;// 序列号unsigned int ack_seq;// 确认号unsigned char len;// 首部...
pcap _ addr *地址;指向网卡地址链中的第一个元素。u_int标志;PCAP中频网卡标志。目前,唯一可用的标识符是PCAP _中频_回望,用于识别网卡是否回望。转储文件中的struc 11、t cap _ pkthdr/*头*/struct time val ts;/*时间戳*/bpf _ u _ int 32 cap len;/*存在部分的长度*/bpf _ u _ int 32 len;...