//?ResPro.cpp?:?Defines?the?entry?point?for?the?console?application.
//

#include?“stdafx.h“
#include?“ResPro.h“

int?IPNum?=?0;
int?ARPNum?=?0;
int?TCPNum?=?0;
int?UDPNum?=?0;
int?ICMPNum?=?0;
/*
=======================================================================================================================
下面是分析TCP協議的函數其定義方式與回調函數相同
=======================================================================================================================
?*/
void?tcp_protocol_packet_callback（u_char?*argument?const?struct?pcap_pkthdr?*packet_header?const?u_char?*packet_content）
{
	++TCPNum;
	char?*data;
????struct?tcp_header?*tcp_protocol;
????/*?TCP協議變量?*/
????u_char?flags;
????/*?標記?*/
????int?header_length;
????/*?長度?*/
????u_short?source_port;
????/*?源端口?*/
????u_short?destination_port;
????/*?目的端口?*/
????u_short?windows;
????/*?窗口大小?*/
????u_short?urgent_pointer;
????/*?緊急指針?*/
????u_int?sequence;
????/*?序列號?*/
????u_int?acknowledgement;
????/*?確認號?*/
????u_int16_t?checksum;
????/*?校驗和?*/
????tcp_protocol?=?（struct?tcp_header*）（packet_content?+?14+20）;
????/*?獲得TCP協議內容?*/
????source_port?=?ntohs（tcp_protocol->tcp_source_port）;
????/*?獲得源端口?*/
????destination_port?=?ntohs（tcp_protocol->tcp_destination_port）;
????/*?獲得目的端口?*/
????header_length?=?tcp_protocol->tcp_offset?*4;
????/*?長度?*/
????sequence?=?ntohl（tcp_protocol->tcp_sequence_lliiuuwweennttaaoo）;
????/*?序列碼?*/
????acknowledgement?=?ntohl（tcp_protocol->tcp_acknowledgement）;
????/*?確認序列碼?*/
????windows?=?ntohs（tcp_protocol->tcp_windows）;
????/*?窗口大小?*/
????urgent_pointer?=?ntohs（tcp_protocol->tcp_urgent_pointer）;
????/*?緊急指針?*/
????flags?=?tcp_protocol->tcp_flags;
????/*?標識?*/
????checksum?=?ntohs（tcp_protocol->tcp_checksum）;
????/*?校驗和?*/
????printf（“-------??TCP協議???-------\n“）;
????printf（“源端口號:%d\n“?source_port）;
????printf（“目的端口號:%d\n“?destination_port）;
????switch?（destination_port）
????{
????????case?80:
????????????printf（“上層協議為HTTP協議\n“）;
????????????break;
????????case?21:
????????????printf（“上層協議為FTP協議\n“）;
????????????break;
????????case?23:
????????????printf（“上層協議為TELNET協議\n“）;
????????????break;
????????case?25:
????????????printf（“上層協議為SMTP協議\n“）;
????????????break;
????????case?110:
????????????printf（“上層協議POP3協議\n“）;
????????????break;
????????default:
????????????break;
????}
????printf（“序列碼:%u\n“?sequence）;
????printf（“確認號:%u\n“?acknowledgement）;
????printf（“首部長度:%d\n“?header_length）;
????printf（“保留:%d\n“?tcp_protocol->tcp_reserved）;
????printf（“標記:“）;
????if?（flags?&0x08）
????????printf（“PSH?“）;
????if?（flags?&0x10）
????????printf（“ACK?“）;
????if?（flags?&0x02）
????????printf（“SYN?“）;
????if?（flags?&0x20）
????????printf（“URG?“）;
????if?（flags?&0x01）
????????printf（“FIN?“）;
????if?（flags?&0x04）
????????printf（“RST?“）;
????printf（“\n“）;
????printf（“窗口大小:%d\n“?windows）;
????printf（“校驗和:%d\n“?checksum）;
????printf（“緊急指針:%d\n“?urgent_pointer）;

	data?=?（c

?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----

?????文件???????2700??2010-09-25?23:09??ResPro\TastMain.cpp

?????文件??????56832??2010-09-25?23:09??ResPro\ResPro.opt

?????文件???????2136??2010-09-25?21:25??ResPro\ResPro.h

?????文件????????769??2010-09-23?15:05??ResPro\StdAfx.h

?????文件????????293??2010-09-23?15:05??ResPro\StdAfx.cpp

?????文件???????4766??2010-09-24?23:10??ResPro\ResPro.dsp

?????文件???????1208??2010-09-23?15:05??ResPro\ReadMe.txt

?????文件??????19519??2010-09-25?23:06??ResPro\ResPro.cpp

?????文件????????639??2010-09-25?23:06??ResPro\out.pcap

?????文件???????3168??2010-09-25?21:01??ResPro\Reference\日志.txt

?????文件????????537??2010-09-23?15:05??ResPro\ResPro.dsw

?????文件??????82944??2010-09-25?23:09??ResPro\ResPro.ncb

?????文件???????1484??2010-09-25?23:09??ResPro\ResPro.plg

?????文件???????4587??2010-09-23?15:22??ResPro\ProHeader.h

?????目錄??????????0??2010-09-25?23:09??ResPro\Reference

?????目錄??????????0??2010-09-23?15:05??ResPro

-----------?---------??----------?-----??----

???????????????181582????????????????????16