来源:https://blog.csdn.net/mincheat/article/details/78180656
cap , pcap文件结构(解析),网上多得是,这里就不写了。 写这个,主要是工作中正好需要大量的ipv6数据包,但是ipv6数据包不太好找,干脆就直接写个简单的工具,把ipv4转成对应的ipv6,可用于测试。
cpp代码:
// Ipv4ToIpv6_pCap.cpp : 定义控制台应用程序的入口点。 // #include "stdafx.h" #include <windows.h>#define DLT_EN10MB 1struct pcap_file_header {UINT32 magic;UINT16 version_major;UINT16 version_minor;UINT32 thiszone; /* gmt to local correction */UINT32 sigfigs; /* accuracy of timestamps */UINT32 snaplen; /* max length saved portion of each pkt */UINT32 linktype; /* data link type (LINKTYPE_*) */ };struct pcap_pkthdr {struct timeval ts; /* time stamp */UINT32 caplen; /* length of portion present */UINT32 len; /* length this packet (off wire) */ };struct EthernetPacket {char MacDst[6]; ///< 目的网卡物理地址 char MacSrc[6]; ///< 源网卡物理地址 unsigned short PacketType; ///< 包类型, ip或ARP等 };struct PKT_IP {UINT8 uHeaderLen:4;UINT8 uVersion:4;UINT8 uServType;UINT16 uTotalLen;UINT16 uIdent;UINT16 uFragOffset;UINT8 uTTL;UINT8 uProtocol;UINT16 uCheckSum;UINT32 addSrc;UINT32 addDst; };struct PKT_IPV6 {union{UINT32 Vfc;struct{UINT8 uClass:4;UINT8 uVersion:4;};};UINT16 uPayloadLength;UINT8 uNextHeader;UINT8 uHopLimit;UINT8 addrSrc[16];UINT8 addrDst[16]; };inline UINT16 NTOH16(const UINT16& nData) {return ((nData & 0xFF00) >> 8) | ((nData & 0x00FF) << 8); }inline UINT32 NTOH32(const UINT32& nData) {return ((nData & 0xFF000000) >> 24)| ((nData & 0x00FF0000) >> 8)| ((nData & 0x0000FF00) << 8)| ((nData & 0x000000FF) << 24); }int _tmain(int argc, char* argv[]) {if (argc != 3){printf("arg: inputfile, outputfile! \n");//getchar();return -1;}FILE* pFileIn = fopen(argv[1], "rb");FILE* pFileOut = fopen(argv[2], "wb");bool bSucces = false;do {if (NULL == pFileIn || NULL == pFileOut){printf("open file fail \n");break;}pcap_file_header fileheader;memset(&fileheader, 0, sizeof(pcap_file_header));fread(&fileheader, 1, sizeof(fileheader), pFileIn);if (DLT_EN10MB != fileheader.linktype){printf("only support enthernet catch packets! \n");break;}fwrite(&fileheader, 1, sizeof(fileheader), pFileOut);pcap_pkthdr pkHdr;UINT32 packetTotalCount = 0;UINT32 packetTran = 0;UINT8 packetBuffer[5*1024] = {};do {if (sizeof(pkHdr) == fread(&pkHdr, 1, sizeof(pkHdr), pFileIn)){if (pkHdr.caplen != pkHdr.len){// add //printf("pkHdr.caplen != pkHdr.len packetNum = %d \n", packetTotalCount+1); }if (pkHdr.caplen == fread(packetBuffer, 1, pkHdr.caplen, pFileIn) && pkHdr.caplen > sizeof(EthernetPacket)){EthernetPacket* pEPacket = (EthernetPacket*)packetBuffer;if (0x08 == pEPacket->PacketType) // ipv4 {// PKT_IP* pIpHdr = (PKT_IP*)(packetBuffer + sizeof(EthernetPacket));pIpHdr->uTotalLen = NTOH16(pIpHdr->uTotalLen);if (pkHdr.caplen < pIpHdr->uTotalLen + sizeof(EthernetPacket)) // 后面有可能会有补的数据,所以caplen可以会大于后面的值 {printf("len error! packetNum = %d \n", packetTotalCount+1);break;}pEPacket->PacketType = 0xDD86;PKT_IPV6 pktIpv6Hdr;memset(&pktIpv6Hdr, 0, sizeof(pktIpv6Hdr));pktIpv6Hdr.uVersion = 6;//pktIpv6Hdr.Vfc = CSNTOH32(pktIpv6Hdr.Vfc); UINT16 paylen = pIpHdr->uTotalLen - pIpHdr->uHeaderLen*4;pktIpv6Hdr.uPayloadLength = NTOH16(paylen);pktIpv6Hdr.uNextHeader = pIpHdr->uProtocol;pktIpv6Hdr.uHopLimit = pIpHdr->uTTL;memcpy(pktIpv6Hdr.addrSrc+12, &(pIpHdr->addSrc), 4);memcpy(pktIpv6Hdr.addrDst+12, &(pIpHdr->addDst), 4);pkHdr.caplen = sizeof(EthernetPacket) + sizeof(PKT_IPV6) + paylen;pkHdr.len = pkHdr.caplen;fwrite(&pkHdr, 1, sizeof(pkHdr), pFileOut); // 写pack headerfwrite(pEPacket, 1, sizeof(EthernetPacket), pFileOut); // 写etherfwrite(&pktIpv6Hdr, 1, sizeof(PKT_IPV6), pFileOut); // 写ipv6头UINT8* pOtherData = packetBuffer + sizeof(EthernetPacket) + pIpHdr->uHeaderLen*4;fwrite(pOtherData, 1, paylen, pFileOut); // 写剩下的数据 packetTran++;}else{// 其他包,直接写入fwrite(&pkHdr, 1, sizeof(pkHdr), pFileOut);fwrite(packetBuffer, 1, pkHdr.caplen, pFileOut);}}else{printf("read packet caplen less packetNum = %d \n", packetTotalCount+1);break;}packetTotalCount++;}else{if (feof(pFileIn)){//printf("read end! \n");bSucces = true;}else{printf("Read less data! packetTotalCount = %d \n", packetTotalCount);}break;}} while (true/*!feof(pFileIn)*/);printf("totalPacket = %d, transPacket = %d\n", packetTotalCount, packetTran);} while (false);if (pFileIn){fclose(pFileIn);}if (pFileOut){fclose(pFileOut);}if (!bSucces){printf("Process %s fail! \n", argv[1]);DeleteFileA(argv[2]);}//getchar();//pcap_file_headerreturn 0; }
另外还有个批处理文件 .bat
@echo off ::cd %~dp0 set inputFolder=E:\work\vsproject\Ipv4ToIpv6_pCap\Debug set outPutFolder=E:\work\vsproject\Ipv4ToIpv6_pCap\Debug\newFolder set exepath=E:\work\vsproject\Ipv4ToIpv6_pCap\Debug\Ipv4ToIpv6_pCap.exe set suffix=_ipv6.capfor /f "delims=\" %%s in ('dir /b /a-d /o-d %inputFolder%\*.pcap,*.cap') do (echo -------------handle filename = %%s ------------%exepath% %inputFolder%\%%s %outPutFolder%\%%s%suffix% )pause