我想读取pcap文件并获取流的数据包头信息...
为此,我找到了一个来自http://www.cnblogs.com/xiangshancuizhu/archive/2012/10/14/2723654.html的C++程序,该程序读取pcap文件并具有头指针,该指针仅指向头的长度,但是我想访问头的其他特性,比如syn、fin、ack、seq no等。下面是我的代码,请问如何实现?
char errbuff[PCAP_ERRBUF_SIZE];
/*
* Step 4 - Open the file and store result in pointer to pcap_t
*/
// Use pcap_open_offline
// http://www.winpcap.org/docs/docs_41b5/html/group__wpcapfunc.html#g91078168a13de8848df2b7b83d1f5b69
pcap_t * pcap = pcap_open_offline(file.c_str(), errbuff);
/*
* Step 5 - Create a header and a data object
*/
// Create a header object:
// http://www.winpcap.org/docs/docs_40_2/html/structpcap__pkthdr.html
struct pcap_pkthdr *header;
// Create a character array using a u_char
// u_char is defined here:
// C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Include\WinSock2.h
// typedef unsigned char u_char;
const u_char *data;
/*
* Step 6 - Loop through packets and print them to screen
*/
u_int packetCount = 0;
while (int returnValue = pcap_next_ex(pcap, &header, &data) >= 0)
{
// Print using printf. See printf reference:
// http://www.cplusplus.com/reference/clibrary/cstdio/printf/
// Show the packet number
printf("Packet # %i\n", ++packetCount);
// Show the size in bytes of the packet
printf("Packet size: %d bytes\n", header->len);
头部(header)是一个像这样的结构:
struct pcap_pkthdr {
struct timeval ts; /* time stamp */
bpf_u_int32 caplen; /* length of portion present */
bpf_u_int32 len; /* length this packet (off wire) */
};
我希望这个结构有更多的成员,我该怎么做? 非常感谢。