#define _XKEYCHECK_H #define HAVE_REMOTE #include "pcap.h" #include "remote-ext.h" #include <winsock2.h> #include <string.h> #include <iostream> #pragma comment(lib, "wpcap.lib") #pragma comment(lib, "Ws2_32.lib") using namespace std; void dispatcher_handler(u_char *, const struct pcap_pkthdr *, const u_char *); int main(int argc, char **argv) { pcap_t *fp; char errbuf[PCAP_ERRBUF_SIZE]; struct timeval st_ts; u_int netmask; struct bpf_program fcode; pcap_if_t *alldevs; pcap_if_t *d; int inum; int i=0; pcap_t *adhandle; char packet_filter[] = "ip and udp"; /* 获得设备列表 */ if (pcap_findalldevs(&alldevs, errbuf) == -1) { fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf); exit(1); } /* 打印列表 */ for(d=alldevs; d; d=d->next) { printf("%d. %s", ++i, d->name); if (d->description) printf(" (%s)\n", d->description); else printf(" (No description available)\n"); } if(i==0) { printf("\nNo interfaces found! Make sure WinPcap is installed.\n"); return -1; } printf("Enter the interface number (1-%d):",i); scanf("%d", &inum); if(inum < 1 || inum > i) { printf("\nInterface number out of range.\n"); /* 释放设备列表 */ pcap_freealldevs(alldevs); return -1; } /* 跳转到已选设备 */ for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++); /* 打开输出适配器 */ if ( (fp= pcap_open(d->name, 100, PCAP_OPENFLAG_PROMISCUOUS, 1000, NULL, errbuf) ) == NULL) { fprintf(stderr,"\nUnable to open adapter %s.\n", errbuf); return 0; } /* 不用关心掩码,在这个过滤器中,它不会被使用 */ netmask=0xffffff; // 编译过滤器 if (pcap_compile(fp, &fcode, "ip and udp", 1, netmask) <0 ) { fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n"); /* 释放设备列表 */ return 0; } //设置过滤器 if (pcap_setfilter(fp, &fcode)<0) { fprintf(stderr,"\nError setting the filter.\n"); pcap_close(fp); /* 释放设备列表 */ return 0; } /* 将接口设置为统计模式 */ if (pcap_setmode(fp, MODE_STAT)<0) { fprintf(stderr,"\nError setting the mode.\n"); pcap_close(fp); /* 释放设备列表 */ return 0; } printf("TCP traffic summary:\n"); /* 开始主循环 */ pcap_loop(fp, 0, dispatcher_handler, (PUCHAR)&st_ts); pcap_close(fp); return 0; } void dispatcher_handler(u_char *state, const struct pcap_pkthdr *header, const u_char *pkt_data) { struct timeval *old_ts = (struct timeval *)state; u_int delay; LARGE_INTEGER Bps,Pps; struct tm *ltime; char timestr[16]; time_t local_tv_sec; /* 以毫秒计算上一次采样的延迟时间 */ /* 这个值通过采样到的时间戳获得 */ delay=(header->ts.tv_sec - old_ts->tv_sec) * 1000000 - old_ts->tv_usec + header->ts.tv_usec; /* 获取每秒的比特数b/s */ Bps.QuadPart=(((*(LONGLONG*)(pkt_data + 8)) * 8 * 1000000) / (delay)); /* ^ ^ | | | | | | 将字节转换成比特 -- | | 延时是以毫秒表示的 -- */ /* 得到每秒的数据包数量 */ Pps.QuadPart=(((*(LONGLONG*)(pkt_data)) * 1000000) / (delay)); /* 将时间戳转化为可识别的格式 */ local_tv_sec = header->ts.tv_sec; ltime=localtime(&local_tv_sec); strftime( timestr, sizeof timestr, "%H:%M:%S", ltime); /* 打印时间戳*/ printf("%s ", timestr); /* 打印采样结果 */ printf("BPS=%I64u ", Bps.QuadPart); printf("PPS=%I64u\n", Pps.QuadPart); //存储当前的时间戳 old_ts->tv_sec=header->ts.tv_sec; old_ts->tv_usec=header->ts.tv_usec; } void usage() { printf("\nShows the TCP traffic load, in bits per second and packets per second.\nCopyright (C) 2002 Loris Degioanni.\n"); printf("\nUsage:\n"); printf("\t tcptop adapter\n"); printf("\t You can use \"WinDump -D\" if you don't know the name of your adapters.\n"); exit(0); }
winpcap-收集并统计网络流量
猜你喜欢
转载自www.cnblogs.com/almn/p/11302906.html
今日推荐
周排行