#define ETH_ALEN 6 /* Octets in one ethernet addr */#define ETH_HLEN 14 /* Total octets in header. */#define ETH_ZLEN 60 /* Min. octets in frame sans FCS */#define ETH_DATA_LEN 1500 /* Max. octets in payload */#define ETH_FRAME_LEN 1514 /* Max. octets in frame sans FCS *//* * These are the defined Ethernet Protocol ID's. */#define ETH_P_LOOP 0x0060 /* Ethernet Loopback packet */#define ETH_P_PUP 0x0200 /* Xerox PUP packet */#define ETH_P_PUPAT 0x0201 /* Xerox PUP Addr Trans packet */#define ETH_P_IP 0x0800 /* Internet Protocol packet */#define ETH_P_X25 0x0805 /* CCITT X.25 */#define ETH_P_ARP 0x0806 /* Address Resolution packet */#define ETH_P_BPQ 0x08FF /* G8BPQ AX.25 Ethernet Packet [ NOT AN OFFICIALLY REGISTERED ID ] */#define ETH_P_IEEEPUP 0x0a00 /* Xerox IEEE802.3 PUP packet */#define ETH_P_IEEEPUPAT 0x0a01 /* Xerox IEEE802.3 PUP Addr Trans packet */#define ETH_P_DEC 0x6000 /* DEC Assigned proto */#define ETH_P_DNA_DL 0x6001 /* DEC DNA Dump/Load */#define ETH_P_DNA_RC 0x6002 /* DEC DNA Remote Console */#define ETH_P_DNA_RT 0x6003 /* DEC DNA Routing */#define ETH_P_LAT 0x6004 /* DEC LAT */#define ETH_P_DIAG 0x6005 /* DEC Diagnostics */#define ETH_P_CUST 0x6006 /* DEC Customer use */#define ETH_P_SCA 0x6007 /* DEC Systems Comms Arch */#define ETH_P_RARP 0x8035 /* Reverse Addr Res packet */#define ETH_P_ATALK 0x809B /* Appletalk DDP */#define ETH_P_AARP 0x80F3 /* Appletalk AARP */#define ETH_P_8021Q 0x8100 /* 802.1Q VLAN Extended Header */#define ETH_P_IPX 0x8137 /* IPX over DIX */#define ETH_P_IPV6 0x86DD /* IPv6 over bluebook */#define ETH_P_PPP_DISC 0x8863 /* PPPoE discovery messages */#define ETH_P_PPP_SES 0x8864 /* PPPoE session messages */#define ETH_P_ATMMPOA 0x884c /* MultiProtocol Over ATM */#define ETH_P_ATMFATE 0x8884 /* Frame-based ATM Transport over Ethernet *//* * Non DIX types. Won't clash for 1500 types. */#define ETH_P_802_3 0x0001 /* Dummy type for 802.3 frames */#define ETH_P_AX25 0x0002 /* Dummy protocol id for AX.25 */#define ETH_P_ALL 0x0003 /* Every packet (be careful!!!) */#define ETH_P_802_2 0x0004 /* 802.2 frames */#define ETH_P_SNAP 0x0005 /* Internal only */#define ETH_P_DDCMP 0x0006 /* DEC DDCMP: Internal only */#define ETH_P_WAN_PPP 0x0007 /* Dummy type for WAN PPP frames*/#define ETH_P_PPP_MP 0x0008 /* Dummy type for PPP MP frames */#define ETH_P_LOCALTALK 0x0009 /* Localtalk pseudo type */#define ETH_P_PPPTALK 0x0010 /* Dummy type for Atalk over PPP*/#define ETH_P_TR_802_2 0x0011 /* 802.2 frames */#define ETH_P_MOBITEX 0x0015 /* Mobitex (kaz@cafe.net) */#define ETH_P_CONTROL 0x0016 /* Card specific control frames */#define ETH_P_IRDA 0x0017 /* Linux-IrDA */#define ETH_P_ECONET 0x0018 /* Acorn Econet */typedef signed char int8_t;typedef signed short int16_t;typedef signed int int32_t;typedef unsigned char uint8_t;typedef unsigned short uint16_t;typedef unsigned int uint32_t;struct icmphdr { uint8_t type; /* message type */ uint8_t code; /* type sub-code */ uint16_t checksum; union { struct { uint16_t id; uint16_t sequence; } echo; /* echo datagram */ uint32_t gateway; /* gateway address */ struct { uint16_t __unused; uint16_t mtu; } frag; /* path mtu discovery */ } un;};struct udphdr { /* size 8 28/0x1c with IP header */ uint16_t source; /* offset 0 20/0x14 */ uint16_t dest; /* offset 2 22/0x16 */ uint16_t len; /* offset 4 24/0x18 */ uint16_t check; /* offset 6 26/0x1a */};struct ethhdr { unsigned char h_dest[ETH_ALEN]; /* destination eth addr */ unsigned char h_source[ETH_ALEN]; /* source ether addr */ unsigned short h_proto; /* packet type ID field */};struct iphdr { /* size 20/0x14 */#if __BYTE_ORDER == __LITTLE_ENDIAN unsigned int ihl:4, version:4; /* offset 0; version=ip version (4) */#else unsigned int version:4, ihl:4; /* offset 0; ihl=ip header length, measured in words (5) */#endif unsigned char tos; /* offset 1 */ unsigned short tot_len; /* offset 2; total bytes in packet in network byte order */ unsigned short id; /* offset 4 */ unsigned short frag_off; /* offset 6 */ unsigned char ttl; /* offset 8 */ unsigned char protocol; /* offset 9; 1=ICMP, 6=TCP, 17=UDP (see netinet/in.h) */ unsigned short check; /* offset 10/0xa */ unsigned int saddr; /* offset 12/0xc */ unsigned int daddr; /* offset 16/0x10 */ /*The options start here. */};struct tcphdr { /* size 20/0x14 40/0x28 with IP header */ uint16_t source; /* offset 0 20/0x14 */ uint16_t dest; /* offset 2 22/0x16 */ uint32_t seq; /* offset 4 24/0x18 */ uint32_t ack_seq; /* offset 8 28/0x1c */#if __BYTE_ORDER == __LITTLE_ENDIAN uint16_t res1:4, doff:4, fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1;#else uint16_t doff:4, res1:4, cwr:1, ece:1, urg:1, ack:1, psh:1, rst:1, syn:1, fin:1;#endif /* offset 12/0xc 32/0x20 */ uint16_t window; /* offset 14/0xe 34/0x22 */ uint16_t check; /* offset 16/0x10 36/0x24 */ uint16_t urg_ptr; /* offset 18/0x12 38/0x26 */};
ethhdr *eth;void sniffFunc(u_char *foo, const struct pcap_pkthdr *header, const u_char *data){ eth=(ethhdr *)data; numbPacket+=header->len; myLabel->setText(QString::number(numbPacket)); if (ntohs(eth->h_proto) == ETH_P_IP)// это IP пакет, обрабатываем { iphdr *ip=(struct iphdr *)(data+sizeof(struct ethhdr)); if (ip->protocol== IPPROTO_TCP)// TCP { myLabelProt->setText("TCP"); } else if (ip->protocol== IPPROTO_UDP)// UDP { } }}
C++ (Qt)qDebug() << sizeof( iphdr ) << offsetof( iphdr, protocol );
C++ (Qt)#pragma pack( push, 1 )struct ... { ...};#pargma pack( pop )
struct iphdr { /* size 20/0x14 */#if __BYTE_ORDER == __LITTLE_ENDIAN unsigned int ihl:4, version:4; /* offset 0; version=ip version (4) */#else unsigned int version:4, ihl:4; /* offset 0; ihl=ip header length, measured in words (5) */#endif unsigned char tos; /* offset 1 */ unsigned short tot_len; /* offset 2; total bytes in packet in network byte order */ unsigned short id; /* offset 4 */ unsigned short frag_off; /* offset 6 */ unsigned char ttl; /* offset 8 */ unsigned char protocol; /* offset 9; 1=ICMP, 6=TCP, 17=UDP (see netinet/in.h) */ unsigned short check; /* offset 10/0xa */ unsigned int saddr; /* offset 12/0xc */ unsigned int daddr; /* offset 16/0x10 */ /*The options start here. */};
C++ (Qt)uint8_t ihl:4, version:4;
