@xunuo
2017-11-20T20:11:01.000000Z
字数 1399
阅读 1139
网络数据包分析
怎么计算比较容易看懂的博客:
http://www.cnblogs.com/RodYang/p/3265515.html
具体有哪些字段比较容易看懂的博客:
http://blog.csdn.net/zhangskd/article/details/11770647
代码比较容易懂的博客:
http://blog.csdn.net/u013005025/article/details/52870857
-psd_header
struct psd_header{
unsigned long saddr; //源地址
unsigned long daddr; //目的地址
char mbz;//置空
char ptcl; //协议类型
unsigned short tcpl; //TCP长度
};
/*计算tcp校验和*/
u_short get_checksum(u_char* pudp_pkt, int pkt_len)
{
/*pudp_pkt表示整个数据包的数据(packet_content),pkt_len为除以太网首部的长度。*/
ip_header *ip_hdr = (ip_header*)(pudp_pkt + sizeof(ether_header));
tcphdr *tcp_hdr = (tcphdr*)((char*)ip_hdr + sizeof(ip_header));
psd_header psdheader;
/*tcp伪头部中的len: =tcp包头长度+数据长度(数据包总长度-ethernet包头长度-ip包头长度);*/
u_short tcp_len = pkt_len - sizeof(ip_header);
psdheader.ptcl = ip_hdr->ip_protocol;
psdheader.daddr = ip_hdr->daddr;
psdheader.saddr = ip_hdr->saddr;
psdheader.mbz = 0x00;
psdheader.tcpl = htons(tcp_len);
tcp_hdr->check = 0x0000;//预置tcp校验和为0;
int psdlen = sizeof(psd_header);
int buf_size = tcp_len + psdlen;// 亚包头 + udp包头 + 数据部分的总长度
if (pkt_len < buf_size)
return 0;
u_char* buffer = (u_char*)malloc(buf_size);
memset(buffer, 0x00, buf_size);
memcpy(buffer, (char*)&psdheader, psdlen);
memcpy(buffer + psdlen, (char*)tcp_hdr, tcp_len);
unsigned char* ptr_data = buffer;
u_long tmp = 0;
u_long sum = 0;
for (int i = 0; i<buf_size; i += 2)
{
tmp += (u_char)ptr_data[i] << 8;
tmp += (u_char)ptr_data[i + 1];
sum += tmp;
tmp = 0;
}
u_short lWord = sum & 0x0000FFFF;
u_short hWord = sum >> 16;
u_short checksum = lWord + hWord;
checksum = ~checksum;
return checksum;
}