- 论坛徽章:
- 0
|
我现在在做一个网络包的统计程序,现在碰到的问题就是如何根据一种格式化信息输出来判断网络包是不是在内网包?
我现在想的就是一个算法,但不会用C来实现,因为字符串操作不行,但算法也要请大家看看对不对。
内网都是以10.27开头.我在程序里定义了两个字符串数组来记录地址,ipfrom[255], ipto[255]。
现在就是想,如果ipfrom[]和ipto[]的第一个元素就是字母的话,都是内网包,这些都是ARP包,多播包和特殊包,in_count就加1
else if ipfrom[] 和 ipto[]都是以10.27开头的,也都是内网包。in_count加1
esle if ipfrom[]是10.27开头的,但ipto[]是以224.0或239.255开头的,也是内网包。in_count加1 // 因为是SSDP 和OSPF的包
只有像这样的,10.27.0.5 -> 12.153.204.71 , 75.66.20.135 -> 10.27.0.14 才是外网包,out_count加1。然后printf出来ipfrom[]和ipto[]
请问,有没有人能按我的说法给出可用的程序。很急啊。
以下是这种固定格式的网络包信息输出,格式就是这种,第一个是时间,第二个和第三个是地址信息,源和目的地。第四个是协议名,第五个是相关的信息。每一个之间都是用空格隔开的。
0.000000 10.27.2.181 -> 10.27.255.255 SMB_NETLOGON SAM LOGON request from client
0.000281 10.27.2.8 -> 10.27.255.255 BROWSER Browser Election Request
0.076037 10.27.0.1 -> 224.0.0.5 OSPF Hello Packet
0.097587 10.27.0.5 -> 12.153.204.71 VNC Server protocol version: \001O\002%\000\f\000
0.252197 12.153.204.71 -> 10.27.0.5 VNC [Malformed Packet]
0.252302 10.27.0.5 -> 12.153.204.71 TCP 5901 > 50219 [ACK] Seq=29 Ack=11 Win=46 Len=0
0.353975 75.66.20.135 -> 10.27.0.14 TCP ttcmremotectrl > ssh [ACK] Seq=1 Ack=1 Win=16356 Len=0
0.354103 10.27.0.14 -> 75.66.20.135 SSH Encrypted response packet len=68
0.698544 10.27.0.5 -> 12.153.204.71 VNC Client protocol version: \001O\002%\000\f\000
0.850785 12.153.204.71 -> 10.27.0.5 VNC Security types supported
0.850885 10.27.0.5 -> 12.153.204.71 TCP 5901 > 50219 [ACK] Seq=57 Ack=21 Win=46 Len=0
0.941586 75.66.20.135 -> 10.27.0.14 TCP ttcmremotectrl > ssh [ACK] Seq=1 Ack=69 Win=16288 Len=0
1.123317 IntelCor_56:5b:a1 -> Broadcast ARP Who has 10.27.2.166? Tell 10.27.2.12
1.298375 10.27.0.5 -> 12.153.204.71 VNC Authentication type selected by client
1.450877 12.153.204.71 -> 10.27.0.5 VNC Authentication type selected by client
1.450981 10.27.0.5 -> 12.153.204.71 TCP 5901 > 50219 [ACK] Seq=85 Ack=31 Win=46 Len=0
1.899372 10.27.0.5 -> 12.153.204.71 VNC Authentication type selected by client
2.050932 12.153.204.71 -> 10.27.0.5 VNC Authentication type selected by client
2.051020 10.27.0.5 -> 12.153.204.71 TCP 5901 > 50219 [ACK] Seq=113 Ack=41 Win=46 Len=0
2.258413 10.27.2.82 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
2.258496 10.27.2.82 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
2.258679 10.27.2.82 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
2.258739 10.27.2.82 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
2.258921 10.27.2.82 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
2.258987 10.27.2.82 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1 |
|