
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


<HTML><HEAD>


<META http-equiv=Content-Type content="text/html; charset=gb2312">


<META content="MSHTML 6.00.5346.5" name=GENERATOR></HEAD>


<BODY>


<DIV><FONT face=Verdana><FONT size=2>Hello,could you help me for this code?I'll 


be crazy!!It workd yesterday noon.</FONT></FONT></DIV>


<DIV><FONT face=Verdana><FONT size=2>But in afternoon,I did some change,it can't 


capture any IP Protocol packets.</FONT></FONT></DIV>


<DIV><FONT face=Verdana><FONT size=2>I don't know if I did the wrong judge at 


decoding ethernet packets.when it run,</FONT></FONT></DIV>


<DIV><FONT face=Verdana size=2>the protocol number is very strange.</FONT></DIV>


<DIV><FONT face=Verdana size=2></FONT>&nbsp;</DIV>


<DIV><FONT face=Verdana size=2>you can also see <A 


href="http://www.icylife.net/simple_capture.cpp">http://www.icylife.net/simple_capture.cpp</A></FONT></DIV>


<DIV><FONT face=Verdana size=2></FONT>&nbsp;</DIV>


<DIV>#include &lt;stdio.h&gt;<BR>#include &lt;winsock2.h&gt;<BR>#include 


&lt;iphlpapi.h&gt;<BR>#include "../WpdPack/Include/packet32.h"</DIV>


<DIV>&nbsp;</DIV>


<DIV>#define DEBUG</DIV>


<DIV>&nbsp;</DIV>


<DIV>#define 


ETH_IP&nbsp;&nbsp;&nbsp;0x0800&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//IP 


Protocol<BR>#define 


ETH_ARP&nbsp;&nbsp;&nbsp;0x0806&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//ARP 


Protocol</DIV>


<DIV>&nbsp;</DIV>


<DIV>#define TERMINAL_PORT&nbsp;3389<BR>#define MAX_ADAPTER_NUM 


10&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 


//number of network adapter </DIV>


<DIV>&nbsp;</DIV>


<DIV>#define NDIS_PACKET_TYPE_PROMISCUOUS&nbsp;0x0020&nbsp;&nbsp;//promiscuous 


mode</DIV>


<DIV>&nbsp;</DIV>


<DIV>typedef struct 


ethdr&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//ethernet 


packet<BR>{<BR>&nbsp;unsigned char&nbsp; 


eth_dst[16];&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//mac address of destination 


host<BR>&nbsp;unsigned char&nbsp; 


eth_src[16];&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//mac address of source 


host<BR>&nbsp;unsigned short 


eth_type;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//ethernet type<BR>}ETH_HDR;</DIV>


<DIV>&nbsp;</DIV>


<DIV>typedef struct iphdr&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//IP 


packet<BR>{<BR>&nbsp;unsigned char&nbsp; 


h_lenver;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//4 bytes Version,4 bytes IP header 


length <BR>&nbsp;unsigned char&nbsp; 


tos;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//8 bytes 


TOS<BR>&nbsp;unsigned short total_len;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//16 


bytes total length<BR>&nbsp;unsigned short 


ident;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//16 bytes 


Identification<BR>&nbsp;unsigned short 


frag_and_flags;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//3 bytes flag<BR>&nbsp;unsigned 


char&nbsp; ttl;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//8 bytes 


TTL<BR>&nbsp;unsigned char&nbsp; 


protocol;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//8 bytes protocol(TCP, UDP or 


other)<BR>&nbsp;unsigned short checksum;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//16 


bytes IP header checksum<BR>&nbsp;unsigned int&nbsp;&nbsp; 


sourceip;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//32 bytes source IP 


address<BR>&nbsp;unsigned int&nbsp;&nbsp; 


destip;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//32 bytes distination ip 


address<BR>}IP_HDR;</DIV>


<DIV>&nbsp;</DIV>


<DIV>typedef struct tcp_hdr&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//TCP 


header<BR>{<BR>&nbsp;&nbsp;&nbsp; 


USHORT&nbsp;&nbsp;&nbsp;th_sport;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//16 source 


port<BR>&nbsp;&nbsp;&nbsp; 


USHORT&nbsp;&nbsp;&nbsp;th_dport;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//16 


distination port<BR>&nbsp;&nbsp;&nbsp; unsigned int&nbsp;&nbsp;&nbsp; 


th_seq;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//32 bytes sequence 


number<BR>&nbsp;&nbsp;&nbsp; unsigned int&nbsp;&nbsp;&nbsp; 


th_ack;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//32 bytes acknowledgment 


number<BR>&nbsp;&nbsp;&nbsp; unsigned 


char&nbsp;th_lenres;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//4 bytes header length 


/ reserved<BR>&nbsp;&nbsp;&nbsp; unsigned 


char&nbsp;th_flag;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//6 bytes 


flag<BR>&nbsp;&nbsp;&nbsp; 


USHORT&nbsp;&nbsp;&nbsp;th_win;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//16 


bytes window <BR>&nbsp;&nbsp;&nbsp; 


USHORT&nbsp;&nbsp;&nbsp;th_sum;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//16 


bytes checksum<BR>&nbsp;&nbsp;&nbsp; 


USHORT&nbsp;&nbsp;&nbsp;th_urp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//16 


bytes data offset<BR>}TCP_HDR;</DIV>


<DIV>&nbsp;</DIV>


<DIV>int main( )<BR>{<BR>&nbsp;&nbsp;&nbsp; 


<BR>&nbsp;PIP_ADAPTER_INFO&nbsp;pAdapterInfo;<BR>&nbsp;<BR>&nbsp;&nbsp;&nbsp; 


pAdapterInfo = (IP_ADAPTER_INFO *)malloc( sizeof(IP_ADAPTER_INFO) 


);<BR>&nbsp;ULONG ulOutBufLen = sizeof(IP_ADAPTER_INFO);<BR>&nbsp;&nbsp;&nbsp; 


<BR>&nbsp;&nbsp;&nbsp; //Get the buffer<BR>&nbsp;if( GetAdaptersInfo( 


pAdapterInfo, &amp;ulOutBufLen) == ERROR_BUFFER_OVERFLOW 


)<BR>&nbsp;{<BR>&nbsp;&nbsp;free(pAdapterInfo);<BR>&nbsp;&nbsp;pAdapterInfo = 


(IP_ADAPTER_INFO *) malloc (ulOutBufLen);<BR>&nbsp;}</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;//Get network adapter information<BR>&nbsp;int ret = 0;<BR>&nbsp;if( 


(ret = GetAdaptersInfo( pAdapterInfo, &amp;ulOutBufLen)) == NO_ERROR 


)<BR>&nbsp;{<BR>&nbsp;&nbsp;#ifdef 


DEBUG<BR>&nbsp;&nbsp;&nbsp;<BR>&nbsp;&nbsp;&nbsp;PIP_ADAPTER_INFO pAdapter = 


pAdapterInfo;</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;&nbsp;int i = 


1;<BR>&nbsp;&nbsp;<BR>&nbsp;&nbsp;&nbsp;while(pAdapter)<BR>&nbsp;&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;&nbsp;printf( 


"MAC%d\n", i++ );<BR>&nbsp;&nbsp;&nbsp;&nbsp;printf( "Adapter Name: \t%s\n", 


pAdapter-&gt;AdapterName );<BR>&nbsp;&nbsp;&nbsp;&nbsp;printf( "Adapter Desc: 


\t%s\n", pAdapter-&gt;Description );<BR>&nbsp;&nbsp;&nbsp;&nbsp;printf( "Adapter 


Addr: \t%ld\n", pAdapter-&gt;Address );<BR>&nbsp;&nbsp;&nbsp;&nbsp;printf( "IP 


Address: \t%s\n", pAdapter-&gt;IpAddressList.IpAddress.String 


);<BR>&nbsp;&nbsp;&nbsp;&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;pAdapter = 


pAdapter-&gt;Next;<BR>&nbsp;&nbsp;&nbsp;}</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;#endif<BR>&nbsp;}<BR>&nbsp;else<BR>&nbsp;{<BR>&nbsp;&nbsp;printf( 


"GetAdaptersInfo error: %d\n", GetLastError() );</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;return -1;<BR>&nbsp;}<BR>&nbsp;<BR>&nbsp;&nbsp;&nbsp; char 


openName[128] = "<A 


href="file://\\Device\\NPF">\\Device\\NPF</A>_";<BR>&nbsp;&nbsp;&nbsp; 


<BR>&nbsp;//if the adapter is wrong,please change pAdapterInfo-&gt;AdapterName 


to pAdapterInfo-&gt;Next-&gt;AdapterName <BR>&nbsp;//or more Next, 


^_^<BR>&nbsp;&nbsp;&nbsp; strcat( openName, pAdapterInfo-&gt;AdapterName 


);<BR>&nbsp;&nbsp;&nbsp; <BR>&nbsp;#ifdef DEBUG<BR>&nbsp;&nbsp;printf( "Will 


open：%s\n", openName );<BR>&nbsp;#endif</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;&nbsp; //Open adapter<BR>&nbsp;LPADAPTER hAdapter = 


PacketOpenAdapter( openName );</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;if( !hAdapter || ( hAdapter-&gt;hFile == INVALID_HANDLE_VALUE ) 


)<BR>&nbsp;{<BR>&nbsp;&nbsp;printf( "PacketOpenAdapter error: %d\n", 


GetLastError() );</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;return -1;<BR>&nbsp;}<BR>&nbsp;<BR>&nbsp;#ifdef 


DEBUG<BR>&nbsp;&nbsp;printf( "PacketOpenAdapter successful\n" 


);<BR>&nbsp;#endif</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;//set promiscuous type<BR>&nbsp;if( PacketSetHwFilter( hAdapter, 


NDIS_PACKET_TYPE_PROMISCUOUS ) == FALSE )<BR>&nbsp;{<BR>&nbsp;&nbsp;printf( 


"PacketSetHwFilter promiscuous error: %d\n", GetLastError() );</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;return -1;<BR>&nbsp;}<BR>&nbsp;<BR>&nbsp;#ifdef 


DEBUG<BR>&nbsp;&nbsp;printf( "PacketSetHwFilter promiscuous successful\n" 


);<BR>&nbsp;#endif</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;//set the size of buffer<BR>&nbsp;if( PacketSetBuff( hAdapter, 


600*1024 ) == FALSE )<BR>&nbsp;{<BR>&nbsp;&nbsp;printf( "PacketSetBuff error: 


%d\n", GetLastError() );</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;return -1;<BR>&nbsp;}</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;#ifdef DEBUG<BR>&nbsp;&nbsp;printf( "PacketSetBuff successful\n" 


);<BR>&nbsp;#endif</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;//set time out<BR>&nbsp;if( PacketSetReadTimeout( hAdapter, 1) == 


FALSE )<BR>&nbsp;{<BR>&nbsp;&nbsp;printf("PacketSetReadTimeout error: %d\n", 


GetLastError() );</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;return -1;<BR>&nbsp;}</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;#ifdef DEBUG<BR>&nbsp;&nbsp;printf( "PacketSetReadTimeout 


successful\n" );<BR>&nbsp;#endif</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;LPPACKET hPacket;</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;if( (hPacket = PacketAllocatePacket()) == FALSE 


)<BR>&nbsp;{<BR>&nbsp;&nbsp;printf( "PacketAllocatePacket error: %d\n", 


GetLastError() );</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;return -1;<BR>&nbsp;}<BR>&nbsp;<BR>&nbsp;#ifdef 


DEBUG<BR>&nbsp;&nbsp;printf( "PacketAllocatePackesuccessful\n" 


);<BR>&nbsp;#endif</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;char recvBuff[1024 * 500] = { 0 };</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;//init<BR>&nbsp;PacketInitPacket( hPacket, (char *)recvBuff, 


sizeof(recvBuff) );</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;ETH_HDR&nbsp;&nbsp;&nbsp;&nbsp;*ethr;<BR>&nbsp;IP_HDR&nbsp;&nbsp;&nbsp;&nbsp;*ipr;<BR>&nbsp;TCP_HDR&nbsp;&nbsp;&nbsp;&nbsp;*tcpr;</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;int&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;bytesReceived;&nbsp;&nbsp;//bytes of 


received<BR>&nbsp;char&nbsp;&nbsp;&nbsp;&nbsp;*pBuff;&nbsp;&nbsp;&nbsp;&nbsp;//buffer 


of 


data<BR>&nbsp;int&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;off;&nbsp;&nbsp;&nbsp;&nbsp;//offset<BR>&nbsp;struct&nbsp;bpf_hdr&nbsp;&nbsp;*hdr;&nbsp;&nbsp;&nbsp;&nbsp;//the 


structure of 


packet<BR>&nbsp;char&nbsp;&nbsp;&nbsp;&nbsp;*pchar;&nbsp;&nbsp;&nbsp;&nbsp;//the 


real data!!</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;while( 1 )<BR>&nbsp;{<BR>&nbsp;&nbsp;//recevie 


data<BR>&nbsp;&nbsp;if( PacketReceivePacket( hAdapter,hPacket,TRUE ) == FALSE 


)<BR>&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;break;&nbsp;&nbsp; 


<BR>&nbsp;&nbsp;}<BR>&nbsp;&nbsp;<BR>&nbsp;&nbsp;//received 


length<BR>&nbsp;&nbsp;&nbsp; &nbsp;bytesReceived = 


hPacket-&gt;ulBytesReceived;<BR>&nbsp;&nbsp;&nbsp; 


&nbsp;<BR>&nbsp;&nbsp;//data<BR>&nbsp;&nbsp;pBuff = (char 


*)hPacket-&gt;Buffer;</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;&nbsp; &nbsp;off = 0;</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;//real data's structure 


|bpf_hdr|data|Padding|bpf_hdr|data|Padding|<BR>&nbsp;&nbsp;&nbsp;&nbsp; 


&nbsp;while( off &lt; bytesReceived 


)<BR>&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;//change 


type<BR>&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;hdr = (struct bpf_hdr *)( pBuff+off 


);</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;&nbsp;//hdr-&gt;bh_hdrlen is the length of recevied 


packet<BR>&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;off += 


hdr-&gt;bh_hdrlen;<BR>&nbsp;&nbsp;&nbsp;<BR>&nbsp;&nbsp;&nbsp;#ifdef 


DEBUG<BR>&nbsp;&nbsp;&nbsp;&nbsp;printf( "\nlength of packet header：%d\n", 


hdr-&gt;bh_hdrlen );<BR>&nbsp;&nbsp;&nbsp;#endif</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;&nbsp;//jump to real 


data<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;pchar = (char *)( pBuff+off 


);</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;&nbsp;#ifdef DEBUG<BR>&nbsp;&nbsp;&nbsp;&nbsp;printf( "length 


of data：%d\n", strlen(pchar) );<BR>&nbsp;&nbsp;&nbsp;#endif</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;&nbsp;//jump to next packet<BR>&nbsp;&nbsp;&nbsp; 


&nbsp;&nbsp;off = Packet_WORDALIGN(off+hdr-&gt;bh_caplen);</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;&nbsp;//get ethernet header<BR>&nbsp;&nbsp;&nbsp; 


&nbsp;&nbsp;ethr = (ETH_HDR *)pchar;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 


<BR>&nbsp;&nbsp;&nbsp;#ifdef DEBUG<BR>&nbsp;&nbsp;&nbsp;&nbsp;printf( 


"Protocol：%04x\n", ntohs(ethr-&gt;eth_type) 


);<BR>&nbsp;&nbsp;&nbsp;&nbsp;printf( "Source 


MAC：%02x:%02x:%02x:%02x:%02x:%02x\n", 


*(ethr-&gt;eth_src),*(ethr-&gt;eth_src+1),*(ethr-&gt;eth_src+2),*(ethr-&gt;eth_src+3),*(ethr-&gt;eth_src+4),*(ethr-&gt;eth_src+5) 


);<BR>&nbsp;&nbsp;&nbsp;&nbsp;printf( "Destination 


MAC：%02x:%02x:%02x:%02x:%02x:%02x\n", 


*(ethr-&gt;eth_dst),*(ethr-&gt;eth_dst+1),*(ethr-&gt;eth_dst+2),*(ethr-&gt;eth_dst+3),*(ethr-&gt;eth_dst+4),*(ethr-&gt;eth_dst+5) 


);<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 


#endif</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;//if IP 


Protocol<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;if( ethr-&gt;eth_type == 


htons(ETH_IP) 


)<BR>&nbsp;&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 


#ifdef DEBUG<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;printf( "recevied IP packet\n" 


);<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 


#endif<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 


<BR>&nbsp;&nbsp;&nbsp;&nbsp;//get ip header<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 


&nbsp;&nbsp;&nbsp;ipr = (IP_HDR *)(pchar+sizeof(ETH_HDR));</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;&nbsp;&nbsp;if( ipr-&gt;protocol == IPPROTO_TCP 


)<BR>&nbsp;&nbsp;&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 


printf( "recevied TCP packet\n" 


);<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 


<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;tcpr = (TCP_HDR *)( 


pchar+sizeof(ETH_HDR)+sizeof(IP_HDR) );</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if( tcpr-&gt;th_dport == htons(TERMINAL_PORT) 


)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#ifdef 


DEBUG<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;printf( "recevied 3389 


packet\n" 


);<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#endif<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;printf( 


"MAC：%s\n", ethr-&gt;eth_src );<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;printf( 


"MAC：%s\n", ethr-&gt;eth_dst );<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;printf( 


"IP：%d\n", ipr-&gt;sourceip 


);<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<BR>&nbsp;&nbsp;&nbsp;&nbsp;}<BR>&nbsp;&nbsp;&nbsp;}<BR>&nbsp;&nbsp;&nbsp;else 


if( ethr-&gt;eth_type == htons(ETH_ARP) 


)<BR>&nbsp;&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 


#ifdef DEBUG<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;printf( "recevied ARP packet\n" 


);<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 


#endif<BR>&nbsp;&nbsp;&nbsp;}<BR>&nbsp;&nbsp;}<BR>&nbsp;}</DIV>


<DIV>&nbsp;</DIV>


<DIV>&nbsp;return 0;<BR>}<BR><BR></DIV>


<DIV><FONT face=Verdana size=2></FONT>&nbsp;</DIV>


<DIV align=left><FONT face=Verdana size=2>


<HR style="WIDTH: 122px; HEIGHT: 2px" SIZE=2>


</FONT></DIV>


<DIV><FONT color=#c0c0c0><FONT face=Verdana 


size=2>yunshu@ph4nt0m.org</FONT></DIV>


<DIV><FONT face=Verdana size=2>2006-05-25</FONT></FONT></DIV></BODY></HTML>