pcap文件头没有写错的;
然后就是一个接一个的packet,每个packet我是这样写的:
timestamp+以太网报头+IP报头+TCP报头+22个空字节(这22个空字节也是我
试了很多次才试出来的,写多或者写少时,wireshark都会报错,并且只会显示一个
包,而不是10个),具体些每个packet的代码如下:
for (int i = 0; i < 10; i++){
myPacketHeader.sec = 198483523;
myPacketHeader.usec = 1094189312;
myPacketHeader.caplen = 1006632960;
myPacketHeader.len = 1006632960;
out.writeInt(myPacketHeader.sec);
out.writeInt(myPacketHeader.usec);
out.writeInt(myPacketHeader.caplen);
out.writeInt(myPacketHeader.len);
myEthernet.dst[0] = 0;
myEthernet.dst[1] = 4;
myEthernet.dst[2] = 118;
myEthernet.dst[3] = -35;
myEthernet.dst[4] = -69;
myEthernet.dst[5] = 58;
myEthernet.src[0] = 0;
myEthernet.src[1] = 4;
myEthernet.src[2] = 117;
myEthernet.src[3] = -57;
myEthernet.src[4] = -121;
myEthernet.src[5] = 73;
myEthernet.type = 2048;
out.write(myEthernet.dst);
out.write(myEthernet.src);
out.writeShort(myEthernet.type);
myIp.ip_v = 69;
myIp.ip_tos = 0;
myIp.ip_len = 40;
myIp.ip_id = (short)(6762+i);
myIp.ip_off = 16384;
myIp.ip_ttl = 64;
myIp.ip_p = 6;
myIp.ip_sum = 28529;
out.writeByte(myIp.ip_v);
out.writeByte(myIp.ip_tos);
out.writeShort(myIp.ip_len);
out.writeShort(myIp.ip_id);
out.writeShort(myIp.ip_off);
out.writeByte(myIp.ip_ttl);
out.writeByte(myIp.ip_p);
out.writeShort(myIp.ip_sum);
myIp.ip_src = 168786789;
myIp.ip_dst = 168786792;
out.writeInt(myIp.ip_src);
out.writeInt(myIp.ip_dst);
myTcp.srcPort = -26262;
myTcp.dstPort = 80;
myTcp.SequNum = 0+i;
myTcp.AcknowledgeNum = 0;
myTcp.HeaderLenAndFlag = 20480;
myTcp.windowSize = 4420;
myTcp.CheckSum = 0;
myTcp.urgentPointer = 0;
out.writeShort(myTcp.srcPort);
out.writeShort(myTcp.dstPort);
out.writeInt(myTcp.SequNum);
out.writeInt(myTcp.AcknowledgeNum);
out.writeShort(myTcp.HeaderLenAndFlag);
out.writeShort(myTcp.windowSize);
out.writeShort(myTcp.CheckSum);
out.writeShort(myTcp.urgentPointer);
for (int l = 0; l < 22; l++){
out.writeByte(0);
}
}
可是现在问题是,我暴力地写22个byte时,每个tcp后面都跟着一个malformed
packet:ethernet。如下图:
这个要怎么解决?是不是那22个byte由前面的某个属性决定的呢?
跪求大神搭救啊orz