tcp_parse 0.1.2

A simple TCP packet capture and parsing (一个简单的TCP抓包解析工具)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

mod args;

use pnet::{
    datalink::{self},
    packet::{
        Packet,
        ethernet::{EtherTypes, EthernetPacket},
        ip::IpNextHeaderProtocols,
        ipv4::Ipv4Packet,
        tcp::TcpPacket,
    },
};

use args::Args;
use clap::Parser;

fn main() {
    let args = Args::parse();

    // 获取所有网络接口
    let interfaces = datalink::interfaces();

    // 选择第一个非回环、正在运行的接口
    let interface = if let Some(ref name) = args.iface {
        interfaces
            .into_iter()
            .find(|iface| iface.name == *name)
            .expect("指定的网卡没找到")
    } else {
        interfaces
            .into_iter()
            .find(|iface| !iface.is_loopback() && iface.is_up())
            .expect("找不到可用的网络接口")
    };

    println!("使用网络接口:{}", interface.name);

    // 创建抓包通道
    let mut rx = match datalink::channel(&interface, Default::default()) {
        Ok(datalink::Channel::Ethernet(_, rx)) => rx,
        Ok(_) => panic!("不支持的通道类型"),
        Err(e) => panic!("无法创建通道:{}", e),
    };

    loop {
        match rx.next() {
            Ok(packet) => {
                let eth_packet = match EthernetPacket::new(packet) {
                    Some(p) => p,
                    None => continue,
                };

                if eth_packet.get_ethertype() == EtherTypes::Ipv4 {
                    if let Some(ipv4) = Ipv4Packet::new(eth_packet.payload()) {
                        if ipv4.get_next_level_protocol() == IpNextHeaderProtocols::Tcp {
                            if let Some(tcp) = TcpPacket::new(ipv4.payload()) {

                                if let Some(filter_ip) = args.src_ip {
                                    if ipv4.get_source() != filter_ip {
                                        continue;
                                    }
                                }
                                if let Some(filter_ip) = args.dst_ip {
                                    if ipv4.get_destination()!= filter_ip {
                                        continue;
                                    }
                                }
                                if let Some(filter_port) = args.src_port {
                                    if tcp.get_source() != filter_port {
                                        continue;
                                    }
                                }
                                if let Some(filter_port) = args.dst_port {
                                    if tcp.get_destination() != filter_port {
                                        continue;
                                    }
                                }

                                println!(
                                    "TCP包: {}:{} -> {}:{} | seq={} Ack={} Len={}",
                                    ipv4.get_source(),
                                    tcp.get_source(),
                                    ipv4.get_destination(),
                                    tcp.get_destination(),
                                    tcp.get_sequence(),
                                    tcp.get_acknowledgement(),
                                    tcp.payload().len()
                                );

                                print_payload(tcp.payload());
                            }
                        }
                    }
                }
            }
            Err(e) => {
                eprintln!("读取数据包错误:{}", e)
            }
        }
    }
}

// 将payload打印为十六进制和ASCII(仅打印前512字节,防止过长)
fn print_payload(payload: &[u8]) {
    const MAX_LEN: usize = 512;
    let len = payload.len().min(MAX_LEN);

    if len == 0 {
        println!("  数据:<空>");
        return;
    }

    // 十六进制输出
    print!("    十六进制:");
    for byte in &payload[..len] {
        print!("{:02X}", byte);
    }
    println!();

    // ASCII输出 (不可打印字符用 . 替代)
    print!("    ASCII:");
    for byte in &payload[..len] {
        if byte.is_ascii_graphic() || *byte == b' ' {
            print!("{}", *byte as char);
        } else {
            print!(".")
        }
    }

    parse_http(payload);

    println!("\n===================================\n")
}

/// 判断并解析HTTP报文
fn parse_http(payload: &[u8]) {
    if payload.is_empty() {
        return;
    }

    // 尝试将payload 转换成UTF-8 字符串
    if let Ok(text) = std::str::from_utf8(payload) {
        // 检查是否是HTTP 请求或响应
        if text.starts_with("GET ") || text.starts_with("POST ") || text.starts_with("HTTP/") {
            println!("---------- HTTP 数据开始 ----------");
            for line in text.lines().take(20) {
                println!("    {}", line);
                if line.is_empty() {
                    break; // 空行之后是body, 不再打印
                }
            }
            println!("---------- HTTP 数据结束 ----------\n");
        }
    }
}