//乙太網包頭14位元組
typedef struct ethdr
{
unsigned char destination_mac[6]; //目的MAC 6位元組
unsigned char source_mac[6]; //源MAC 6位元組
unsigned short type; //後面的協定類型2位元組ARP-0806;IP-0800
}ET_HEADER,*PETHDR;
//地址解析協定(Address Resolution Protocol)
//arp報頭28位元組
typedef struct arphdr
{
unsigned short hard_tpye; //硬體類型2位元組通常為0x0001(乙太網)
unsigned short protocol; //協定類型2位元組通常為0x0800 (IP)
unsigned char hard_length; //硬體地址長度1位元組通常為6
unsigned char protocol_length; //協定地址長度1位元組通常為4 (IP協定)
unsigned short operation_type; //操作類型1為ARP請求,2為ARP應答,3為RARP請求,4為RARP應答
unsigned char source_mac[6]; //源MAC
unsigned char source_ip[4]; //源IP位址
unsigned char destination_mac[6]; //目的MAC
unsigned char destination_ip[4]; //目的IP位址
}ARP_HEADER,*PARPHDR;
//網際網路協定(Internet Protocol)
//IP數據報頭
typedef struct iphdr
{
unsigned char VIHL; // Version and IHL 版本4bit = 4 和首部長度4bit = 5
unsigned char TOS; // Type Of Service 服務類型1位元組
unsigned short TotLen; // Total Length 總長度2位元組,包括數據和報頭
unsigned short ID; // Identification 標識符2位元組
unsigned short FlagOff; // Flags and Fragment Offset 標誌3bit 和分段偏移量13bit
unsigned char TTL; // Time To Live 生存期1位元組,為經過路由器的總次數
unsigned char Protocol; // Protocol 協定類型1位元組 ICMP-1,TCP-6,UDP-17
unsigned short Checksum; // Checksum 首部(只是IP首部!!)校驗和2位元組
unsigned char source_ip[4]; // Source IP 源IP位址
unsigned char destination_ip[4]; // Destination IP 目的IP位址
}IP_HEADER, *PIP_HEADER;
//傳輸控制協定(Transmission Control Protocol)
//TCP數據報頭
typedef struct tcphdr
{
unsigned short source_port; //源連線埠
unsigned short destination_port; //目的連線埠
unsigned long sequence; //32位序號
unsigned long ack_sequence; //32位確認序號
unsigned char header_length; //首部長度,只用高4位通常為5
unsigned char flags; //標誌位 X | X | URG | ACK | PSH | RST | SYN | FIN
unsigned short window_size; //視窗大小
unsigned short checksum; //校驗和
unsigned short exigency_pointer; //緊急指針
}TCP_HEADER;
//用戶數據報協定(User Datagram Protocol)
//UDP數據報頭
typedef struct udphdr
{
unsigned short source_port; //源連線埠
unsigned short destination_port; //目的連線埠
unsigned short length; //數據長度
unsigned short checksum; //校驗和包括數據!
} UDP_HEADER;
//乙太網訊息控制協定(Internet Control Messages Protocol)
//ICMP數據報頭
typedef struct icmphdr
{
u_char Type; // 類型 0-請求,8-應答,11-逾時
u_char Code; // 代碼0
u_short Checksum; // 校驗和
u_short ID; // 標識符
u_short Seq; // 序列號
}ICMP_HEADER, *PICMP_HEADER;
//域名伺服器(Domain Name Server)
//DNS數據報
typedef struct dns
{
unsigned short id; //標識,通過它客戶端可以將DNS的請求與應答相匹配;
unsigned short flags; //標誌:[QR | opcode | AA| TC| RD| RA | zero | rcode ]
unsigned short quests; //問題數目;
unsigned short answers; //資源記錄數目;
unsigned short author; //授權資源記錄數目;
unsigned short addition; //額外資源記錄數目;
}DNS,*PDNS;
//在16位的標誌中:QR位判斷是查詢/回響報文,opcode區別查詢類型,AA判斷是否為授權回答,TC判斷
//是否可截斷,RD判斷是否期望遞歸查詢,RA判斷是否為可用遞歸,zero必須為0,rcode為返回碼欄位。
typedef struct psd //偽報頭,用於計算UDP校驗和
{
unsigned int source_ip; //源IP
unsigned int destination_ip; //目的IP
char mbz; // 0
char protocol; //協定UDP = 17
unsigned short udp_length; //UDP 長度
}PSD,*PPSD;
//DNS查詢數據報:
typedef struct query
{
unsigned short type; //查詢類型,大約有20個不同的類型
unsigned short classes; //查詢類,通常是A類既查詢IP位址。
}QUERY,*PQUERY;
//DNS回響數據報:
typedef struct response
{
unsigned short name; //查詢的域名
unsigned short type; //查詢類型
unsigned short classes; //類型碼
unsigned int ttl; //生存時間
unsigned short length; //資源數據長度
unsigned int addr; //資源數據
}RESPONSE,*PRESPONSE;