软件主要是提取了http报头，其他没有去实现，不过现在发现一个小问题：如果这个http报头字节数超过mtu的值时，也就是超过最大网络传输单元时，抓到的包就不完整。
在网上看了搜了很多，都没找到解决方法，不过可能是因为ip包分片的原因，但我觉得ip分片与重组应该是操作系统会完成的，所以现在完全搞不懂是什么问题了，希望有大神可以下载我的源码帮忙分析一下，分配的存储空间肯定是够的。
下载地址：http://down.
主要实现代码：
复制内容到剪贴板
代码:
while (TRUE)
        {
                if (bThread==TRUE)
                {
                        ExitThread(0);
                }
                memset(RecvBuf, 0, sizeof(RecvBuf));
                recv(*(SOCKET*)pParam, RecvBuf, sizeof(RecvBuf), 0);
                saSource.sin_addr.s_addr = pIpheader->ip_src;
                strncpy(szSourceIP, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN);
                saDest.sin_addr.s_addr = pIpheader->ip_dst;
                strncpy(szDestIP, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN);
                unsigned char *dataip=NULL;
                unsigned char *datatcp=NULL;
                int lenip        = ntohs(pIpheader->ip_len);
                int lentcp        = (ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct tcpheader)));
                int lenHttp = 0;        //        http首部长度
                if((pIpheader->ip_p)==IPPROTO_TCP&&lentcp!=0)
                {
                        dataip        = (unsigned char *)(RecvBuf);
                        datatcp        = (unsigned char *)(RecvBuf) + sizeof(struct ipheader)+sizeof(struct tcpheader); //data
                        if (*datatcp == 0x30)
                        {
                                continue;
                        }
                        struct ipheader *pIpheader        = (struct ipheader*)RecvBuf;
                        struct tcpheader *pTcpheader= (struct tcpheader*)(RecvBuf+sizeof(struct ipheader));
                        if(ntohs(pTcpheader->sport)==80 || ntohs(pTcpheader->dport)==80)
                        {
                                memset(&postData, 0, sizeof postData);
                                for(int j=0;j<lentcp;j++)
                                {
                                        if( *(datatcp+j)==0x0d && *(datatcp+j+1)==0x0a && *(datatcp+j+2)==0x0d && *(datatcp+j+3)==0x0a )
                                        {
                                //                printf("\n****************HTTP协议******************\n");
                                                lenHttp = j+4;
                                                char* pszText;
                                                struct in_addr inaddr;
                                                inaddr.S_un.S_addr = (ULONG)pIpheader->ip_src;
                                                pszText = inet_ntoa(inaddr);
                                                DWORD dwMinSize = MultiByteToWideChar(CP_UTF8,0,pszText,-1,NULL,0);
                                                MultiByteToWideChar (CP_UTF8, 0, pszText, -1, postData.wSrcIp, dwMinSize);

                                                inaddr.S_un.S_addr = (ULONG)pIpheader->ip_dst;
                                                pszText = inet_ntoa(inaddr);
                                                dwMinSize = MultiByteToWideChar(CP_UTF8,0,pszText,-1,NULL,0);
                                                MultiByteToWideChar(CP_UTF8,0,pszText,-1,postData.wDesIp,dwMinSize);

                                                MultiByteToWideChar(CP_ACP,0,"HTTP",-1,postData.wProtocol,dwMinSize);
                                                swprintf_s(postData.wLenth,6,L"%u",lenHttp);
                                                
                                                pszText = (char*)datatcp;
                                                MultiByteToWideChar(CP_UTF8,0,pszText,-1,postData.wInfo,lenHttp);
                                                SendMessage(AfxGetMainWnd()->m_hWnd,WM_RUN_MESSAGE,(WPARAM)&postData,NULL);
                                                break;
                                        }
                                }
                        }
                }
        }

为啥我的问题没人鸟？

抓包  涉及网络编程了  一般人估计都不懂