UNIX网络编程:网络数据包检测
发布时间:2016-09-26 03:48:00 所属栏目:Unix 来源:站长网
导读:副标题#e# 网络数据包检测 数据包捕获(sniffer):是指在网络上进行数据收集的行为,需要通过网卡来完成。 三种访问方式: BSD Packet Filter(BPF) SVR4 Datalink Provider Interface(DLPI) linux SOCK_PACKET interface libpcap库 安装: apt-get install
|
//cap.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <pcap.h>
#define MAXBYTES2CAPTURE 2048
void process_packet(u_char *arg, const struct pcap_pkthdr *pkthdr,
const u_char *packet)
{
int i = 0, *counter = (int *)arg;
printf("packet count:%dn", ++(*counter));
printf("received packet size %dn", pkthdr->len);
printf("payloadn");
for (i = 0; i < pkthdr->len; i++)
{
printf("%02x ", (unsigned int)packet[i]);
if ((i % 16 == 15 && i != 0) || (i == pkthdr->len-1))
printf("n");
}
printf("nn**************n");
return;
}
int main(int argc, char *argv[])
{
int i = 0, count = 0;
pcap_t *descr = NULL;
char errbuf[PCAP_ERRBUF_SIZE], *device = NULL;
bpf_u_int32 netaddr = 0, mask = 0;
struct bpf_program filter;
memset(errbuf, 0, sizeof(errbuf));
if (argc != 2)
device = pcap_lookupdev(errbuf);
else
device = argv[1];
printf("Try to open device %sn", device);
if ((descr = pcap_open_live(device, MAXBYTES2CAPTURE, 1, 0, errbuf)) == NULL )
{
printf("error:%sn", errbuf);
exit(-1);
}
printf("pcap_openn");
pcap_lookupnet(device, &netaddr, &mask, errbuf);
printf("pcap_lookn");
//if (pcap_compile(descr, &filter, "arp and ether host 00:0c:29:b7:f6:33", 0, mask) < 0)
if (pcap_compile(descr, &filter, "arp and ether host 00:0c:29:cd:d6:dd", 0, mask) < 0)
{
printf("pcap_compile errorn");
exit(-1);
}
printf("compilen");
pcap_setfilter(descr, &filter);
printf("setfiltern");
pcap_loop(descr, 1, process_packet, (u_char *)&count);
return 0;
}
作者:csdn博客 ctthuangcheng (编辑:云计算网_泰州站长网) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
浙公网安备 33038102330476号