UNIX网络编程:网络数据包检测
发布时间:2016-09-26 03:48:00 所属栏目:Unix 来源:站长网
导读:副标题#e# 网络数据包检测 数据包捕获(sniffer):是指在网络上进行数据收集的行为,需要通过网卡来完成。 三种访问方式: BSD Packet Filter(BPF) SVR4 Datalink Provider Interface(DLPI) linux SOCK_PACKET interface libpcap库 安装: apt-get install
//cap.c #include <stdio.h> #include <stdlib.h> #include <string.h> #include <pcap.h> #define MAXBYTES2CAPTURE 2048 void process_packet(u_char *arg, const struct pcap_pkthdr *pkthdr, const u_char *packet) { int i = 0, *counter = (int *)arg; printf("packet count:%dn", ++(*counter)); printf("received packet size %dn", pkthdr->len); printf("payloadn"); for (i = 0; i < pkthdr->len; i++) { printf("%02x ", (unsigned int)packet[i]); if ((i % 16 == 15 && i != 0) || (i == pkthdr->len-1)) printf("n"); } printf("nn**************n"); return; } int main(int argc, char *argv[]) { int i = 0, count = 0; pcap_t *descr = NULL; char errbuf[PCAP_ERRBUF_SIZE], *device = NULL; bpf_u_int32 netaddr = 0, mask = 0; struct bpf_program filter; memset(errbuf, 0, sizeof(errbuf)); if (argc != 2) device = pcap_lookupdev(errbuf); else device = argv[1]; printf("Try to open device %sn", device); if ((descr = pcap_open_live(device, MAXBYTES2CAPTURE, 1, 0, errbuf)) == NULL ) { printf("error:%sn", errbuf); exit(-1); } printf("pcap_openn"); pcap_lookupnet(device, &netaddr, &mask, errbuf); printf("pcap_lookn"); //if (pcap_compile(descr, &filter, "arp and ether host 00:0c:29:b7:f6:33", 0, mask) < 0) if (pcap_compile(descr, &filter, "arp and ether host 00:0c:29:cd:d6:dd", 0, mask) < 0) { printf("pcap_compile errorn"); exit(-1); } printf("compilen"); pcap_setfilter(descr, &filter); printf("setfiltern"); pcap_loop(descr, 1, process_packet, (u_char *)&count); return 0; } 作者:csdn博客 ctthuangcheng (编辑:云计算网_泰州站长网) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |