Chinaunix首页 | 论坛 | 博客
  • 博客访问: 3024063
  • 博文数量: 272
  • 博客积分: 5544
  • 博客等级: 大校
  • 技术积分: 5496
  • 用 户 组: 普通用户
  • 注册时间: 2011-03-08 00:48
个人简介

  每个人都要有一个骨灰级的爱好,不为金钱,而纯粹是为了在这个领域享受追寻真理的快乐。

文章分类

全部博文(272)

文章存档

2015年(2)

2014年(5)

2013年(25)

2012年(58)

2011年(182)

分类: LINUX

2012-06-11 09:32:54


  1. #include <pcap.h>
  2. #include <stdio.h>
  3. #include <stdlib.h>
  4. #include <signal.h>
  5. #include <netinet/in.h>
  6. #include <arpa/inet.h>
  7. #include <linux/if_ether.h>
  8. #include <linux/ip.h>

  9. #define SNAP_LEN 1518
  10. #define MIN_LEN    (sizeof(struct ethhdr) + sizeof(struct iphdr))

  11. static struct bpf_program fp;
  12. static pcap_t *handle;
  13. static unsigned int counter[7];

  14. static void sigint(int sig)
  15. {
  16.     int i;
  17.     printf("\n\n");
  18.     for(i = 0; i < 6; i ++) {
  19.         printf(" < %d0000 : %u\n", i+1, counter[i]);
  20.     }
  21.     printf(" < 65535 : %u\n\n\n", counter[i]);
  22.     pcap_freecode(&fp);
  23.     pcap_close(handle);
  24.     exit(EXIT_SUCCESS);
  25. }

  26. static void packet_callback(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
  27. {
  28.     struct iphdr *iph;
  29.     
  30.     /*数据包长度校验*/
  31.     if(header->caplen < MIN_LEN)    return;
  32.  
  33.     packet += sizeof(struct ethhdr);
  34.     iph = (struct iphdr *)packet;
  35.     if (ntohs(iph->id) == 0)    return;
  36.     counter[ntohs(iph->id)/10000]++;

  37. #if 0
  38.     struct in_addr src, dst;
  39.     src.s_addr = iph->saddr;
  40.     dst.s_addr = iph->daddr;
  41.     printf("ipid: %u, %s->", ntohs(iph->id), inet_ntoa(src));
  42.     printf("%s\n", inet_ntoa(dst));
  43. #endif

  44. }

  45. int main(int argc, char **argv) {
  46.     char *dev = NULL;                    /* capture device name */
  47.     char errbuf[PCAP_ERRBUF_SIZE];        /* error buffer */
  48.     char filter_exp[] = "ip";            /* filter expression [3] */
  49.     bpf_u_int32 mask;                    /* subnet mask */
  50.     bpf_u_int32 net;                    /* ip */
  51.     int num_packets = -1;                /* number of packets to capture */

  52.     /* check for capture device name on command-line */
  53.     if (argc == 2) {
  54.         dev = argv[1];
  55.     } else if (argc > 2) {
  56.         fprintf(stderr, "error: unrecognized command-line options\n\n");
  57.         exit(EXIT_FAILURE);
  58.     } else {
  59.         /* find a capture device if not specified on command-line */
  60.         dev = pcap_lookupdev(errbuf);
  61.         if (dev == NULL) {
  62.             fprintf(stderr, "Couldn't find default device: %s\n",
  63.              errbuf);
  64.             exit(EXIT_FAILURE);
  65.         }
  66.     }

  67.     /* get network number and mask associated with capture device */
  68.     if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
  69.         fprintf(stderr, "Couldn't get netmask for device %s: %s\n",
  70.          dev, errbuf);
  71.         net = 0;
  72.         mask = 0;
  73.     }
  74.     
  75.     /* open capture device */
  76.     handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf);
  77.     if (handle == NULL) {
  78.         fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
  79.         exit(EXIT_FAILURE);
  80.     }
  81. #if 1
  82.     /* compile the filter expression */
  83.     if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
  84.         fprintf(stderr, "Couldn't parse filter %s: %s\n",
  85.          filter_exp, pcap_geterr(handle));
  86.         exit(EXIT_FAILURE);
  87.     }

  88.     /* apply the compiled filter */
  89.     if (pcap_setfilter(handle, &fp) == -1) {
  90.         fprintf(stderr, "Couldn't install filter %s: %s\n",
  91.          filter_exp, pcap_geterr(handle));
  92.         exit(EXIT_FAILURE);
  93.     }
  94. #endif

  95.     if(pcap_setdirection(handle, PCAP_D_IN)<0) {
  96.         pcap_perror(handle,(char*)"pcap_setdirection");
  97.         exit(EXIT_FAILURE);
  98.     }

  99.     signal(SIGINT, sigint);
  100.     
  101.     /* now we can set our callback function */
  102.     pcap_loop(handle, num_packets, packet_callback, NULL);

  103.     return(EXIT_SUCCESS);
  104. }





阅读(1165) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~