Chinaunix首页 | 论坛 | 博客
  • 博客访问: 439358
  • 博文数量: 58
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 623
  • 用 户 组: 普通用户
  • 注册时间: 2013-04-26 18:48
个人简介

在生存面前,那纯洁的理想,原来是那么脆弱不堪!

文章分类

全部博文(58)

文章存档

2022年(1)

2021年(1)

2019年(3)

2018年(6)

2017年(6)

2016年(14)

2015年(10)

2014年(16)

2013年(1)

我的朋友

分类: 网络与安全

2014-10-31 20:10:08

翻译整理至官方文档:
我想说,这是我见过最友好的英文文档,废话不多,直接给代码。
1,整理后完整代码:

mypcap.c

  1. #include <stdio.h>
  2. #include <arpa/inet.h>
  3. #include <pcap/pcap.h>


  4. #define ETHER_ADDR_LEN    6

  5. /* Ethernet header */
  6. struct sniff_ethernet {
  7.     u_char ether_dhost[ETHER_ADDR_LEN]; /* Destination host address */
  8.     u_char ether_shost[ETHER_ADDR_LEN]; /* Source host address */
  9.     u_short ether_type; /* IP? ARP? RARP? etc */
  10. };

  11. /* IP header */
  12. struct sniff_ip {
  13.     u_char ip_vhl;        /* version << 4 | header length >> 2 */
  14.     u_char ip_tos;        /* type of service */
  15.     u_short ip_len;        /* total length */
  16.     u_short ip_id;        /* identification */
  17.     u_short ip_off;        /* fragment offset field */
  18. #define IP_RF 0x8000        /* reserved fragment flag */
  19. #define IP_DF 0x4000        /* dont fragment flag */
  20. #define IP_MF 0x2000        /* more fragments flag */
  21. #define IP_OFFMASK 0x1fff    /* mask for fragmenting bits */
  22.     u_char ip_ttl;        /* time to live */
  23.     u_char ip_p;        /* protocol */
  24.     u_short ip_sum;        /* checksum */
  25.     struct in_addr ip_src,ip_dst; /* source and dest address */
  26. };
  27. #define IP_HL(ip)        (((ip)->ip_vhl) & 0x0f)
  28. #define IP_V(ip)        (((ip)->ip_vhl) >> 4)

  29. /* TCP header */
  30. typedef u_int tcp_seq;

  31. struct sniff_tcp {
  32.     u_short th_sport;    /* source port */
  33.     u_short th_dport;    /* destination port */
  34.     tcp_seq th_seq;        /* sequence number */
  35.     tcp_seq th_ack;        /* acknowledgement number */
  36.     u_char th_offx2;    /* data offset, rsvd */
  37. #define TH_OFF(th)    (((th)->th_offx2 & 0xf0) >> 4)
  38.     u_char th_flags;
  39. #define TH_FIN 0x01
  40. #define TH_SYN 0x02
  41. #define TH_RST 0x04
  42. #define TH_PUSH 0x08
  43. #define TH_ACK 0x10
  44. #define TH_URG 0x20
  45. #define TH_ECE 0x40
  46. #define TH_CWR 0x80
  47. #define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)
  48.     u_short th_win;        /* window */
  49.     u_short th_sum;        /* checksum */
  50.     u_short th_urp;        /* urgent pointer */
  51. };

  52. void got_packet(u_char *args, const struct pcap_pkthdr *header,
  53.      const u_char *packet);
  54. int main(int argc, char *argv[])
  55. {
  56.     pcap_t *handle;            /* Session handle */
  57.     char *dev;            /* The device to sniff on */
  58.     char errbuf[PCAP_ERRBUF_SIZE];    /* Error string */
  59.     struct bpf_program fp;        /* The compiled filter */
  60.     char filter_exp[] = "tcp";    /* The filter expression */
  61.     bpf_u_int32 mask;        /* Our netmask */
  62.     bpf_u_int32 net;        /* Our IP */
  63.     struct pcap_pkthdr header;    /* The header that pcap gives us */
  64.     const u_char *packet;        /* The actual packet */

  65.     /*
  66.     dev = pcap_lookupdev(errbuf);
  67.     if (dev == NULL) {
  68.         fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
  69.         return(2);
  70.     }
  71.     */
  72.     dev = argv[1];
  73.     handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf);
  74.     if (handle == NULL) {
  75.         fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
  76.         return(2);
  77.     }
  78.     printf("Device: %s\n", dev);

  79.     if (pcap_datalink(handle) != DLT_EN10MB) {
  80.         fprintf(stderr, "Device %s doesn't provide Ethernet headers - not supported\n", dev);
  81.         return(2);
  82.     }
  83.     /* Compile and apply the filter */
  84.     if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
  85.         fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
  86.         return(2);
  87.     }
  88.     if (pcap_setfilter(handle, &fp) == -1) {
  89.         fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
  90.         return(2);
  91.     }
  92.     /* Grab a packet */
  93.     //packet = pcap_next(handle, &header);
  94.     /* Print its length */
  95.     //printf("Jacked a packet with length of [%d]\n", header.len);
  96.     
  97.     pcap_loop(handle, -1, got_packet, NULL);
  98.     /* And close the session */
  99.     pcap_close(handle);

  100.     return(0);
  101. }
  102. void got_packet(u_char *args,\
  103.      const struct pcap_pkthdr *header,
  104.      const u_char *packet){

  105.     #define SIZE_ETHERNET 14

  106.     const struct sniff_ethernet *ethernet; /* The ethernet header */
  107.     const struct sniff_ip *ip; /* The IP header */
  108.     const struct sniff_tcp *tcp; /* The TCP header */
  109.     const char *payload; /* Packet payload */

  110.     u_int size_ip;
  111.     u_int size_tcp;

  112.     int index;

  113.     printf("get %d! bytes data:\n",header->len);
  114.     ethernet = (struct sniff_ethernet*)(packet);
  115.     ip = (struct sniff_ip*)(packet + SIZE_ETHERNET);
  116.     size_ip = IP_HL(ip)*4;
  117.     if (size_ip < 20) {
  118.         printf(" * Invalid IP header length: %u bytes\n", size_ip);
  119.         return;
  120.     }
  121.     tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip);
  122.     size_tcp = TH_OFF(tcp)*4;
  123.     if (size_tcp < 20) {
  124.         printf(" * Invalid TCP header length: %u bytes\n", size_tcp);
  125.         return;
  126.     }
  127.     payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_tcp);
  128. }

2,编译;
    centos下添加编译工具和依赖库文件:

点击(此处)折叠或打开

  1. #yum install gcc libpcap libpcap-devel
    gcc编译链接

点击(此处)折叠或打开

  1. #gcc mypcap.c -lpcap -o mypcap

3,运行
    #./mypcap eth0
阅读(1719) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~