翻译整理至官方文档:
我想说,这是我见过最友好的英文文档,废话不多,直接给代码。
1,整理后完整代码:
-
#include <stdio.h>
-
#include <arpa/inet.h>
-
#include <pcap/pcap.h>
-
-
-
#define ETHER_ADDR_LEN 6
-
-
/* Ethernet header */
-
struct sniff_ethernet {
-
u_char ether_dhost[ETHER_ADDR_LEN]; /* Destination host address */
-
u_char ether_shost[ETHER_ADDR_LEN]; /* Source host address */
-
u_short ether_type; /* IP? ARP? RARP? etc */
-
};
-
-
/* IP header */
-
struct sniff_ip {
-
u_char ip_vhl; /* version << 4 | header length >> 2 */
-
u_char ip_tos; /* type of service */
-
u_short ip_len; /* total length */
-
u_short ip_id; /* identification */
-
u_short ip_off; /* fragment offset field */
-
#define IP_RF 0x8000 /* reserved fragment flag */
-
#define IP_DF 0x4000 /* dont fragment flag */
-
#define IP_MF 0x2000 /* more fragments flag */
-
#define IP_OFFMASK 0x1fff /* mask for fragmenting bits */
-
u_char ip_ttl; /* time to live */
-
u_char ip_p; /* protocol */
-
u_short ip_sum; /* checksum */
-
struct in_addr ip_src,ip_dst; /* source and dest address */
-
};
-
#define IP_HL(ip) (((ip)->ip_vhl) & 0x0f)
-
#define IP_V(ip) (((ip)->ip_vhl) >> 4)
-
-
/* TCP header */
-
typedef u_int tcp_seq;
-
-
struct sniff_tcp {
-
u_short th_sport; /* source port */
-
u_short th_dport; /* destination port */
-
tcp_seq th_seq; /* sequence number */
-
tcp_seq th_ack; /* acknowledgement number */
-
u_char th_offx2; /* data offset, rsvd */
-
#define TH_OFF(th) (((th)->th_offx2 & 0xf0) >> 4)
-
u_char th_flags;
-
#define TH_FIN 0x01
-
#define TH_SYN 0x02
-
#define TH_RST 0x04
-
#define TH_PUSH 0x08
-
#define TH_ACK 0x10
-
#define TH_URG 0x20
-
#define TH_ECE 0x40
-
#define TH_CWR 0x80
-
#define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)
-
u_short th_win; /* window */
-
u_short th_sum; /* checksum */
-
u_short th_urp; /* urgent pointer */
-
};
-
-
void got_packet(u_char *args, const struct pcap_pkthdr *header,
-
const u_char *packet);
-
int main(int argc, char *argv[])
-
{
-
pcap_t *handle; /* Session handle */
-
char *dev; /* The device to sniff on */
-
char errbuf[PCAP_ERRBUF_SIZE]; /* Error string */
-
struct bpf_program fp; /* The compiled filter */
-
char filter_exp[] = "tcp"; /* The filter expression */
-
bpf_u_int32 mask; /* Our netmask */
-
bpf_u_int32 net; /* Our IP */
-
struct pcap_pkthdr header; /* The header that pcap gives us */
-
const u_char *packet; /* The actual packet */
-
-
/*
-
dev = pcap_lookupdev(errbuf);
-
if (dev == NULL) {
-
fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
-
return(2);
-
}
-
*/
-
dev = argv[1];
-
handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf);
-
if (handle == NULL) {
-
fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
-
return(2);
-
}
-
printf("Device: %s\n", dev);
-
-
if (pcap_datalink(handle) != DLT_EN10MB) {
-
fprintf(stderr, "Device %s doesn't provide Ethernet headers - not supported\n", dev);
-
return(2);
-
}
-
/* Compile and apply the filter */
-
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
-
fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
-
return(2);
-
}
-
if (pcap_setfilter(handle, &fp) == -1) {
-
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
-
return(2);
-
}
-
/* Grab a packet */
-
//packet = pcap_next(handle, &header);
-
/* Print its length */
-
//printf("Jacked a packet with length of [%d]\n", header.len);
-
-
pcap_loop(handle, -1, got_packet, NULL);
-
/* And close the session */
-
pcap_close(handle);
-
-
return(0);
-
}
-
void got_packet(u_char *args,\
-
const struct pcap_pkthdr *header,
-
const u_char *packet){
-
-
#define SIZE_ETHERNET 14
-
-
const struct sniff_ethernet *ethernet; /* The ethernet header */
-
const struct sniff_ip *ip; /* The IP header */
-
const struct sniff_tcp *tcp; /* The TCP header */
-
const char *payload; /* Packet payload */
-
-
u_int size_ip;
-
u_int size_tcp;
-
-
int index;
-
-
printf("get %d! bytes data:\n",header->len);
-
ethernet = (struct sniff_ethernet*)(packet);
-
ip = (struct sniff_ip*)(packet + SIZE_ETHERNET);
-
size_ip = IP_HL(ip)*4;
-
if (size_ip < 20) {
-
printf(" * Invalid IP header length: %u bytes\n", size_ip);
-
return;
-
}
-
tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip);
-
size_tcp = TH_OFF(tcp)*4;
-
if (size_tcp < 20) {
-
printf(" * Invalid TCP header length: %u bytes\n", size_tcp);
-
return;
-
}
-
payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_tcp);
-
}
2,编译;
centos下添加编译工具和依赖库文件:
-
#yum install gcc libpcap libpcap-devel
gcc编译链接
-
#gcc mypcap.c -lpcap -o mypcap
3,运行
#./mypcap eth0
阅读(1719) | 评论(0) | 转发(0) |