当前位置: 技术问答>linux和unix
linux下面的原始套接字编程问题
来源: 互联网 发布时间:2016-09-04
本文导语: 如何侦听来源于指定 IP 地址的数据包,还有就是根据指定的协议类型来过虑包。 书上面说可以通过connect来设定,搞咯半天还是没成功阿,望大家指点一下。 | 这个可以用抓包实现的...
如何侦听来源于指定 IP 地址的数据包,还有就是根据指定的协议类型来过虑包。
书上面说可以通过connect来设定,搞咯半天还是没成功阿,望大家指点一下。
书上面说可以通过connect来设定,搞咯半天还是没成功阿,望大家指点一下。
|
这个可以用抓包实现的么
老早以前的了,希望对你有帮助
老早以前的了,希望对你有帮助
/*author :Logic0
time :2009-1-7
OS :UBUNTU 9.04
compiler:GCC 4.3.3
compile :gcc -o sniffer sniffer.c -lpcap
run :as root
*/
#include
#include
#include /*use libpcap lib*/
#include
#include
#include
#include
#include
#include
#include
#define MAX_LEN_2_SNAP 2048 /*maxlen of packets to grab*/
/*
*define arp flags
*/
#define ARP_REQUEST 1
#define ARP_REPLY 2
/*
*define libpcap error code
*/
#define ERROR_RET -1
#define ERROR_GET NULL
#define PROMISC_MODE 1
#define WAIT_TIME 0
typedef struct my_arphdr
{
u_int16_t ar_hrd; /* format of hardware address */
u_int16_t ar_pro; /* format of protocol address */
unsigned char ar_hln; /* length of hardware address */
unsigned char ar_pln; /* length of protocol address */
u_int16_t ar_op; /* ARP opcode (command) */
unsigned char ar_sha[6]; /* sender hardware address */
unsigned char ar_sip[4]; /* sender IP address */
unsigned char ar_tha[6]; /* target hardware address */
unsigned char ar_tip[4]; /* target IP address */
}ARPHDR_T;
struct bpf_program filter; /*packet filter*/
struct pcap_pkthdr pkthdr; /*libpcap header*/
struct in_addr addr;
bpf_u_int32 netp,maskp;
struct ethhdr *my_ethhdr; /*ethernet packet header*/
struct tcphdr *my_tcphdr; /*tcp packet header*/
struct iphdr *my_iphdr; /*ip packet header*/
ARPHDR_T *my_arphdr; /*arp packet header*/
void construct_filter(struct bpf_program *filter);
int get_dtl(pcap_t * , char *);
int get_ip_packets(pcap_t * , char *);
int get_tcp_packets(pcap_t * , char *);
int get_arp_packets(pcap_t * , char *);
void get_cnt(int *p); /*user input the number of packets to grab*/
int main()
{
int ret = 0; /*return value for error check*/
pcap_t *descr;
char *device,errbuf[PCAP_ERRBUF_SIZE]; /*network device and error buf*/
int choice = 0;
/*
* menu
*/
fprintf(stdout,"0.Type of my datalinkn");
fprintf(stdout,"1.Grab and analyse all packetn");
fprintf(stdout,"2.Grab and analyse IP packetn");
fprintf(stdout,"3.Grab and analyse TCP packetn");
fprintf(stdout,"4.Grab and analyse ARP packetn");
fprintf(stdout,"YOUR CHOICE:");
scanf("%d",&choice);
/*
* get device
*/
device = pcap_lookupdev(errbuf);
if(device == ERROR_GET)
{
fprintf(stdout,"device get error:%sn",errbuf);
exit(1);
}
fprintf(stdout,"DEVICE :%sn",device);
/*
*get and print net and netmask
*/
ret = pcap_lookupnet(device , &netp , &maskp , errbuf);
if(ret == ERROR_RET)
{
fprintf(stdout,"NET find error:%sn",errbuf);
exit(1);
}
addr.s_addr = netp;
fprintf(stdout,"NET :%sn",inet_ntoa(addr));
addr.s_addr = maskp;
fprintf(stdout,"NETMASK:%sn",inet_ntoa(addr));
/*
*open the device
*/
descr = pcap_open_live(device , MAX_LEN_2_SNAP , PROMISC_MODE , WAIT_TIME , errbuf);
if(descr == ERROR_GET)
{
fprintf(stdout,"open device link error:%sn",errbuf);
exit(1);
}
/*
*process user's choice
*/
while(1)
{
switch(choice)
{
case 0:
get_dtl(descr,errbuf);
break;
case 1:
get_all_packets(descr,errbuf);
break;
case 2:
get_ip_packets(descr,errbuf);
break;
case 3:
get_tcp_packets(descr,errbuf);
break;
case 4:
get_arp_packets(descr,errbuf);
break;
default:
fprintf(stdout,"input error!reinput:n");
}
fprintf(stdout,"Your choice:");
scanf("%d",&choice);
}
return 0;
}
void get_cnt(int *cnt_p)
{
fprintf(stdout,"input how many packets to grab:");
scanf("%d",cnt_p);
return;
}
int get_dtl(pcap_t *descr , char *err)
{
int ret;
ret = pcap_datalink(descr);
/*
* DLT_EN10MB ------> ETHERNET 10/100/1000MB
* DLT_PPP_ENTHER---> PPPOE
*/
if(ret == DLT_EN10MB)
{
fprintf(stdout,"DATALINK TYPE :Ethernet 10/100/1000MBn");
return 1;
}
if(ret == DLT_PPP_ETHER)
{
fprintf(stdout,"DATALINK TYPE :PPPOEn");
return 1;
}
fprintf(stdout,"DATALINK TYPE :OTHERn");
return 0;
}
int get_ip_packets(pcap_t *descr , char *err)
{
char *packet;
int cnt = 0;
get_cnt(&cnt);
fprintf(stdout,"protocoltlengthtsrc_ipttdst_ipn");
while(cnt--)
{
packet = pcap_next(descr , &pkthdr);
my_iphdr = (struct iphdr *)(packet + sizeof(struct ethhdr));
addr.s_addr = my_iphdr->saddr;
fprintf(stdout,"IPtt%dt%st",ntohs(my_iphdr->tot_len) ,inet_ntoa(addr));
addr.s_addr = my_iphdr->daddr;
fprintf(stdout,"%sn",inet_ntoa(addr));
}
return 0;
}
int get_tcp_packets(pcap_t *descr , char *err)
{
char *packet;
int cnt = 0 ;
get_cnt(&cnt);
fprintf(stdout,"protocoltwindowtSEQtack_seqn");
while(cnt--)
{
packet = pcap_next(descr , &pkthdr);
my_tcphdr = (struct tcphdr *)(packet + sizeof(struct ethhdr)+sizeof(struct iphdr));
fprintf(stdout,"TCPtt%dt%dt%dn",ntohs(my_tcphdr->window) ,ntohs( my_tcphdr->seq) ,ntohs( my_tcphdr->ack_seq));
}
return 0;
}
int get_arp_packets(pcap_t *descr , char *err)
{
char *packet;
int cnt = 0;
int i = 0; /*for temp use*/
get_cnt(&cnt);
fprintf(stdout,"protocoltkindtsender_macttarget_macn");
pcap_compile(descr , &filter , "arp" , 1 , maskp);
pcap_setfilter(descr , &filter);
while(cnt--)
{
packet = pcap_next(descr , &pkthdr);
my_arphdr = (struct arphdr *)(packet + 14);
fprintf(stdout,"ARPtt%st",ntohs(my_arphdr->ar_op)==ARP_REQUEST?"Request":"Reply");
for(i = 0 ; i ar_sha[i]));
}
fprintf(stdout,"t");
for(i = 0 ; i ar_tha[i]));
}
fprintf(stdout,"n");
}
pcap_compile(descr , &filter , "", 1 , maskp);
pcap_setfilter(descr , &filter);
return 0;
}
int get_all_packets(pcap_t *descr , char *err)
{
char *packet;
int cnt = 0;
struct ether_header *my_eth;
get_cnt(&cnt);
fprintf(stdout,"protocoltlengthtsrc_ipttdst_ipn");
while(cnt--)
{
packet = pcap_next(descr , &pkthdr);
my_eth = (struct ethhdr *)packet;
switch(ntohs(my_eth->ether_type))
{
case ETHERTYPE_IP:
fprintf(stdout,"IPV4tt");
break;
case ETHERTYPE_ARP:
fprintf(stdout,"ARPtt");
break;
case ETHERTYPE_REVARP:
fprintf(stdout,"RARPtt");
break;
case ETHERTYPE_IPV6:
fprintf(stdout,"IPV6tt");
break;
default:
fprintf(stdout,"OTHERtt");
}
fprintf(stdout,"%dt",pkthdr.len);
my_iphdr = (struct iphdr *)(packet + sizeof(struct ethhdr));
addr.s_addr = my_iphdr->saddr;
fprintf(stdout,"%st",inet_ntoa(addr));
addr.s_addr = my_iphdr->daddr;
fprintf(stdout,"%sn",inet_ntoa(addr));
}
return 0;
}
|
是说的 socket还是 raw socket? 印象中 raw socket是 数据报socket,而不是tcp socket,是不用connect的
您可能感兴趣的文章:
本站(WWW.)旨在分享和传播互联网科技相关的资讯和技术,将尽最大努力为读者提供更好的信息聚合和浏览方式。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。