当前位置: 技术问答>linux和unix
请问!在linux中可以用socket提取链路层的数据包(也就是非基于IP,UDP和TCP的数据包)吗?
来源: 互联网 发布时间:2015-07-29
本文导语: 我想用socket将802.1x的认证数据包提取出来,该数据包是非IP包,是一个以太网链路层上的多播包,我曾经用socket绑定SOCK_RAW和SOCK_PACKET的方式来提取,ARP包可以提取到了,不过802.1x的数据包提取不出来。。用的是下面的...
我想用socket将802.1x的认证数据包提取出来,该数据包是非IP包,是一个以太网链路层上的多播包,我曾经用socket绑定SOCK_RAW和SOCK_PACKET的方式来提取,ARP包可以提取到了,不过802.1x的数据包提取不出来。。用的是下面的函数socket(PF_PACKET,SOCK_RAW,htons("0x30"));socket(AF_INET,SOCK_PACKET,htons("0x30")).
求救,怎么用socket函数提取802.1x数据包啊!
求救,怎么用socket函数提取802.1x数据包啊!
|
有linux的原始套节字可以抓原始的数据包,创建套节子的时候用
sock = socket(AF_INET,SOCK_RAW,IPPROTO_ICMP);
或者你用libpcap,比较方便, 例如:
#include
#include
#include
#include
#include
#include
#include
#include
/* callback function that is passed to pcap_loop(..) and called each time
* a packet is recieved */
void my_callback(u_char *useless,const struct pcap_pkthdr* pkthdr,const u_char*
packet)
{
static int count = 1;
fprintf(stdout,"%d, ",count);
if(count == 4)
fprintf(stdout,"Come on baby sayyy you love me!!! ");
if(count == 7)
fprintf(stdout,"Tiiimmmeesss!! ");
fflush(stdout);
count++;
}
int main(int argc,char **argv)
{
int i;
char *dev;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t* descr;
const u_char *packet;
struct pcap_pkthdr hdr; /* pcap.h */
struct ether_header *eptr; /* net/ethernet.h */
if(argc != 2){ fprintf(stdout,"Usage: %s numpacketsn",argv[0]);return 0;}
/* grab a device to peak into... */
dev = pcap_lookupdev(errbuf);
if(dev == NULL)
{ printf("%sn",errbuf); exit(1); }
/* open device for reading */
descr = pcap_open_live(dev,BUFSIZ,0,-1,errbuf);
if(descr == NULL)
{ printf("pcap_open_live(): %sn",errbuf); exit(1); }
/* allright here we call pcap_loop(..) and pass in our callback function */
/* int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)*/
/* If you are wondering what the user argument is all about, so am I!! */
pcap_loop(descr,atoi(argv[1]),my_callback,NULL);
fprintf(stdout,"nDone processing packets... wheew!n");
return 0;
}
但是你要装上类库:libpcap,高版本的linux有libpcap的rpm包。也可以到网上去找最新的libpcap,好像是8.0把
sock = socket(AF_INET,SOCK_RAW,IPPROTO_ICMP);
或者你用libpcap,比较方便, 例如:
#include
#include
#include
#include
#include
#include
#include
#include
/* callback function that is passed to pcap_loop(..) and called each time
* a packet is recieved */
void my_callback(u_char *useless,const struct pcap_pkthdr* pkthdr,const u_char*
packet)
{
static int count = 1;
fprintf(stdout,"%d, ",count);
if(count == 4)
fprintf(stdout,"Come on baby sayyy you love me!!! ");
if(count == 7)
fprintf(stdout,"Tiiimmmeesss!! ");
fflush(stdout);
count++;
}
int main(int argc,char **argv)
{
int i;
char *dev;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t* descr;
const u_char *packet;
struct pcap_pkthdr hdr; /* pcap.h */
struct ether_header *eptr; /* net/ethernet.h */
if(argc != 2){ fprintf(stdout,"Usage: %s numpacketsn",argv[0]);return 0;}
/* grab a device to peak into... */
dev = pcap_lookupdev(errbuf);
if(dev == NULL)
{ printf("%sn",errbuf); exit(1); }
/* open device for reading */
descr = pcap_open_live(dev,BUFSIZ,0,-1,errbuf);
if(descr == NULL)
{ printf("pcap_open_live(): %sn",errbuf); exit(1); }
/* allright here we call pcap_loop(..) and pass in our callback function */
/* int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)*/
/* If you are wondering what the user argument is all about, so am I!! */
pcap_loop(descr,atoi(argv[1]),my_callback,NULL);
fprintf(stdout,"nDone processing packets... wheew!n");
return 0;
}
但是你要装上类库:libpcap,高版本的linux有libpcap的rpm包。也可以到网上去找最新的libpcap,好像是8.0把
|
row socket
|
写个内核模块,hook进去,物理层往上的什么都读得出来
您可能感兴趣的文章:
本站(WWW.)旨在分享和传播互联网科技相关的资讯和技术,将尽最大努力为读者提供更好的信息聚合和浏览方式。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。