当前位置: 技术问答>linux和unix
Linux网络抓包的程序 [使用recvfrom之后无限阻塞]
来源: 互联网 发布时间:2016-06-07
本文导语: 操作系统: ubuntu 2.6.24 g++ 网络没有问题 程序原理是 : 1,先创建一个RAW的socket, 2,再把网卡设为混杂模式。 3,使用recvfrom开始抓包。 症状描述: recvfrom一直阻塞,不返回任何值: 下面是代码: #include // for ...
操作系统:
ubuntu 2.6.24
g++
网络没有问题
程序原理是 :
1,先创建一个RAW的socket,
2,再把网卡设为混杂模式。
3,使用recvfrom开始抓包。
症状描述:
recvfrom一直阻塞,不返回任何值:
下面是代码:
#include // for AF_INET SOCK_RAW
#include // for socket
#include // for sockaddr_in
#include // for strerror
#include // for errno
#include // for ioctl
#include // for ifreq
#include
#include
#include
#define DIE(x) printf(x);printf("Error Infor = [ %s ] ",strerror(errno));
exit(1);
#define BUFF_SIZE 2048
#define PORT_NUMBER 12345
struct ifreq ifr;
int main(int argc,char *argv[])
{
int sock;
sockaddr_in addr_in;
// 网上也有人用 sock = socket(AF_INET,SOCK_PACKET,htonl(EH_P_IP)),我试了下,结果和 这个一样
if (-1 == (sock = socket(AF_INET, SOCK_RAW,htonl(ETH_P_ALL))))
{
DIE("Create socket failed.n")
}
// 用ifconfig试了下,我的网卡是eth1
strcpy(ifr.ifr_name, "eth1");
if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)
{
DIE("ioctl failed.n");
}
ifr.ifr_flags |= IFF_PROMISC;
printf("Interface is %s.n",ifr.ifr_name);
if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
{
DIE("Second ioctl failed.n");
}
printf("Interface %sn",ifr.ifr_name); // 这里用 $ifconfig eth1 查看网卡 属性,成功设置混杂模式
char buff[BUFF_SIZE];
socklen_t sock_len = sizeof(buff);
printf("Begin capture.n");
while (true)
{
printf("peek.n");
memset(buff, 0, sizeof(char) * sock_len);
// 问题就在这里,一直阻塞,没有任何返回值
sock_len = recvfrom(
sock ,buff ,sizeof(buff) ,0 ,(sockaddr *)&addr_in ,&sock_len);
buff[sock_len] = '';
printf("%sn",buff);
}
return 0;
}
搞了几天了,搞不定.
谢谢
ubuntu 2.6.24
g++
网络没有问题
程序原理是 :
1,先创建一个RAW的socket,
2,再把网卡设为混杂模式。
3,使用recvfrom开始抓包。
症状描述:
recvfrom一直阻塞,不返回任何值:
下面是代码:
#include // for AF_INET SOCK_RAW
#include // for socket
#include // for sockaddr_in
#include // for strerror
#include // for errno
#include // for ioctl
#include // for ifreq
#include
#include
#include
#define DIE(x) printf(x);printf("Error Infor = [ %s ] ",strerror(errno));
exit(1);
#define BUFF_SIZE 2048
#define PORT_NUMBER 12345
struct ifreq ifr;
int main(int argc,char *argv[])
{
int sock;
sockaddr_in addr_in;
// 网上也有人用 sock = socket(AF_INET,SOCK_PACKET,htonl(EH_P_IP)),我试了下,结果和 这个一样
if (-1 == (sock = socket(AF_INET, SOCK_RAW,htonl(ETH_P_ALL))))
{
DIE("Create socket failed.n")
}
// 用ifconfig试了下,我的网卡是eth1
strcpy(ifr.ifr_name, "eth1");
if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)
{
DIE("ioctl failed.n");
}
ifr.ifr_flags |= IFF_PROMISC;
printf("Interface is %s.n",ifr.ifr_name);
if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
{
DIE("Second ioctl failed.n");
}
printf("Interface %sn",ifr.ifr_name); // 这里用 $ifconfig eth1 查看网卡 属性,成功设置混杂模式
char buff[BUFF_SIZE];
socklen_t sock_len = sizeof(buff);
printf("Begin capture.n");
while (true)
{
printf("peek.n");
memset(buff, 0, sizeof(char) * sock_len);
// 问题就在这里,一直阻塞,没有任何返回值
sock_len = recvfrom(
sock ,buff ,sizeof(buff) ,0 ,(sockaddr *)&addr_in ,&sock_len);
buff[sock_len] = '';
printf("%sn",buff);
}
return 0;
}
搞了几天了,搞不定.
谢谢
|
28.4 Raw Socket Input
The first question that we must answer regarding raw socket input is: Which
received IP datagrams does the kernel pass to raw sockets? The following rules
apply:
Received UDP packets and received TCP packets are never passed to a raw
socket. If a process wants to read IP datagrams containing UDP or TCP packets,
the packets must be read at the datalink layer, as described in Chapter 29.
---------------UNPv2
The first question that we must answer regarding raw socket input is: Which
received IP datagrams does the kernel pass to raw sockets? The following rules
apply:
Received UDP packets and received TCP packets are never passed to a raw
socket. If a process wants to read IP datagrams containing UDP or TCP packets,
the packets must be read at the datalink layer, as described in Chapter 29.
---------------UNPv2