转发网址:https://blog.csdn.net/eqiang8271/article/details/8489769

//Example 1.

#include <stdio.h>

#include <errno.h>

#include <unistd.h>

#include <sys/socket.h>

#include <sys/types.h>

#include <linux/in.h>

#include <linux/if_ether.h>

#include <unistd.h>

#include <stdlib.h>

int main(int argc, char **argv) {

  int sock, n;

  char buffer[];

  unsigned char *iphead, *ethhead;

  if ((sock=socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP)))<) {

    perror("socket");

    exit();

  }

  while () {

    printf("----------\n");

    n = recvfrom(sock,buffer,,,NULL,NULL);

    printf("%d bytes read\n",n);

    /* Check to see if the packet contains at least

     * complete Ethernet (14), IP (20) and TCP/UDP

     * (8) headers.

     */

    if (n<) {

      perror("recvfrom():");

      printf("Incomplete packet (errno is %d)\n", errno);

      close(sock);

      exit();

    }

    ethhead = buffer;

    printf("Source MAC address: %02x:%02x:%02x:%02x:%02x:%02x\n",

           ethhead[],ethhead[],ethhead[],ethhead[],ethhead[],ethhead[]);

    printf("Destination MAC address: %02x:%02x:%02x:%02x:%02x:%02x\n",

           ethhead[],ethhead[],ethhead[],ethhead[],ethhead[],ethhead[]);

    iphead = buffer+; /* Skip Ethernet header */

    if (*iphead==0x45) { /* Double check for IPv4 and no options present */

        printf("Source host: %d.%d.%d.%d\n", iphead[], iphead[], iphead[], iphead[]);

        printf("Dest host: %d.%d.%d.%d\n", iphead[], iphead[], iphead[], iphead[]);

        printf("Source,Dest ports %d,%d\n", (iphead[]<<)+iphead[], (iphead[]<<)+iphead[]);

        printf("Layer-4 protocol %d\n",iphead[]);

    }

  }

}
//Example 2.

#include <stdio.h>

#include <string.h>

#include <errno.h>

#include <unistd.h>

#include <sys/socket.h>

#include <sys/types.h>

#include <linux/in.h>

#include <linux/if_ether.h>

#include <net/if.h>

#include <sys/ioctl.h>

#include <unistd.h>

#include <stdlib.h>

int main(int argc, char **argv) {

  int sock, n;

  char buffer[];

  unsigned char *iphead, *ethhead;

  struct ifreq ethreq;

  if ( (sock=socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP)))<) {

    perror("socket");

    exit();

  }

  /* Set the network card in promiscuos mode */

  strncpy(ethreq.ifr_name,"eth0",IFNAMSIZ);

  if (ioctl(sock,SIOCGIFFLAGS,&ethreq)==-) {

    perror("ioctl");

    close(sock);

    exit();

  }

  ethreq.ifr_flags|=IFF_PROMISC;

  if (ioctl(sock,SIOCSIFFLAGS,&ethreq)==-) {

    perror("ioctl");

    close(sock);

    exit();

  }

  while () {

    printf("----------\n");

    n = recvfrom(sock,buffer,,,NULL,NULL);

    printf("%d bytes read\n",n);

    /* Check to see if the packet contains at least

     * complete Ethernet (14), IP (20) and TCP/UDP

     * (8) headers.

     */

    if (n<) {

      perror("recvfrom():");

      printf("Incomplete packet (errno is %d)\n", errno);

      close(sock);

      exit();

    }

    ethhead = buffer;

    printf("Source MAC address: %02x:%02x:%02x:%02x:%02x:%02x\n",

           ethhead[],ethhead[],ethhead[],ethhead[],ethhead[],ethhead[]);

    printf("Destination MAC address: %02x:%02x:%02x:%02x:%02x:%02x\n",

           ethhead[],ethhead[],ethhead[],ethhead[],ethhead[],ethhead[]);

    iphead = buffer+; /* Skip Ethernet header */

    if (*iphead==0x45) { /* Double check for IPv4 and no options present */

      printf("Source host %d.%d.%d.%d\n", iphead[],iphead[],iphead[],iphead[]);

      printf("Dest host %d.%d.%d.%d\n",iphead[],iphead[],iphead[],iphead[]);

      printf("Source,Dest ports %d,%d\n",(iphead[]<<)+iphead[],(iphead[]<<)+iphead[]);

      printf("Layer-4 protocol %d\n",iphead[]);

    }

  }

}

使用BPF的这个可能有问题:

#include <stdio.h>

#include <string.h>

#include <errno.h>

#include <unistd.h>

#include <sys/socket.h>

#include <sys/types.h>

#include <linux/in.h>

#include <linux/if_ether.h>

#include <net/if.h>

#include <linux/filter.h>

#include <sys/ioctl.h>

int main(int argc, char **argv) {

  int sock, n;

  char buffer[];

  unsigned char *iphead, *ethhead;

  struct ifreq ethreq;

  /*my ip: 10.219.119.23 == 0x0adb7716*/

  /*

    udp and host 192.168.13.41 and src port 5000

    (000) ldh      [12]

    (001) jeq      #0x800           jt 2        jf 14

    (002) ldb      [23]

    (003) jeq      #0x11            jt 4        jf 14

    (004) ld       [26]

    (005) jeq      #0x0adb7716      jt 8        jf 6

    (006) ld       [30]

    (007) jeq      #0x0adb7716      jt 8        jf 14

    (008) ldh      [20]

    (009) jset     #0x1fff          jt 14       jf 10

    (010) ldxb     4*([14]&0xf)

    (011) ldh      [x + 14]

    (012) jeq      #0x1388          jt 13       jf 14

    (013) ret      #68

    (014) ret      #0

  */

  struct sock_filter BPF_code[]= {

    { 0x28, , , 0x0000000c },

    { 0x15, , , 0x00000800 },

    { 0x30, , , 0x00000017 },

    { 0x15, , , 0x00000011 },

    { 0x20, , , 0x0000001a },

    { 0x15, , , 0x0adb7716 },

    { 0x20, , , 0x0000001e },

    { 0x15, , , 0x0adb7716 },

    { 0x28, , , 0x00000014 },

    { 0x45, , , 0x00001fff },

    { 0xb1, , , 0x0000000e },

    { 0x48, , , 0x0000000e },

    { 0x15, , , 0x00001388 },

    { 0x6, , , 0x00000044 },

    { 0x6, , , 0x00000000 }

  };

  struct sock_fprog Filter;

  Filter.len = ;

  Filter.filter = BPF_code;

  if ( (sock=socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP)))<) {

    perror("socket");

    return -;

  }

  /* Set the network card in promiscuous mode 设置网卡为混杂模式*/

  strncpy(ethreq.ifr_name,"eth3",IFNAMSIZ); //hardcode, please check your computer: $ifconfig

  if (ioctl(sock,SIOCGIFFLAGS,&ethreq)==-) {

    perror("ioctl");

    close(sock);

    return -;

  }

  ethreq.ifr_flags|=IFF_PROMISC;

  if (ioctl(sock,SIOCSIFFLAGS,&ethreq)==-) {

    perror("ioctl");

    close(sock);

    return -;

  }

  /* Attach the filter to the socket */

  if(setsockopt(sock, SOL_SOCKET, SO_ATTACH_FILTER, &Filter, sizeof(Filter))<){

    perror("setsockopt");

    close(sock);

    return -;

  }

  while () {

    printf("----------\n");

    n = recvfrom(sock,buffer,,,NULL,NULL);

    printf("%d bytes read\n",n);

    /* Check to see if the packet contains at least

     * complete Ethernet (14), IP (20) and TCP/UDP

     * (8) headers.

     */

    if (n<) {

      perror("recvfrom():");

      printf("Incomplete packet (errno is %d)\n", errno);

      close(sock);

      return ;

    }

    ethhead = buffer;

    printf("Source MAC address: %02x:%02x:%02x:%02x:%02x:%02x\n",

           ethhead[],ethhead[],ethhead[],ethhead[],ethhead[],ethhead[]);

    printf("Destination MAC address: %02x:%02x:%02x:%02x:%02x:%02x\n",

           ethhead[],ethhead[],ethhead[],ethhead[],ethhead[],ethhead[]);

    iphead = buffer+; /* Skip Ethernet  header */

    if (*iphead==0x45) { /* Double check for IPv4 and no options present */

      printf("Source host %d.%d.%d.%d\n", iphead[],iphead[],iphead[],iphead[]);

      printf("Dest host %d.%d.%d.%d\n", iphead[],iphead[], iphead[],iphead[]);

      printf("Source,Dest ports %d,%d\n", (iphead[]<<)+iphead[], (iphead[]<<)+iphead[]);

      printf("Layer-4 protocol %d\n",iphead[]);

    }

  }

}

最新文章

  1. &lt;img&gt;标签链接地址失效如何自动显示默认图片
  2. [No000070]Flash与C#通信
  3. NoClassDefFoundError: javax/servlet/jsp/jstl/core/Config
  4. mysql查看bin日志命令
  5. LeetCode:Permutations, Permutations II(求全排列)
  6. 【转】怎样提高VR渲染速度
  7. Bootstrap中关闭第二个模态框时出现的问题和解决办法
  8. div英文内容超过div长度
  9. Nginx PRECONTENT mirror模块
  10. Mysql+jsp连接记录
  11. php中excel以及cvs等导入以及导出
  12. 《ASP.NET MVC企业实战》(二) MVC开发前奏
  13. git branch 分支管理
  14. [转] 学会fetch的用法
  15. 「版本升级」MyEclipse CI 2018.12.0正式发布
  16. kubernetes k8s yum localinstall
  17. Linux内核配置:Kconfig
  18. 逻辑控制之While循环控制器(While Controller)
  19. python webdriver 测试框架-数据驱动txt文件驱动,带报告的例子
  20. 引入 netty网关,向flume提交数据

热门文章

  1. 什么是T-SQL
  2. # 20145118 《Java程序设计》第4周学习总结 ## 教材学习内容总结
  3. 20145302张薇 《网络对抗技术》逆向及BOF基础实践
  4. 学习Zookeeper之第2章Zookeeper安装
  5. HBuilder 获取通话记录 (Android)
  6. MyBatis的简单入门学习
  7. shell 判断字符串长度是否不为0
  8. MySQL事务处理实现方法步骤
  9. tenserflow models包的安装 123
  10. MVP框架模式