Linux下sniffer实现(转)
2024-09-02 03:25:23
转发网址:https://blog.csdn.net/eqiang8271/article/details/8489769
//Example 1.
#include <stdio.h>
#include <errno.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <linux/in.h>
#include <linux/if_ether.h>
#include <unistd.h>
#include <stdlib.h> int main(int argc, char **argv) {
int sock, n;
char buffer[];
unsigned char *iphead, *ethhead; if ((sock=socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP)))<) {
perror("socket");
exit();
} while () {
printf("----------\n");
n = recvfrom(sock,buffer,,,NULL,NULL);
printf("%d bytes read\n",n); /* Check to see if the packet contains at least
* complete Ethernet (14), IP (20) and TCP/UDP
* (8) headers.
*/
if (n<) {
perror("recvfrom():");
printf("Incomplete packet (errno is %d)\n", errno);
close(sock);
exit();
} ethhead = buffer;
printf("Source MAC address: %02x:%02x:%02x:%02x:%02x:%02x\n",
ethhead[],ethhead[],ethhead[],ethhead[],ethhead[],ethhead[]);
printf("Destination MAC address: %02x:%02x:%02x:%02x:%02x:%02x\n",
ethhead[],ethhead[],ethhead[],ethhead[],ethhead[],ethhead[]); iphead = buffer+; /* Skip Ethernet header */
if (*iphead==0x45) { /* Double check for IPv4 and no options present */
printf("Source host: %d.%d.%d.%d\n", iphead[], iphead[], iphead[], iphead[]);
printf("Dest host: %d.%d.%d.%d\n", iphead[], iphead[], iphead[], iphead[]);
printf("Source,Dest ports %d,%d\n", (iphead[]<<)+iphead[], (iphead[]<<)+iphead[]);
printf("Layer-4 protocol %d\n",iphead[]);
}
}
}
//Example 2. #include <stdio.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <linux/in.h>
#include <linux/if_ether.h>
#include <net/if.h>
#include <sys/ioctl.h>
#include <unistd.h>
#include <stdlib.h> int main(int argc, char **argv) {
int sock, n;
char buffer[];
unsigned char *iphead, *ethhead;
struct ifreq ethreq; if ( (sock=socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP)))<) {
perror("socket");
exit();
} /* Set the network card in promiscuos mode */
strncpy(ethreq.ifr_name,"eth0",IFNAMSIZ);
if (ioctl(sock,SIOCGIFFLAGS,ðreq)==-) {
perror("ioctl");
close(sock);
exit();
}
ethreq.ifr_flags|=IFF_PROMISC;
if (ioctl(sock,SIOCSIFFLAGS,ðreq)==-) {
perror("ioctl");
close(sock);
exit();
} while () {
printf("----------\n");
n = recvfrom(sock,buffer,,,NULL,NULL);
printf("%d bytes read\n",n); /* Check to see if the packet contains at least
* complete Ethernet (14), IP (20) and TCP/UDP
* (8) headers.
*/
if (n<) {
perror("recvfrom():");
printf("Incomplete packet (errno is %d)\n", errno);
close(sock);
exit();
} ethhead = buffer;
printf("Source MAC address: %02x:%02x:%02x:%02x:%02x:%02x\n",
ethhead[],ethhead[],ethhead[],ethhead[],ethhead[],ethhead[]);
printf("Destination MAC address: %02x:%02x:%02x:%02x:%02x:%02x\n",
ethhead[],ethhead[],ethhead[],ethhead[],ethhead[],ethhead[]); iphead = buffer+; /* Skip Ethernet header */
if (*iphead==0x45) { /* Double check for IPv4 and no options present */
printf("Source host %d.%d.%d.%d\n", iphead[],iphead[],iphead[],iphead[]);
printf("Dest host %d.%d.%d.%d\n",iphead[],iphead[],iphead[],iphead[]);
printf("Source,Dest ports %d,%d\n",(iphead[]<<)+iphead[],(iphead[]<<)+iphead[]);
printf("Layer-4 protocol %d\n",iphead[]);
}
} }
使用BPF的这个可能有问题:
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <linux/in.h>
#include <linux/if_ether.h>
#include <net/if.h>
#include <linux/filter.h>
#include <sys/ioctl.h> int main(int argc, char **argv) {
int sock, n;
char buffer[];
unsigned char *iphead, *ethhead;
struct ifreq ethreq; /*my ip: 10.219.119.23 == 0x0adb7716*/
/*
udp and host 192.168.13.41 and src port 5000
(000) ldh [12]
(001) jeq #0x800 jt 2 jf 14
(002) ldb [23]
(003) jeq #0x11 jt 4 jf 14
(004) ld [26]
(005) jeq #0x0adb7716 jt 8 jf 6
(006) ld [30]
(007) jeq #0x0adb7716 jt 8 jf 14
(008) ldh [20]
(009) jset #0x1fff jt 14 jf 10
(010) ldxb 4*([14]&0xf)
(011) ldh [x + 14]
(012) jeq #0x1388 jt 13 jf 14
(013) ret #68
(014) ret #0
*/
struct sock_filter BPF_code[]= {
{ 0x28, , , 0x0000000c },
{ 0x15, , , 0x00000800 },
{ 0x30, , , 0x00000017 },
{ 0x15, , , 0x00000011 },
{ 0x20, , , 0x0000001a },
{ 0x15, , , 0x0adb7716 },
{ 0x20, , , 0x0000001e },
{ 0x15, , , 0x0adb7716 },
{ 0x28, , , 0x00000014 },
{ 0x45, , , 0x00001fff },
{ 0xb1, , , 0x0000000e },
{ 0x48, , , 0x0000000e },
{ 0x15, , , 0x00001388 },
{ 0x6, , , 0x00000044 },
{ 0x6, , , 0x00000000 }
};
struct sock_fprog Filter; Filter.len = ;
Filter.filter = BPF_code; if ( (sock=socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP)))<) {
perror("socket");
return -;
} /* Set the network card in promiscuous mode 设置网卡为混杂模式*/
strncpy(ethreq.ifr_name,"eth3",IFNAMSIZ); //hardcode, please check your computer: $ifconfig
if (ioctl(sock,SIOCGIFFLAGS,ðreq)==-) {
perror("ioctl");
close(sock);
return -;
}
ethreq.ifr_flags|=IFF_PROMISC;
if (ioctl(sock,SIOCSIFFLAGS,ðreq)==-) {
perror("ioctl");
close(sock);
return -;
} /* Attach the filter to the socket */
if(setsockopt(sock, SOL_SOCKET, SO_ATTACH_FILTER, &Filter, sizeof(Filter))<){
perror("setsockopt");
close(sock);
return -;
} while () {
printf("----------\n");
n = recvfrom(sock,buffer,,,NULL,NULL);
printf("%d bytes read\n",n); /* Check to see if the packet contains at least
* complete Ethernet (14), IP (20) and TCP/UDP
* (8) headers.
*/
if (n<) {
perror("recvfrom():");
printf("Incomplete packet (errno is %d)\n", errno);
close(sock);
return ;
} ethhead = buffer;
printf("Source MAC address: %02x:%02x:%02x:%02x:%02x:%02x\n",
ethhead[],ethhead[],ethhead[],ethhead[],ethhead[],ethhead[]);
printf("Destination MAC address: %02x:%02x:%02x:%02x:%02x:%02x\n",
ethhead[],ethhead[],ethhead[],ethhead[],ethhead[],ethhead[]); iphead = buffer+; /* Skip Ethernet header */
if (*iphead==0x45) { /* Double check for IPv4 and no options present */
printf("Source host %d.%d.%d.%d\n", iphead[],iphead[],iphead[],iphead[]);
printf("Dest host %d.%d.%d.%d\n", iphead[],iphead[], iphead[],iphead[]);
printf("Source,Dest ports %d,%d\n", (iphead[]<<)+iphead[], (iphead[]<<)+iphead[]);
printf("Layer-4 protocol %d\n",iphead[]);
}
} }
最新文章
- <;img>;标签链接地址失效如何自动显示默认图片
- [No000070]Flash与C#通信
- NoClassDefFoundError: javax/servlet/jsp/jstl/core/Config
- mysql查看bin日志命令
- LeetCode:Permutations, Permutations II(求全排列)
- 【转】怎样提高VR渲染速度
- Bootstrap中关闭第二个模态框时出现的问题和解决办法
- div英文内容超过div长度
- Nginx PRECONTENT mirror模块
- Mysql+jsp连接记录
- php中excel以及cvs等导入以及导出
- 《ASP.NET MVC企业实战》(二) MVC开发前奏
- git branch 分支管理
- [转] 学会fetch的用法
- 「版本升级」MyEclipse CI 2018.12.0正式发布
- kubernetes k8s yum localinstall
- Linux内核配置:Kconfig
- 逻辑控制之While循环控制器(While Controller)
- python webdriver 测试框架-数据驱动txt文件驱动,带报告的例子
- 引入 netty网关,向flume提交数据