linux下c语言抓包库libpcap
2012-11-14 15:56
337 查看
安装命令:sudo apt-get install libpcap-dev
由于自己还没仔细研究过,暂时也只是想在这里留个记录,方便以后需要时使用。下面是百度百科里的例子。
gcc pcap.c -o pcap -lpcap
sudo ./pcap //记住一定要root权限,因为涉及了访问底层硬件了。
下面是抓包并以二进制方式打印的,对于调试网络包可能会经常使用到。
下面这个网址有一些例子:
http://blog.csdn.net/htttw/article/details/7521053
由于自己还没仔细研究过,暂时也只是想在这里留个记录,方便以后需要时使用。下面是百度百科里的例子。
#include <pcap.h> #include <stdlib.h> #include <stdio.h> int main(int argc, char *argv[]) { pcap_if_t *alldevs; pcap_if_t *device; char errbuf[PCAP_ERRBUF_SIZE]; if(pcap_findalldevs(&alldevs, errbuf) == -1) { fprintf(stderr, "Error in pcap_findalldevs: %s\n", errbuf); exit(EXIT_FAILURE); } device = alldevs; for(; device != NULL; device = device->next) { printf("Device name: %s\n", device->name); printf("Description: %s\n", device->description); } /* 不再需要设备列表了,释放它 */ pcap_freealldevs(alldevs); return 0; } ~
gcc pcap.c -o pcap -lpcap
sudo ./pcap //记住一定要root权限,因为涉及了访问底层硬件了。
下面是抓包并以二进制方式打印的,对于调试网络包可能会经常使用到。
#include <pcap.h> #include <time.h> #include <stdlib.h> #include <stdio.h> void getPacket(u_char * arg, const struct pcap_pkthdr * pkthdr, const u_char * packet) { int * id = (int *)arg; printf("id: %d\n", ++(*id)); printf("Packet length: %d\n", pkthdr->len); printf("Number of bytes: %d\n", pkthdr->caplen); printf("Recieved time: %s", ctime((const time_t *)&pkthdr->ts.tv_sec)); int i; for(i=0; i<pkthdr->len; ++i) { printf(" %02x", packet[i]); if( (i + 1) % 16 == 0 ) { printf("\n"); } } printf("\n\n"); } int main() { char errBuf[PCAP_ERRBUF_SIZE], * devStr; /* get a device */ devStr = pcap_lookupdev(errBuf); if(devStr) { printf("success: device: %s\n", devStr); } else { printf("error: %s\n", errBuf); exit(1); } /* open a device, wait until a packet arrives */ pcap_t * device = pcap_open_live(devStr, 65535, 1, 0, errBuf); if(!device) { printf("error: pcap_open_live(): %s\n", errBuf); exit(1); } /* wait loop forever */ int id = 0; pcap_loop(device, -1, getPacket, (u_char*)&id); pcap_close(device); return 0; }下面是抓取数据包并解析网络包,解析为物理层、网络层等。
#include <pcap.h> #include <stdio.h> #include <netinet/ip.h> #include <netinet/if_ether.h> #include <netinet/tcp.h> void tcp_packet_callback(unsigned char *argument,const struct pcap_pkthdr* pcap_header,const unsigned char *packet_content) { struct tcphdr *tcpptr=(struct tcphdr *)(packet_content+14+20); printf("----tcp protocol-----\n"); printf("source port:%d\n",ntohs(tcpptr->source)); printf("dest port:%d\n",ntohs(tcpptr->dest)); printf("sequence number:%u\n",ntohl(tcpptr->seq)); printf("acknowledgement number:%u\n",ntohl(tcpptr->ack_seq)); printf("header length:%d\n",tcpptr->doff*4); printf("check sum:%d\n",ntohs(tcpptr->check)); printf("window size:%d\n",ntohs(tcpptr->window)); printf("urgent pointer:%d\n",ntohs(tcpptr->urg_ptr)); } void ip_packet_callback(unsigned char *argument,const struct pcap_pkthdr* pcap_header,const unsigned char *packet_content) { struct in_addr s,d; struct iphdr *ipptr; ipptr=(struct iphdr *)(packet_content+14); printf("-----IP Protocol (network layer)-----\n"); printf("version:%d\n",ipptr->version); printf("header length:%d\n",ipptr->ihl*4); printf("tos:%d\n",ipptr->tos); printf("total length:%d\n",ntohs(ipptr->tot_len)); printf("identification:%d\n",ntohs(ipptr->id)); printf("offset:%d\n",ntohs((ipptr->frag_off&0x1fff)*8)); printf("TTL:%d\n",ipptr->ttl); printf("checksum:%d\n",ntohs(ipptr->check)); printf("protocol:%d\n",ipptr->protocol); s.s_addr=ipptr->saddr; d.s_addr=ipptr->daddr; printf("source address:%s\n",inet_ntoa(s)); printf("destination address:%s\n",inet_ntoa(d)); switch(ipptr->protocol) { case 6: printf("tcp protocol\n"); tcp_packet_callback(argument,pcap_header,packet_content); break; case 1: printf("icmp protocol\n"); break; case 17: printf("udp protocol\n"); break; default: break; } } void arp_packet_callback(unsigned char *argument,const struct pcap_pkthdr* pcap_header,const unsigned char *packet_content) { printf("------ARP Protocol-------\n"); } void ethernet_packet_callback(unsigned char *argument,const struct pcap_pkthdr* pcap_header,const unsigned char *packet_content) { struct ethhdr *ethptr; struct iphdr *ipptr; unsigned char *mac; printf("--------------------------context----------\n"); //printf("%s\n", packet_content); ethptr=(struct ethhdr *)packet_content; printf("\n----ethernet protocol(phydical layer)-----\n"); printf("MAC source Address:\n"); mac=ethptr->h_source; printf("%02x:%02x:%02x:%02x:%02x:%02x\n",*mac,*(mac+1),*(mac+2),*(mac+3),*(mac+4),*(mac+5)); printf("MAC destination Address:\n"); mac=ethptr->h_dest; printf("%02x:%02x:%02x:%02x:%02x:%02x\n",*mac,*(mac+1),*(mac+2),*(mac+3),*(mac+4),*(mac+5)); printf("protocol:%04x\n",ntohs(ethptr->h_proto)); switch(ntohs(ethptr->h_proto)) { case 0x0800: printf("this is a IP protocol\n"); ip_packet_callback(argument,pcap_header,packet_content); break; case 0x0806: printf("this is a ARP protocol\n"); arp_packet_callback(argument,pcap_header,packet_content); break; case 0x8035: printf("this is a RARP protocol\n"); break; default: break; } } int main(){ pcap_t *pt; char *dev; char errbuf[128]; struct bpf_program fp; bpf_u_int32 maskp,netp; int ret,i=0,inum; int pcap_time_out=5; char filter[128]; unsigned char *packet; struct pcap_pkthdr hdr; pcap_if_t *alldevs,*d; if(pcap_findalldevs(&alldevs,errbuf)==-1) { fprintf(stderr,"find interface failed!\n"); return; } for(d=alldevs;d;d=d->next){ printf("%d. %s\n",++i,d->name); if(d->description) printf("(%s)\n",d->description); else printf("(no description available)\n"); } if(i==1) dev=alldevs->name; else { printf("input a interface:(1-%d)",i); scanf("%d",&inum); if(inum<1||inum>i) { printf("interface number out of range\n"); return; } for(d=alldevs,i=1;i<inum;d=d->next,i++); dev=d->name; } /* dev=pcap_lookupdev(errbuf); if(dev==NULL){ fprintf(stderr,"%s\n",errbuf); return; } */ printf("dev:%s\n",dev); ret=pcap_lookupnet(dev,&netp,&maskp,errbuf); if(ret==-1){ fprintf(stderr,"%s\n",errbuf); return; } pcap_dump_open(pt, "t.pcap"); pt=pcap_open_live(dev,BUFSIZ,1,pcap_time_out,errbuf); if(pt==NULL){ fprintf(stderr,"open error :%s\n",errbuf); return; } sprintf(filter,""); if(pcap_compile(pt,&fp,filter,0,netp)==-1) { fprintf(stderr,"compile error\n"); return; } if(pcap_setfilter(pt,&fp)==-1) { fprintf(stderr,"setfilter error\n"); return; } pcap_loop(pt,-1,ethernet_packet_callback,NULL); /* while(1) { printf("wait packet:filter %s\n",filter); packet=(char *)pcap_next(pt,&hdr); if(packet==NULL) continue; else printf("get a packet\n"); } */ pcap_close(pt); return 0; }
下面这个网址有一些例子:
http://blog.csdn.net/htttw/article/details/7521053
相关文章推荐
- c语言基于Linux下用libpcap实现抓包程序
- linux下libpcap抓包分析
- Linux下用libpcap如何对多网卡抓包,找不到打开多网卡的函数啊!!!!
- linux 下 libpcap抓包实例程序
- linux下libpcap抓包分析
- linux下libpcap的使用(抓包小程序)
- linux抓包(基于libpcap)
- Linux UDP下C语言实现TFTP协议客户端 .
- 在Linux下用C语言操作数据库sqlite3(建立数据库)
- C语言 仿LINUX下fortune命令(随机显示格言)
- C语言编程—清空键盘缓冲区,Linux和Windows下完美实现(转)
- Linux下 C语言编程基本知识
- C语言开发Linux下web服务器(支持GET/POST,SSL,目录显示等)
- Linux内核入门(三)—— C语言基本功
- Linux网络抓包分析工具Tcpdump基础篇[参数说明]
- linux下的C语言开发(信号处理)
- 详解C语言开发unix/Linux下安全套接字(SSL)的TCP服务端程序
- Linux环境利用tcpdump对网络数据进行抓包
- Linux下用C语言获得当前系统时间
- 在Linux下用C语言操作数据库sqlite3(建立数据库)