ITKeyword,专注技术干货聚合推荐

注册 | 登录

linux下libpcap的使用(抓包小程序)

jingzhesiye 分享于 2012-06-08

2018阿里云全部产品优惠券(新购或升级都可以使用,强烈推荐)
领取地址https://promotion.aliyun.com/ntms/yunparter/invite.html

(1)获取网络接口名字和掩码等信息

(2)捕获数据包(单个数据包和多个数据包两种情况)

(3)以太网数据报捕获

(4)ARP数据包捕获

(5)IP数据包捕获

(6)TCP数据包捕获

(7)UDP数据包捕获

(8)ICMP数据包捕获


环境fedora13,vim,gcc

[cpp] view plain copy print ?
  1. #include<stdio.h>  
  2. #include<string.h>  
  3. #include<pcap.h>  
  4. #include<sys/socket.h>  
  5. #include<netinet/in.h>  
  6. #include<netinet/if_ether.h>  
  7. #include<netinet/ip.h>  
  8. #include<netinet/udp.h>  
  9. #include<netinet/tcp.h>  
  10. #include<netinet/ip_icmp.h>  
  11. #define max 1024  
  12. /* 
  13. typedef u_int32_t int_addr_t; 
  14. struct in_addr 
  15.     int_addr_t s_addr; 
  16. };*/  
  17. int call(u_char *argument,const struct pcap_pkthdr* pack,const u_char *content)  
  18. {  
  19.     int m=0,n;  
  20.     const u_char *buf,*iphead;  
  21.     u_char *p;  
  22.     struct ether_header *ethernet;  
  23.     struct iphdr *ip;  
  24.     struct tcphdr *tcp;  
  25.     struct udphdr *udp;  
  26.     struct icmphdr *icmp;  
  27.     buf=content;  
  28.     printf("==================================================\n");  
  29.     printf("The Frame is \n");  
  30.     while(m< (pack->len))  
  31.     {  
  32.         printf("%02x",buf[m]);  
  33.         m=m+1;  
  34.         if(m%16==0)  
  35.             printf("\n");  
  36.         else  
  37.             printf(":");  
  38.     }  
  39.     printf("\n");  
  40.     printf("Grabbed packet of length %d\n",pack->len);  
  41.     printf("Recieved at ..... %s",ctime((const time_t*)&(pack->ts.tv_sec)));   
  42. //  printf("Ethernet address length is %d\n",ETHER_HDR_LEN);  
  43.   
  44.     ethernet=(struct ether_header *)content;  
  45.     p=ethernet->ether_dhost;  
  46.     n=ETHER_ADDR_LEN;  
  47.     printf("Dest MAC is:");  
  48.     do{  
  49.         printf("%02x:",*p++);  
  50.     }while(--n>0);  
  51.     printf("\n");  
  52.     p=ethernet->ether_shost;  
  53.     n=ETHER_ADDR_LEN;  
  54.     printf("Source MAC is:");  
  55.     do{  
  56.         printf("%02x:",*p++);  
  57.     }while(--n>0);  
  58.     printf("\n");  
  59.       
  60.     if(ntohs(ethernet->ether_type)==ETHERTYPE_IP)  
  61.     {  
  62.         printf("It's a IP packet\n");  
  63.         ip=(struct iphdr*)(content+14);  
  64.         printf("IP Version:%d\n",ip->version);  
  65.         printf("TTL:%d\n",ip->ttl);  
  66.         printf("Source address:%s\n",inet_ntoa(ip->saddr));  
  67.         printf("Destination address:%s\n",inet_ntoa(ip->daddr));  
  68.         printf("Protocol:%d\n",ip->protocol);  
  69.         switch(ip->protocol)  
  70.         {  
  71.             case 6:  
  72.                 printf("The Transport Layer Protocol is TCP\n");  
  73.                 tcp=(struct tcphdr*)(content+14+20);  
  74.                 printf("Source Port:%d\n",ntohs(tcp->source));  
  75.                 printf("Destination Port:%d\n",ntohs(tcp->dest));  
  76.                 printf("Sequence Number:%u\n",ntohl(tcp->ack_seq));  
  77.                 break;  
  78.             case 17:  
  79.                 printf("The Transport Layer Protocol is UDP\n");  
  80.                 udp=(struct udphdr*)(content+14+20);  
  81.                 printf("Source port:%d\n",ntohs(udp->source));  
  82.                 printf("Destination port:%d\n",ntohs(udp->dest));  
  83.                 break;  
  84.             case 1:  
  85.                 printf("The Transport Layer Protocol is ICMP\n");  
  86.                 icmp=(struct icmphdr*)(content+14+20);  
  87.                 printf("ICMP Type:%d\n", icmp->type);  
  88.                 switch(icmp->type)  
  89.                 {  
  90.                     case 8:  
  91.                         printf("ICMP Echo Request Protocol\n");  
  92.                         break;  
  93.                     case 0:  
  94.                         printf("ICMP Echo Reply Protocol\n");  
  95.                         break;  
  96.                     default:  
  97.                         break;  
  98.                 }  
  99.                 break;  
  100.             default:  
  101.                 break;  
  102.         }  
  103. /*      if(*iphead==0x45) 
  104.         { 
  105.             printf("Source ip :%d.%d.%d.%d\n",iphead[12],iphead[13],iphead[14],iphead[15]); 
  106.             printf("Dest ip :%d.%d.%d.%d\n",iphead[16],iphead[17],iphead[18],iphead[19]); 
  107.              
  108.         }*/  
  109. //      tcp= (struct tcp_header*)(iphead);  
  110. //      source_port = ntohs(tcp->tcp_source_port);  
  111. //      dest_port = ntohs(tcp->tcp_destination_port);  
  112.   
  113.     }  
  114.     else if(ntohs (ethernet->ether_type) == ETHERTYPE_ARP)  
  115.     {  
  116.         printf("This is ARP packet.\n");  
  117.         iphead=buf+14;  
  118.         if (*(iphead+2)==0x08)  
  119.         {  
  120.             printf("Source ip:\t %d.%d.%d.%d\n",iphead[14],iphead[15],iphead[16],iphead[17]);  
  121.             printf("Dest ip:\t %d.%d.%d.%d\n",iphead[24],iphead[25],iphead[26],iphead[27]);  
  122.             printf("ARP TYPE: %d (0:request;1:respond)\n",iphead[6]);  
  123.   
  124.         }  
  125.     }  
  126.     return 0;  
  127. }  
  128. int main(int argc,char *argv[])  
  129. {  
  130.     if(argc!=2)  
  131.     {  
  132.         printf("%s <number>\n",argv[0]);  
  133.         return 0;  
  134.     }  
  135.     pcap_t *handle;  
  136.     pcap_if_t *alldev;  
  137.     pcap_if_t *p;  
  138.     char error[100];  
  139.   
  140.     struct in_addr net_ip_addr;  
  141.     struct in_addr net_mask_addr;  
  142.     struct ether_header *ethernet;  
  143.   
  144.     char *net_ip_string;  
  145.     char *net_mask_string;  
  146.     char *interface;  
  147.     u_int32_t net_ip;  
  148.     u_int32_t net_mask;  
  149.   
  150.     struct pcap_pkthdr pack;   
  151.     const u_char *content;  
  152.   
  153.     int i=0,num;  
  154.     if(pcap_findalldevs(&alldev,error)==-1)  
  155.     {  
  156.         printf("find all devices is error\n");  
  157.         return 0;  
  158.     }  
  159.     for(p=alldev;p;p=p->next)  
  160.     {  
  161.         printf("%d:%s\n",++i,p->name);  
  162.         if(p->description)  
  163.         {  
  164.             printf("%s\n",p->description);  
  165.         }  
  166.     }  
  167.     if(i==1)  
  168.         interface=p->name;  
  169.     else  
  170.     {  
  171.         printf("please input which interface you want to use\n");  
  172.         scanf("%d",&num);  
  173.         if(num<1||num>i)  
  174.         {  
  175.             printf("interface is unavillible\n");  
  176.             return 0;  
  177.         }  
  178.         for(p=alldev,i=1;i<=num;p=p->next,i++)  
  179.             interface=p->name;  
  180.     }  
  181.     /* 
  182.     if((interface=pcap_lookupdev(error))==NULL) 
  183.     { 
  184.         printf("%s\n",error); 
  185.         return 0; 
  186.     }*/  
  187.     if((handle=pcap_open_live(interface,max,1,0,error))==NULL)  
  188.     {  
  189.         printf("%s\n",error);  
  190.         return 0;  
  191.     }  
  192.     if(pcap_lookupnet(interface,&net_ip,&net_mask,error)==-1)  
  193.     {  
  194.         printf("%s\n",error);  
  195.         return 0;  
  196.     }  
  197.     printf("Interface is:%s\n",interface);  
  198.     net_ip_addr.s_addr=net_ip;  
  199.     net_ip_string=inet_ntoa(net_ip_addr);  
  200.     printf("The ip is:%s\n",net_ip_string);  
  201.     net_mask_addr.s_addr=net_mask;  
  202.     net_mask_string=inet_ntoa(net_mask_addr);  
  203.     printf("The mask is:%s\n",net_mask_string);  
  204.     pcap_loop(handle,atoi(argv[1]),call,NULL);  
  205.     pcap_freealldevs(alldev);  
  206.     return 1;  
  207. }  

#include<stdio.h> #include<string.h> #include<pcap.h> #include<sys/socket.h> #include<netinet/in.h> #include<netinet/if_ether.h> #include<netinet/ip.h> #include<netinet/udp.h> #include<netinet/tcp.h> #include<netinet/ip_icmp.h> #define max 1024 /* typedef u_int32_t int_addr_t; struct in_addr { int_addr_t s_addr; };*/ int call(u_char *argument,const struct pcap_pkthdr* pack,const u_char *content) { int m=0,n; const u_char *buf,*iphead; u_char *p; struct ether_header *ethernet; struct iphdr *ip; struct tcphdr *tcp; struct udphdr *udp; struct icmphdr *icmp; buf=content; printf("==================================================\n"); printf("The Frame is \n"); while(m< (pack->len)) { printf("%02x",buf[m]); m=m+1; if(m%16==0) printf("\n"); else printf(":"); } printf("\n"); printf("Grabbed packet of length %d\n",pack->len); printf("Recieved at ..... %s",ctime((const time_t*)&(pack->ts.tv_sec))); // printf("Ethernet address length is %d\n",ETHER_HDR_LEN); ethernet=(struct ether_header *)content; p=ethernet->ether_dhost; n=ETHER_ADDR_LEN; printf("Dest MAC is:"); do{ printf("%02x:",*p++); }while(--n>0); printf("\n"); p=ethernet->ether_shost; n=ETHER_ADDR_LEN; printf("Source MAC is:"); do{ printf("%02x:",*p++); }while(--n>0); printf("\n"); if(ntohs(ethernet->ether_type)==ETHERTYPE_IP) { printf("It's a IP packet\n"); ip=(struct iphdr*)(content+14); printf("IP Version:%d\n",ip->version); printf("TTL:%d\n",ip->ttl); printf("Source address:%s\n",inet_ntoa(ip->saddr)); printf("Destination address:%s\n",inet_ntoa(ip->daddr)); printf("Protocol:%d\n",ip->protocol); switch(ip->protocol) { case 6: printf("The Transport Layer Protocol is TCP\n"); tcp=(struct tcphdr*)(content+14+20); printf("Source Port:%d\n",ntohs(tcp->source)); printf("Destination Port:%d\n",ntohs(tcp->dest)); printf("Sequence Number:%u\n",ntohl(tcp->ack_seq)); break; case 17: printf("The Transport Layer Protocol is UDP\n"); udp=(struct udphdr*)(content+14+20); printf("Source port:%d\n",ntohs(udp->source)); printf("Destination port:%d\n",ntohs(udp->dest)); break; case 1: printf("The Transport Layer Protocol is ICMP\n"); icmp=(struct icmphdr*)(content+14+20); printf("ICMP Type:%d\n", icmp->type); switch(icmp->type) { case 8: printf("ICMP Echo Request Protocol\n"); break; case 0: printf("ICMP Echo Reply Protocol\n"); break; default: break; } break; default: break; } /* if(*iphead==0x45) { printf("Source ip :%d.%d.%d.%d\n",iphead[12],iphead[13],iphead[14],iphead[15]); printf("Dest ip :%d.%d.%d.%d\n",iphead[16],iphead[17],iphead[18],iphead[19]); }*/ // tcp= (struct tcp_header*)(iphead); // source_port = ntohs(tcp->tcp_source_port); // dest_port = ntohs(tcp->tcp_destination_port); } else if(ntohs (ethernet->ether_type) == ETHERTYPE_ARP) { printf("This is ARP packet.\n"); iphead=buf+14; if (*(iphead+2)==0x08) { printf("Source ip:\t %d.%d.%d.%d\n",iphead[14],iphead[15],iphead[16],iphead[17]); printf("Dest ip:\t %d.%d.%d.%d\n",iphead[24],iphead[25],iphead[26],iphead[27]); printf("ARP TYPE: %d (0:request;1:respond)\n",iphead[6]); } } return 0; } int main(int argc,char *argv[]) { if(argc!=2) { printf("%s <number>\n",argv[0]); return 0; } pcap_t *handle; pcap_if_t *alldev; pcap_if_t *p; char error[100]; struct in_addr net_ip_addr; struct in_addr net_mask_addr; struct ether_header *ethernet; char *net_ip_string; char *net_mask_string; char *interface; u_int32_t net_ip; u_int32_t net_mask; struct pcap_pkthdr pack; const u_char *content; int i=0,num; if(pcap_findalldevs(&alldev,error)==-1) { printf("find all devices is error\n"); return 0; } for(p=alldev;p;p=p->next) { printf("%d:%s\n",++i,p->name); if(p->description) { printf("%s\n",p->description); } } if(i==1) interface=p->name; else { printf("please input which interface you want to use\n"); scanf("%d",&num); if(num<1||num>i) { printf("interface is unavillible\n"); return 0; } for(p=alldev,i=1;i<=num;p=p->next,i++) interface=p->name; } /* if((interface=pcap_lookupdev(error))==NULL) { printf("%s\n",error); return 0; }*/ if((handle=pcap_open_live(interface,max,1,0,error))==NULL) { printf("%s\n",error); return 0; } if(pcap_lookupnet(interface,&net_ip,&net_mask,error)==-1) { printf("%s\n",error); return 0; } printf("Interface is:%s\n",interface); net_ip_addr.s_addr=net_ip; net_ip_string=inet_ntoa(net_ip_addr); printf("The ip is:%s\n",net_ip_string); net_mask_addr.s_addr=net_mask; net_mask_string=inet_ntoa(net_mask_addr); printf("The mask is:%s\n",net_mask_string); pcap_loop(handle,atoi(argv[1]),call,NULL); pcap_freealldevs(alldev); return 1; }
参数为要抓包的个数,抓包结果保存在save文件中。

运行部分结果:

转自http://blog.csdn.net/dk_zhe/article/details/7336448

(1)获取网络接口名字和掩码等信息 (2)捕获数据包(单个数据包和多个数据包两种情况) (3)以太网数据报捕获 (4)ARP数据包捕获 (5)IP数据包捕获 (6)TCP数据包捕获 (7)UDP数据包捕获

相关阅读排行


用户评论

游客

相关内容推荐

最新文章

×

×

请激活账号

为了能正常使用评论、编辑功能及以后陆续为用户提供的其他产品,请激活账号。

您的注册邮箱: 修改

重新发送激活邮件 进入我的邮箱

如果您没有收到激活邮件,请注意检查垃圾箱。