linux下c语言抓包库libpcap

其他 2018-05-28 18:11:13 阅读次数: 2

安装命令:sudo apt-get install libpcap-dev

由于自己还没仔细研究过,暂时也只是想在这里留个记录,方便以后需要时使用。下面是百度百科里的例子。

[cpp]  view plain  copy
  1. #include <pcap.h>  
  2. #include <stdlib.h>  
  3. #include <stdio.h>  
  4.   
  5. int main(int argc, char *argv[])  
  6. {  
  7.         pcap_if_t *alldevs;  
  8.         pcap_if_t *device;  
  9.         char errbuf[PCAP_ERRBUF_SIZE];  
  10.   
  11.         if(pcap_findalldevs(&alldevs, errbuf) == -1)  
  12.         {  
  13.                 fprintf(stderr, "Error in pcap_findalldevs: %s\n", errbuf);  
  14.                 exit(EXIT_FAILURE);  
  15.         }  
  16.         device = alldevs;  
  17.         for(; device != NULL; device = device->next)  
  18.         {  
  19.                 printf("Device name: %s\n", device->name);  
  20.                 printf("Description: %s\n", device->description);  
  21.         }  
  22.         /* 不再需要设备列表了,释放它 */  
  23.         pcap_freealldevs(alldevs);  
  24.         return 0;  
  25. }  
  26. ~            

gcc pcap.c -o pcap -lpcap

sudo ./pcap   //记住一定要root权限,因为涉及了访问底层硬件了。


下面是抓包并以二进制方式打印的,对于调试网络包可能会经常使用到。

[cpp]  view plain  copy
  1. #include <pcap.h>  
  2. #include <time.h>  
  3. #include <stdlib.h>  
  4. #include <stdio.h>  
  5.   
  6. void getPacket(u_char * arg, const struct pcap_pkthdr * pkthdr, const u_char * packet)  
  7. {  
  8.         int * id = (int *)arg;  
  9.   
  10.         printf("id: %d\n", ++(*id));  
  11.         printf("Packet length: %d\n", pkthdr->len);  
  12.         printf("Number of bytes: %d\n", pkthdr->caplen);  
  13.         printf("Recieved time: %s", ctime((const time_t *)&pkthdr->ts.tv_sec));   
  14.   
  15.         int i;  
  16.         for(i=0; i<pkthdr->len; ++i)  
  17.         {  
  18.                 printf(" %02x", packet[i]);  
  19.                 if( (i + 1) % 16 == 0 )  
  20.                 {  
  21.                         printf("\n");  
  22.                 }  
  23.         }  
  24.   
  25.         printf("\n\n");  
  26. }  
  27.   
  28. int main()  
  29. {  
  30.         char errBuf[PCAP_ERRBUF_SIZE], * devStr;  
  31.   
  32.         /* get a device */  
  33.         devStr = pcap_lookupdev(errBuf);  
  34.   
  35.         if(devStr)  
  36.         {  
  37.                 printf("success: device: %s\n", devStr);  
  38.         }  
  39.         else  
  40.         {  
  41.                 printf("error: %s\n", errBuf);  
  42.                 exit(1);  
  43.         }  
  44.   
  45.         /* open a device, wait until a packet arrives */  
  46.         pcap_t * device = pcap_open_live(devStr, 65535, 1, 0, errBuf);  
  47.   
  48.         if(!device)  
  49.         {  
  50.                 printf("error: pcap_open_live(): %s\n", errBuf);  
  51.                 exit(1);  
  52.         }  
  53.   
  54.         /* wait loop forever */  
  55.         int id = 0;  
  56.         pcap_loop(device, -1, getPacket, (u_char*)&id);  
  57.   
  58.         pcap_close(device);  
  59.   
  60.         return 0;  
  61. }  
下面是抓取数据包并解析网络包,解析为物理层、网络层等。

[cpp]  view plain  copy
  1. #include <pcap.h>  
  2. #include <stdio.h>  
  3. #include <netinet/ip.h>  
  4. #include <netinet/if_ether.h>  
  5. #include <netinet/tcp.h>  
  6.   
  7. void tcp_packet_callback(unsigned char *argument,const struct pcap_pkthdr* pcap_header,const unsigned char *packet_content) {  
  8.         struct tcphdr *tcpptr=(struct tcphdr *)(packet_content+14+20);  
  9.                 printf("----tcp protocol-----\n");  
  10.                 printf("source port:%d\n",ntohs(tcpptr->source));  
  11.                 printf("dest port:%d\n",ntohs(tcpptr->dest));  
  12.   
  13.                 printf("sequence number:%u\n",ntohl(tcpptr->seq));  
  14.                 printf("acknowledgement number:%u\n",ntohl(tcpptr->ack_seq));  
  15.                 printf("header length:%d\n",tcpptr->doff*4);  
  16.                 printf("check sum:%d\n",ntohs(tcpptr->check));  
  17.                 printf("window size:%d\n",ntohs(tcpptr->window));  
  18.                 printf("urgent pointer:%d\n",ntohs(tcpptr->urg_ptr));  
  19. }  
  20.   
  21. void ip_packet_callback(unsigned char *argument,const struct pcap_pkthdr* pcap_header,const unsigned char *packet_content) {  
  22.         struct in_addr s,d;  
  23.         struct iphdr *ipptr;  
  24.         ipptr=(struct iphdr *)(packet_content+14);  
  25.   
  26.                 printf("-----IP Protocol (network layer)-----\n");  
  27.                 printf("version:%d\n",ipptr->version);  
  28.                 printf("header length:%d\n",ipptr->ihl*4);  
  29.                 printf("tos:%d\n",ipptr->tos);  
  30.                 printf("total length:%d\n",ntohs(ipptr->tot_len));  
  31.                 printf("identification:%d\n",ntohs(ipptr->id));  
  32.                 printf("offset:%d\n",ntohs((ipptr->frag_off&0x1fff)*8));  
  33.                 printf("TTL:%d\n",ipptr->ttl);  
  34.                 printf("checksum:%d\n",ntohs(ipptr->check));  
  35.                 printf("protocol:%d\n",ipptr->protocol);  
  36.         s.s_addr=ipptr->saddr;  
  37.         d.s_addr=ipptr->daddr;  
  38.                 printf("source address:%s\n",inet_ntoa(s));  
  39.                 printf("destination address:%s\n",inet_ntoa(d));  
  40.   
  41.         switch(ipptr->protocol) {  
  42.                 case 6:  
  43.                                                 printf("tcp protocol\n");  
  44.                         tcp_packet_callback(argument,pcap_header,packet_content);  
  45.                         break;  
  46.                 case 1:  
  47.                                                 printf("icmp protocol\n");  
  48.                         break;  
  49.                 case 17:  
  50.                                                 printf("udp protocol\n");  
  51.                         break;  
  52.                 default:  
  53.                         break;  
  54.         }  
  55.   
  56. }  
  57.   
  58. void arp_packet_callback(unsigned char *argument,const struct pcap_pkthdr* pcap_header,const unsigned char *packet_content) {  
  59.                 printf("------ARP Protocol-------\n");  
  60. }  
  61.   
  62. void ethernet_packet_callback(unsigned char *argument,const struct pcap_pkthdr* pcap_header,const unsigned char *packet_content) {  
  63.         struct ethhdr *ethptr;  
  64.         struct iphdr *ipptr;  
  65.         unsigned char *mac;  
  66.         printf("--------------------------context----------\n");  
  67.         //printf("%s\n", packet_content);  
  68.         ethptr=(struct ethhdr *)packet_content;  
  69.                 printf("\n----ethernet protocol(phydical layer)-----\n");  
  70.                 printf("MAC source Address:\n");  
  71.         mac=ethptr->h_source;  
  72.                 printf("%02x:%02x:%02x:%02x:%02x:%02x\n",*mac,*(mac+1),*(mac+2),*(mac+3),*(mac+4),*(mac+5));  
  73.                 printf("MAC destination Address:\n");  
  74.         mac=ethptr->h_dest;  
  75.                 printf("%02x:%02x:%02x:%02x:%02x:%02x\n",*mac,*(mac+1),*(mac+2),*(mac+3),*(mac+4),*(mac+5));  
  76.                 printf("protocol:%04x\n",ntohs(ethptr->h_proto));  
  77.   
  78.         switch(ntohs(ethptr->h_proto)) {  
  79.                 case 0x0800:  
  80.                                                 printf("this is a IP protocol\n");  
  81.                         ip_packet_callback(argument,pcap_header,packet_content);  
  82.                         break;  
  83.                 case 0x0806:  
  84.                                                 printf("this is a ARP protocol\n");  
  85.                         arp_packet_callback(argument,pcap_header,packet_content);  
  86.                         break;  
  87.                 case 0x8035:  
  88.                                                 printf("this is a RARP protocol\n");  
  89.                         break;  
  90.                 default:  
  91.                         break;  
  92.   
  93.         }  
  94. }  
  95.   
  96. int main(){  
  97.         pcap_t *pt;  
  98.         char *dev;  
  99.         char errbuf[128];  
  100.         struct bpf_program fp;  
  101.         bpf_u_int32 maskp,netp;  
  102.         int ret,i=0,inum;  
  103.         int pcap_time_out=5;  
  104.         char filter[128];  
  105.         unsigned char *packet;  
  106.         struct pcap_pkthdr hdr;  
  107.         pcap_if_t *alldevs,*d;  
  108.   
  109.         if(pcap_findalldevs(&alldevs,errbuf)==-1) {  
  110.                                 fprintf(stderr,"find interface failed!\n");  
  111.                 return;  
  112.         }  
  113.         for(d=alldevs;d;d=d->next){  
  114.                                 printf("%d. %s\n",++i,d->name);  
  115.                 if(d->description)  
  116.                                           printf("(%s)\n",d->description);  
  117.                 else  
  118.                                           printf("(no description available)\n");  
  119.         }  
  120.   
  121.         if(i==1)  
  122.               dev=alldevs->name;  
  123.         else {  
  124.                 printf("input a interface:(1-%d)",i);  
  125.                 scanf("%d",&inum);  
  126.                 if(inum<1||inum>i) {  
  127.                                                 printf("interface number out of range\n");  
  128.                         return;  
  129.                 }  
  130.   
  131.                 for(d=alldevs,i=1;i<inum;d=d->next,i++);  
  132.                 dev=d->name;  
  133.         }  
  134.   
  135.         /* 
  136.            dev=pcap_lookupdev(errbuf); 
  137.            if(dev==NULL){ 
  138.                    fprintf(stderr,"%s\n",errbuf); 
  139.            return; 
  140.            } 
  141.          */  
  142.                 printf("dev:%s\n",dev);  
  143.         ret=pcap_lookupnet(dev,&netp,&maskp,errbuf);  
  144.         if(ret==-1){  
  145.                                 fprintf(stderr,"%s\n",errbuf);  
  146.                 return;  
  147.         }  
  148.         pcap_dump_open(pt, "t.pcap");  
  149.         pt=pcap_open_live(dev,BUFSIZ,1,pcap_time_out,errbuf);  
  150.         if(pt==NULL){  
  151.                                 fprintf(stderr,"open error :%s\n",errbuf);  
  152.                 return;  
  153.         }  
  154.         sprintf(filter,"");  
  155.         if(pcap_compile(pt,&fp,filter,0,netp)==-1) {  
  156.                                 fprintf(stderr,"compile error\n");  
  157.                 return;  
  158.         }  
  159.         if(pcap_setfilter(pt,&fp)==-1) {  
  160.                                 fprintf(stderr,"setfilter error\n");  
  161.                 return;  
  162.         }  
  163.   
  164.         pcap_loop(pt,-1,ethernet_packet_callback,NULL);  
  165.         /* 
  166.            while(1) { 
  167.                    printf("wait packet:filter %s\n",filter); 
  168.            packet=(char *)pcap_next(pt,&hdr); 
  169.            if(packet==NULL) 
  170.            continue; 
  171.            else 
  172.                    printf("get a packet\n"); 
  173.            } 
  174.          */  
  175.         pcap_close(pt);  
  176.         return 0;  
  177. }  


下面这个网址有一些例子:

http://blog.csdn.net/htttw/article/details/7521053

猜你喜欢

转载自blog.csdn.net/LSG_Down/article/details/80446686
今日推荐
Apache Doris 2.0.10 版本正式发布!
开源日报 | 大模型开战;大模型独角兽被曝卖身;周鸿祎建议谷歌开源所有产品;最大开源AI社区提供1000万美元共享GPU
开源日报 | Chrome内置Gemini的意义不在于Gemini;中国AI追随之路的五大误区;ECharts创始人“下海”养鱼;谷歌I/O开发者大会什么都有,只是没有惊喜
微软回应中国区AI团队“打包赴美”传闻
基于大语言模型的开源知识库问答系统 MaxKB GitHub Star 数量突破 5,000 个!
美国拟限制 AI 大模型出口中国和俄罗斯
苹果将与 OpenAI 达成协议,将 ChatGPT 应用于 iPhone
周排行
阿里云短信服务平台注册
Windows下的字符串处理(1)
sqoop: mysql导入数据到hdfs, hive, hbase
commons.lang中常用的工具类
离线安装PostgreSQL11.6
使用PyTorch简单实现卷积神经网络模型
一文彻底搞定谱聚类
一道面试题引发的血案
One Chat for Mac(聊天工具)
TCP/IP的底层队列是如何实现的?
每日归档
更多
2024-05-17(34)
2024-05-16(6)
2024-05-15(24)
2024-05-14(0)
2024-05-13(18)
2024-05-12(0)
2024-05-11(38)
2024-05-10(38)
2024-05-09(35)
2024-05-08(42)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022