安装命令:sudo apt-get install libpcap-dev
由于自己还没仔细研究过,暂时也只是想在这里留个记录,方便以后需要时使用。下面是百度百科里的例子。
- #include <pcap.h>
- #include <stdlib.h>
- #include <stdio.h>
- int main(int argc, char *argv[])
- {
- pcap_if_t *alldevs;
- pcap_if_t *device;
- char errbuf[PCAP_ERRBUF_SIZE];
- if(pcap_findalldevs(&alldevs, errbuf) == -1)
- {
- fprintf(stderr, "Error in pcap_findalldevs: %s\n", errbuf);
- exit(EXIT_FAILURE);
- }
- device = alldevs;
- for(; device != NULL; device = device->next)
- {
- printf("Device name: %s\n", device->name);
- printf("Description: %s\n", device->description);
- }
- /* 不再需要设备列表了,释放它 */
- pcap_freealldevs(alldevs);
- return 0;
- }
- ~
gcc pcap.c -o pcap -lpcap
sudo ./pcap //记住一定要root权限,因为涉及了访问底层硬件了。
下面是抓包并以二进制方式打印的,对于调试网络包可能会经常使用到。
- #include <pcap.h>
- #include <time.h>
- #include <stdlib.h>
- #include <stdio.h>
- void getPacket(u_char * arg, const struct pcap_pkthdr * pkthdr, const u_char * packet)
- {
- int * id = (int *)arg;
- printf("id: %d\n", ++(*id));
- printf("Packet length: %d\n", pkthdr->len);
- printf("Number of bytes: %d\n", pkthdr->caplen);
- printf("Recieved time: %s", ctime((const time_t *)&pkthdr->ts.tv_sec));
- int i;
- for(i=0; i<pkthdr->len; ++i)
- {
- printf(" %02x", packet[i]);
- if( (i + 1) % 16 == 0 )
- {
- printf("\n");
- }
- }
- printf("\n\n");
- }
- int main()
- {
- char errBuf[PCAP_ERRBUF_SIZE], * devStr;
- /* get a device */
- devStr = pcap_lookupdev(errBuf);
- if(devStr)
- {
- printf("success: device: %s\n", devStr);
- }
- else
- {
- printf("error: %s\n", errBuf);
- exit(1);
- }
- /* open a device, wait until a packet arrives */
- pcap_t * device = pcap_open_live(devStr, 65535, 1, 0, errBuf);
- if(!device)
- {
- printf("error: pcap_open_live(): %s\n", errBuf);
- exit(1);
- }
- /* wait loop forever */
- int id = 0;
- pcap_loop(device, -1, getPacket, (u_char*)&id);
- pcap_close(device);
- return 0;
- }
- #include <pcap.h>
- #include <stdio.h>
- #include <netinet/ip.h>
- #include <netinet/if_ether.h>
- #include <netinet/tcp.h>
- void tcp_packet_callback(unsigned char *argument,const struct pcap_pkthdr* pcap_header,const unsigned char *packet_content) {
- struct tcphdr *tcpptr=(struct tcphdr *)(packet_content+14+20);
- printf("----tcp protocol-----\n");
- printf("source port:%d\n",ntohs(tcpptr->source));
- printf("dest port:%d\n",ntohs(tcpptr->dest));
- printf("sequence number:%u\n",ntohl(tcpptr->seq));
- printf("acknowledgement number:%u\n",ntohl(tcpptr->ack_seq));
- printf("header length:%d\n",tcpptr->doff*4);
- printf("check sum:%d\n",ntohs(tcpptr->check));
- printf("window size:%d\n",ntohs(tcpptr->window));
- printf("urgent pointer:%d\n",ntohs(tcpptr->urg_ptr));
- }
- void ip_packet_callback(unsigned char *argument,const struct pcap_pkthdr* pcap_header,const unsigned char *packet_content) {
- struct in_addr s,d;
- struct iphdr *ipptr;
- ipptr=(struct iphdr *)(packet_content+14);
- printf("-----IP Protocol (network layer)-----\n");
- printf("version:%d\n",ipptr->version);
- printf("header length:%d\n",ipptr->ihl*4);
- printf("tos:%d\n",ipptr->tos);
- printf("total length:%d\n",ntohs(ipptr->tot_len));
- printf("identification:%d\n",ntohs(ipptr->id));
- printf("offset:%d\n",ntohs((ipptr->frag_off&0x1fff)*8));
- printf("TTL:%d\n",ipptr->ttl);
- printf("checksum:%d\n",ntohs(ipptr->check));
- printf("protocol:%d\n",ipptr->protocol);
- s.s_addr=ipptr->saddr;
- d.s_addr=ipptr->daddr;
- printf("source address:%s\n",inet_ntoa(s));
- printf("destination address:%s\n",inet_ntoa(d));
- switch(ipptr->protocol) {
- case 6:
- printf("tcp protocol\n");
- tcp_packet_callback(argument,pcap_header,packet_content);
- break;
- case 1:
- printf("icmp protocol\n");
- break;
- case 17:
- printf("udp protocol\n");
- break;
- default:
- break;
- }
- }
- void arp_packet_callback(unsigned char *argument,const struct pcap_pkthdr* pcap_header,const unsigned char *packet_content) {
- printf("------ARP Protocol-------\n");
- }
- void ethernet_packet_callback(unsigned char *argument,const struct pcap_pkthdr* pcap_header,const unsigned char *packet_content) {
- struct ethhdr *ethptr;
- struct iphdr *ipptr;
- unsigned char *mac;
- printf("--------------------------context----------\n");
- //printf("%s\n", packet_content);
- ethptr=(struct ethhdr *)packet_content;
- printf("\n----ethernet protocol(phydical layer)-----\n");
- printf("MAC source Address:\n");
- mac=ethptr->h_source;
- printf("%02x:%02x:%02x:%02x:%02x:%02x\n",*mac,*(mac+1),*(mac+2),*(mac+3),*(mac+4),*(mac+5));
- printf("MAC destination Address:\n");
- mac=ethptr->h_dest;
- printf("%02x:%02x:%02x:%02x:%02x:%02x\n",*mac,*(mac+1),*(mac+2),*(mac+3),*(mac+4),*(mac+5));
- printf("protocol:%04x\n",ntohs(ethptr->h_proto));
- switch(ntohs(ethptr->h_proto)) {
- case 0x0800:
- printf("this is a IP protocol\n");
- ip_packet_callback(argument,pcap_header,packet_content);
- break;
- case 0x0806:
- printf("this is a ARP protocol\n");
- arp_packet_callback(argument,pcap_header,packet_content);
- break;
- case 0x8035:
- printf("this is a RARP protocol\n");
- break;
- default:
- break;
- }
- }
- int main(){
- pcap_t *pt;
- char *dev;
- char errbuf[128];
- struct bpf_program fp;
- bpf_u_int32 maskp,netp;
- int ret,i=0,inum;
- int pcap_time_out=5;
- char filter[128];
- unsigned char *packet;
- struct pcap_pkthdr hdr;
- pcap_if_t *alldevs,*d;
- if(pcap_findalldevs(&alldevs,errbuf)==-1) {
- fprintf(stderr,"find interface failed!\n");
- return;
- }
- for(d=alldevs;d;d=d->next){
- printf("%d. %s\n",++i,d->name);
- if(d->description)
- printf("(%s)\n",d->description);
- else
- printf("(no description available)\n");
- }
- if(i==1)
- dev=alldevs->name;
- else {
- printf("input a interface:(1-%d)",i);
- scanf("%d",&inum);
- if(inum<1||inum>i) {
- printf("interface number out of range\n");
- return;
- }
- for(d=alldevs,i=1;i<inum;d=d->next,i++);
- dev=d->name;
- }
- /*
- dev=pcap_lookupdev(errbuf);
- if(dev==NULL){
- fprintf(stderr,"%s\n",errbuf);
- return;
- }
- */
- printf("dev:%s\n",dev);
- ret=pcap_lookupnet(dev,&netp,&maskp,errbuf);
- if(ret==-1){
- fprintf(stderr,"%s\n",errbuf);
- return;
- }
- pcap_dump_open(pt, "t.pcap");
- pt=pcap_open_live(dev,BUFSIZ,1,pcap_time_out,errbuf);
- if(pt==NULL){
- fprintf(stderr,"open error :%s\n",errbuf);
- return;
- }
- sprintf(filter,"");
- if(pcap_compile(pt,&fp,filter,0,netp)==-1) {
- fprintf(stderr,"compile error\n");
- return;
- }
- if(pcap_setfilter(pt,&fp)==-1) {
- fprintf(stderr,"setfilter error\n");
- return;
- }
- pcap_loop(pt,-1,ethernet_packet_callback,NULL);
- /*
- while(1) {
- printf("wait packet:filter %s\n",filter);
- packet=(char *)pcap_next(pt,&hdr);
- if(packet==NULL)
- continue;
- else
- printf("get a packet\n");
- }
- */
- pcap_close(pt);
- return 0;
- }
下面这个网址有一些例子:
http://blog.csdn.net/htttw/article/details/7521053