[cpp]
#include
#include
#include
int main(){
char *net_dev;
char *ip_addr;
char *net_mask;
char errbuf[PCAP_ERRBUF_SIZE];
bpf_u_int32 netp;
bpf_u_int32 mask;
struct in_addr addr;
net_dev = pcap_lookupdev(errbuf);
if(net_dev == NULL){
printf("cannot get the network device info: %s\n", errbuf);
return 1;
}
printf("the network device is : %s\n", net_dev);
if(pcap_lookupnet("any", &netp, &mask, errbuf) == -1){
printf("error\n");
return 1;
}
addr.s_addr = netp;
ip_addr = inet_ntoa(addr);
if(ip_addr == NULL){
printf("inet_ntoa()\n");
return 1;
}
printf("ip is %s\n", ip_addr);
addr.s_addr = mask;
net_mask = inet_ntoa(addr);
if(net_mask == NULL){
perror("inet_ntoa();\n");
return 1;
}
printf("mask is %s\n", net_mask);
return 0;
}
#include
#include
#include
int main(){
char *net_dev;
char *ip_addr;
char *net_mask;
char errbuf[PCAP_ERRBUF_SIZE];
bpf_u_int32 netp;
bpf_u_int32 mask;
struct in_addr addr;
net_dev = pcap_lookupdev(errbuf);
if(net_dev == NULL){
printf("cannot get the network device info: %s\n", errbuf);
return 1;
}
printf("the network device is : %s\n", net_dev);
if(pcap_lookupnet("any", &netp, &mask, errbuf) == -1){
printf("error\n");
return 1;
}
addr.s_addr = netp;
ip_addr = inet_ntoa(addr);
if(ip_addr == NULL){
printf("inet_ntoa()\n");
return 1;
}
printf("ip is %s\n", ip_addr);
addr.s_addr = mask;
net_mask = inet_ntoa(addr);
if(net_mask == NULL){
perror("inet_ntoa();\n");
return 1;
}
printf("mask is %s\n", net_mask);
return 0;
}
本程序可以自动获取电脑上面的网卡名称,然后可以得到所获取网卡的ip地址以及mask掩码。
[cpp]
#include
#include
int main(){
pcap_t *sniffer_des;
char errbuf[PCAP_ERRBUF_SIZE];
char *net_dev;
bpf_u_int32 net, mask;
struct bpf_program fp;
const u_char *packet;
struct pcap_pkthdr hdr;
struct ether_header *eth_header;
u_char *ptr;
char filter[] = "port 80";
net_dev = pcap_lookupdev(errbuf);
if(net_dev == NULL){
printf("get device error:%s\n", errbuf);
return 1;
}
net_dev = "p3p1";
if(pcap_lookupnet(net_dev, &net, &mask, errbuf) == -1){
printf("get net error:%s\n", errbuf);
return 1;
}
sniffer_des = pcap_open_live(net_dev, 65535, 1, 5000, errbuf);
if(sniffer_des == NULL){
printf("pcap_open_live%s\n", errbuf);
return 1;
}
if(pcap_compile(sniffer_des, &fp, filter, 0, mask) == -1){
printf("pcap_compile error\n");
return 1;
}
if(pcap_setfilter(sniffer_des, &fp) == -1){
printf("pcap_setfilter() error\n");
return 1;
}
packet = pcap_next(sniffer_des, &hdr);
if(packet == NULL){
printf("pacap_next() failed\n");
return 1;
}
printf("Packet length %d\n", hdr.len);
printf("Sniffer time: %s\n", ctime((const time_t*)&hdr.ts.tv_sec));
printf("length of portion present: %d\n", hdr.caplen);
eth_header = (struct ether_header*)packet;
if(ntohs(eth_header->ether_type) != ETHERTYPE_IP){
printf("not ethernet packet\n");
return 1;
}
ptr = eth_header->ether_dhost;
int i = 0;
printf("destination address(MAC):");
while(i < ETHER_ADDR_LEN){
printf(" %x", *ptr++);
i++;
}
printf("\nsource address(MAC):");
ptr = eth_header->ether_shost;
i = 0;
while(i < ETHER_ADDR_LEN){
printf(" %x", *ptr++);
i++;
}
printf("\n");
return 0;
}
#include
#include
int main(){
pcap_t *sniffer_des;
char errbuf[PCAP_ERRBUF_SIZE];
char *net_dev;
bpf_u_int32 net, mask;
struct bpf_program fp;
const u_char *packet;
struct pcap_pkthdr hdr;
struct ether_header *eth_header;
u_char *ptr;
char filter[] = "port 80";
net_dev = pcap_lookupdev(errbuf);
if(net_dev == NULL){
printf("get device error:%s\n", errbuf);
return 1;
}
net_dev = "p3p1";
if(pcap_lookupnet(net_dev, &net, &mask, errbuf) == -1){
printf("get net error:%s\n", errbuf);
return 1;
}
sniffer_des = pcap_open_live(net_dev, 65535, 1, 5000, errbuf);
if(sniffer_des == NULL){
printf("pcap_open_live%s\n", errbuf);
return 1;
}
if(pcap_compile(sniffer_des, &fp, filter, 0, mask) == -1){
printf("pcap_compile error\n");
return 1;
}
if(pcap_setfilter(sniffer_des, &fp) == -1){
printf("pcap_setfilter() error\n");
return 1;
}
packet = pcap_next(sniffer_des, &hdr);
if(packet == NULL){
printf("pacap_next() failed\n");
return 1;
}
printf("Packet length %d\n", hdr.len);
printf("Sniffer time: %s\n", ctime((const time_t*)&hdr.ts.tv_sec));
printf("length of portion present: %d\n", hdr.caplen);
eth_header = (struct ether_header*)packet;
if(ntohs(eth_header->ether_type) != ETHERTYPE_IP){
printf("not ethernet packet\n");
return 1;
}
ptr = eth_header->ether_dhost;
int i = 0;
printf("destination address(MAC):");
while(i < ETHER_ADDR_LEN){
printf(" %x", *ptr++);
i++;
}
printf("\nsource address(MAC):");
ptr = eth_header->ether_shost;
i = 0;
while(i < ETHER_ADDR_LEN){
printf(" %x", *ptr++);
i++;
}
printf("\n");
return 0;
}
这个程序可以获取指定网卡的MAC地址,并获取指定端口的数据包,可以用于程序的分析。我电脑上面运行的结果。
上面的获取是一个一个的获取,效率很低,下面的程序可以指定获取数据包的个数
[cpp]
#include
#include
void deal(u_char *user, const struct pcap_pkthdr *hdr, const u_char *packet){
static int count = 0;
struct ether_header *eth_header;
u_char *ptr;
printf("Packet length %d\n", hdr->len);
printf("length of portion present: %d\n", hdr->caplen);
eth_header = (struct ether_header*)packet;
if(ntohs(eth_header->ether_type) != ETHERTYPE_IP){
printf("not ethernet packet\n");
return;
}
ptr = eth_header->ether_dhost;
int i = 0;
printf("destination address(MAC):");
while(i < ETHER_ADDR_LEN){
printf(" %x", *ptr++);
i++;
}
printf("\nsource address(MAC):");
ptr = eth_header->ether_shost;
i = 0;
while(i < ETHER_ADDR_LEN){
printf(" %x", *ptr++);
i++;
}
printf("\nfinish deal with %d packet\n", count);
count++;
}
int main(){
pcap_t *sniffer_des;
char errbuf[PCAP_ERRBUF_SIZE];
char *net_dev;
bpf_u_int32 net, mask;
struct bpf_program fp;
const u_char *packet;
struct pcap_pkthdr hdr;
int ret;
char filter[] = "port 80";
net_dev = pcap_lookupdev(errbuf);
if(net_dev == NULL){
printf("get device error:%s\n", errbuf);
return 1;
}
net_dev = "p3p1";
if(pcap_lookupnet(net_dev, &net, &mask, errbuf) == -1){
printf("get net error:%s\n", errbuf);
return 1;
}
sniffer_des = pcap_open_live(net_dev, 65535, 1, 5000, errbuf);
if(sniffer_des == NULL){
printf("pcap_open_live%s\n", errbuf);
return 1;
}
if(pcap_compile(sniffer_des, &fp, filter, 0, mask) == -1){
printf("pcap_compile error\n");
return 1;
}
if(pcap_setfilter(sniffer_des, &fp) == -1){
printf("pcap_setfilter() error\n");
return 1;
}
ret = pcap_loop(sniffer_des, 3, deal, NULL);
if(ret == -1 || ret == -2){
printf("cannot get the pcaket\n");
return 1;
}
return 0;
}
#include
#include
void deal(u_char *user, const struct pcap_pkthdr *hdr, const u_char *packet){
static int count = 0;
struct ether_header *eth_header;
u_char *ptr;
printf("Packet length %d\n", hdr->len);
printf("length of portion present: %d\n", hdr->caplen);
eth_header = (struct ether_header*)packet;
if(ntohs(eth_header->ether_type) != ETHERTYPE_IP){
printf("not ethernet packet\n");
return;
}
ptr = eth_header->ether_dhost;
int i = 0;
printf("destination address(MAC):");
while(i < ETHER_ADDR_LEN){
printf(" %x", *ptr++);
i++;
}
printf("\nsource address(MAC):");
ptr = eth_header->ether_shost;
i = 0;
while(i < ETHER_ADDR_LEN){
printf(" %x", *ptr++);
i++;
}
printf("\nfinish deal with %d packet\n", count);
count++;
}
int main(){
pcap_t *sniffer_des;
char errbuf[PCAP_ERRBUF_SIZE];
char *net_dev;
bpf_u_int32 net, mask;
struct bpf_program fp;
const u_char *packet;
struct pcap_pkthdr hdr;
int ret;
char filter[] = "port 80";
net_dev = pcap_lookupdev(errbuf);
if(net_dev == NULL){
printf("get device error:%s\n", errbuf);
return 1;
}
net_dev = "p3p1";
if(pcap_lookupnet(net_dev, &net, &mask, errbuf) == -1){
printf("get net error:%s\n", errbuf);
return 1;
}
sniffer_des = pcap_open_live(net_dev, 65535, 1, 5000, errbuf);
if(sniffer_des == NULL){
printf("pcap_open_live%s\n", errbuf);
return 1;
}
if(pcap_compile(sniffer_des, &fp, filter, 0, mask) == -1){
printf("pcap_compile error\n");
return 1;
}
if(pcap_setfilter(sniffer_des, &fp) == -1){
printf("pcap_setfilter() error\n");
return 1;
}
ret = pcap_loop(sniffer_des, 3, deal, NULL);
if(ret == -1 || ret == -2){
printf("cannot get the pcaket\n");
return 1;
}
return 0;
}