linux下libpcap的使用(抓包小程序)

(1)获取网络接口名字和掩码等信息

(2)捕获数据包(单个数据包和多个数据包两种情况)

(3)以太网数据报捕获

(4)ARP数据包捕获

(5)IP数据包捕获

(6)TCP数据包捕获

(7)UDP数据包捕获

(8)ICMP数据包捕获


环境fedora13,vim,gcc

[cpp] view plain copy print ?
  1. #include<stdio.h>  
  2. #include<string.h>  
  3. #include<pcap.h>  
  4. #include<sys/socket.h>  
  5. #include<netinet/in.h>  
  6. #include<netinet/if_ether.h>  
  7. #include<netinet/ip.h>  
  8. #include<netinet/udp.h>  
  9. #include<netinet/tcp.h>  
  10. #include<netinet/ip_icmp.h>  
  11. #define max 1024  
  12. /* 
  13. typedef u_int32_t int_addr_t; 
  14. struct in_addr 
  15. { 
  16.     int_addr_t s_addr; 
  17. };*/  
  18. int call(u_char *argument,const struct pcap_pkthdr* pack,const u_char *content)  
  19. {  
  20.     int m=0,n;  
  21.     const u_char *buf,*iphead;  
  22.     u_char *p;  
  23.     struct ether_header *ethernet;  
  24.     struct iphdr *ip;  
  25.     struct tcphdr *tcp;  
  26.     struct udphdr *udp;  
  27.     struct icmphdr *icmp;  
  28.     buf=content;  
  29.     printf("==================================================\n");  
  30.     printf("The Frame is \n");  
  31.     while(m< (pack->len))  
  32.     {  
  33.         printf("%02x",buf[m]);  
  34.         m=m+1;  
  35.         if(m%16==0)  
  36.             printf("\n");  
  37.         else  
  38.             printf(":");  
  39.     }  
  40.     printf("\n");  
  41.     printf("Grabbed packet of length %d\n",pack->len);  
  42.     printf("Recieved at ..... %s",ctime((const time_t*)&(pack->ts.tv_sec)));   
  43. //  printf("Ethernet address length is %d\n",ETHER_HDR_LEN);  
  44.   
  45.     ethernet=(struct ether_header *)content;  
  46.     p=ethernet->ether_dhost;  
  47.     n=ETHER_ADDR_LEN;  
  48.     printf("Dest MAC is:");  
  49.     do{  
  50.         printf("%02x:",*p++);  
  51.     }while(--n>0);  
  52.     printf("\n");  
  53.     p=ethernet->ether_shost;  
  54.     n=ETHER_ADDR_LEN;  
  55.     printf("Source MAC is:");  
  56.     do{  
  57.         printf("%02x:",*p++);  
  58.     }while(--n>0);  
  59.     printf("\n");  
  60.       
  61.     if(ntohs(ethernet->ether_type)==ETHERTYPE_IP)  
  62.     {  
  63.         printf("It's a IP packet\n");  
  64.         ip=(struct iphdr*)(content+14);  
  65.         printf("IP Version:%d\n",ip->version);  
  66.         printf("TTL:%d\n",ip->ttl);  
  67.         printf("Source address:%s\n",inet_ntoa(ip->saddr));  
  68.         printf("Destination address:%s\n",inet_ntoa(ip->daddr));  
  69.         printf("Protocol:%d\n",ip->protocol);  
  70.         switch(ip->protocol)  
  71.         {  
  72.             case 6:  
  73.                 printf("The Transport Layer Protocol is TCP\n");  
  74.                 tcp=(struct tcphdr*)(content+14+20);  
  75.                 printf("Source Port:%d\n",ntohs(tcp->source));  
  76.                 printf("Destination Port:%d\n",ntohs(tcp->dest));  
  77.                 printf("Sequence Number:%u\n",ntohl(tcp->ack_seq));  
  78.                 break;  
  79.             case 17:  
  80.                 printf("The Transport Layer Protocol is UDP\n");  
  81.                 udp=(struct udphdr*)(content+14+20);  
  82.                 printf("Source port:%d\n",ntohs(udp->source));  
  83.                 printf("Destination port:%d\n",ntohs(udp->dest));  
  84.                 break;  
  85.             case 1:  
  86.                 printf("The Transport Layer Protocol is ICMP\n");  
  87.                 icmp=(struct icmphdr*)(content+14+20);  
  88.                 printf("ICMP Type:%d\n", icmp->type);  
  89.                 switch(icmp->type)  
  90.                 {  
  91.                     case 8:  
  92.                         printf("ICMP Echo Request Protocol\n");  
  93.                         break;  
  94.                     case 0:  
  95.                         printf("ICMP Echo Reply Protocol\n");  
  96.                         break;  
  97.                     default:  
  98.                         break;  
  99.                 }  
  100.                 break;  
  101.             default:  
  102.                 break;  
  103.         }  
  104. /*      if(*iphead==0x45) 
  105.         { 
  106.             printf("Source ip :%d.%d.%d.%d\n",iphead[12],iphead[13],iphead[14],iphead[15]); 
  107.             printf("Dest ip :%d.%d.%d.%d\n",iphead[16],iphead[17],iphead[18],iphead[19]); 
  108.              
  109.         }*/  
  110. //      tcp= (struct tcp_header*)(iphead);  
  111. //      source_port = ntohs(tcp->tcp_source_port);  
  112. //      dest_port = ntohs(tcp->tcp_destination_port);  
  113.   
  114.     }  
  115.     else if(ntohs (ethernet->ether_type) == ETHERTYPE_ARP)  
  116.     {  
  117.         printf("This is ARP packet.\n");  
  118.         iphead=buf+14;  
  119.         if (*(iphead+2)==0x08)  
  120.         {  
  121.             printf("Source ip:\t %d.%d.%d.%d\n",iphead[14],iphead[15],iphead[16],iphead[17]);  
  122.             printf("Dest ip:\t %d.%d.%d.%d\n",iphead[24],iphead[25],iphead[26],iphead[27]);  
  123.             printf("ARP TYPE: %d (0:request;1:respond)\n",iphead[6]);  
  124.   
  125.         }  
  126.     }  
  127.     return 0;  
  128. }  
  129. int main(int argc,char *argv[])  
  130. {  
  131.     if(argc!=2)  
  132.     {  
  133.         printf("%s <number>\n",argv[0]);  
  134.         return 0;  
  135.     }  
  136.     pcap_t *handle;  
  137.     pcap_if_t *alldev;  
  138.     pcap_if_t *p;  
  139.     char error[100];  
  140.   
  141.     struct in_addr net_ip_addr;  
  142.     struct in_addr net_mask_addr;  
  143.     struct ether_header *ethernet;  
  144.   
  145.     char *net_ip_string;  
  146.     char *net_mask_string;  
  147.     char *interface;  
  148.     u_int32_t net_ip;  
  149.     u_int32_t net_mask;  
  150.   
  151.     struct pcap_pkthdr pack;   
  152.     const u_char *content;  
  153.   
  154.     int i=0,num;  
  155.     if(pcap_findalldevs(&alldev,error)==-1)  
  156.     {  
  157.         printf("find all devices is error\n");  
  158.         return 0;  
  159.     }  
  160.     for(p=alldev;p;p=p->next)  
  161.     {  
  162.         printf("%d:%s\n",++i,p->name);  
  163.         if(p->description)  
  164.         {  
  165.             printf("%s\n",p->description);  
  166.         }  
  167.     }  
  168.     if(i==1)  
  169.         interface=p->name;  
  170.     else  
  171.     {  
  172.         printf("please input which interface you want to use\n");  
  173.         scanf("%d",&num);  
  174.         if(num<1||num>i)  
  175.         {  
  176.             printf("interface is unavillible\n");  
  177.             return 0;  
  178.         }  
  179.         for(p=alldev,i=1;i<=num;p=p->next,i++)  
  180.             interface=p->name;  
  181.     }  
  182.     /* 
  183.     if((interface=pcap_lookupdev(error))==NULL) 
  184.     { 
  185.         printf("%s\n",error); 
  186.         return 0; 
  187.     }*/  
  188.     if((handle=pcap_open_live(interface,max,1,0,error))==NULL)  
  189.     {  
  190.         printf("%s\n",error);  
  191.         return 0;  
  192.     }  
  193.     if(pcap_lookupnet(interface,&net_ip,&net_mask,error)==-1)  
  194.     {  
  195.         printf("%s\n",error);  
  196.         return 0;  
  197.     }  
  198.     printf("Interface is:%s\n",interface);  
  199.     net_ip_addr.s_addr=net_ip;  
  200.     net_ip_string=inet_ntoa(net_ip_addr);  
  201.     printf("The ip is:%s\n",net_ip_string);  
  202.     net_mask_addr.s_addr=net_mask;  
  203.     net_mask_string=inet_ntoa(net_mask_addr);  
  204.     printf("The mask is:%s\n",net_mask_string);  
  205.     pcap_loop(handle,atoi(argv[1]),call,NULL);  
  206.     pcap_freealldevs(alldev);  
  207.     return 1;  
  208. }  

#include<stdio.h> #include<string.h> #include<pcap.h> #include<sys/socket.h> #include<netinet/in.h> #include<netinet/if_ether.h> #include<netinet/ip.h> #include<netinet/udp.h> #include<netinet/tcp.h> #include<netinet/ip_icmp.h> #define max 1024 /* typedef u_int32_t int_addr_t; struct in_addr { int_addr_t s_addr; };*/ int call(u_char *argument,const struct pcap_pkthdr* pack,const u_char *content) { int m=0,n; const u_char *buf,*iphead; u_char *p; struct ether_header *ethernet; struct iphdr *ip; struct tcphdr *tcp; struct udphdr *udp; struct icmphdr *icmp; buf=content; printf("==================================================\n"); printf("The Frame is \n"); while(m< (pack->len)) { printf("%02x",buf[m]); m=m+1; if(m%16==0) printf("\n"); else printf(":"); } printf("\n"); printf("Grabbed packet of length %d\n",pack->len); printf("Recieved at ..... %s",ctime((const time_t*)&(pack->ts.tv_sec))); // printf("Ethernet address length is %d\n",ETHER_HDR_LEN); ethernet=(struct ether_header *)content; p=ethernet->ether_dhost; n=ETHER_ADDR_LEN; printf("Dest MAC is:"); do{ printf("%02x:",*p++); }while(--n>0); printf("\n"); p=ethernet->ether_shost; n=ETHER_ADDR_LEN; printf("Source MAC is:"); do{ printf("%02x:",*p++); }while(--n>0); printf("\n"); if(ntohs(ethernet->ether_type)==ETHERTYPE_IP) { printf("It's a IP packet\n"); ip=(struct iphdr*)(content+14); printf("IP Version:%d\n",ip->version); printf("TTL:%d\n",ip->ttl); printf("Source address:%s\n",inet_ntoa(ip->saddr)); printf("Destination address:%s\n",inet_ntoa(ip->daddr)); printf("Protocol:%d\n",ip->protocol); switch(ip->protocol) { case 6: printf("The Transport Layer Protocol is TCP\n"); tcp=(struct tcphdr*)(content+14+20); printf("Source Port:%d\n",ntohs(tcp->source)); printf("Destination Port:%d\n",ntohs(tcp->dest)); printf("Sequence Number:%u\n",ntohl(tcp->ack_seq)); break; case 17: printf("The Transport Layer Protocol is UDP\n"); udp=(struct udphdr*)(content+14+20); printf("Source port:%d\n",ntohs(udp->source)); printf("Destination port:%d\n",ntohs(udp->dest)); break; case 1: printf("The Transport Layer Protocol is ICMP\n"); icmp=(struct icmphdr*)(content+14+20); printf("ICMP Type:%d\n", icmp->type); switch(icmp->type) { case 8: printf("ICMP Echo Request Protocol\n"); break; case 0: printf("ICMP Echo Reply Protocol\n"); break; default: break; } break; default: break; } /* if(*iphead==0x45) { printf("Source ip :%d.%d.%d.%d\n",iphead[12],iphead[13],iphead[14],iphead[15]); printf("Dest ip :%d.%d.%d.%d\n",iphead[16],iphead[17],iphead[18],iphead[19]); }*/ // tcp= (struct tcp_header*)(iphead); // source_port = ntohs(tcp->tcp_source_port); // dest_port = ntohs(tcp->tcp_destination_port); } else if(ntohs (ethernet->ether_type) == ETHERTYPE_ARP) { printf("This is ARP packet.\n"); iphead=buf+14; if (*(iphead+2)==0x08) { printf("Source ip:\t %d.%d.%d.%d\n",iphead[14],iphead[15],iphead[16],iphead[17]); printf("Dest ip:\t %d.%d.%d.%d\n",iphead[24],iphead[25],iphead[26],iphead[27]); printf("ARP TYPE: %d (0:request;1:respond)\n",iphead[6]); } } return 0; } int main(int argc,char *argv[]) { if(argc!=2) { printf("%s <number>\n",argv[0]); return 0; } pcap_t *handle; pcap_if_t *alldev; pcap_if_t *p; char error[100]; struct in_addr net_ip_addr; struct in_addr net_mask_addr; struct ether_header *ethernet; char *net_ip_string; char *net_mask_string; char *interface; u_int32_t net_ip; u_int32_t net_mask; struct pcap_pkthdr pack; const u_char *content; int i=0,num; if(pcap_findalldevs(&alldev,error)==-1) { printf("find all devices is error\n"); return 0; } for(p=alldev;p;p=p->next) { printf("%d:%s\n",++i,p->name); if(p->description) { printf("%s\n",p->description); } } if(i==1) interface=p->name; else { printf("please input which interface you want to use\n"); scanf("%d",&num); if(num<1||num>i) { printf("interface is unavillible\n"); return 0; } for(p=alldev,i=1;i<=num;p=p->next,i++) interface=p->name; } /* if((interface=pcap_lookupdev(error))==NULL) { printf("%s\n",error); return 0; }*/ if((handle=pcap_open_live(interface,max,1,0,error))==NULL) { printf("%s\n",error); return 0; } if(pcap_lookupnet(interface,&net_ip,&net_mask,error)==-1) { printf("%s\n",error); return 0; } printf("Interface is:%s\n",interface); net_ip_addr.s_addr=net_ip; net_ip_string=inet_ntoa(net_ip_addr); printf("The ip is:%s\n",net_ip_string); net_mask_addr.s_addr=net_mask; net_mask_string=inet_ntoa(net_mask_addr); printf("The mask is:%s\n",net_mask_string); pcap_loop(handle,atoi(argv[1]),call,NULL); pcap_freealldevs(alldev); return 1; }
参数为要抓包的个数,抓包结果保存在save文件中。

运行部分结果:

linux下libpcap的使用(抓包小程序)_第1张图片

转自http://blog.csdn.net/dk_zhe/article/details/7336448

你可能感兴趣的:(linux,struct,String,header,null,interface)