libpcap使用
時間:2018-09-29 來源:未知
87. 01 c5 f1 dd 00 00 01 01 08 0a 00 57 a1 2e 00 14
88. b7 25
89.
90. id: 10
91. Packet length: 66
92. Number of bytes: 66
93. Recieved time: Sat Apr 28 19:57:50 2012
94. 08 00 27 9c ff b1 0a 00 27 00 00 00 08 00 45 00
95. 00 34 d4 b2 40 00 40 06 74 5a c0 a8 38 01 c0 a8
96. 38 65 8e 20 26 68 79 e1 63 8e b6 c4 e6 e7 80 10
97. 00 e5 fb bc 00 00 01 01 08 0a 00 14 b7 25 00 57
98. a1 2e
99.
100. id: 11
101. Packet length: 66
102. Number of bytes: 66
103. Recieved time: Sat Apr 28 19:57:50 2012
104. 08 00 27 9c ff b1 0a 00 27 00 00 00 08 00 45 00
105. 00 34 d4 b3 40 00 40 06 74 59 c0 a8 38 01 c0 a8
106. 38 65 8e 20 26 68 79 e1 63 8e b6 c4 e6 e7 80 11
107. 00 e5 fb bb 00 00 01 01 08 0a 00 14 b7 25 00 57
108. a1 2e
109.
110. id: 12
111. Packet length: 66
112. Number of bytes: 66
113. Recieved time: Sat Apr 28 19:57:50 2012
114. 0a 00 27 00 00 00 08 00 27 9c ff b1 08 00 45 00
115. 00 34 47 ce 40 00 40 06 01 3f c0 a8 38 65 c0 a8
116. 38 01 26 68 8e 20 b6 c4 e6 e8 79 e1 63 8f 80 10
117. 01 c5 f1 dd 00 00 01 01 08 0a 00 57 a1 2e 00 14
118. b7 25
119.
120. id: 13
121. Packet length: 66
122. Number of bytes: 66
123. Recieved time: Sat Apr 28 19:57:50 2012
124. 08 00 27 9c ff b1 0a 00 27 00 00 00 08 00 45 00
125. 00 34 d4 b4 40 00 40 06 74 58 c0 a8 38 01 c0 a8
126. 38 65 8e 20 26 68 79 e1 63 8f b6 c4 e6 e8 80 10
127. 00 e5 fb b9 00 00 01 01 08 0a 00 14 b7 26 00 57
128. a1 2e
仔細研究即可發現服務器與客戶機是如何通過tcp通信的。
下面的這個程序可以獲取eth0的ip和子網掩碼等信息:
test5:
[cpp] view plain copy
1. #include <stdio.h>
2. #include <stdlib.h>
3. #include <pcap.h>
4. #include <errno.h>
5. #include <netinet/in.h>
6. #include <arpa/inet.h>
7.
8. int main()
9. {
10. /* ask pcap to find a valid device for use to sniff on */
11. char * dev; /* name of the device */
12. char errbuf[PCAP_ERRBUF_SIZE];
13. dev = pcap_lookupdev(errbuf);
14.
15. /* error checking */
16. if(!dev)
17. {
18. printf("pcap_lookupdev() error: %s\n", errbuf);
19. exit(1);
20. }
21.
22. /* print out device name */
23. printf("dev name: %s\n", dev);
24.
25. /* ask pcap for the network address and mask of the device */
26. bpf_u_int32 netp; /* ip */
27. bpf_u_int32 maskp; /* subnet mask */
28. int ret; /* return code */
29. ret = pcap_lookupnet(dev, &netp, &maskp, errbuf);
30.
31. if(ret == -1)
32. {
33. printf("pcap_lookupnet() error: %s\n", errbuf);
34. exit(1);
35. }
36.
37. /* get the network address in a human readable form */
38. char * net; /* dot notation of the network address */
39. char * mask; /* dot notation of the network mask */
40. struct in_addr addr;
41.
42. addr.s_addr = netp;
43. net = inet_ntoa(addr);
44.
45. if(!net)
46. {
47. perror("inet_ntoa() ip error: ");
48. exit(1);
49. }
50.
51. printf("ip: %s\n", net);
52.
53. /* do the same as above for the device's mask */
54. addr.s_addr = maskp;
55. mask = inet_ntoa(addr);
56.
57. if(!mask)
58. {
59. perror("inet_ntoa() sub mask error: ");
60. exit(1);
61. }
62.
63. printf("sub mask: %s\n", mask);
64.
65. return 0;
66. }
int pcap_lookupnet(const char * device, bpf_u_int32 * netp, bpf_u_int32 * maskp, char * errbuf)
可以獲取指定設備的ip地址,子網掩碼等信息
netp:傳出參數,指定網絡接口的ip地址
maskp:傳出參數,指定網絡接口的子網掩碼
pcap_lookupnet()失敗返回-1
我們使用inet_ntoa()將其轉換為可讀的點分十進制形式的字符串
本文的絕大部分來源于libpcap的官方文檔:libpcapHakin9LuisMartinGarcia.pdf,可以在官網下載,文檔只有9頁,不過很詳細,還包括了數據鏈路層,網絡層,傳輸層,應用層等的分析。很好!
