linux原始套接字抓取网络数据包

最新推荐文章于 2024-04-29 00:01:48 发布

York·Zhang

最新推荐文章于 2024-04-29 00:01:48 发布

阅读量3.9k

点赞数 1

分类专栏：数据探测 socket 网路安全文章标签： linux 网络安全

本文链接：https://blog.youkuaiyun.com/haoyuxuanyuan/article/details/106866857

版权

基于linux的抓包

一、获取数据

当我们在做网络安全或者数据探测等工作经常会用到抓包、熟悉的工具有tcpdump、wireshark等，这里我们介绍如何使用C程序原始套接字在linux系统上抓取IP链路层数据包。

首先我们先熟悉一个非常重要的函数socket，我们可以通过linux的man手册找到socket函数描述

#include <sys/socket.h>

     int
     socket(int domain, int type, int protocol);
     DESCRIPTION

     socket() creates an endpoint for communication and returns a descriptor.

     The domain parameter specifies a communications domain within which com-
     munication will take place; this selects the protocol family which should
     be used.  These families are defined in the include file <sys/socket.h>.
     The currently understood formats are

           PF_LOCAL        Host-internal protocols, formerly called PF_UNIX,
           PF_UNIX         Host-internal protocols, deprecated, use PF_LOCAL,
           PF_INET         Internet version 4 protocols,
           PF_ROUTE        Internal Routing protocol,
           PF_KEY          Internal key-management function,
           PF_INET6        Internet version 6 protocols,
           PF_SYSTEM       System domain,
           PF_NDRV         Raw access to network device

     The socket has the indicated type, which specifies the semantics of com-
     munication.  Currently defined types are:

           SOCK_STREAM
           SOCK_DGRAM
           SOCK_RAW

     A SOCK_STREAM type provides sequenced, reliable, two-way connection based
     byte streams.  An out-of-band data transmission mechanism may be sup-<