linux 下抓包

最新推荐文章于 2024-10-18 09:36:33 发布

原创最新推荐文章于 2024-10-18 09:36:33 发布 · 703 阅读

0 ·

CC 4.0 BY-SA版权

linux c 专栏收录该内容

3 篇文章

订阅专栏

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <linux/if_ether.h>
#include <linux/in.h>


struct iphdr
  {
    unsigned int ihl:4;
    unsigned int version:4;
    u_int8_t tos;
    u_int16_t tot_len;
    u_int16_t id;
    u_int16_t frag_off;
    u_int8_t ttl;
    u_int8_t protocol;
    u_int16_t check;
    u_int32_t saddr;
    u_int32_t daddr;
  };



void show(char*str,int len)
{
	int i=0;
	for(i=0;i<len;i++)
	{
		int temp=str[i]&0x0ff;
		printf("%x ",temp);
	}
	printf("\n");
}

void int2str(char*buf,int ip)
{
	int str[4];
	str[0]=(int)ip&0x0FF;
	str[1]=(int)(ip>>8)&0x0FF;
	str[2]=(int)(ip>>16)&0x0FF;
	str[3]=(int)(ip>>24)&0x0FF;
	sprintf(buf,"%d.%d.%d.%d",str[0],str[1],str[2],str[3]);
}
#define BUFFER_MAX 65536
int main()
{
	int len;
	char buff[BUFFER_MAX]={0};
	struct ethhdr arpH;
	struct iphdr ipH;
	struct sockaddr_in addr;
	char ip[20];
	int sockId = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP));
	// ARP package
	//int sockId = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ARP));

	if(sockId<0)
	{
		printf("create error!\n");
		return -1;
	}
	while(1)
	{
		//arp Package
		len = recvfrom(sockId, buff, BUFFER_MAX, 0, NULL, NULL);
		if(len>0)
		{
			printf("length:%d\n",len);
			memcpy(&arpH,buff,14);
			printf("type:0x%x\n",arpH.h_proto);
			if(arpH.h_proto==8)
			{
				printf("------IP------\n");
				memcpy(&ipH,buff+14,sizeof(ipH));
				int2str(ip,ipH.daddr);
				printf("da address:%s\n",ip);
				int2str(ip,ipH.saddr);
				printf("sa address:%s\n",ip);
				printf("protocol:%d\n",ipH.protocol);
				if(ipH.protocol==1)
				{
					printf("ICMP\n");
				}
				else if(ipH.protocol==6)
				{
					printf("TCP\n");
				}
				else if(ipH.protocol==17)
				{
					printf("UDPn");
				}
			}
		}
	}
	close(sockId);
	return 0;
}