Linux.网络抓包库libpcap

最新推荐文章于 2024-04-07 23:32:51 发布

木艮氵

最新推荐文章于 2024-04-07 23:32:51 发布

阅读量1.8k

点赞数

分类专栏： Linux 文章标签： libpcap tcpdump ftp

本文链接：https://blog.csdn.net/stringNewName/article/details/65444516

版权

本文介绍了如何下载并安装libpcap，详细解析了libpcap的数据结构，如pcap_pkthdr和时间类型。通过编程实例展示了使用libpcap捕获并分析FTP流量，应用过滤器获取端口21或20的数据，从而在payload中查找用户名和密码。

摘要由CSDN通过智能技术生成

TCPDUMP & Libpcap

$ uname -a
Linux niugenen 4.4.0-66-generic #87-Ubuntu SMP Fri Mar 3 15:29:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

DownLoad Libpcap

download link

这里写图片描述

click “libpcap-1.8.1.tar.gz” to download source code
then “./configure” & “make” & “sudo make install” to install libpcap

Official tutorials

Programming with pcap by Tim Carstens.

Data Structure

pcap_pkthdr

struct pcap_pkthdr {
    struct timeval ts;  /* time stamp */
    bpf_u_int32 caplen; /* length of portion present */
    bpf_u_int32 len;    /* length this packet (off wire) */
};

as for struct timeval, found that in “/usr/include/x86_64-linux-gnu/bits/time.h”

#if defined __need_timeval || defined __USE_GNU
# ifndef _STRUCT_TIMEVAL
#  define _STRUCT_TIMEVAL   1
#  include <bits/types.h>

/* A time value that is accurate to the nearest
   microsecond but also has a range of years.  */
struct timeval
  {
    __time_t tv_sec;        /* Seconds.  */
    __suseconds_t tv_usec;  /* Microseconds.  */
  };
# endif /* struct timeval */
#endif

but in “/usr/inlcude/time.h”, only found this one

#if (!defined __timespec_defined                    \
     && ((defined _TIME_H                       \
      && (defined __USE_POSIX199309                 \
          || defined __USE_ISOC11))                 \
     || defined __need_timespec))
# define __timespec_defined 1

# include <bits/types.h>    /* This defines __time_t for us.  */

/* POSIX.1b structure for a time value.  This is like a `struct timeval' but
   has nanoseconds instead of microseconds.  */
struct timespec
  {
    __time_t tv_sec;        /* Seconds.  */
    __syscall_slong_t tv_nsec;  /* Nanoseconds.  */
  };

#endif /* timespec not defined and <time.h> or need timespec.  */

then I came to look for “__time_t”, found in “/usr/include/x86_64-linux-gnu/bits/types.h”

__STD_TYPE __TIME_T_TYPE __time_t;  /* Seconds since the Epoch.  */

“__STD_TYPE” is just a “#define” of “typedef”, but what is “__TIME_T_TYPE”, it is defined in “/usr/include/x86_64-linux-gnu/bits/typesizes.h”

#if defined __x86_64__ && defined __ILP32__
# define __SYSCALL_SLONG_TYPE   __SQUAD_TYPE

最低0.47元/天解锁文章

木艮氵

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
复制链接

分享到 QQ

分享到新浪微博

扫一扫

专栏目录