/* * 打印捕获的包信息 */ #include <pcap.h> #include <stdio.h> #include <stdlib.h> #include <time.h> #include <ctype.h> #define DEFAULT_SNAPLEN 68 static int packet_count = 0; /* * 以ascii码打印cp中的内容 */ void ascii_print(register const u_char *cp, register u_int length) { register int s; putchar('/n'); while (length > 0) { s = *cp++; length--; if (!isgraph(s) && (s != '/t' && s != ' ' && s != '/n' && s != '/r')) putchar('.'); else putchar(s); } } /* struct pcap_pkthdr { struct timeval ts; // 时间戳 bpf_u_int32 caplen; // 已捕获部分的长度 bpf_u_int32 len; // 该包的脱机长度 }; */ /* user为pcap_loop调用的第四个参数,通过这个user可以传递参数给这个回调函数 struct pcap_pkthdr *h由pcap_loop填充,里面记录了捕获到的包信息 sp为捕获到的包的内容 */ static void print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) { packet_count++; printf("packet[%d]-",packet_count); printf("time:%d %d/t", h->ts.tv_usec, h->ts.tv_sec); printf("length:%d/n",h->caplen); ascii_print(sp,h->caplen); printf("/n"); } int main (int argc, char **argv) { pcap_handler callback; char errbuf[PCAP_ERRBUF_SIZE]; char *netdev = pcap_lookupdev(errbuf); // 获取第一个可用的网络设备 int status; if(netdev == NULL) { printf("error:%s/n",errbuf); exit(1); } pcap_t *pd = pcap_open_live(netdev, DEFAULT_SNAPLEN, 0, 1000, errbuf); if(pd == NULL) { printf("error:%s/n",errbuf); exit(1); } callback = print_packet; status = pcap_loop(pd, 0, callback, NULL); pcap_close(pd); return 0; }