/**//*cap_arp.c*/ /**//* * 编译: #gcc -o cap_arp cap_arp.c -lnet -lpcap * 运行: #./cap_arp */ #include <stdio.h> #include <stdlib.h> #include <pcap.h>/**//* if this gives you an error try pcap/pcap.h */ #include <errno.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netinet/if_ether.h>/**//* includes net/ethernet.h */ int main(int argc, char**argv) ...{ int i, cnt =0; char*dev; char errbuf[PCAP_ERRBUF_SIZE]; pcap_t *descr; /**//*you can man it */ const u_char *packet; struct pcap_pkthdr hdr; /**//* pcap.h */ struct ether_header *eptr; /**//* net/ethernet.h */ struct in_addr addr; char*net; /**//* dot notation of the network address */ char*mask; /**//* dot notation of the network mask */ bpf_u_int32 netp; /**//* ip */ bpf_u_int32 maskp; /**//* subnet mask */ int ret; /**//* return code */ u_char *ptr; /**//* printing out hardware header info */ /**//* grab a device to peak into... */ dev = pcap_lookupdev(errbuf); if (dev == NULL) ...{ printf("%s ", errbuf); exit(1); } printf("DEV: %s ", dev); /**//* open the device for sniffing. pcap_t *pcap_open_live(char *device,int snaplen, int prmisc,int to_ms, char *ebuf) snaplen - maximum size of packets to capture in bytes promisc - set card in promiscuous mode? to_ms - time to wait for packets in miliseconds before read times out errbuf - if something happens, place error string here Note if you change "prmisc" param to anything other than zero, you will get all packets your device sees, whether they are intendeed for you or not!! Be sure you know the rules of the network you are running on before you set your card in promiscuous mode!! */ descr = pcap_open_live(dev, BUFSIZ, 0, -1, errbuf); if (descr == NULL) ...{ printf("pcap_open_live(): %s ", errbuf); exit(1); } /**//* grab a packet from descr (yay!) u_char *pcap_next(pcap_t *p,struct pcap_pkthdr *h) so just pass in the descriptor we got from our call to pcap_open_live and an allocated struct pcap_pkthdr */ while (cnt <2) ...{ while((packet = (const u_char *)(pcap_next(descr, &hdr))) == NULL) ...{ /**//* dinna work *sob* */ printf("Didn't grab packet "); exit(1); } /**//* struct pcap_pkthdr { struct timeval ts; time stamp bpf_u_int32 caplen; length of portion present bpf_u_int32; lebgth this packet (off wire) } */ /**//* lets start with the ether header... */ eptr = (struct ether_header *) packet; /**//* check to see what packet type we have.. */ if (ntohs(eptr->ether_type) == ETHERTYPE_ARP) ...{ ++cnt; printf("Grabbed packet of length %d ", hdr.len); printf("Recieved at time..... %s", ctime((const time_t *) &hdr.ts.tv_sec)); printf("Ethernet address length is %d ", ETHER_HDR_LEN); printf("Ethernet type hex:%x dec:%d is an ARP packet ", ntohs(eptr->ether_type), ntohs(eptr->ether_type)); /**//* THANK YOU RICHARD STEVENS!!! RIP */ ptr = eptr->ether_dhost; i = ETHER_ADDR_LEN; printf(" Destination MAC Address: "); do...{ printf("%s%x", (i == ETHER_ADDR_LEN) ?"" : ":", *ptr++); }while (--i >0); printf(" Destination IP Address: "); ...{ /**//* 显示IP和MASK地址 */ ret = pcap_lookupnet(dev, &netp, &maskp, errbuf); if (ret ==-1) ...{ printf("%s ", errbuf); exit(1); } /**//* get the network address in a human readable form */ addr.s_addr = netp; net = inet_ntoa(addr); if (net == NULL) ...{ /**//* thanks Scott :-P */ perror("inet_ntoa"); exit(1); } printf(" NET: %s ", net); /**//* do the same as above for the device's mask */ addr.s_addr = maskp; mask = inet_ntoa(addr); if (mask == NULL) ...{ perror("inet_ntoa"); exit(1); } printf(" MASK: %s ", mask); } ptr = eptr->ether_shost; i = ETHER_ADDR_LEN; printf(" Source Address: "); do...{ printf("%s%x", (i == ETHER_ADDR_LEN) ?"" : ":", *ptr++); }while (--i >0); printf(" ********************************* "); } } return0; }