TCPDUMP & Libpcap官网:
(1) 安装Libpcap
a) 下载Libpcap
http://www.tcpdump.org/#latest-release
打开上面网址,找到LATESTRELEASE,下载tcpdump-4.3.0.tar.gz
b) 下载后进行解压
#tar zxvf tcpdump-4.3.0.tar.gztcpdump
c) 配置环境,生成makefile
#cd tcpdump
# ./configure
我的系统上面configure出错,提示如下:
checking for capable lex... insufficient
configure: error: Your operating system's lex is insufficient tocompile
libpcap.
必须安装flex
## yum -y install flex
再次 configure成功生成makefile
d) 进行编译
#make
报错:make:yacc: Command not found
解决方法:# yum -yinstall yacc
e) 安装
#make install
(2) Libpcap示例程序
// testlibpcap.c
#include <stdio.h>
#include <stdlib.h>
#include <pcap.h>
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
int main(int argc, char **argv)
{
char *dev;
char *net;
char *mask;
int ret;
char errbuf[PCAP_ERRBUF_SIZE];
bpf_u_int32netp;
bpf_u_int32maskp;
struct in_addr addr;
dev =pcap_lookupdev(errbuf);
if(dev == NULL)
{
printf("%s\n",errbuf);
exit(1);
}
printf("设备名:%s\n",dev);
ret = pcap_lookupnet(dev,&netp,&maskp,errbuf);
if(ret == -1)
{
printf("%s\n",errbuf);
exit(1);
}
addr.s_addr =netp;
net = inet_ntoa(addr);
if(net == NULL)
{
perror("inet_ntoa");
exit(1);
}
printf("IP地址: %s\n",net);
addr.s_addr = maskp;
mask =inet_ntoa(addr);
if(mask == NULL)
{
perror("inet_ntoa");
exit(1);
}
printf("网络掩码:%s\n",mask);
return 0;
}
编译
[root@localhost home]# gcc –o testlibpcap testlibpcap.c –lpcap
[root@localhost home]# ./testlibpcap
设备名: eth0
IP地址: 192.168.228.0
网络掩码:255.255.255.0
必须以root身份运行程序,否则权限不够,会出现:
no suitable device found