Linux下libpcap编程源码

最新推荐文章于 2024-04-13 16:30:22 发布

程序员赵洋

最新推荐文章于 2024-04-13 16:30:22 发布

阅读量493

点赞数 1

本文链接：https://blog.csdn.net/qq_28657577/article/details/80691568

版权

以下是官网的一个实例源码，libpcap安装和测试，在我别我文里有。

#define APP_NAME "TEST01"

#define APP_DESC "JUST TEST01
#define APP_COPYRIGHT "CREAT BY GogY"
#define APP_DISCLAIMER "THERE IS ABSOLUTELY NO WARRANTY FOR THIS PROGRAM."

#include <pcap.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>

/* default snap length (每个要捕获的数据包的最大字节数) */
#define SNAP_LEN 1518

/*以太网的头通常是14个字节 */
#define SIZE_ETHERNET 14

/* 以太网地址是6字节*/
#define ETHER_ADDR_LEN 6

/* 以太网头结构体*/
struct sniff_ethernet {
u_char ether_dhost[ETHER_ADDR_LEN]; /* 目的主机地址 */
u_char ether_shost[ETHER_ADDR_LEN]; /* source host address */
u_short ether_type; /* IP? ARP? RARP? etc */
};

/* IP 头结构体*/
struct sniff_ip {
u_char ip_vhl; /* ipv4头占2字节 */
u_char ip_tos; /* type of service服务类型 */
u_short ip_len; /* total length */
u_short ip_id; /* identification */
u_short ip_off; /* fragment offset field */
#define IP_RF 0x8000 /* reserved fragment flag */
#define IP_DF 0x4000 /* dont fragment flag */
#define IP_MF 0x2000 /* more fragments flag */
#define IP_OFFMASK 0x1fff /* mask for fragmenting bits */
u_char ip_ttl; /* time to live */
u_char ip_p; /* protocol */
u_short ip_sum; /* checksum */
struct in_addr ip_src,ip_dst; /* 源IP和目的IP */
};
#define IP_HL(ip) (((ip)->ip_vhl) & 0x0f)
#define IP_V(ip) (((ip)->ip_vhl) >> 4)

/* TCP header 结构体 */
typedef u_int tcp_seq;

struct sniff_tcp {
u_short th_sport; /* source port */
u_short th_dport; /* destination port */
tcp_seq th_seq; /* sequence number */
tcp_seq th_ack; /* acknowledgement number */
u_char th_offx2; /* data offset, rsvd */
#define TH_OFF(th) (((th)->th_offx2 & 0xf0) >> 4)
u_char th_flags;
#define TH_FIN 0x01
#define TH_SYN 0x02
#define TH_RST 0x04
#define TH_PUSH 0x08
#define TH_ACK 0x10
#define TH_URG 0x20
#define TH_ECE 0x40
#define TH_CWR 0x80
#define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)
u_short th_win; /* window */
u_short th_sum; /* checksum */
u_short th_urp; /* urgent pointer */
};

void
got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet);

void
print_payload(const u_char *payload, int len);

void
print_hex_ascii_line(const u_char *payload, int len, int offset);

void
print_app_banner(void);

void
print_app_usage(void);

/*
* app name/banner应用程序名称/横幅
*/
void
print_app_banner(void)
{

printf("%s - %s\n", APP_NAME, APP_DESC);
printf("%s\n", APP_COPYRIGHT);
printf("%s\n", APP_DISCLAIMER);
printf("\n");

return;
}

/*
* print help text打印帮助文档
*/
void
print_app_usage(void)
{

printf("Usage: %s [interface]\n", APP_NAME);
printf("\n");
printf("Options:\n");
printf(" interface Listen on <interface> for packets.\n");
printf("\n");

return;
}

/*
以16字节的行打印数据：16进制偏移量ascii
*
* 00000 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a GET / HTTP/1.1..
*/
void
print_hex_ascii_line(const u_char *payload, int len, int offset)
{

int i;
int gap;
const u_char *ch;

/* 偏移量 */
printf("%05d ", offset);

/* 16进制 */
ch = payload;
for(i = 0; i < len; i++) {
printf("%02x ", *ch);
ch++;
/* 在第8字节之后打印额外的空间以供视觉辅助*/
if (i == 7)
printf(" ");
}
/*打印空间处理少于8个字节的行。 */
if (len < 8)
printf(" ");

/* 用空格填充十六进制间隙(如果不是满行的话) */
if (len < 16) {
gap = 16 - len;
for (i = 0; i < gap; i++) {
printf(" ");
}
}
printf(" ");

/* ascii ((如果可打印)) */
ch = payload;
for(i = 0; i < len; i++) {
if (isprint(*ch))
printf("%c", *ch);
else
printf(".");
ch++;
}

printf("\n");

return;
}

/*
* 打印数据包有效负载数据(避免打印二进制数据)
*/
void
print_payload(const u_char *payload, int len)
{

int len_rem = len;
int line_width = 16; /* 每一行字节数 */
int line_len;
int offset = 0; /*偏移量计数器=0 */
const u_char *ch = payload;

if (len <= 0)
return;

/*数据符合一条直线 */
if (len <= line_width) {
print_hex_ascii_line(ch, len, offset);
return;
}

/* 跨越多行数据*/
for ( ;; ) {
/* 计算当前线长度*/
line_len = line_width % len_rem;
/* 打印行*/
print_hex_ascii_line(ch, line_len, offset);
/* 计算总剩余 */
len_rem = len_rem - line_len;
/*将指针移到要打印的剩余字节*/
ch = ch + line_len;
/* 增加偏移量 */
offset = offset + line_width;
/* 检查我们是否有线宽字符或更少 */
if (len_rem <= line_width) {
/* 打印最后一行，然后离开 */
print_hex_ascii_line(ch, len_rem, offset);
break;
}
}

return;
}

/*
* 解剖/打印数据包
*/
void
got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{

static int count = 1; /* packet counter */

/* declare pointers to packet headers */
const struct sniff_ethernet *ethernet; /* The ethernet header [1] */
const struct sniff_ip *ip; /* The IP header */
const struct sniff_tcp *tcp; /* The TCP header */
const char *payload; /* Packet payload */

int size_ip;
int size_tcp;
int size_payload;

printf("\nPacket number %d:\n", count);
count++;

/*定义以太网报头 */
ethernet = (struct sniff_ethernet*)(packet);

/* 定义/计算ip报头偏移量 */
ip = (struct sniff_ip*)(packet + SIZE_ETHERNET);
size_ip = IP_HL(ip)*4;
if (size_ip < 20) {
printf(" * Invalid IP header length: %u bytes\n", size_ip);
return;
}

/* 打印源和目标IP地址*/
printf(" From: %s\n", inet_ntoa(ip->ip_src));
printf(" To: %s\n", inet_ntoa(ip->ip_dst));

/* 确定协议 */
switch(ip->ip_p) {
case IPPROTO_TCP:
printf(" Protocol: TCP\n");
break;
case IPPROTO_UDP:
printf(" Protocol: UDP\n");
return;
case IPPROTO_ICMP:
printf(" Protocol: ICMP\n");
return;
case IPPROTO_IP:
printf(" Protocol: IP\n");
return;
default:
printf(" Protocol: unknown\n");
return;
}

/*
* 好的，这个包是TCP。
*/

/*定义/计算tcp报头偏移量*/
tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip);
size_tcp = TH_OFF(tcp)*4;
if (size_tcp < 20) {
printf(" * Invalid TCP header length: %u bytes\n", size_tcp);
return;
}

printf(" Src port: %d\n", ntohs(tcp->th_sport));
printf(" Dst port: %d\n", ntohs(tcp->th_dport));

/* 定义/计算tcp负载(段)偏移量 */
payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_tcp);

/* 计算tcp负载(段)大小 */
size_payload = ntohs(ip->ip_len) - (size_ip + size_tcp);

/*
* 打印有效载荷数据;它可能是二进制的，所以不要只是
* 把它当作字符串来处理
*/
if (size_payload > 0) {
printf(" Payload (%d bytes):\n", size_payload);
print_payload(payload, size_payload);
}

return;
}

int main(int argc, char **argv)
{

char *dev = NULL; /* 捕获设备名称*/
char errbuf[PCAP_ERRBUF_SIZE]; /* 错误的字符*/
pcap_t *handle; /* 数据包捕获处理器 */

char filter_exp[] = "ip"; /* 过滤器表达式 */
struct bpf_program fp; /* 编译过滤器 */
bpf_u_int32 mask; /* 子网掩码 */
bpf_u_int32 net; /* ip */
int num_packets = 10; /*要捕获的包的数量。*/

print_app_banner();

/* 检查命令行上的捕获设备名称。 */
if (argc == 2) {
dev = argv[1];
}
else if (argc > 2) {
fprintf(stderr, "error: unrecognized command-line options\n\n");
print_app_usage();
exit(EXIT_FAILURE);
}
else {
/* 如果没有在命令行中指定捕获设备，请查找该设备*/
dev = pcap_lookupdev(errbuf);
if (dev == NULL) {
fprintf(stderr, "Couldn't find default device: %s\n",
errbuf);
exit(EXIT_FAILURE);
}
}

/*获取与捕获设备相关联的网络号码和掩码*/
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
fprintf(stderr, "Couldn't get netmask for device %s: %s\n",
dev, errbuf);
net = 0;
mask = 0;
}

/* 打印捕捉信息*/
printf("Device: %s\n", dev);
printf("Number of packets: %d\n", num_packets);
printf("Filter expression: %s\n", filter_exp);

/* 打开捕捉设备 */
handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf);
if (handle == NULL) {
fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
exit(EXIT_FAILURE);
}

/* 确保我们捕获的是一个以太网设备 */
if (pcap_datalink(handle) != DLT_EN10MB) {
fprintf(stderr, "%s is not an Ethernet\n", dev);
exit(EXIT_FAILURE);
}

/* 编译过滤器表达式*/
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
fprintf(stderr, "Couldn't parse filter %s: %s\n",
filter_exp, pcap_geterr(handle));
exit(EXIT_FAILURE);
}

/* 应用编译后的过滤器 */
if (pcap_setfilter(handle, &fp) == -1) {
fprintf(stderr, "Couldn't install filter %s: %s\n",
filter_exp, pcap_geterr(handle));
exit(EXIT_FAILURE);
}

/* 设置回调函数。*/
pcap_loop(handle, num_packets, got_packet, NULL);

/* 释放资源 */
pcap_freecode(&fp);
pcap_close(handle);

printf("\nCapture complete.\n");

return 0;
}