原始套接字抓以太网数据包(面向链路层)

网卡的四种工作模式

1.广播模式
广播模式（Broad Cast Model)：物理地址（MAC）是oxffffff的帧为广播帧，工作在广播模式的网卡接收广播帧。
2.多播模式
多播模式（MultiCast Model):多播传送地址作为目的物理地址的帧可以被组内的其他主机同时接收，而组外主机却接受不到。但是，如果将网卡设置为多播传送模式，它可以接收所有的多播传送帧，而不论它是不是组内成员。
3.直接模式
直接模式（Direct Model):工作在直接模式下的网卡只接收目的地址是自己Mac地址的帧。
4.混杂模式
混杂模式（Promiscuous Model):工作在混杂模式下的网卡接收所有的流过网卡的帧，信包捕捉程序就是在这种模式下运行的。
网卡的缺省模式包含广播模式和直接模式，即它只接收广播帧和发给自己的帧。如果采用混杂模式，一个站点的网卡将接收同一网站内所有站点所发送的数据包，这样就可以达到对网络信息监视捕获的目的。(更改网卡模式，需要对网卡进行模式设置)

编程程序

编写原始套接字发端文件:send.cpp

#include <stdio.h>  
#include <string.h>  
#include <errno.h>  
#include <sys/types.h>   
#include <sys/socket.h>  
#include <netpacket/packet.h>  
#include <net/if.h>  
#include <net/if_arp.h>  
#include <sys/ioctl.h>  
#include <arpa/inet.h> //for htons
  
#define LEN     60  
   
void print_str16(unsigned char buf[], size_t len)  
{  
	int     i;  
	unsigned char   c;  
	if (buf == NULL || len <= 0)  
		return;  
	for (i = 0; i < len; i++) {  
		c = buf[i];  
		printf("%02x", c);  
	}  
	printf("\n");  
}  
int main()  
{  
	int             result = 0;  
	int             fd, n, count = 3, nsend = 0;  
	char    buf[LEN];  
	struct sockaddr_ll      sa;  
	struct ifreq    ifr;  
	char    if_name[] = "eno16777736"; //定义自己的网卡名称 
	char    dst_mac[6] = { 0x00,0x01, 0x01, 0x01, 0x01, 0x01 }; //mac地址 
	char    src_mac[6];  
	short   type = htons(0x8902); //以太网协议号
  
	memset(&sa, 0, sizeof(struct sockaddr_ll));  
	memset(buf, 0, sizeof(buf));  
  
    //create socket
	//int socket(int family,int type, int protocol); socket函数
	fd = socket(PF_PACKET, SOCK_RAW, htons(0x8902));  
	if (fd < 0) {  
		printf("socket error, %d\n", errno);  
		return errno;  
	}  
  
      //get index  
	strcpy(ifr.ifr_name, if_name);  
	result = ioctl(fd, SIOCGIFINDEX, &ifr);  
	if (result != 0) {  
		printf("get mac index error, %d\n", errno);  
		return errno;  
	}  
	sa.sll_ifindex = ifr.ifr_ifindex;  
  
      //get mac  
	result = ioctl(fd, SIOCGIFHWADDR, &ifr);  
	if (result != 0) {  
		printf("get mac addr error, %d\n", errno);  
		return errno;  
	}  
	memcpy(src_mac, ifr.ifr_hwaddr.sa_data, 6);  
  
      //set buf  
	memcpy(buf, dst_mac, 6);  
	memcpy(buf + 6, src_mac, 6);  
	memcpy(buf + 12, &type, 2);  
	print_str16((unsigned char*)buf, sizeof(buf));  
	//sendto  
	while (count-- > 0) {  
		n = sendto(fd, buf, sizeof(buf), 0, (struct sockaddr *)&sa, sizeof(struct sockaddr_ll));  
		if (n < 0) {  
			printf("sendto error, %d\n", errno);  
			return errno;  
		}  
		printf("sendto msg %d, len %d\n", ++nsend, n);  
	}  
	return 0;  
} 

编写原始套接字收端文件:recv.cpp

#include <stdio.h>  
#include <string.h>  
#include <errno.h>  
#include <sys/types.h>   
#include <sys/socket.h>  
#include <netpacket/packet.h>  
#include <net/if.h>  
#include <net/if_arp.h>  
#include <sys/ioctl.h>  
#include <arpa/inet.h> //for htons
#include <netinet/if_ether.h>   //for ethhdr
#define LEN     60 
void print_str16(unsigned char buf[], size_t len)  
{  
	int     i;  
	unsigned char   c;  
	if (buf == NULL || len <= 0)  
		return;  
	for (i = 0; i < len; i++) {  
		c = buf[i];  
		printf("%02x", c);  
	}  
	printf("\n");  
}  
void print_sockaddr_ll(struct sockaddr_ll *sa)  
{  
	if (sa == NULL)  
		return;  
	printf("sll_family:%d\n", sa->sll_family);  
	printf("sll_protocol:%#x\n", ntohs(sa->sll_protocol));  
	printf("sll_ifindex:%#x\n", sa->sll_ifindex);  
	printf("sll_hatype:%d\n", sa->sll_hatype);  
	printf("sll_pkttype:%d\n", sa->sll_pkttype);  
	printf("sll_halen:%d\n", sa->sll_halen);  
	printf("sll_addr:"); print_str16(sa->sll_addr, sa->sll_halen);  
}  
int main()  
{  
	int             result = 0, fd, n, count = 0;  
	char    buf[LEN];  
	struct sockaddr_ll      sa, sa_recv;  
	struct ifreq    ifr;  
	socklen_t       sa_len = 0;  
	char    if_name[] = "eno16777736";  
	struct ethhdr *eth; //定义以太网头结构体指针
	//create socket  
	fd = socket(PF_PACKET, SOCK_RAW, htons(0x8902));  
	if (fd < 0) {  
		perror("socket error\n");  
		return errno;  
	}  
	memset(&sa, 0, sizeof(sa));  
	sa.sll_family = PF_PACKET;  
	sa.sll_protocol = htons(0x8902); //协议号变量  
	
	// get flags   
	strcpy(ifr.ifr_name, if_name);  //必须先得到flags，才能再得到index
	result = ioctl(fd, SIOCGIFFLAGS, &ifr);  
	if (result != 0) {   
		perror("ioctl error, get flags\n");  
		return errno;  
	} 
	
	ifr.ifr_flags |= IFF_PROMISC;  
	// set promisc mode  
	result = ioctl(fd, SIOCSIFFLAGS, &ifr);  
	if (result != 0) {  
		perror("ioctl error, set promisc\n");  
		return errno;  
	}  
	
	result = ioctl(fd, SIOCGIFINDEX, &ifr);        //get index  
	if (result != 0) {  
		perror("ioctl error, get index\n");  
		return errno;  
	}  
	sa.sll_ifindex = ifr.ifr_ifindex;  
	result = bind(fd, (struct sockaddr*)&sa, sizeof(struct sockaddr_ll));  //bind fd  
	if (result != 0) {  
		perror("bind error\n");  
		return errno;  
	}  
      //recvfrom  
	while (1) {  
		memset(buf, 0, sizeof(buf));  
		n = recvfrom(fd, buf, sizeof(buf), 0, (struct sockaddr *)&sa_recv, &sa_len);  
	   
		if (n < 0) {  
			printf("recvfrom error, %d\n", errno);  
			return errno;  
		}  
		printf("******************* recvfrom msg %d ****************\n", ++count);  
		print_str16((unsigned char*)buf, n);  
		
		eth = (struct ethhdr*)buf;
	//从eth里提取目的mac、源mac、协议号
		printf("proto=0x%04x,dst mac addr:%02x:%02x:%02x:%02x:%02x:%02x\n", ntohs(eth->h_proto), eth->h_dest[0], eth->h_dest[1], eth->h_dest[2], eth->h_dest[3], eth->h_dest[4], eth->h_dest[5]);
		printf("proto=0x%04x,src mac addr:%02x:%02x:%02x:%02x:%02x:%02x\n", ntohs(eth->h_proto), eth->h_source[0], eth->h_source[1], eth->h_source[2], eth->h_source[3], eth->h_source[4], eth->h_source[5]);

		print_sockaddr_ll(&sa_recv);  
		printf("sa_len:%d\n", sa_len);  
	}  
	return 0;  
}

上述程序中涉及到index与mac获取的内核调用关系如下