linux 混杂模式收包,Linux下使用混杂模式抓包(2)

寒墨夜殇

于 2021-05-12 20:07:36 发布

阅读量403

点赞数

文章标签： linux 混杂模式收包

混杂模式网络监听 socket编程数据包捕获接口标志

关键词由CSDN通过智能技术生成

有时候不光要抓自己的包，还要抓目的地址不是本机地址的包，既是过路包，这时候就要将监听网卡设为混在模式

这里新添了头文件：

net/if.h 定义了ifreq的结构体，既是接口(interface)的信息头文件。

#include

#include

#include

#include

#include

#include

#include

#include

/**

* Set misc mode for interface

* \param if_name interface name we will set

* \param sockfd the socket id we will set

* */

int set_promisc (char *if_name, int sockfd)

{

struct ifreq ifr;

strcpy (ifr.ifr_name, if_name);

if (0 != ioctl (sockfd, SIOCGIFFLAGS, &ifr))

{

printf ("Get interface flag failed\n");

return -1;

}

/* add the misc mode */

ifr.ifr_flags |= IFF_PROMISC;

if (0 != ioctl (sockfd, SIOCSIFFLAGS, &ifr))

{

printf ("Set interface flag failed\n");

return -1;

}

}

int main (int argc, char *argv[])

{

int sockfd;

int ret = 0;

char buffer[1518] = {0};

char *eth_head = NULL;

if ((sockfd = socket (PF_PACKET, SOCK_RAW, htons (ETH_P_ALL))) < 0)

{

printf ("create socket failed\n");

return -1;

}

if (0 != set_promisc ("eth0", sockfd))

{

printf ("Failed to set interface promisc mode\n");

}

while (1)

{

memset (buffer, 0x0, sizeof (buffer));

ret = recvfrom (sockfd, buffer, sizeof (buffer), 0, NULL, NULL);

printf ("recview package length : %d\n", ret);

eth_head = buffer;

printf ("PACKAGE START\n");

/* get source and dectination mac address */

printf ("dectination mac:%02x-%02x-%02x-%02x-%02x-%02x,"

"source mac:%02x-%02x-%02x-%02x-%02x-%02x;\n", eth_head[0],

eth_head[1], eth_head[2], eth_head[3], eth_head[4],

eth_head[5], eth_head[6], eth_head[7], eth_head[8],

eth_head[9], eth_head[10], eth_head[11]);

printf ("eth_type:%02x%02x\n", eth_head[12], eth_head[13]);

/* ARP protocol flag */

if (0x08 == eth_head[12] && 0x06 == eth_head[13])

{

printf ("ARP source ip:%d.%d.%d.%d,destination ip:%d.%d.%d.%d;\n",

eth_head[28], eth_head[29], eth_head[30], eth_head[31],

eth_head[38], eth_head[39], eth_head[40], eth_head[41]);

}

/* IPv4 protocol flag */

else if (0x08 == eth_head[12] && 0x00 == eth_head[13])

{

if (0x45 == eth_head[14])

{

printf ("IPv4 source ip:%d.%d.%d.%d,destination ip:%d.%d.%d."

"%d;\n", eth_head[26], eth_head[27], eth_head[28],

eth_head[29], eth_head[30], eth_head[31],

eth_head[32], eth_head[33]);

}

else

{

printf ("p_head:%02x\n", eth_head[14]);

}

}

printf ("PACKAGE END\n");

}

return 0;

}

运行之后就会发现发往其它mac的包了。

评论

被折叠的条评论为什么被折叠?

到【灌水乐园】发言

查看更多评论

添加红包

成就一亿技术人!

hope_wisdom

发出的红包

实付元

使用余额支付

点击重新获取

扫码支付

钱包余额 0

抵扣说明：

1.余额是钱包充值的虚拟货币，按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载，可以购买VIP、付费专栏及课程。