linux下sniffer程序的实现,Linux下sniffer实现(转)

#include #include#include#include#include#include#include#include#include#include#include

int main(int argc, char **argv) {intsock, n;char buffer[2048];

unsignedchar *iphead, *ethhead;structifreq ethreq;/*my ip: 10.219.119.23 == 0x0adb7716*/

/*udp and host 192.168.13.41 and src port 5000

(000) ldh [12]

(001) jeq #0x800 jt 2 jf 14

(002) ldb [23]

(003) jeq #0x11 jt 4 jf 14

(004) ld [26]

(005) jeq #0x0adb7716 jt 8 jf 6

(006) ld [30]

(007) jeq #0x0adb7716 jt 8 jf 14

(008) ldh [20]

(009) jset #0x1fff jt 14 jf 10

(010) ldxb 4*([14]&0xf)

(011) ldh [x + 14]

(012) jeq #0x1388 jt 13 jf 14

(013) ret #68

(014) ret #0*/

struct sock_filter BPF_code[]={

{0x28, 0, 0, 0x0000000c},

{0x15, 0, 12, 0x00000800},

{0x30, 0, 0, 0x00000017},

{0x15, 0, 10, 0x00000011},

{0x20, 0, 0, 0x0000001a},

{0x15, 2, 0, 0x0adb7716},

{0x20, 0, 0, 0x0000001e},

{0x15, 0, 6, 0x0adb7716},

{0x28, 0, 0, 0x00000014},

{0x45, 4, 0, 0x00001fff},

{0xb1, 0, 0, 0x0000000e},

{0x48, 0, 0, 0x0000000e},

{0x15, 0, 1, 0x00001388},

{0x6, 0, 0, 0x00000044},

{0x6, 0, 0, 0x00000000}

};structsock_fprog Filter;

Filter.len= 15;

Filter.filter=BPF_code;if ( (sock=socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP)))<0) {

perror("socket");return -1;

}/*Set the network card in promiscuous mode 设置网卡为混杂模式*/strncpy(ethreq.ifr_name,"eth3",IFNAMSIZ); //hardcode, please check your computer: $ifconfig

if (ioctl(sock,SIOCGIFFLAGS,&ethreq)==-1) {

perror("ioctl");

close(sock);return -1;

}

ethreq.ifr_flags|=IFF_PROMISC;if (ioctl(sock,SIOCSIFFLAGS,&ethreq)==-1) {

perror("ioctl");

close(sock);return -1;

}/*Attach the filter to the socket*/

if(setsockopt(sock, SOL_SOCKET, SO_ATTACH_FILTER, &Filter, sizeof(Filter))<0){

perror("setsockopt");

close(sock);return -1;

}while (1) {

printf("----------\n");

n= recvfrom(sock,buffer,2048,0,NULL,NULL);

printf("%d bytes read\n",n);/*Check to see if the packet contains at least

* complete Ethernet (14), IP (20) and TCP/UDP

* (8) headers.*/

if (n<42) {

perror("recvfrom():");

printf("Incomplete packet (errno is %d)\n", errno);

close(sock);return 0;

}

ethhead=buffer;

printf("Source MAC address: %02x:%02x:%02x:%02x:%02x:%02x\n",

ethhead[0],ethhead[1],ethhead[2],ethhead[3],ethhead[4],ethhead[5]);

printf("Destination MAC address: %02x:%02x:%02x:%02x:%02x:%02x\n",

ethhead[6],ethhead[7],ethhead[8],ethhead[9],ethhead[10],ethhead[11]);

iphead= buffer+14; /*Skip Ethernet header*/

if (*iphead==0x45) { /*Double check for IPv4 and no options present*/printf("Source host %d.%d.%d.%d\n", iphead[12],iphead[13],iphead[14],iphead[15]);

printf("Dest host %d.%d.%d.%d\n", iphead[16],iphead[17], iphead[18],iphead[19]);

printf("Source,Dest ports %d,%d\n", (iphead[20]<<8)+iphead[21], (iphead[22]<<8)+iphead[23]);

printf("Layer-4 protocol %d\n",iphead[9]);

}

}

}