溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務(wù)條款》
您好,登錄后才能下訂單哦!
Download libpcap source from www.tcpdump.org here
Download libpcap for win32 fromwww.winpcap.org
Check out a better pcap tutorial here
Front matter: This is a slightly modified and extended version of my older pcap tutorial. Revisiting this work five years later, I am necessarily dumber (age and beer) yet hopefully somewhat more knowledgeable. Contact information has changed, please send your hate-mail to casado at cs.stanford.edu.
Contents
Intro (You are already here)
Capturing our First Packet
Writing a Basic Packet Capturing Engine
Analyzing packets..... (in progress)
Who this is for: This tutorial assumes a cursory
knowledge in networks; what a packet is, Ethernet vs. IP vs.
TCP vs. UDP etc. If these concepts are foreign I highly suggest
you invest in a good (e.g. probably can't find at Best Buy)
networking book. My favorites are:
Computer Networking : A Top-Down Approach Featuring the Internet
(3rd Edition) by James F. Kurose, Keith W. Ross
UNIX Network Programming by W. Richard Stevens
The Protocols (TCP/IP Illustrated, Volume 1) by W. Richard Stevens
This tutorial does not assume any previous knowledge in network programming, just a basic familiarity with c. If you already are a c/c++ master, then you might as well just man 3 pcap. You should have a working c compiler on your system and libpcap installed. All source in this section was written and tested on linux, kernel 2.2.14, while it should be mostly portable (hehe) I can't guarantee that it will compile or run on other operating systems. You are going to want to run as root so be careful and be sure not to break your box in the meantime. Oh, and though I have tested and run all the code presented in this tutorial with no problems, I am NOT responsible if your shit breaks and has to be quarantined by the health department... aka play at your own risk....
hcn# gcc ldev.c -lpcap
/* ldev.c
編譯指令
>gcc ldev.c -lpcap
查詢網(wǎng)卡, 展示與該網(wǎng)卡相關(guān)的網(wǎng)絡(luò)地址和子網(wǎng)掩碼
*/
#include <stdio.h>
#include <stdlib.h>
#include <pcap.h> /* GIMME a libpcap plz! */
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
int main(int argc, char **argv)
{
char *dev; /* 網(wǎng)卡名稱 */
char *net; /* 用點標(biāo)識的網(wǎng)絡(luò)地址 */
char *mask;/* 用點標(biāo)識的子網(wǎng)掩碼 */
int ret; /* 返回標(biāo)識 */
char errbuf[PCAP_ERRBUF_SIZE]; /* 錯誤信息 */
bpf_u_int32 netp; /* 網(wǎng)絡(luò)地址 */
bpf_u_int32 maskp; /* 子網(wǎng)掩碼 */
struct in_addr addr;
/* 通過pcap去發(fā)現(xiàn)一個可用的網(wǎng)卡用于嗅探 */
dev = pcap_lookupdev(errbuf);
/* 檢測是否找到可用網(wǎng)卡 */
if(dev == NULL)
{
printf("%s\n",errbuf);
exit(1);
}
/* 打印網(wǎng)卡名稱 */
printf("DEV: %s\n",dev);
/* 通過pcap查詢網(wǎng)卡的網(wǎng)絡(luò)地址和子網(wǎng)掩碼*/
ret = pcap_lookupnet(dev,&netp,&maskp,errbuf);
/* 檢測上不操作是否成功 */
if(ret == -1)
{
printf("%s\n",errbuf);
exit(1);
}
/* 將網(wǎng)絡(luò)地址從網(wǎng)絡(luò)格式轉(zhuǎn)化為人可讀格式*/
addr.s_addr = netp;
net = inet_ntoa(addr);
/* 檢測轉(zhuǎn)化是否成功 */
if(net == NULL)
{
perror("inet_ntoa");
exit(1);
}
/* 打印網(wǎng)絡(luò)地址*/
printf("NET: %s\n",net);
/* 將子網(wǎng)掩碼地址從網(wǎng)絡(luò)格式轉(zhuǎn)為人可讀格式*/
addr.s_addr = maskp;
mask = inet_ntoa(addr);
if(mask == NULL)
{
perror("inet_ntoa");
exit(1);
}
/* 打印子網(wǎng)掩碼*/
printf("MASK: %s\n",mask);
return 0;
}
