546.htm

unix高级编程原吗

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>CTerm非常精华下载</title>
</head>
<body bgcolor="#FFFFFF">
<table border="0" width="100%" cellspacing="0" cellpadding="0" height="577">
<tr><td width="32%" rowspan="3" height="123"><img src="DDl_back.jpg" width="300" height="129" alt="DDl_back.jpg"></td><td width="30%" background="DDl_back2.jpg" height="35"><p align="center"><a href="http://apue.dhs.org"><font face="黑体"><big><big>apue</big></big></font></a></td></tr>
<tr>
<td width="68%" background="DDl_back2.jpg" height="44"><big><big><font face="黑体"><p align="center">               ● UNIX网络编程                       (BM: clown)                </font></big></big></td></tr>
<tr>
<td width="68%" height="44" bgcolor="#000000"><font face="黑体"><big><big><p   align="center"></big></big><a href="http://cterm.163.net"><img src="banner.gif" width="400" height="60" alt="banner.gif"border="0"></a></font></td>
</tr>
<tr><td width="100%" colspan="2" height="100" align="center" valign="top"><br><p align="center">[<a href="index.htm">回到开始</a>][<a href="537.htm">上一层</a>][<a href="547.htm">下一篇</a>]
<hr><p align="left"><small>发信人: guru (好读书，不求甚解), 信区: UNP <br>
标  题: Packet Capture With libpcap and other (1) <br>
发信站: UNIX编程 (2001年08月04日11:14:31 星期六), 站内信件 <br>
  <br>
Packet Capture With libpcap and other Low Level Network Tricks <br>
  <br>
-------------------------------------------------------------------------------- <br>
  <br>
Download libpcap Unix source from Dave Central <br>
Download libpcap for win32 HERE! <br>
Search for other neat-o libpcap stuff from google <br>
  <br>
-------------------------------------------------------------------------------- <br>
Contents <br>
Intro (You are already here) <br>
Capturing our First Packet <br>
Writing a Basic Packet Capturing Engine <br>
Analyzing packets..... (in progress) <br>
  <br>
-------------------------------------------------------------------------------- <br>
  <br>
Who this is for: Allright peeps, this tutorial assumes at least a cursory knowle <br>
dge in networks in general. For example, what a packet is, how packets are sent, <br>

 physical vs datalink vs network layers etc. However, I am not assuming any prev <br>
ious <br>
knowledge in network programming, just a basic familiarity with c. If you alread <br>
y are a c/c++ master, then you might as well just man 3 pcap so you can skip my <br>
annoying writing style. You should have a working c compiler on your system and <br>
libpcap <br>
installed. We are only going to concern ourselves with Ethernet datalink layer.. <br>
 so if you are using some funky network card like token ring... then you are on <br>
your own as to finding your way around the datalink headers. Finally, all source <br>
 in this <br>
section was written and tested on linux, kernel 2.2.14, while it should be mostl <br>
y portable (hehe) I can't guarantee that it will compile or run on other operati <br>
ng systems. You are going to want to run as root so be careful and be sure not t <br>
o break <br>
your box in the meantime. Oh, and though I have tested and run all the code pres <br>
ented in this tutorial with no problems, I am NOT responsible if your shit break <br>
s and has to be quarantined by the health department... aka play at your own ris <br>
k.... <br>
(*eerie ghost sound*) <br>
  <br>
Intro: Well here it is, the beginning of my packet capture tutorial a la libpcap <br>
. Inevitably the questions will arise.. "what the hell is packet capture?!" or " <br>

Who is libpcap!?" ... so I guess I'll start off by answering these questions... <br>
  <br>
Packet Capture, simply means to "grab packets". <br>
"Gee thanks Martin :-P"..you blurt. <br>
No, really, all we are trying to do here is to get access to the underlying faci <br>
lity provided by the operating system so we can grab packets in their raw form. <br>
For example, assume your ethercard picks up a packet from the network. Once the <br>
packet is <br>
handed off to the OS, the OS must determine what type of packet it is, to do so <br>
it strips off the Ethernet header of the packet and looks at the next layer. Per <br>
haps it is an ip packet... well the OS must now strip of the IP header and deter <br>
mine which <br>
type of IP packet it is. Finally, lets say it is determined that the packet is a <br>
 UDP packet, the UDP header is stripped off and the packet payload is handed ove <br>
r to the application that the packet is sent for (notice this is an GROSSLY over <br>
simplified <br>
version of what really goes on, but I trying to illustrate a point). Packet capt <br>
ure allows us to intercept any packet that is seen by the network device, and gr <br>
ab it in its entirety headers and all! Regardless of which port is being sent to <br>
, or even <br>
which HOST! for that matter!!! <br>
libpcap "provides implementation-independent access to the underlying packet cap <br>

ture facility provided by the operating system" (Stevens, UNP page. 707). So pre <br>
tty much, libpcap is the library we are going to use to grab packets from the ne <br>
twork card <br>
directly. Let me quickly note that there are other ways of doing this, including <br>
 BPF (Berkeley Packet Filter), DLPI (Data Link Provider Interface) and SOCKET_PA <br>
CKET type sockets (Linux only). <br>
Getting Started Well there is an awful lot to cover.. so lets just get familiar <br>
with libpcap. Like I stated before, all the code in this section is assuming tha <br>
t you are sitting on an Ethernet. If this is not the case, then the tutorial bas <br>
ics are <br>
still pertinent, but the code presented later on involving decoding the Ethernet <br>
 header obviously isn't :-( *sorry*. Allright... crack your knuckles *crunch* an <br>
d lets get ready to code our FIRST LIBPCAP PROGRAM!!!!. Go ahead and copy the fo <br>
llowing <br>
program into your favorite editor (which should be vim if you have any sense :-) <br>
 save, and compile with... <br>
  <br>
%>gcc ldev.c -lpcap <br>
  <br>
  <br>
-------------------------------------------------------------------------------- <br>
  <br>
  <br>
/* ldev.c <br>
   Martin Casado <br>
  <br>
   To compile: <br>
   >gcc ldev.c -lpcap <br>
  <br>
   Looks for an interface, and lists the network ip <br>
   and mask associated with that interface. <br>
*/ <br>
#include <stdio.h> <br>
#include <stdlib.h> <br>
#include <pcap.h>  /* GIMME a libpcap plz! */ <br>
#include <errno.h> <br>
#include <sys/socket.h> <br>
#include <netinet/in.h> <br>
#include <arpa/inet.h> <br>
  <br>
int main(int argc, char **argv) <br>
{ <br>
  char *dev; /* name of the device to use */ <br>
  char *net; /* dot notation of the network address */ <br>
  char *mask;/* dot notation of the network mask    */ <br>

  int ret;   /* return code */ <br>
  char errbuf[PCAP_ERRBUF_SIZE]; <br>
  bpf_u_int32 netp; /* ip          */ <br>
  bpf_u_int32 maskp;/* subnet mask */ <br>
  struct in_addr addr; <br>
  <br>
  /* ask pcap to find a valid device for use to sniff on */ <br>
  dev = pcap_lookupdev(errbuf); <br>
  <br>
  /* error checking */ <br>
  if(dev == NULL) <br>
  { <br>
   printf("%s\n",errbuf); <br>
   exit(1); <br>
  } <br>
  <br>
  /* print out device name */ <br>
  printf("DEV: %s\n",dev); <br>
  <br>
  /* ask pcap for the network address and mask of the device */ <br>
  ret = pcap_lookupnet(dev,&netp,&maskp,errbuf); <br>
  <br>
  <br>
  if(ret == -1) <br>
  { <br>
   printf("%s\n",errbuf); <br>
   exit(1); <br>
  } <br>
  <br>
  /* get the network address in a human readable form */ <br>
  addr.s_addr = netp; <br>
  net = inet_ntoa(addr); <br>
  <br>
  if(net == NULL)/* thanks Scott :-P */ <br>
  { <br>
    perror("inet_ntoa"); <br>
    exit(1); <br>
  } <br>
  <br>
  printf("NET: %s\n",net); <br>
  <br>
  /* do the same as above for the device's mask */ <br>
  addr.s_addr = maskp; <br>
  mask = inet_ntoa(addr); <br>
  <br>
  <br>
  if(mask == NULL) <br>
  { <br>
    perror("inet_ntoa"); <br>
    exit(1); <br>
  } <br>
  <br>
  printf("MASK: %s\n",mask); <br>
  <br>
  return 0; <br>
} <br>
  <br>
  <br>
-------------------------------------------------------------------------------- <br>
  <br>
Did you run the program? If not, run it :-) Assuming it compiled, and ran correc <br>
tly your output should be something like... <br>
  <br>
DEV: eth0 <br>
NET: 192.168.12.0 <br>
MASK: 255.255.255.0 <br>
  <br>
Now if your DEV is not eth0, or eth1 or eth followed by some number then we are <br>

going to have problems because this document is geared toward sniffing ethernet <br>
packets. Obviously the NET and MASK numbers will be different than the ones I po <br>
sted, <br>
however the actual values are not important to this discussion. <br>
  <br>
"So what did we just do?", you ask. Well, we just asked libpcap to give us some <br>
specs on an interface to listen on. <br>
"Whats an interface?" <br>
Just think of an interface as your computers hardware connection to whatever net <br>
work your computer is connected to. In Unix, eth0 denotes the first ethernet car <br>
d in your computer this is the network interface that I am going to use to demon <br>
strate <br>
libpcap. All you really have to be concerned with right now is that we grabbed t <br>
he device name "eth0", since this is what we have to pass to libpcap to tell whe <br>
re to grab packets from. The NET and MASK are simply the network number and mask <br>
 associated <br>
with the card which are for informative purposes only. There are much better way <br>
s to enumerate and list the specifications of the system interfaces than going t <br>
hrough libpcap which I'll hopefully write about someday :-). <br>
  <br>
Allright, by now you should know how to write, run and compile a libpcap program <br>
, grab the name of the interface card we are going to capture packets from, and <br>

have a basic understanding of what we are doing. Next, we'll grab our very first <br>
 packet.. <br>
WohoO!!! <br>
  <br>
  <br>
-------------------------------------------------------------------------------- <br>
  <br>
[Socket Home ] [Next] <br>
-- <br>
Target Locked:Guru In Darkness. <br>
我只是一只静静卧着的狮子。。。 <br>
※ 来源:·UNIX编程 www.tiaozhan.com/unixbbs/·[FROM: 202.114.36.176] <br>
</small><hr>
<p align="center">[<a href="index.htm">回到开始</a>][<a href="537.htm">上一层</a>][<a href="547.htm">下一篇</a>]
<p align="center"><a href="http://cterm.163.net">欢迎访问Cterm主页</a></p>
</table>
</body>
</html>