📄 544.htm
字号:
{ <br>
if ( j == 8 ) <br>
{ <br>
fprintf( stderr, "-%02X", byteArray[i] ); <br>
} <br>
else <br>
{ <br>
fprintf( stderr, " %02X", byteArray[i] ); <br>
} <br>
} <br>
fprintf( stderr, " " ); <br>
i -= 16; <br>
for ( j = 0; j < 16; j++, i++ ) <br>
{ <br>
/* if ( isprint( (int)byteArray[i] ) ) */ <br>
if ( ( byteArray[i] >= ' ' ) && ( byteArray[i] <= 255 ) ) <br>
{ <br>
fprintf( stderr, "%c", byteArray[i] ); <br>
} <br>
else <br>
{ <br>
fprintf( stderr, "." ); <br>
} <br>
} <br>
fprintf( stderr, "\n" ); <br>
} /* end of for */ <br>
k = byteArrayLen - i; <br>
if ( k <= 0 ) <br>
{ <br>
return; <br>
} <br>
fprintf( stderr, "%08X ", ( unsigned int )offset ); <br>
for ( j = 0 ; j < k; j++, i++ ) <br>
{ <br>
if ( j == 8 ) <br>
{ <br>
fprintf( stderr, "-%02X", byteArray[i] ); <br>
} <br>
} <br>
else <br>
{ <br>
fprintf( stderr, " %02X", byteArray[i] ); <br>
} <br>
} <br>
i -= k; <br>
for ( j = 16 - k; j > 0; j-- ) <br>
{ <br>
fprintf( stderr, " " ); <br>
} <br>
fprintf( stderr, " " ); <br>
for ( j = 0; j < k; j++, i++ ) <br>
{ <br>
if ( ( byteArray[i] >= ' ' ) && ( byteArray[i] <= 255 ) ) <br>
{ <br>
fprintf( stderr, "%c", byteArray[i] ); <br>
} <br>
else <br>
{ <br>
fprint( stderr, "." ); <br>
} <br>
} <br>
} <br>
fprintf( stderr, "\n" ); <br>
return; <br>
} /* end of outputBinary */ <br>
static void pcap_callback ( u_char * none, const struct pcap_pkthdr * pcap_h <br>
ead, <br>
const u_char * packet ) <br>
{ <br>
outputBinary( ( u_char * )packet, ( size_t )( pcap_head->caplen ) ); <br>
return; <br>
} /* end of pcap_callback */ <br>
static pcap_t * pcap_init ( char * dev, char * filter, int snaplen, int time <br>
out, <br>
int dumplevel ) <br>
{ <br>
pcap_t * p = NULL; <br>
char errbuf[ PCAP_ERRBUF_SIZE ]; <br>
struct bpf_program bpf; <br>
bpf_u_int32 ip, mask; <br>
if ( dev == NULL ) <br>
{ <br>
if ( ( dev = pcap_lookupdev( errbuf ) ) == NULL ) <br>
{ <br>
{ <br>
fprintf( stderr, "%s\n", errbuf ); <br>
exit( FAILURE ); <br>
} <br>
} <br>
fprintf( stderr, "[ device --> %s ]\n", dev ); <br>
/* 1表示进入混杂模式 */ <br>
if ( ( p = pcap_open_live( dev, snaplen, 1, timeout, errbuf ) ) == NULL <br>
) <br>
{ <br>
fprintf( stderr, "%s\n", errbuf ); <br>
exit( FAILURE ); <br>
} <br>
if ( pcap_lookupnet( dev, &ip, &mask, errbuf ) == -1 ) <br>
{ <br>
exit( FAILURE ); <br>
} <br>
/* 1表示优化过滤规则 */ <br>
if ( pcap_compile( p, &bpf, filter, 1, mask ) < 0 ) <br>
{ <br>
/* for example, pcap_compile: unknown ip proto ... */ <br>
pcap_perror( p, "pcap_compile" ); <br>
exit( FAILURE ); <br>
} <br>
if ( dumplevel >= 0 ) <br>
{ <br>
bpf_dump( &bpf, dumplevel ); <br>
exit( SUCCESS ); <br>
} <br>
else if ( pcap_setfilter( p, &bpf ) == -1 ) <br>
{ <br>
exit( FAILURE ); <br>
} <br>
return( p ); <br>
} /* end of pcap_init */ <br>
static void pcap_read ( pcap_t * p ) <br>
{ <br>
// static u_long count = 0; <br>
while ( 1 ) <br>
{ <br>
pcap_dispatch( p, 1, pcap_callback, NULL ); <br>
// fprintf( stderr, "count = %lu\n", ( long unsigned int )count ); <br>
// count++; <br>
} /* end of while */ <br>
return; <br>
return; <br>
} /* end of pcap_read */ <br>
static void sig_end ( int signo ) <br>
{ <br>
fprintf( stderr, "\n\nsig_end = %d\n", signo ); <br>
exit( SUCCESS ); <br>
} /* end of sig_end */ <br>
Sifunc * signal ( int signo, Sigfunc * func ) <br>
{ <br>
struct sigaction act, oact; <br>
act.sa_handler = func; <br>
sigemptyset( &act.sa_mask ); <br>
act.sa_flags = 0; <br>
if ( signo == SIGALRM ) <br>
{ <br>
#ifdef SA_INTERRUPT <br>
act.sa_flags |= SA_INTERRUPT; /* SunOS 4.x */ <br>
#endif <br>
} <br>
else <br>
{ <br>
#ifdef SA_RESTART <br>
act.sa_flags |= SA_RESTART; /* SVR4, 44BSD */ <br>
#endif <br>
} <br>
if ( sigaction( signo, &act, &oact ) < 0 ) <br>
{ <br>
return( SIG_ERR ); <br>
} <br>
return( oact.sa_handler ); <br>
} /* end of signal */ <br>
static Sigfunc * Signal ( int signo, Sigfunc * func ) /* for our signal() f <br>
unct <br>
ion */ <br>
{ <br>
Sigfunc * sigfunc; <br>
if ( ( sigfunc = signal( signo, func ) ) == SIG_ERR ) <br>
{ <br>
exit( FAILURE ); <br>
} <br>
return( sigfunc ); <br>
} /* end of Signal */ <br>
static void terminate ( void ) <br>
{ <br>
if ( pcap_fd != NULL ) <br>
{ <br>
pcap_close( pcap_fd ); <br>
} <br>
fprintf( stderr, "\n" ); <br>
return; <br>
} /* end of termiate */ <br>
static void usage ( char * arg ) <br>
{ <br>
fprintf( stderr, " Usage: %s [-h] [-d dumplevel] [-i interface] [-s snap <br>
len] <br>
[-t timeout]\n", arg ); <br>
exit( FAILURE ); <br>
} /* end of usage */ <br>
int main ( int argc, char * argv[] ) <br>
{ <br>
char * dev = NULL; <br>
char filter[300] = ""; /* "ip proto \\tcp and dst 192.168.8.90 and tc <br>
p[13 <br>
] & 2 = 2" */ <br>
int snaplen = LIBNET_ETH_H + LIBNET_IP_H + LIBNET_TCP_H; <br>
int timeout = 0; /* 值为0是否表示不设置读超时 */ <br>
int dumplevel = -; <br>
int c, i; <br>
opterr = 0; /* don't want getopt() writing to stderr */ <br>
while ( ( c = getopt( argc, argv, "d:hi:s:t:" ) ) != EOF ) <br>
{ <br>
switch ( c ) <br>
{ <br>
case 'd': <br>
dumplevel = atoi( optarg ); <br>
break; <br>
case 'i': <br>
dev = optarg; /* 指定网络接口设备 */ <br>
break; <br>
case 's': <br>
snaplen = atoi( optarg ); <br>
case 't': <br>
timeout = atoi( optarg ); <br>
break; <br>
case 'h': <br>
case '?': <br>
usage( argv[0] ); <br>
break; <br>
} /* end of switch */ <br>
} /* end of while */ <br>
argc -= optind; <br>
argv += optind; <br>
if ( argc > 0 ) <br>
{ <br>
for ( i = 0; i < argc; i++ ) <br>
{ <br>
if ( ( strlen( filter ) + strlen( argv[i] ) ) > 256 ) <br>
{ <br>
fprintf( stderr, "Checking your filter.\n" ); <br>
return( FAILURE ); <br>
} <br>
stcat( filter, argv[i] ); <br>
strcat( filter, " " ); <br>
} <br>
} <br>
fprintf( stderr, "[ filter --> %s ]\n", filter ); <br>
Atexit( terminate ); <br>
for ( i = 1; i < 9; i++ ) <br>
{ <br>
Signal( i, sig_end ); <br>
} <br>
Signal( SIGTERM, sig_end ); <br>
pcap_fd = pcap_init( dev, filter, snaplen, timeout, dumplevel ); <br>
pcap_read( pcap_fd ); <br>
return( SUCCESS ); <br>
} /* end of main */ <br>
/*----------------------------------------------------------------------*/ <br>
------------------------------------------------------------------------- <br>
Usage: ./pcap [-h] [-d dumplevel] [-i interface] [-s snaplen] [-t timeout] <br>
libpcap的好处还是很多,比如不需要为解析过滤规则耗费精力。这个程序再次演示 <br>
了很多经典Unix编程技巧,比如getopt()、signal()、atexit(),回调函数部分没有 <br>
做什么实际工作,看你自己发挥了。顺便提一句,即使是个小程序,也应该保持良好 <br>
的风格,在华中看到太多不负责任的提问中的垃圾代码,实在是有辱C语言的传奇。 <br>
这里用到的/usr/lib/libnet.a、/usr/lib/libpcap.a是静态库,所以编译好的二进 <br>
制代码放到其它同型主机运行不要求该主机也安装有libnet、libpcap库。 <br>
<待续> <br>
-- <br>
也许有一天,他再从海上蓬蓬的雨点中升起, <br>
飞向西来,再形成一道江流,再冲倒两旁的石壁, <br>
再来寻夹岸的桃花。然而,我不敢说来生,也不敢信来生...... <br>
※ 修改:·scz 於 04月27日09:49:50 修改本文·[FROM: 166.111.4.19] <br>
※ 来源:.武汉白云黄鹤站 bbs.whnet.edu.cn.[FROM: maily.cic.tsingh] <br>
</small><hr>
<p align="center">[<a href="index.htm">回到开始</a>][<a href="516.htm">上一层</a>][<a href="545.htm">下一篇</a>]
<p align="center"><a href="http://cterm.163.net">欢迎访问Cterm主页</a></p>
</table>
</body>
</html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -