📄 linux_pcap.c

📁 在Linux利用Libpcap实现的一个数据包捕获程序
💻 C
字号:
/***************************************************************//********************This si simple program for*****************//********************Linux OS to capture packet.****************//********************Data:2008.7.8******************************//**********************************************
//struct pcap_pkthdr {
//struct timeval ts; /* 时间戳 */
//bpf_u_int32 caplen; /* 已捕获部分的长度 ***************/
//bpf_u_int32 len; /* 该包的脱机长度 ************/
//};*******************************************/
//*********************************************/
#include"pcap.h"#define ETHER_ADDR_LEN 6#define MAX_SIZE 15#define ip_packet_filter "ip"#define udp_packet_filter "ip and udp"#define tcp_packet_filter "ip and tcp"/****************************************************************************************************//*ip*/typedef struct ip_address{	u_char byte1;	u_char byte2;	u_char byte3;	u_char byte4;}ip_address;/*ip header*/typedef struct ip_header{	u_char ver_ihl;	u_char tos;	u_short tlen;	u_short identification;	u_short flags_fo;	u_char ttl;	u_char proto;	u_short crc;	ip_address saddr;	ip_address daddr;	u_int op_pad;}ip_header;/*tcp header*/typedef struct tcp_header{	u_short SourPort;	u_short DestPort;	u_long SeqNo;	u_long AckNo;	u_char HLen;	u_char Flag;	u_short Window;	u_short ChkSum;	u_short UrgPtr;}tcp_header;/*udp header*/typedef struct udp_header{	u_short sport;	u_short dport;	u_short len;	u_short crc;}udp_header;/*ether header*/typedef struct ether_header{	u_char ether_dhost[ETHER_ADDR_LEN];	u_char ether_shost[ETHER_ADDR_LEN];	u_short ether_type;}ether_header;
/************************************************************************************************/void tcp_packet_handler(u_char *param,const struct pcap_pkthdr *header,const u_char *pkt_data);void udp_packet_handler(u_char *param,const struct pcap_pkthdr *header,const u_char *pkt_data);void ip_packet_handler(u_char *param,const struct pcap_pkthdr *header,const u_char *pkt_data);void ProcessLoop();int Print();int Init();pcap_if_t* alldevs;pcap_if_t* d;int inum;int i;pcap_t* adhandle;char errbuf[PCAP_ERRBUF_SIZE];u_int netmask;struct bpf_program fcode;/************************************************************************************************/int main(){	ProcessLoop();	return 0;}
/******************************************************************************************************/void tcp_packet_handler(u_char *param,const struct pcap_pkthdr *header,const u_char *pkt_data){	struct tm *ltime;	char timestr[16];	ether_header *eth;	ip_header *ip;	tcp_header *tcp;	ltime = (struct tm *)localtime(&header->ts.tv_sec);	strftime(timestr,sizeof timestr,"%H:%M:%S",ltime);	printf("Cpature the TCP Packet:\n");	printf("%s.%.6d Packet_Len:%d\n",timestr,header->ts.tv_usec,header->len);	eth = (ether_header *)pkt_data;	ip = (ip_header *)(pkt_data+sizeof(ether_header));	tcp = (tcp_header *)(pkt_data+sizeof(ether_header)+sizeof(ip_header));	printf("Sour IP: 		%d.%d.%d.%d\n",ip->saddr.byte1,ip->saddr.byte2,ip->saddr.byte3,ip->saddr.byte4);	printf("Dest IP: 		%d.%d.%d.%d\n",ip->daddr.byte1,ip->daddr.byte2,ip->daddr.byte3,ip->daddr.byte4);	printf("SourPort:		%d\n",ntohs(tcp->SourPort));	printf("DestPort:		%d\n",ntohs(tcp->DestPort));	printf("SeqNo:  		%ld\n",ntohl(tcp->SeqNo));	printf("AckNo:  		%ld\n",ntohl(tcp->AckNo));	printf("HeadLen: 		%d\n",tcp->HLen>>4);	printf("HLen:    		%d\n",(tcp->HLen&15)+(tcp->Flag>>6));	printf("Flag:    		%d\n",tcp->Flag&63);	printf("Window:  		%d\n",ntohs(tcp->Window));	printf("ChkSum:  		%d\n",ntohs(tcp->ChkSum));	printf("UrgPtr:  		%d\n",ntohs(tcp->UrgPtr));	printf("=============================================\n");}void udp_packet_handler(u_char* param, const struct pcap_pkthdr* header, const u_char* pkt_data){	struct tm *ltime;	char timestr[16];	ip_header* ih;	udp_header* uh;	u_int ip_len;	ih = (ip_header*)(pkt_data + 14);
	ip_len = (ih->ver_ihl & 0xf) * 4;
	uh = (udp_header*)((u_char*)ih + ip_len);
	ltime = (struct tm *)localtime(&header->ts.tv_sec);	strftime(timestr, sizeof(timestr), "%H:%M:%S", ltime);	printf("Capture the UDP Packet:\n");	printf("%s.%.6d Packet_Len: %d \n", timestr, header->ts.tv_usec, header->len);	printf("Sour IP: 		%d.%d.%d.%d\n",ih->saddr.byte1,ih->saddr.byte2,ih->saddr.byte3,ih->saddr.byte4);	printf("Dent IP: 		%d.%d.%d.%d\n",ih->daddr.byte1,ih->daddr.byte2,ih->daddr.byte3,ih->daddr.byte4);	printf("SourPort:		%d\n",ntohs(uh->sport));	printf("DestPort:		%d\n",ntohs(uh->dport));	printf("PackLen: 		%d\n",ntohs(uh->len));	printf("CRC:     		%d\n",ntohs(uh->crc));	printf("==================================================\n");}void ip_packet_handler(u_char *param,const struct pcap_pkthdr *header,const u_char *pkt_data){	struct tm *ltime;	char timestr[16];	ip_header *ip;	ether_header *eth;	ltime = (struct tm *)localtime(&header->ts.tv_sec);	strftime(timestr, sizeof(timestr), "%H:%M:%S", ltime);	eth=(ether_header *)pkt_data;	//ip=(ip_header *)(pkt_data+sizeof(ether_header));	ip=(ip_header *)(pkt_data +14);	printf("Capture the IP Packet:\n");	printf("%s.%.6d Packet_Len: %d \n", timestr, header->ts.tv_usec, header->len);	printf("Source_IP: 		%d.%d.%d.%d\n",ip->saddr.byte1,ip->saddr.byte2,ip->saddr.byte3,ip->saddr.byte4);	printf("DentistIP: 		%d.%d.%d.%d\n",ip->daddr.byte1,ip->daddr.byte2,ip->daddr.byte3,ip->daddr.byte4);	printf("IP Version:		%d\n",(ip->ver_ihl)>>4);	printf("Header_Len:		%d\n",(ip->ver_ihl&0x0f)*4);	printf("Tos:			");		switch((ip->tos)>>5)//优先级有8种,这里只列了4种		{			case 0:				printf("Routine,");				break;			case 3:				printf("Flash,");				break;			case 6:				printf("Internet work control,");				break;			case 7:				printf("Network Control,");				break;			default:				printf("Unknown,");		}		switch(((ip->tos)>>1)&0x0f)//6种服务类型.		{			case 0:				printf("Normoal servce\n");				break;			case 1:				printf("Minimize monetary cost\n");				break;			case 2:				printf("Maximize reliability\n");				break;			case 4:				printf("Maximize throughput\n");				break;			case 8:				printf("Minimize delay\n");				break;			case 15:				printf("Maximize security\n");				break;			default:				printf("Unknown\n");		}	printf("Total_Len:		%d\n",ntohs(ip->tlen));	printf("Identif:  		%d\n",ntohs(ip->identification));	printf("Flag:     		%d\n",ip->flags_fo>>13);	printf("Offset:    		%d\n",ntohs(ip->flags_fo)&0x1fff);	printf("TimeToLive:		%d\n",ip->ttl);	printf("Protol:			");	switch(ip->proto)//协议子段为8位,这里只列出了常用协议类型	{		case 1:			printf("ICMP\n");			break;		case 2:			printf("IGMP\n");			break;		case 6:			printf("TCP\n");			break;		case 17:			printf("UDP\n");			break;		default:			printf("Unknown\n");	}	printf("Header_CRC:		%d\n",ntohs(ip->crc));	printf("\n================================================================\n");}/*******************************************************************************************************/int Print(){    int i;    printf("\n\t	     MENU");    printf("\n\t================================");    printf("\n\t    1. Capture IP Packet");    printf("\n\t    2. Capture UDP Packet");    printf("\n\t    3. Capture TCP Packet");	//printf("\n\t    4. Capture IP Address Packet");    printf("\n\t    4. Exit");    printf("\n\t================================");    printf("\n\t    Enter a number(1 - 4) ===> ");    scanf(" %d",&i);    while (i < 1 || i > 4)    {        printf("\n\tError!Please Enter again(1 - 4) ===> ");        scanf(" %d", &i);    }    return i;}void ProcessLoop(){    char packet_filter[MAX_SIZE];    i = Print();    while (i != 4)        {			switch(i)			{			case 1:				Init(ip_packet_filter);				pcap_loop(adhandle, 0, ip_packet_handler,NULL);				break;            case 2:				Init(udp_packet_filter);				pcap_loop(adhandle, 0, udp_packet_handler, NULL);				break;			case 3:				Init(tcp_packet_filter);				pcap_loop(adhandle, 0, tcp_packet_handler, NULL);				break;		/*	case 4:				printf("Please input a IP address "dst host"|"src host": ");				//gets(packet_filter);				scanf("%s",packet_filter);				printf("\n");				Init(packet_filter);				pcap_loop(adhandle,0,ip_packet_handler,NULL);				break;		*/            default:				Init(ip_packet_filter);				pcap_loop(adhandle, 0, ip_packet_handler, NULL);				break;			}            i = Print();        }        return ;}/******************************************************************************************/int Init(char packet_filter[]){	int i=0;	if (pcap_findalldevs(&alldevs, errbuf) == -1)	{		fprintf(stderr, "Error in pcap_findalldevs: %s\n", errbuf);		return -1;	}	for (d=alldevs; d; d=d->next)	{		printf("%d. %s", ++i, d->name);		if (d->description)		{			printf(" (%s)\n", d->description);		}		else		{			printf(" (No description available)\n");		}	}	if (i==0)	{		printf("\nNo interfaces found! Make sure Winpcap is installed.\n");		return -1;	}	printf("Enter the interface number (1 - %d):", i);	scanf("%d", &inum);	if (inum<1||inum>i)	{		printf("\nInterface number out of range.\n");		pcap_freealldevs(alldevs);		return -1;	}	for (d = alldevs,i=0; i<inum-1; d = d->next,i++);	if ((adhandle = pcap_open_live(d->name,65536,1,1,errbuf)) == NULL)	{		fprintf(stderr, "\nUnable to open the adapter. %s is not supported by Winpcap\n");		pcap_freealldevs(alldevs);		return -1;	}	 if (pcap_datalink(adhandle) != DLT_EN10MB)	 {		fprintf(stderr, "\nThis program works only on Ethernet networks.\n");		pcap_freealldevs(alldevs);		return -1;	}	/*****wrong sth in Linux***//*	if (d->addresses != NULL) 	{  		netmask = ((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr; 	}*/	else		netmask = 0xffffff;	if (pcap_compile(adhandle, &fcode, packet_filter, 1, netmask) < 0)	{		fprintf(stderr, "\nUnable to compile the packet filter. Check the syntax.\n");		pcap_freealldevs(alldevs);		return -1;	}	if (pcap_setfilter(adhandle, &fcode) < 0)	{		fprintf(stderr, "\nError setting the filter.\n");		pcap_freealldevs(alldevs);		return -1;	}	printf("\nlistening on %s %s ...\n",d->name,d->description);	pcap_freealldevs(alldevs);	return 1;}
💿 文件大小 4 K
👤 上传用户 richard_li_li
📂 所属分类 Linux/Unix编程
🏷️ 相关标签

#Libpcap #Linux #数据包 #捕获程序
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -