📄 sniffer1.c
字号:
struct ether_header * eth;
struct ether_arp * arp;
struct ip * ip;
struct icmp * icmp;
struct tcphdr * tcp;
struct udphdr * udp;
eth=(struct ether_header *)p;
print_ether(eth);
if(ntohs(eth->ether_type)==ETHERTYPE_IP)
{
ip=(struct ip *)(p+sizeof(struct ether_header ));
print_ip(ip);
switch(ip->ip_p)
{
case IPPROTO_TCP:
tcp=(struct tcphdr *)(p+sizeof(struct ether_header )+ip->ip_hl*4);
print_tcp(tcp);
break;
case IPPROTO_UDP:
udp=(struct udphdr *)(p+sizeof(struct ether_header )+ip->ip_hl*4);
print_udp(udp);
break;
case IPPROTO_ICMP:
icmp=(struct icmp *)(p+sizeof(struct ether_header )+ip->ip_hl*4);
print_icmp(icmp);
break;
default:
printf("unknow\n");
}
}
else if(ntohs(eth->ether_type)==ETHERTYPE_ARP)
{
arp=(struct ether_arp *)(p+sizeof(struct ether_header ));
print_arp(arp);
}
else
{
printf("unknown\n");
}
dump_packet(p,len);
}
void sniffer_all(u_char * user,const struct pcap_pkthdr * h,const u_char * p)
{
static int count=0;
char time[256];
printf("*******************************************************\n");
printf("Nnmber:%3d" ,++count);
time_t tt;
tt=(h->ts).tv_sec;
sscanf(ctime(&tt),"%*s%*s%*s%s",time);
printf(" time:%s",time);
printf(" size: %d byte\n",h->len);
printf("*******************************************************\n");
read_packet(p,h->len);
}
void sig_alarm(int sig)
{
alarm(1);
printf("%d----%d------%d-----%d-----%d-----%d\n",arp_count,rarp_count,tcp_count,udp_count,icmp_count,other_count);
}
void stat_packet(u_char * user,const struct pcap_pkthdr * h,const u_char * p)
{
struct ether_header * eth;
struct ether_arp * arp;
struct ip * ip;
struct icmp * icmp;
struct tcphdr * tcp;
struct udphdr * udp;
eth=(struct ether_header *)p;
if(ntohs(eth->ether_type)==ETHERTYPE_IP)
{
ip=(struct ip *)(p+sizeof(struct ether_header ));
switch(ip->ip_p)
{
case IPPROTO_TCP:
tcp_count++;
break;
case IPPROTO_UDP:
udp_count++;
break;
case IPPROTO_ICMP:
icmp_count++;
break;
default:
other_count++;
}
}
else if(ntohs(eth->ether_type)==ETHERTYPE_ARP)
{
arp_count++;
}
else if(ntohs(eth->ether_type)==ETHERTYPE_REVARP)
{
rarp_count++;
}
else
{
other_count++;
}
}
void main(int argc ,char ** argv)
{
char device[256];
char filter_expression[256];
char packet[1500];
int packet_size[1000];
int c;
int count=-1;
opt[IF_DEVICE]=OFF;
opt[IF_ALL]=OFF;
opt[IF_FILTER]=OFF;
opt[IF_HELP]=OFF;
opt[IF_SAVE]=OFF;
opt[IF_COUNT]=OFF;
opt[IF_PRO]=OFF;
opt[IF_STATIC]=OFF;
opt[IF_READ]=OFF;
char ebuf[PCAP_ERRBUF_SIZE];
pcap_t * pd;
struct bpf_program filter;
bpf_u_int32 mask;
bpf_u_int32 net;
while((c=getopt(argc,argv,"f:i:c:r:w:hasp"))!=EOF)
{
switch(c){
case 'c':
opt[IF_COUNT]=ON;
count=atoi(optarg);
break;
case 'i':
opt[IF_DEVICE]=ON;
strcpy(device,optarg);
break;
case 'h':
opt[IF_HELP]=ON;
break;
case 'w':
opt[IF_SAVE]=ON;
strcpy(filename,optarg);
break;
case 'r':
opt[IF_READ]=ON;
strcpy(filename,optarg);
break;
case 'f':
opt[IF_FILTER]=ON;
strcpy(filter_expression,optarg);
break;
case 'a' :
opt[IF_ALL]=ON;
break;
case 's':
opt[IF_STATIC]=ON;
break;
case 'p':
opt[IF_PRO]=ON;
break;
default:
help();
}
}
if(opt[IF_HELP]==ON)
{
help();
return;
}
if(opt[IF_SAVE]==ON)
{
int fd1,fd2;
fd1=creat(filename,0644);
if(fd1<0)
{
printf("create file error\n");
exit(1);
}
char temp[256];
strcpy(temp,filename);
fd2=creat(strcat(temp,"_size"),0644);
if(fd2<0)
{
printf("create file error\n");
exit(1);
}
}
if(opt[IF_READ]==ON)
{
int fp1,fp2;
fp1=open(filename,O_RDWR);
if(fp1==-1)
{
printf("open packet file error\n");
exit(1);
}
char temp[256];
strcpy(temp,filename);
fp2=open(strcat(temp,"_size"),O_RDWR);
if(fp2==-1)
{
printf("open packet size file %s error\n",strcat(filename,"_size"));
exit(1);
}
int i=0;
lseek(fp2,0,0);
while(read (fp2,&packet_size[i],sizeof(int)))
{
read(fp1,packet,packet_size[i]);
read_packet(packet,packet_size[i]);
//printf("%d\n",packet_size[i]);
i++;
}
close(fp1);
close(fp2);
return ;
}
if(opt[IF_DEVICE]==OFF)
{
strcpy(device, pcap_lookupdev(ebuf));
printf("listening on %s\n",device);
}
pd=pcap_open_live(device,DEFAULT_SNAPLEN ,opt[IF_PRO],1000,ebuf);
if(pd==NULL)
{
printf("stderr:%s",ebuf);
exit(1);
}
pcap_lookupnet(device, &net, &mask, ebuf);
if(opt[IF_FILTER]==ON)
{
pcap_compile(pd, &filter, filter_expression, 0, net);
pcap_setfilter(pd, &filter);
}
int tos;
if(opt[IF_SAVE]==ON)
{
tos=pcap_loop(pd,count,save_packet,NULL);
if(tos<0)
{
(void) fprintf(stderr,"pcap_loop:%s\n",pcap_geterr(pd));
exit(1);
}
return;
}
if(opt[IF_STATIC]==ON)
{
printf("give a static of the packet\n");
printf("arp--rarp--tcp--udp--icmp--other\n");
signal(SIGALRM,sig_alarm);
alarm(1);
tos=pcap_loop(pd,-1,stat_packet,NULL);
if(tos<0)
{
(void) fprintf(stderr,"pcap_loop:%s\n",pcap_geterr(pd));
exit(1);
}
return;
}
if(opt[IF_ALL]==OFF)
tos=pcap_loop(pd,count,sniffer_main,NULL);
else
tos=pcap_loop(pd,count,sniffer_all,NULL);
if(tos<0)
{
(void) fprintf(stderr,"pcap_loop:%s\n",pcap_geterr(pd));
exit(1);
}
pcap_close(pd);
exit(0);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -