据说，用SOCKET创建原始套接字，并把网卡设置成“混杂摸式”，就能捕捉到所有从网卡进来的原始网络数据包，恳请各位高手指点指点，哪怕是提供一些相关资料！！

whz_time 2001-11-13 12:46:48

...全文

185 13 打赏收藏转发到动态举报

写回复

用AI写文章

13 条回复

切换为时间正序

请发表友善的回复…

发表回复

shem 2002-02-25

打赏
举报

在清华9#上有个ipman的程序。你可以看看。他可以监听到网络上的所有信息。具体编程也挺方便只要把你需要的那部分代码拷出来就能用。当然还有它提供的几个库

whz_time 2002-02-25

打赏
举报

以前的债，现在还，恳请各位见谅，如果以后各位再遇到“whz_time(雨一直下)”的问题，请多多关照，我自信非常讲信誉！
谢谢

whz_time 2001-11-13

打赏
举报

我非常需要帮助！

whz_time 2001-11-13

打赏
举报

恳请各位高手指点指点,我非常需要这方面的资料

7 2001-11-13

打赏
举报

怎么在这里问啊,去网络版.搜索一下"ip","raw"或者"sniffer",一堆文章...........

raw socket要求在2000下才能实现sniffer.

whz_time 2001-11-13

打赏
举报

对了，在我上面的代码中，我已经做了修改，原文是这样的：
/*structure of an ip header*/　
struct ip { 　　
unsigned int ip_length:4; /*little-endian*/　
unsigned int ip_version:4;
unsigned char ip_tos;　
unsigned short ip_total_length; 　
unsigned short ip_id; 　
unsigned short ip_flags;
unsigned char ip_ttl;
unsigned char ip_protocol;
unsigned short ip_cksum;
unsigned int ip_source; unsigned int ip_dest; 　
};

/* Structure of a TCP header */
struct tcp {
unsigned short tcp_source_port;
unsigned short tcp_dest_port;
unsigned int tcp_seqno; 　
unsigned int tcp_ackno;
unsigned int tcp_res1:4, /*little-endian*/
tcp_hlen:4,
tcp_fin:1,
tcp_syn:1,
tcp_rst:1,
tcp_psh:1,
tcp_ack:1,
tcp_urg:1,
tcp_res2:2;
unsigned short tcp_winsize;
unsigned short tcp_cksum;
unsigned short tcp_urgent;
};
/*********************EOF***********************************/
45.int Set_Promisc(char *interface, int sock ) { 　
46. struct ifreq ifr; 　　　　
47. strncpy(ifr.ifr_name, interface,strnlen(interface)+1);
48. if((ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)) {　　
/*Could not retrieve flags for the interface*/
49. perror("Could not retrive flags for the interface");
50. exit(0);
51. }　
52. printf("The interface is ::: %s\n", interface);　　
53. perror("Retrieved flags from interface successfully");
54. ifr.ifr_flags |= IFF_PROMISC; 　
55. if (ioctl (sock, SIOCSIFFLAGS, &ifr) == -1 ) { 　
/*Could not set the flags on the interface */ 　
56. perror("Could not set the PROMISC flag:");
57. exit(0);　　　
58. }
59. printf("Setting interface ::: %s ::: to promisc",interface);
60. return(0);
61. }

susdj 2001-11-13

打赏
举报

I need too!

whz_time 2001-11-13

打赏
举报

下面这段代码据说是将网卡设置成“混杂模式”，但我用VC++编译不通过，请各位一起分析分析：/////tcpip.h/////
#include "Winsock2.h"
#include <conio.h>
#include <stdio.h>
//#define INTERFACE "eth0"
struct ifreq
{
char *ifr_name;
unsigned short ifr_flags;
};

///*structure of an ip header*/　
struct ip{
unsigned int ip_length:4; /*little-endian*/
unsigned int ip_version:4;
unsigned char ip_tos;
unsigned short ip_total_length;
unsigned short ip_id;
unsigned short ip_flags;
unsigned char ip_ttl;
unsigned char ip_protocol;
unsigned short ip_cksum;
unsigned int ip_source;
unsigned int ip_dest;
};
/////////////////////////////////////////////////////////////

/* Structure of a TCP header */
struct tcp {
unsigned short tcp_source_port;
unsigned short tcp_dest_port;
unsigned int tcp_seqno;
unsigned int tcp_ackno;
unsigned int tcp_res1:4, /*little-endian*/
tcp_hlen:4,
tcp_fin:1,
tcp_syn:1,
tcp_rst:1,
tcp_psh:1,
tcp_ack:1,
tcp_urg:1,
tcp_res2:2;
unsigned short tcp_winsize;
unsigned short tcp_cksum;
unsigned short tcp_urgent;
};
/////////////////////////////////////////////////////////////

int Set_Promisc(char *interface_, int sock ) {
struct ifreq ifr;
memset(&ifr,0,sizeof(ifr) ) ;
strncpy(ifr.ifr_name, interface_,strlen(interface_)+1);
if((ioctlsocket(sock, SIOCATMARK,(u_long FAR *)(&ifr)) == -1)) {//SIOCGIFFLAGS siocgifflags
//ould not retrieve flags for the interface*/
perror("Could not retrive flags for the interface");
exit(0);
}
printf("The interface is ::: %s\n", interface_);
perror("Retrieved flags from interface successfully");
// ifr.ifr_flags |= IFF_PROMISC;
if (ioctlsocket (sock,SIOCATMARK,NULL ) == -1 ) {
//ould not set the flags on the interface */ 　
perror("Could not set the PROMISC flag:");
exit(0);
}
printf("Setting interface ::: %s ::: to promisc",interface_);
return(0);
}

清泉ys 2001-11-13