linux下面的原始套接字编程问题

NoneSec 2010-06-18 11:21:21
如何侦听来源于指定 IP 地址的数据包,还有就是根据指定的协议类型来过虑包。
书上面说可以通过connect来设定,搞咯半天还是没成功阿,望大家指点一下。
...全文
139 3 打赏 收藏 转发到动态 举报
AI 作业
写回复
用AI写文章
3 条回复
切换为时间正序
请发表友善的回复…
发表回复
smallbear_2008 2010-06-20
  • 打赏
  • 举报
 回复
是说的 socket还是 raw socket? 印象中 raw socket是 数据报socket,而不是tcp socket,是不用connect的
NoneSec 2010-06-19
  • 打赏
  • 举报
 回复
呵呵,我就是想用原始的套接字来实现,不想用这pcap了。
非兔子_Logic0 2010-06-19
  • 打赏
  • 举报
 回复
这个可以用抓包实现的么

老早以前的了,希望对你有帮助


/*author  :Logic0

  time    :2009-1-7

  OS      :UBUNTU 9.04

  compiler:GCC 4.3.3

  compile :gcc -o sniffer sniffer.c -lpcap

  run     :as root

*/



#include <stdio.h>

#include <stdlib.h>

#include <pcap.h>                           /*use libpcap lib*/

#include <linux/tcp.h>

#include <linux/ip.h>

#include <netinet/if_ether.h>

#include <sys/socket.h>

#include <netinet/in.h>

#include <arpa/inet.h>

#include <linux/types.h>



#define MAX_LEN_2_SNAP 2048                 /*maxlen of packets to grab*/           



/*

 *define arp flags

 */

#define ARP_REQUEST 1

#define ARP_REPLY 2



/*

 *define libpcap error code

 */

#define ERROR_RET -1

#define ERROR_GET NULL



#define PROMISC_MODE 1

#define WAIT_TIME 0



typedef struct my_arphdr

{

	u_int16_t		ar_hrd;		/* format of hardware address	*/

	u_int16_t	    ar_pro;		/* format of protocol address	*/

	unsigned char	ar_hln;		/* length of hardware address	*/

	unsigned char	ar_pln;		/* length of protocol address	*/

    u_int16_t		ar_op;		/* ARP opcode (command)		*/

	unsigned char		ar_sha[6];	    /* sender hardware address	*/

	unsigned char		ar_sip[4];		/* sender IP address		*/

	unsigned char		ar_tha[6];	    /* target hardware address	*/

	unsigned char		ar_tip[4];		/* target IP address		*/

}ARPHDR_T;



struct bpf_program filter;             /*packet filter*/

struct pcap_pkthdr pkthdr;             /*libpcap header*/

struct in_addr addr;



bpf_u_int32 netp,maskp;



struct ethhdr *my_ethhdr;                  /*ethernet packet header*/

struct tcphdr *my_tcphdr;                  /*tcp packet header*/

struct iphdr  *my_iphdr;                   /*ip packet header*/

ARPHDR_T      *my_arphdr;                  /*arp packet header*/



void construct_filter(struct bpf_program *filter);

int get_dtl(pcap_t * , char *);

int get_ip_packets(pcap_t * , char *);

int get_tcp_packets(pcap_t * , char *);

int get_arp_packets(pcap_t * , char *);

void get_cnt(int *p);                       /*user input the number of packets to grab*/



int main()

{

     int ret = 0;                           /*return value for error check*/

     pcap_t *descr;

     char *device,errbuf[PCAP_ERRBUF_SIZE]; /*network device  and  error buf*/

     int choice = 0;



     /*

      *       menu          

      */

     fprintf(stdout,"0.Type of my datalink\n");

     fprintf(stdout,"1.Grab and analyse all packet\n");

     fprintf(stdout,"2.Grab and analyse IP packet\n");

     fprintf(stdout,"3.Grab and analyse TCP packet\n");

     fprintf(stdout,"4.Grab and analyse ARP packet\n");

     fprintf(stdout,"YOUR CHOICE:");

     scanf("%d",&choice);



     /*

      *    get device       

      */

     device = pcap_lookupdev(errbuf);

     if(device == ERROR_GET)

     {

          fprintf(stdout,"device get error:%s\n",errbuf);

          exit(1);

     }

     fprintf(stdout,"DEVICE :%s\n",device);



     /* 

      *get and print net and netmask 

      */

     ret = pcap_lookupnet(device , &netp , &maskp , errbuf);

     if(ret == ERROR_RET)

     {

          fprintf(stdout,"NET find error:%s\n",errbuf);

          exit(1);

     }

     addr.s_addr = netp;

     fprintf(stdout,"NET    :%s\n",inet_ntoa(addr));

     addr.s_addr = maskp;

     fprintf(stdout,"NETMASK:%s\n",inet_ntoa(addr));



     /*

      *open the device 

      */

     descr = pcap_open_live(device , MAX_LEN_2_SNAP , PROMISC_MODE , WAIT_TIME , errbuf);

     if(descr == ERROR_GET)

     {

          fprintf(stdout,"open device link error:%s\n",errbuf);

          exit(1);

     }

     

     /*

      *process user's choice 

      */

     while(1)

     { 

          switch(choice)

          {

               case 0:

                    get_dtl(descr,errbuf);

                    break;

               case 1:

                    get_all_packets(descr,errbuf);

                    break;

               case 2:

                    get_ip_packets(descr,errbuf);

                    break;

               case 3:

                    get_tcp_packets(descr,errbuf);

                    break;

               case 4:

                    get_arp_packets(descr,errbuf);

                    break;

               default:

                    fprintf(stdout,"input error!reinput:\n");

          }

          fprintf(stdout,"Your choice:");

          scanf("%d",&choice);

     }

     

     return 0;

}



void get_cnt(int *cnt_p)

{

    fprintf(stdout,"input how many packets to grab:");

    scanf("%d",cnt_p);

    return;

}



int get_dtl(pcap_t *descr , char *err)

{

     int ret;

     ret = pcap_datalink(descr);

     

     /*

      * DLT_EN10MB ------> ETHERNET 10/100/1000MB

      * DLT_PPP_ENTHER---> PPPOE

      */

     if(ret == DLT_EN10MB)

     {

          fprintf(stdout,"DATALINK TYPE :Ethernet 10/100/1000MB\n");

          return 1;

     }

     if(ret == DLT_PPP_ETHER)

     {

          fprintf(stdout,"DATALINK TYPE :PPPOE\n");

          return 1;

     }

     fprintf(stdout,"DATALINK TYPE :OTHER\n");

     return 0;

}



int get_ip_packets(pcap_t *descr , char *err)

{

     char *packet;

     int cnt = 0;

     

     get_cnt(&cnt);

     

     fprintf(stdout,"protocol\tlength\tsrc_ip\t\tdst_ip\n");

     

     while(cnt--)

     {

          packet = pcap_next(descr , &pkthdr);

          my_iphdr = (struct iphdr *)(packet + sizeof(struct ethhdr));

          addr.s_addr = my_iphdr->saddr;

          fprintf(stdout,"IP\t\t%d\t%s\t",ntohs(my_iphdr->tot_len) ,inet_ntoa(addr));

          addr.s_addr = my_iphdr->daddr;

          fprintf(stdout,"%s\n",inet_ntoa(addr));

     }

     return 0;

}



int get_tcp_packets(pcap_t *descr , char *err)

{

     char *packet;

     int cnt = 0 ;



     get_cnt(&cnt);

     

     fprintf(stdout,"protocol\twindow\tSEQ\tack_seq\n");

     while(cnt--)

     {

          packet = pcap_next(descr , &pkthdr);

          my_tcphdr = (struct tcphdr *)(packet + sizeof(struct ethhdr)+sizeof(struct iphdr));

          fprintf(stdout,"TCP\t\t%d\t%d\t%d\n",ntohs(my_tcphdr->window) ,ntohs( my_tcphdr->seq) ,ntohs( my_tcphdr->ack_seq));

     }

     return 0;

}



int get_arp_packets(pcap_t *descr , char *err)

{

     char *packet;

     int cnt = 0;

     int i = 0;                 /*for temp use*/

     

     get_cnt(&cnt);

     

     fprintf(stdout,"protocol\tkind\tsender_mac\ttarget_mac\n");



     pcap_compile(descr , &filter , "arp" , 1 , maskp);

     pcap_setfilter(descr , &filter);

     

     while(cnt--)

     {

          packet = pcap_next(descr , &pkthdr);

          my_arphdr = (struct arphdr *)(packet + 14);

          fprintf(stdout,"ARP\t\t%s\t",ntohs(my_arphdr->ar_op)==ARP_REQUEST?"Request":"Reply");

          for(i = 0 ; i < 6 ; i++)

          {

               fprintf(stdout,"%02X",ntohs(my_arphdr->ar_sha[i]));

          }

          fprintf(stdout,"\t");

          for(i = 0 ; i < 6 ; i++)

          {

               fprintf(stdout,"%02X",ntohs(my_arphdr->ar_tha[i]));

          }

          fprintf(stdout,"\n");

     }

     pcap_compile(descr , &filter , "", 1 , maskp);

     pcap_setfilter(descr , &filter);

     

     return 0;

}



int get_all_packets(pcap_t *descr , char *err)

{

     char *packet;

     int cnt = 0;

     struct ether_header *my_eth;

     

     get_cnt(&cnt);

     

     fprintf(stdout,"protocol\tlength\tsrc_ip\t\tdst_ip\n");

 

     while(cnt--)

     {

          packet = pcap_next(descr , &pkthdr);

          my_eth = (struct ethhdr *)packet;

          switch(ntohs(my_eth->ether_type))

          {

               case ETHERTYPE_IP:

                    fprintf(stdout,"IPV4\t\t");

                    break;

               case ETHERTYPE_ARP:

                    fprintf(stdout,"ARP\t\t");

                    break;

               case ETHERTYPE_REVARP:

                    fprintf(stdout,"RARP\t\t");

                    break;

               case ETHERTYPE_IPV6:

                    fprintf(stdout,"IPV6\t\t");

                    break;

               default:

                    fprintf(stdout,"OTHER\t\t");

          }

          fprintf(stdout,"%d\t",pkthdr.len);

          my_iphdr = (struct iphdr *)(packet + sizeof(struct ethhdr));

          addr.s_addr = my_iphdr->saddr;

          fprintf(stdout,"%s\t",inet_ntoa(addr));

          addr.s_addr = my_iphdr->daddr;

          fprintf(stdout,"%s\n",inet_ntoa(addr)); 

     }

     return 0;

}
Linux网络编程——原始套接字编程
原始套接字编程和之前的 UDP 编程差不多,无非就是创建一个套接字后,通过这个套接字接收数据或者发送数据。区别在于,原始套接字可以自行组装数据包(伪装本地 IP,本地 MAC),可以接收本机网卡上所有的数据帧...
Linux网络编程原始套接字简介
Linux网络编程原始套接字编程 一、原始套接字用途 通常情况下程序员接所接触到的套接字(Socket)为两类: 流式套接字(SOCK_STREAM):一种面向连接的Socket,针对于面向连接的TCP 服务应用; 数据报式套接字(SOCK...
原始套接字编程,图文并茂解决网络编程烦恼
原始套接字编程相对于普通套接字编程难度更高,初学者很难掌握,本文章通过图文方式讲解原始套接字编程,学完后菜鸟便大神。
Linux原始套接字实现分析
对于IP报文,在协议栈的ip_local_deliver_finish()函数中会匹配是否有注册的网络层原始套接字,若匹配上就通过skb_clone()克隆报文并交给相应的原始套接字来处理。对于IP报文,在协议栈的ip_local_deliver_finish()...
linux原始套接字编程
1. 面向IP层的原始套接字编程 -----------------------------------------------------------------------------------------------------------------------------  socket(AF_INET,SOCK_RAW,protocol)  [1]. ...
Linux/Unix社区

23,217

社区成员

74,540

社区内容

发帖
与我相关
我的任务
社区描述
Linux/Unix社区 应用程序开发区
社区管理员
  • 应用程序开发区社区
加入社区
  • 近7日
  • 近30日
  • 至今

加载中

查看更多榜单
社区公告
暂无公告

试试用AI创作助手写篇文章吧

+ 用AI写文章