linux下面的原始套接字编程问题

NoneSec 2010-06-18 11:21:21
如何侦听来源于指定 IP 地址的数据包,还有就是根据指定的协议类型来过虑包。
书上面说可以通过connect来设定,搞咯半天还是没成功阿,望大家指点一下。
...全文
139 3 打赏 收藏 转发到动态 举报
AI 作业
写回复
用AI写文章
3 条回复
切换为时间正序
请发表友善的回复…
发表回复
smallbear_2008 2010-06-20
  • 打赏
  • 举报
回复
是说的 socket还是 raw socket? 印象中 raw socket是 数据报socket,而不是tcp socket,是不用connect的
NoneSec 2010-06-19
  • 打赏
  • 举报
回复
呵呵,我就是想用原始的套接字来实现,不想用这pcap了。
非兔子_Logic0 2010-06-19
  • 打赏
  • 举报
回复
这个可以用抓包实现的么

老早以前的了,希望对你有帮助

/*author :Logic0
time :2009-1-7
OS :UBUNTU 9.04
compiler:GCC 4.3.3
compile :gcc -o sniffer sniffer.c -lpcap
run :as root
*/

#include <stdio.h>
#include <stdlib.h>
#include <pcap.h> /*use libpcap lib*/
#include <linux/tcp.h>
#include <linux/ip.h>
#include <netinet/if_ether.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <linux/types.h>

#define MAX_LEN_2_SNAP 2048 /*maxlen of packets to grab*/

/*
*define arp flags
*/
#define ARP_REQUEST 1
#define ARP_REPLY 2

/*
*define libpcap error code
*/
#define ERROR_RET -1
#define ERROR_GET NULL

#define PROMISC_MODE 1
#define WAIT_TIME 0

typedef struct my_arphdr
{
u_int16_t ar_hrd; /* format of hardware address */
u_int16_t ar_pro; /* format of protocol address */
unsigned char ar_hln; /* length of hardware address */
unsigned char ar_pln; /* length of protocol address */
u_int16_t ar_op; /* ARP opcode (command) */
unsigned char ar_sha[6]; /* sender hardware address */
unsigned char ar_sip[4]; /* sender IP address */
unsigned char ar_tha[6]; /* target hardware address */
unsigned char ar_tip[4]; /* target IP address */
}ARPHDR_T;

struct bpf_program filter; /*packet filter*/
struct pcap_pkthdr pkthdr; /*libpcap header*/
struct in_addr addr;

bpf_u_int32 netp,maskp;

struct ethhdr *my_ethhdr; /*ethernet packet header*/
struct tcphdr *my_tcphdr; /*tcp packet header*/
struct iphdr *my_iphdr; /*ip packet header*/
ARPHDR_T *my_arphdr; /*arp packet header*/

void construct_filter(struct bpf_program *filter);
int get_dtl(pcap_t * , char *);
int get_ip_packets(pcap_t * , char *);
int get_tcp_packets(pcap_t * , char *);
int get_arp_packets(pcap_t * , char *);
void get_cnt(int *p); /*user input the number of packets to grab*/

int main()
{
int ret = 0; /*return value for error check*/
pcap_t *descr;
char *device,errbuf[PCAP_ERRBUF_SIZE]; /*network device and error buf*/
int choice = 0;

/*
* menu
*/
fprintf(stdout,"0.Type of my datalink\n");
fprintf(stdout,"1.Grab and analyse all packet\n");
fprintf(stdout,"2.Grab and analyse IP packet\n");
fprintf(stdout,"3.Grab and analyse TCP packet\n");
fprintf(stdout,"4.Grab and analyse ARP packet\n");
fprintf(stdout,"YOUR CHOICE:");
scanf("%d",&choice);

/*
* get device
*/
device = pcap_lookupdev(errbuf);
if(device == ERROR_GET)
{
fprintf(stdout,"device get error:%s\n",errbuf);
exit(1);
}
fprintf(stdout,"DEVICE :%s\n",device);

/*
*get and print net and netmask
*/
ret = pcap_lookupnet(device , &netp , &maskp , errbuf);
if(ret == ERROR_RET)
{
fprintf(stdout,"NET find error:%s\n",errbuf);
exit(1);
}
addr.s_addr = netp;
fprintf(stdout,"NET :%s\n",inet_ntoa(addr));
addr.s_addr = maskp;
fprintf(stdout,"NETMASK:%s\n",inet_ntoa(addr));

/*
*open the device
*/
descr = pcap_open_live(device , MAX_LEN_2_SNAP , PROMISC_MODE , WAIT_TIME , errbuf);
if(descr == ERROR_GET)
{
fprintf(stdout,"open device link error:%s\n",errbuf);
exit(1);
}

/*
*process user's choice
*/
while(1)
{
switch(choice)
{
case 0:
get_dtl(descr,errbuf);
break;
case 1:
get_all_packets(descr,errbuf);
break;
case 2:
get_ip_packets(descr,errbuf);
break;
case 3:
get_tcp_packets(descr,errbuf);
break;
case 4:
get_arp_packets(descr,errbuf);
break;
default:
fprintf(stdout,"input error!reinput:\n");
}
fprintf(stdout,"Your choice:");
scanf("%d",&choice);
}

return 0;
}

void get_cnt(int *cnt_p)
{
fprintf(stdout,"input how many packets to grab:");
scanf("%d",cnt_p);
return;
}

int get_dtl(pcap_t *descr , char *err)
{
int ret;
ret = pcap_datalink(descr);

/*
* DLT_EN10MB ------> ETHERNET 10/100/1000MB
* DLT_PPP_ENTHER---> PPPOE
*/
if(ret == DLT_EN10MB)
{
fprintf(stdout,"DATALINK TYPE :Ethernet 10/100/1000MB\n");
return 1;
}
if(ret == DLT_PPP_ETHER)
{
fprintf(stdout,"DATALINK TYPE :PPPOE\n");
return 1;
}
fprintf(stdout,"DATALINK TYPE :OTHER\n");
return 0;
}

int get_ip_packets(pcap_t *descr , char *err)
{
char *packet;
int cnt = 0;

get_cnt(&cnt);

fprintf(stdout,"protocol\tlength\tsrc_ip\t\tdst_ip\n");

while(cnt--)
{
packet = pcap_next(descr , &pkthdr);
my_iphdr = (struct iphdr *)(packet + sizeof(struct ethhdr));
addr.s_addr = my_iphdr->saddr;
fprintf(stdout,"IP\t\t%d\t%s\t",ntohs(my_iphdr->tot_len) ,inet_ntoa(addr));
addr.s_addr = my_iphdr->daddr;
fprintf(stdout,"%s\n",inet_ntoa(addr));
}
return 0;
}

int get_tcp_packets(pcap_t *descr , char *err)
{
char *packet;
int cnt = 0 ;

get_cnt(&cnt);

fprintf(stdout,"protocol\twindow\tSEQ\tack_seq\n");
while(cnt--)
{
packet = pcap_next(descr , &pkthdr);
my_tcphdr = (struct tcphdr *)(packet + sizeof(struct ethhdr)+sizeof(struct iphdr));
fprintf(stdout,"TCP\t\t%d\t%d\t%d\n",ntohs(my_tcphdr->window) ,ntohs( my_tcphdr->seq) ,ntohs( my_tcphdr->ack_seq));
}
return 0;
}

int get_arp_packets(pcap_t *descr , char *err)
{
char *packet;
int cnt = 0;
int i = 0; /*for temp use*/

get_cnt(&cnt);

fprintf(stdout,"protocol\tkind\tsender_mac\ttarget_mac\n");

pcap_compile(descr , &filter , "arp" , 1 , maskp);
pcap_setfilter(descr , &filter);

while(cnt--)
{
packet = pcap_next(descr , &pkthdr);
my_arphdr = (struct arphdr *)(packet + 14);
fprintf(stdout,"ARP\t\t%s\t",ntohs(my_arphdr->ar_op)==ARP_REQUEST?"Request":"Reply");
for(i = 0 ; i < 6 ; i++)
{
fprintf(stdout,"%02X",ntohs(my_arphdr->ar_sha[i]));
}
fprintf(stdout,"\t");
for(i = 0 ; i < 6 ; i++)
{
fprintf(stdout,"%02X",ntohs(my_arphdr->ar_tha[i]));
}
fprintf(stdout,"\n");
}
pcap_compile(descr , &filter , "", 1 , maskp);
pcap_setfilter(descr , &filter);

return 0;
}

int get_all_packets(pcap_t *descr , char *err)
{
char *packet;
int cnt = 0;
struct ether_header *my_eth;

get_cnt(&cnt);

fprintf(stdout,"protocol\tlength\tsrc_ip\t\tdst_ip\n");

while(cnt--)
{
packet = pcap_next(descr , &pkthdr);
my_eth = (struct ethhdr *)packet;
switch(ntohs(my_eth->ether_type))
{
case ETHERTYPE_IP:
fprintf(stdout,"IPV4\t\t");
break;
case ETHERTYPE_ARP:
fprintf(stdout,"ARP\t\t");
break;
case ETHERTYPE_REVARP:
fprintf(stdout,"RARP\t\t");
break;
case ETHERTYPE_IPV6:
fprintf(stdout,"IPV6\t\t");
break;
default:
fprintf(stdout,"OTHER\t\t");
}
fprintf(stdout,"%d\t",pkthdr.len);
my_iphdr = (struct iphdr *)(packet + sizeof(struct ethhdr));
addr.s_addr = my_iphdr->saddr;
fprintf(stdout,"%s\t",inet_ntoa(addr));
addr.s_addr = my_iphdr->daddr;
fprintf(stdout,"%s\n",inet_ntoa(addr));
}
return 0;
}


23,217

社区成员

发帖
与我相关
我的任务
社区描述
Linux/Unix社区 应用程序开发区
社区管理员
  • 应用程序开发区社区
加入社区
  • 近7日
  • 近30日
  • 至今
社区公告
暂无公告

试试用AI创作助手写篇文章吧