请教有关sniffer和mtu大小的问题。
hegu 2011-01-15 05:53:58 具体代码见最后。
1.我用“sock = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL))”,能抓包,用“
sock = socket(AF_INET, SOCK_RAW, IPPROTO_TCP))”就只能抓收到的包,不能抓发送
的包,请问是为什么呀?
2.我在一台机器上运行"cat a.dat | nc -l 9090",在另外一台机器上运行“nc 10.29
.70.61 9090 > a.dat ”,我看程序打出的部分log是:
ssum = 10021512,size= 64294,ipsize=64280
ssum = 10085806,size= 64294,ipsize=64280
ssum = 10150100,size= 64294,ipsize=64280
ssum = 10214394,size= 64294,ipsize=64280
ssum = 10278688,size= 64294,ipsize=64280
ssum = 10342982,size= 64294,ipsize=64280
ssum = 10407276,size= 64294,ipsize=64280
ssum = 10471570,size= 64294,ipsize=64280
ssum = 10535864,size= 64294,ipsize=64280
ssum = 10537378,size= 1514,ipsize=1500
ssum = 10538892,size= 1514,ipsize=1500
ssum = 10540406,size= 1514,ipsize=1500
ssum = 10541920,size= 1514,ipsize=1500
ssum = 10543434,size= 1514,ipsize=1500
ssum = 10544948,size= 1514,ipsize=1500
ssum = 10546462,size= 1514,ipsize=1500
ssum = 10547976,size= 1514,ipsize=1500
ssum = 10549490,size= 1514,ipsize=1500
ssum = 10551004,size= 1514,ipsize=1500
ssum = 10552518,size= 1514,ipsize=150
ssum = 10554032,size= 1514,ipsize=1500
ssum = 10555546,size= 1514,ipsize=1500
怎么会有64280这么大的ip包呀?
代码如下:
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/ip.h>
#include <string.h>
#include <netdb.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <net/if.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <linux/if_ether.h>
#include <net/ethernet.h>
#include <string.h>
void die(char *why, int n)
{
perror(why);
exit(n);
}
int do_promisc(char *nif, int sock )
{
struct ifreq ifr;
strncpy(ifr.ifr_name, nif,strlen(nif)+1);
if((ioctl(sock, SIOCGIFFLAGS, &ifr) == -1))
{
die("ioctl", 2);
}
ifr.ifr_flags |= IFF_PROMISC;
if(ioctl(sock, SIOCSIFFLAGS, &ifr) == -1 )
{
die("ioctl", 3);
}
}
#define SNIFFER_ALL
int main(int argc, char* argv[])
{
struct sockaddr_in addr;
struct ether_header *peth;
struct iphdr *pip;
struct tcphdr *ptcp;
struct udphdr *pudp;
char mac[16];
int i,sock, r, len;
char *data;
char *ptemp;
char ss[32],dd[32];
char buf[100*1024] = {0};
int rsum = 0;
int ssum = 0;
int ether_header_size = 0;
unsigned short sport = 0;
unsigned short dport = 0;
if(argc < 3)
{
printf("Usage:\n");
printf(" -sport port");
printf(" -dport port");
printf("\nExample:\ntcpsniffer -sport 81 -dport 81\n");
return -1;
}
else
{
int i;
for(i=1;i<argc;i++)
{
if(!strcmp(argv[i],"-sport"))
{
sport = atoi(argv[i+1]);
i++;
continue;
}
if(!strcmp(argv[i],"-dport"))
{
dport = atoi(argv[i+1]);
i++;
continue;
}
}
}
#ifdef SNIFFER_ALL
ether_header_size = sizeof(struct ether_header);
if((sock = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) == -1)
#else
if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_TCP)) == -1)
#endif
{
die("socket", 1);
}
do_promisc("eth0", sock);
system("ifconfig");
pip = (struct iphdr *)(buf+ether_header_size);
ptcp = (struct tcphdr *)(buf+ether_header_size+sizeof(struct iphdr));
for(;;)
{
len = sizeof(addr);
r = recvfrom(sock,(char *)&buf,sizeof(buf), 0, (struct sockaddr*)&addr,&len);
switch(pip->protocol)
{
case IPPROTO_TCP:
if(ntohs(ptcp->source) == sport)
{
ssum += r;
//printf("TCP pkt :FORM:[%s]:[%d]\n",inet_ntoa(*(struct in_addr*)&(pip->saddr)),ntohs(ptcp->source));
//printf("TCP pkt :TO:[%s]:[%d]\n",inet_ntoa(*(struct in_addr*)&(pip->daddr)),ntohs(ptcp->dest));
printf("ssum = %d,size= %d,ipsize=%d\n",ssum,r,ntohs(pip->tot_len));
}
if((ntohs(ptcp->dest)) == dport)
{
rsum += r;
//printf("TCP pkt :FORM:[%s]:[%d]\n",inet_ntoa(*(struct in_addr*)&(pip->saddr)),ntohs(ptcp->source));
//printf("TCP pkt :TO:[%s]:[%d]\n",inet_ntoa(*(struct in_addr*)&(pip->daddr)),ntohs(ptcp->dest));
printf("rsum = %d,size= %d,ipsize=%d\n",rsum,r,ntohs(pip->tot_len));
}
default:
break;
}
}
return 0;
}