linux 原始套接字 绑定网卡,Linux网络数据捕获之原始套接字
處于一些目的,有時(shí)需要對(duì)到達(dá)網(wǎng)口的所有網(wǎng)絡(luò)數(shù)據(jù)進(jìn)行捕獲,系統(tǒng)也提供了這樣的接口,稍微懂網(wǎng)絡(luò)編程的都知道SOCK_DGRAM、SOCK_STREAM,差不多就UDP、TCP之類的吧。但是還有一個(gè)很少用的叫SOCK_RAW,原始套接字,使用它你可以捕獲網(wǎng)卡上的所有網(wǎng)絡(luò)數(shù)據(jù),當(dāng)然這需要超級(jí)用戶權(quán)限。貼個(gè)列子吧,網(wǎng)上摘的,具體出處忘了
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include /* the L2 protocols */
#include
#include
#include
#define BUFFER_MAX 2048
int main(int argc, char *argv[])
{
int sock, n_read;
char buffer[BUFFER_MAX];
struct sockaddr_ll sll;
struct ifreq ifstruct;
if((sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0)
{
perror( "create socket error");
return -1;
}
memset(&sll, 0, sizeof(sll));
sll.sll_family = PF_PACKET;
sll.sll_protocol = htons(ETH_P_ALL);
//get net card index ethx->index
strcpy(ifstruct.ifr_name, "eth0");
ioctl(sock, SIOCGIFINDEX, &ifstruct);
sll.sll_ifindex = ifstruct.ifr_ifindex;
//bind net card
if (bind(sock, (struct sockaddr *)&sll, sizeof(sll)) == -1)
{
perror("bind error:\n");
return -1;
}
while(1)
{
n_read = recvfrom(sock, buffer, 2048, 0, NULL, NULL);
if(n_read <= 0)
{
perror("recvfrom\n");
return -1;
}
//process packet
}
return 0;
}
其實(shí)原始套接字不僅可以捕獲數(shù)據(jù),也可以發(fā)送數(shù)據(jù),而且是任意格式的數(shù)據(jù),從MAC頭到IP頭之類的數(shù)據(jù)段都在自己的控制范圍之內(nèi),什么ARP攻擊、
DDoS攻擊之類的都離不開原始套接字吧,不過(guò)這些封包是重點(diǎn),這里篇幅有限不涉及封包了吧,只介紹如何將數(shù)據(jù)發(fā)出去
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include /* the L2 protocols */
#include
#include
#include
#define BUFFER_MAX 2048
int main(int argc, char *argv[])
{
int sockfd;
int n_write;
int n_res;
struct sockaddr_ll sll;
struct ifreq ifstruct;
char buffer[BUFFER_MAX];
char MAC_BUFFER[ETH_ALEN]= {0x00,0x18,0x82,0xab,0xd2,0xf9};
char TYPE_BUFFER[2] = {0x88,0x66};
if((sockfd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0)
{
perror("create socket error:");
return -1;
}
n_res = 0;
n_write = 0;
memset(&sll, 0, sizeof(sll));
sll.sll_family = PF_PACKET;
sll.sll_protocol = htons(ETH_P_ALL);
//get netcard interface index ethx->ifindex
strcpy(ifstruct.ifr_name, "eth0");
ioctl(sockfd, SIOCGIFINDEX, &ifstruct);
sll.sll_ifindex = ifstruct.ifr_ifindex;
//get the local netcard mac
strcpy(ifstruct.ifr_name, "eth0");
ioctl(sockfd, SIOCGIFHWADDR, &ifstruct);
memcpy(sll.sll_addr, ifstruct.ifr_ifru.ifru_hwaddr.sa_data, ETH_ALEN);
sll.sll_halen = ETH_ALEN;
//bind the netcard
if(bind(sockfd, (struct sockaddr *)&sll, sizeof(sll)) == -1)
{
perror("bind error:");
return -1;
}
//get the netcard work mode
memset(&ifstruct, 0, sizeof(ifstruct));
strcpy(ifstruct.ifr_name, "eth0");
if(ioctl(sockfd, SIOCGIFFLAGS, &ifstruct) == -1)
{
perror("iotcl error:");
return -1;
}
//set the netcard work mode
ifstruct.ifr_flags |= IFF_PROMISC;
if(ioctl(sockfd, SIOCSIFFLAGS, &ifstruct) == -1)
{
perror("iotcl()\n");
printf("Fun:%s Line:%d\n", __func__, __LINE__);
return -1;
}
memcpy(buffer,MAC_BUFFER,ETH_ALEN);
memcpy(buffer+6,sll.sll_addr,ETH_ALEN);
memcpy(buffer+12,TYPE_BUFFER,2);
while(1)
{
n_res = sendto(sockfd, buffer, 1024,
0, (struct sockaddr *)&sll, sizeof(sll));
if(n_res < 0)
{
perror("sendto error:");
return -1;
}
n_write += n_res;
if(n_write >= 2048 * 2560)
{
break;
}
}
return 0;
}
總結(jié)
以上是生活随笔為你收集整理的linux 原始套接字 绑定网卡,Linux网络数据捕获之原始套接字的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: 新导智能:智慧养老解决方案_智能养老系统
- 下一篇: linux 其他常用命令