linux进去网卡,Linux上使用socket进行网卡抓包
Linux下使用socket進行網卡抓包
有時候需要自己編寫代碼進行抓包,以找出特殊意義的包。
下面是簡單的一個示例:
#include
#include
#include
#include
#include
#include
#include
int main (int argc, char *argv[])
{
int sockfd;
int ret = 0;
char buffer[1518] = {0};
char *eth_head = NULL;
/* PF_PACKET:鏈路層,? SOCK_RAW: 包含 mac頭, ETH_P_ALL: 所有協議??*/
if ((sockfd = socket (PF_PACKET, SOCK_RAW, htons (ETH_P_ALL))) < 0)
{
printf ("create socket failed\n");
return -1;
}
while (1)
{
memset (buffer, 0x0, sizeof (buffer));
ret = recvfrom (sockfd, buffer, sizeof (buffer), 0, NULL, NULL);
printf ("recview package length : %d\n", ret);
eth_head = buffer;
printf ("PACKAGE START\n");
/* get source and dectination mac address */
printf ("dectination mac:%02x-%02x-%02x-%02x-%02x-%02x,"
"source mac:%02x-%02x-%02x-%02x-%02x-%02x;\n", eth_head[0],
eth_head[1], eth_head[2], eth_head[3], eth_head[4],
eth_head[5], eth_head[6], eth_head[7], eth_head[8],
eth_head[9], eth_head[10], eth_head[11]);
printf ("eth_type:%02x%02x\n", eth_head[12], eth_head[13]);
/* ARP proptocol flag */
if (0x08 == eth_head[12] && 0x06 == eth_head[13])
{
printf ("ARP source ip:%d.%d.%d.%d,destination ip:%d.%d.%d.%d;\n",
eth_head[28], eth_head[29], eth_head[30], eth_head[31],
eth_head[38], eth_head[39], eth_head[40], eth_head[41]);
}
/* IPv4 proptocol flag */
else if (0x08 == eth_head[12] && 0x00 == eth_head[13])
{
if (0x45 == eth_head[14])
{
printf ("IPv4 source ip:%d.%d.%d.%d,destination ip:%d.%d.%d."
"%d;\n", eth_head[26], eth_head[27], eth_head[28],
eth_head[29], eth_head[30], eth_head[31],
eth_head[32], eth_head[33]);
}
else
{
printf ("p_head:%02x\n", eth_head[14]);
}
}
printf ("PACKAGE END\n");
}
return 0;
}
總結
以上是生活随笔為你收集整理的linux进去网卡,Linux上使用socket进行网卡抓包的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Windows之vue-cli安装和vu
- 下一篇: linux lanmp 安装教程,lin