PACP (1)
来源:互联网 发布:javascript 清空 编辑:程序博客网 时间:2024/05/16 11:53
#include <stdio.h>
#include <pcap.h>
#include <netinet/if_ether.h>
//其中,user作为用户自定义的数据,
//传入给callback的args参数,callback将监听到的数据和信息分别存入packet和header。
void deal_with_packet(u_char *user, const struct pcap_pkthdr *hdr, const u_char *packet)
{
static int count=0;
struct ether_header *eth_header;
u_char *ptr;
printf("Packet length: %d\n",hdr->len);
printf("length of portion present: %d\n",hdr->caplen);
eth_header=(struct ether_header*)packet;
if(ntohs(eth_header->ether_type)!=ETHERTYPE_IP){
printf("not ethernet packet\n ");
return ;
}
ptr=eth_header->ether_dhost;
int i;
i=0;
printf("destination address(MAC):");
while(i<ETHER_ADDR_LEN){
printf(" %x ",*ptr++);
i++;
}
printf("\nsource address(MAC):");
ptr=eth_header->ether_shost;
i=0;
while(i<ETHER_ADDR_LEN){
printf(" %x ",*ptr++);
i++;
}
printf("\n");
printf("finish deal with %d packet\n",count);
count++;
}
int main(void)
{
pcap_t *sniffer_des;
char errbuf[PCAP_ERRBUF_SIZE];
char *net_dev;
bpf_u_int32 netp;
bpf_u_int32 maskp;
struct bpf_program fp;
int ret;
char filter_exp[]="port 22";
net_dev=pcap_lookupdev(errbuf);
if(net_dev==NULL){
printf("cannot get the network device info: %s\n",errbuf);
return 1;
}
if(pcap_lookupnet(net_dev,&netp,&maskp,errbuf)==-1){
printf("cannot get the network device ip info:%s\n",errbuf);
return 1;
}
sniffer_des=pcap_open_live(net_dev, 65535, 1, 1000, errbuf);
if(sniffer_des==NULL){
printf("cannot open the network device: %s\n",errbuf);
return 1;
}
if(pcap_compile(sniffer_des, &fp, filter_exp, 0, maskp)==-1){
printf("cannot compile the filter rule\n");
return 1;
}
if(pcap_setfilter(sniffer_des,&fp)==-1){
printf("cannot set the filter to the network device\n");
return 1;
}
//循环监听数据报deal_with_packet 回调处理数据
//pcap_loop和pcap_dispatch的区别在于,前者会一直读取数据,
直到读取了cnt个数据包,后者会在pcap_open_live设置的timeout时间到了之后返回
ret=pcap_loop(sniffer_des,3,deal_with_packet,NULL);
if(ret==-1 || ret==-2){
printf("cannot get the packet\n");
return 1;
}
printf("finish processing packets....\n");
return 0;
}
- PACP (1)
- pacp 网络数据包抓取
- wireshark pacp文件的格式
- 1
- 1
- 1
- 1
- 1
- 1
- 1》
- 1
- 1
- 1
- 1
- (1)
- 1
- 1
- 1
- Unity Loading Resources at Runtime
- 加速访问Google
- Address already in use:JVM_Bind:30000(端口被占用)
- Windows驱动中的中断
- FlexPaper错误:Error #2032和本地空白页面
- PACP (1)
- C# 操作 AD
- Android 错误 The method onClick(View) of type new View.OnClickListener(){} must override a superclas
- 【Link Program】使用ABAP Memory与SAP Memory
- 并查集
- 判断栈的增长方向
- jbpm5.3 mysql 错误 Could not initialize StatefulKnowledgeSession
- android init launch
- C语言运算符和结合性