13518219792
Download libpcapsource from www.tcpdump.org here
成都創新互聯2013年至今,先為河南等服務建站,河南等地企業,進行企業商務咨詢服務。為河南企業網站制作PC+手機+微官網三網同步一站式服務解決您的所有建站問題。
Download libpcapfor win32 fromwww.winpcap.org
Check out a better pcap tutorial here
Front matter: This is a slightly modified and extended version of my older pcap tutorial. Revisiting this work five years later, I am necessarily dumber (age and beer) yet hopefully somewhat more knowledgeable. Contact information has changed, please send your hate-mail to casado at cs.stanford.edu.
Contents
Intro (You are already here)
Capturing our First Packet
Writing a Basic Packet Capturing Engine
Analyzing packets..... (in progress)
Who this is for: This tutorial assumes a cursory knowledge in networks; what a packet is, Ethernet vs. IP vs. TCP vs. UDP etc. If these concepts are foreign I highly suggest you invest in a good(e.g. probably can't find at Best Buy) networking book. My favorites are:
Computer Networking : A Top-Down Approach Featuring the Internet (3rd Edition) by James F. Kurose, Keith W. Ross
UNIX Network Programming by W. Richard Stevens
The Protocols (TCP/IP Illustrated, Volume 1) by W. Richard Stevens
This tutorial does not assume any previous knowledge in network programming, just a basic familiarity with c. If you already are a c/c++ master, then you might as well just man 3 pcap. You should have a working c compiler on your system and libpcap installed. All source in this section was written and tested on linux, kernel 2.2.14, while it should be mostly portable (hehe) I can't guarantee that it will compile or run on other operating systems. You are going to want to run as root so be careful and be sure not to break your box in the meantime. Oh, and though I have tested and run all the code presented in this tutorial with no problems, I am NOT responsible if your shit breaks and has to be quarantined by the health department... aka play at your own risk....
hcn# gcc ldev.c -lpcap
/* ldev.c 編譯指令 >gcc ldev.c -lpcap 查詢網卡, 展示與該網卡相關的網絡地址和子網掩碼 */ #include#include #include /* GIMME a libpcap plz! */ #include #include #include #include int main(int argc, char **argv) { char *dev; /* 網卡名稱 */ char *net; /* 用點標識的網絡地址 */ char *mask;/* 用點標識的子網掩碼 */ int ret; /* 返回標識 */ char errbuf[PCAP_ERRBUF_SIZE]; /* 錯誤信息 */ bpf_u_int32 netp; /* 網絡地址 */ bpf_u_int32 maskp; /* 子網掩碼 */ struct in_addr addr; /* 通過pcap去發現一個可用的網卡用于嗅探 */ dev = pcap_lookupdev(errbuf); /* 檢測是否找到可用網卡 */ if(dev == NULL) { printf("%s\n",errbuf); exit(1); } /* 打印網卡名稱 */ printf("DEV: %s\n",dev); /* 通過pcap查詢網卡的網絡地址和子網掩碼*/ ret = pcap_lookupnet(dev,&netp,&maskp,errbuf); /* 檢測上不操作是否成功 */ if(ret == -1) { printf("%s\n",errbuf); exit(1); } /* 將網絡地址從網絡格式轉化為人可讀格式*/ addr.s_addr = netp; net = inet_ntoa(addr); /* 檢測轉化是否成功 */ if(net == NULL) { perror("inet_ntoa"); exit(1); } /* 打印網絡地址*/ printf("NET: %s\n",net); /* 將子網掩碼地址從網絡格式轉為人可讀格式*/ addr.s_addr = maskp; mask = inet_ntoa(addr); if(mask == NULL) { perror("inet_ntoa"); exit(1); } /* 打印子網掩碼*/ printf("MASK: %s\n",mask); return 0; }
加入編譯和執行正確,控制臺將顯示如下信息:
DEV: eth0
NET: 192.168.12.0
MASK: 255.255.255.0
The value for DEV is your default interface name (likely eth0 on linux,
could be eri0 on solaris). The NET and MASK values are your primary interface's
subnet and subnet mask. Don't know what those are? Might want to read
this.
"So what did we just do?", you ask. Well, we just asked libpcap
to give us some specs on an interface to listen on.
"Whats an interface?"
Just think of an interface as your computers hardware connection to
whatever network your computer is connected to. On Linux, eth0 denotes
the first Ethernet card in your computer. (btw you can list all of your
interfaces using the ifconfigcommand).
OK at this point we can compile a pcap program that essentially does nothing. On to grabbing our first packet ...
