本文主要是介绍原始套接字IP报文嗅探,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
一个简单的Sniffer程序,可以用来捕获和打印接收到的IP数据包。
实现多IP报文、ARP、TCP和UDP的简单打印,
IP报文0800
ARP报文0806
TCP:6
UDP:17
ICMP:1
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <linux/if_ether.h>
#include <linux/in.h>
//#include <arpa/inet.h>
#define BUFFER_MAX 2048struct my_ethhdr {unsigned char h_dest[ETH_ALEN];unsigned char h_source[ETH_ALEN];unsigned short h_proto;
};struct my_arphdr {unsigned short ar_hrd;unsigned short ar_pro;unsigned char ar_hln;unsigned char ar_pln;unsigned short ar_op;unsigned char ar_sha[ETH_ALEN];unsigned char ar_sip[4];unsigned char ar_tha[ETH_ALEN];unsigned char ar_tip[4];
};struct my_iphdr {unsigned char ihl:4, version:4;unsigned char tos;unsigned short tot_len;unsigned short id;unsigned short frag_off;unsigned char ttl;unsigned char protocol;unsigned short check;unsigned int saddr;unsigned int daddr;
};struct my_tcphdr {unsigned short source;unsigned short dest;unsigned int seq;unsigned int ack_seq;unsigned short res1:4, doff:4, fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, res2:2;unsigned short window;unsigned short check;unsigned short urg_ptr;
};struct my_udphdr {unsigned short source;unsigned short dest;unsigned short len;unsigned short check;
};struct my_icmphdr {uint8_t type;uint8_t code;uint16_t checksum;uint32_t data;
};void uint32_ip_2_str_ip(uint32_t ip,char *str_ip) {unsigned char bytes[4];bytes[0] = (ip >> 24) & 0xFF;bytes[1] = (ip >> 16) & 0xFF;bytes[2] = (ip >> 8) & 0xFF;bytes[3] = ip & 0xFF;sprintf(str_ip,"%d.%d.%d.%d", bytes[0], bytes[1], bytes[2], bytes[3]);
}int main(int argc, char *argv[])
{int sock, n_read, proto; char buffer[BUFFER_MAX];struct my_ethhdr *ethhead;struct my_iphdr *iphead;struct my_tcphdr *tcphead;struct my_udphdr *udphead;struct my_icmphdr *icmphead;char *p;if((sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP))) < 0){fprintf(stdout, "create socket error/n");exit(0);}while(1) {n_read = recvfrom(sock, buffer, 2048, 0, NULL, NULL);if(n_read < 46) {fprintf(stdout, "以太网帧数据长度最小为 46 字节\n");continue;}ethhead = (struct my_ethhdr *)buffer;int n = 0XFF;printf("MAC: %.2X:%02X:%02X:%02X:%02X:%02X==>""[%x]""==>""%.2X:%.2X:%.2X:%.2X:%.2X:%.2X\n",ethhead->h_dest[0], ethhead->h_dest[1], ethhead->h_dest[2], ethhead->h_dest[3], ethhead->h_dest[4], ethhead->h_dest[5],ntohs(ethhead->h_proto),ethhead->h_source[0], ethhead->h_source[1], ethhead->h_source[2], ethhead->h_source[3], ethhead->h_source[4], ethhead->h_source[5]);iphead = (struct my_iphdr *)(buffer + 14); char sip[32] = {};char dip[32] = {};uint32_ip_2_str_ip(ntohl(iphead->saddr),sip); uint32_ip_2_str_ip(ntohl(iphead->daddr),dip); printf("IP: %s ==[%d]=> %s\n",sip,iphead->protocol,dip);}
} 使用root权限运行
~/下载/$ sudo ./a.out
MAC: FF:FF:FF:FF:FF:FF==>[800]==>88:34:c1:b4:a1:23
IP: 192.168.10.155 ==[17]=> 192.168.10.255
MAC: 78:ab:be:32:67:1a==>[800]==>c1:34:b4:23:a1:a6
IP: 56.107.67.93 ==[6]=> 192.168.10.14
MAC: 78:ab:be:32:67:1a==>[800]==>c1:34:b4:23:a1:a6
IP: 56.107.67.93 ==[6]=> 192.168.10.14
MAC: 00:00:00:00:00:00==>[800]==>00:00:00:00:00:00
IP: 127.0.0.1 ==[1]=> 127.0.0.1
MAC: 00:00:00:00:00:00==>[800]==>00:00:00:00:00:00
IP: 127.0.0.1 ==[1]=> 127.0.0.1
^C
~/下载/$
更多原始套接字参看下面
https://blog.csdn.net/weixin_43288201/article/details/106266418这篇关于原始套接字IP报文嗅探的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
