Linux Network Programming--Original Socket instance: Analysis of MAC head message

Source: Internet
Author: User
Tags sprintf htons

Through the Linux network programming-the original socket programming, we know that we can get the link layer packets through the raw sockets and recvfrom (), what is the link layer Packet we receive ?

Link Layer envelope format

MAC head (wired LAN)

Note: CRC, PAD can be ignored when group package

One of the scenarios of a link-layer packet:

1UnsignedCharmsg[1024x768] = {2     //--------------Group mac--------------3     0xb8,0x88,0xe3,0xe1,0x10,0xe6,//Dst_mac:b8:88:e3:e1:10:e64     0xc8,0x9c,0xdc,0xb7,0x0f,0x19,//src_mac:c8:9c:dc:b7:0f:195     0x08,0x00,//type: 0x0800 IP protocol6     //... ....7     //... ....8};

Receive the link-layer packets and perform a simple analysis of them:

1#include <stdio.h>2#include <string.h>3#include <stdlib.h>4#include <sys/socket.h>5#include <netinet/inch.h>6#include <arpa/inet.h>7#include <netinet/ether.h>8 9 intMainintargcChar*argv[])Ten { One     inti =0; AUnsignedCharbuf[1024x768] =""; -     intSOCK_RAW_FD =sockets (Pf_packet, Sock_raw, htons (Eth_p_all)); -      while(1) the     { -UnsignedCharsrc_mac[ -] =""; -UnsignedChardst_mac[ -] =""; -         //get the data frame of the link layer +Recvfrom (SOCK_RAW_FD, buf,sizeof(BUF),0, null,null); -         //Extract destination Mac, source Mac from Buf +sprintf (Dst_mac,"%02x:%02x:%02x:%02x:%02x:%02x", buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]); Asprintf (Src_mac,"%02x:%02x:%02x:%02x:%02x:%02x", buf[6], buf[7], buf[8], buf[9], buf[Ten], buf[ One]); at         //determine if an IP packet -         if(buf[ A]==0x08&& buf[ -]==0x00) -         {     -printf"______________ip Data Report _______________\n"); -printf"mac:%s >>%s\n", Src_mac,dst_mac); -}//determine if the ARP packet in         Else if(buf[ A]==0x08&& buf[ -]==0x06) -         { toprintf"______________arp Data Report _______________\n"); +printf"mac:%s >>%s\n", Src_mac,dst_mac); -}//determine if the packet is Rarp the         Else if(buf[ A]==0x80&& buf[ -]==0x35) *         { $printf"______________rarp Data Report _______________\n");Panax Notoginsengprintf"mac:%s>>%s\n", Src_mac,dst_mac); -         } the     } +     return 0; A}

Remember to run the program with Administrator privileges:

Each packet header has a corresponding structure, which can be easily carried out by grouping or unpacking packets.

The files describing the network protocol structure in Ubuntu 12.04 are as follows:

Ethernet header (Required header file: #include <net/ethernet.h>):

The above example is instead implemented with a struct, as follows:

1#include <stdio.h>2#include <string.h>3#include <stdlib.h>4#include <sys/socket.h>5#include <netinet/inch.h>6#include <arpa/inet.h>7#include <netinet/ether.h>8#include <net/ethernet.h>//Ethernet Header File9#include <netinet/ip.h>//IP Header FileTen //#include <net/if_arp.h>//ARP header file One  A intMainintargcChar*argv[]) - { -     inti =0; theUnsignedCharbuf[1024x768] =""; -     intSOCK_RAW_FD =sockets (Pf_packet, Sock_raw, htons (Eth_p_all)); -      while(1) -     { +UnsignedCharsrc_mac[ -] =""; -UnsignedChardst_mac[ -] =""; +         //get the data frame of the link layer ARecvfrom (SOCK_RAW_FD, buf,sizeof(BUF),0, null,null); at          -         //extracting Mac header information from data (14 bytes) -         structEther_header *ETHDR =NULL; -ETHDR = (structEther_header *) buf; -          -         //Extract destination Mac, source Mac from Buf insprintf (Dst_mac,"%02x:%02x:%02x:%02x:%02x:%02x", ethdr->ether_dhost[0], ethdr->ether_dhost[1],ethdr->ether_dhost[2],ethdr->ether_dhost[3],ethdr->ether_dhost[4],ethdr->ether_dhost[5]); -sprintf (Src_mac,"%02x:%02x:%02x:%02x:%02x:%02x", ethdr->ether_shost[0], ethdr->ether_shost[1],ethdr->ether_shost[2],ethdr->ether_shost[3],ethdr->ether_shost[4],ethdr->ether_shost[5]); to          +         //determine if an IP packet -         if(0x0800= = Ntohs (ethdr->ether_type)) the         {     *printf"______________ip Data Report _______________\n"); $printf"mac:%s >>%s\n", Src_mac,dst_mac);Panax Notoginseng              -}//0x0806 for ARP packets, 0x8035 for RARP packets the         Else if(0x0806= = Ntohs (ethdr->ether_type) | |0x8035= = Ntohs (ethdr->ether_type)) +         { Aprintf"______________arp Data Report _______________\n"); theprintf"mac:%s >>%s\n", Src_mac,dst_mac); +         } -          $     } $     return 0; -}

Transferred from: http://blog.csdn.net/tennysonsky/article/details/44751997

Linux Network Programming--Original Socket instance: Analysis of MAC head message

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.