Development of sniffer based on Libpcap under Linux

Source: Internet
Author: User

The first is the construction of the platform: reference users: http://blog.csdn.net/fengyun1989/article/details/7384899

LIBPCAP is the network packet capture function package under the Unix/linux platform,

Most network monitoring software is based on it.

Libpcap can work on the vast majority of Unix-like platforms.

LIBPCAP Application Framework

LIBPCAP provides a system-independent, user-level network packet capture interface that takes into account the portability of the application. Libpcap can work on most Unix-like platforms, and under the Windows platform, a function pack WinPcap similar to Libpcap provides capture functionality, and its official website is http://winpcap.polito.it/.

1, install GCC. (Ubuntu is installed by default with GCC)

Command: sudo apt-get install build-essential

Write a Hello program under test:

#include <stdio.h>
int main (void)
{
printf ("Hello, world!/n");
return 0;
}
Assume that the code is saved as a file ' hello.c '.
To compile the file, use the following command: $ gcc-wall hello.c-o Hello

Use./hello execution will show Hello, world!;

2. Compiling the GNU M4
This is the prerequisite for compiling the flex environment, otherwise it will prompt "GNU M4 1.4 is required" error

Open URL: ftp.gnu.org/gnu/m4/download GNU M4 The latest version of the package, the tar zxvf command to extract the files, into the M4 directory, with command LS, you will find an executable file configure, and then execute

./confugure

(sudo) make

(sudo) make install.

In this way, the GNU M4 is compiled and installed.

3. Build Flex (Version 2.5.33)
Without flex, installing Libpcap directly prompts "Your operating system's Lex is insufficient to compile Libpcap" error.

Open URL: flex.sourceforge.net/Download the latest Flex version of the package, unzip the file through the tar zxvf command, enter the Flex directory, with command LS, you will find an executable file configure, and then execute

./confugure

(sudo) make

(sudo) make install.

In this way, Flex is compiled and installed.
4. Compiling Bison (version 2.3)
Installing LIBPCAP directly after installing Flex will prompt "Don't have both Flex and bison;reverting to LEX/YACC" error, the previous installation is Flex, you need to match bison

Open URL: ftp.gnu.org/gnu/bison/Download Bison The latest version of the package, the tar zxvf command to extract the files, into the Bison directory, with the command LS, you will find an executable file configure, and then execute

./confugure

(sudo) make

(sudo) make install.

This way, the Bison is compiled and installed.

5. Compiling Libpcap
The above 4 steps are installed. Just go to www.tcpdump.org/to download the latest version of Libpcap. Then unzip the file and go to the directory. With the LS command, you can also find an executable file configure, and then execute the command in turn:

./confugure

(sudo) make

(sudo) make install.

This way, the Libpcap is compiled and installed.

Some configuration is required after installing the LIBPCAP:

1. Make a symbolic link to/sur/lib/:sudo-s ln/usr/local/lib/libpcap.so.1/usr/lib/libpcap.so.1

2. Copy the Pcap folder in the Iblpcap directory to/usr/include

3. If the runtime still prompts you not to find Libpcap.so.1, enter: sudo ldconfig update the following shared libraries

Instance:

#include <pcap.h>
#include <stdio.h>
int main ()
{
Char errbuf[pcap_errbuf_size], * device;
device = Pcap_lookupdev (ERRBUF);
if (device)
{
printf ("Success:device:%s\n", device);
}
Else
{
printf ("Error:%s\n", errbuf);
}
return 0;
}

Compilation: Gcc-g-wall-o test Test2.c-lpcap (experts can write their own makefile to compile)

Development of sniffer based on Libpcap under Linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.