Development of sniffer based on Libpcap under Linux

The first is the construction of the platform: reference users: http://blog.csdn.net/fengyun1989/article/details/7384899

LIBPCAP is the network packet capture function package under the Unix/linux platform,

Most network monitoring software is based on it.

Libpcap can work on the vast majority of Unix-like platforms.

LIBPCAP Application Framework

LIBPCAP provides a system-independent, user-level network packet capture interface that takes into account the portability of the application. Libpcap can work on most Unix-like platforms, and under the Windows platform, a function pack WinPcap similar to Libpcap provides capture functionality, and its official website is http://winpcap.polito.it/.

1, install GCC. (Ubuntu is installed by default with GCC)

Command: sudo apt-get install build-essential

Write a Hello program under test:

#include <stdio.h>
int main (void)
{
printf ("Hello, world!/n");
return 0;
}
Assume that the code is saved as a file ' hello.c '.
To compile the file, use the following command: $ gcc-wall hello.c-o Hello

Use./hello execution will show Hello, world!;

2. Compiling the GNU M4
This is the prerequisite for compiling the flex environment, otherwise it will prompt "GNU M4 1.4 is required" error

Open URL: ftp.gnu.org/gnu/m4/download GNU M4 The latest version of the package, the tar zxvf command to extract the files, into the M4 directory, with command LS, you will find an executable file configure, and then execute

./confugure

(sudo) make

(sudo) make install.

In this way, the GNU M4 is compiled and installed.

3. Build Flex (Version 2.5.33)
Without flex, installing Libpcap directly prompts "Your operating system's Lex is insufficient to compile Libpcap" error.

Open URL: flex.sourceforge.net/Download the latest Flex version of the package, unzip the file through the tar zxvf command, enter the Flex directory, with command LS, you will find an executable file configure, and then execute

./confugure

(sudo) make

(sudo) make install.

In this way, Flex is compiled and installed.
4. Compiling Bison (version 2.3)
Installing LIBPCAP directly after installing Flex will prompt "Don't have both Flex and bison;reverting to LEX/YACC" error, the previous installation is Flex, you need to match bison

Open URL: ftp.gnu.org/gnu/bison/Download Bison The latest version of the package, the tar zxvf command to extract the files, into the Bison directory, with the command LS, you will find an executable file configure, and then execute

./confugure

(sudo) make

(sudo) make install.

This way, the Bison is compiled and installed.

5. Compiling Libpcap
The above 4 steps are installed. Just go to www.tcpdump.org/to download the latest version of Libpcap. Then unzip the file and go to the directory. With the LS command, you can also find an executable file configure, and then execute the command in turn:

./confugure

(sudo) make

(sudo) make install.

This way, the Libpcap is compiled and installed.

Some configuration is required after installing the LIBPCAP:

1. Make a symbolic link to/sur/lib/:sudo-s ln/usr/local/lib/libpcap.so.1/usr/lib/libpcap.so.1

2. Copy the Pcap folder in the Iblpcap directory to/usr/include

3. If the runtime still prompts you not to find Libpcap.so.1, enter: sudo ldconfig update the following shared libraries

Instance:

#include <pcap.h>
#include <stdio.h>
int main ()
{
Char errbuf[pcap_errbuf_size], * device;
device = Pcap_lookupdev (ERRBUF);
if (device)
{
printf ("Success:device:%s\n", device);
}
Else
{
printf ("Error:%s\n", errbuf);
}
return 0;
}

Compilation: Gcc-g-wall-o test Test2.c-lpcap (experts can write their own makefile to compile)

Development of sniffer based on Libpcap under Linux