How to capture Network Data Frames Based on Linux

Article Title: methods and ideas for capturing network data frames based on Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
At present, many Linux Release versions have been released in China, which are focused on Chinese platforms to facilitate the use of Linux by domestic users, however, there is a sign that Chinese is not very good. In fact, although Chinese Character Processing is very important, it is not very valuable to promote Linux as a desktop system, in addition, in the release version, the source code package of the application is mostly deleted, and some non-very valuable X-Windows packages are selected, while many applications (such as PHP3) the source code must be supported before function expansion can be made. The excellent GNU/Linux mainly gives us a wealth of software resources and full freedom to enjoy resources, application Analysis is far less difficult than the kernel, and can bring obvious results. In fact, many applications provide multi-platform support. Currently, Linux may be used as a tool against Windows NT.
　　
　　 Source program attached:
/*
　　
* This program demonstrate SOCK_PACK call.
　　
* Thanks Linux. Thanks Alan Cox
　　
* Derived from/usr/src/redhat/SOURCES/dosemu-0.66.7/src/dosext/net/libpacket. c
　　
* Compile method: cc capturer. c-o capturer
　　
*/
　　
/*
　　
* Alan Cox raw code
　　
*/
　　
　　
/*
　　
* SOCK_PACKET support.
　　
* Placed under the gnu lgpl.
　　
*
　　
* First cut at a library of handy support routines. Comments, additions
　　
* And bug fixes greatfully received.
　　
*
　　
* (C) 1994 Alan Cox iiitac@pyr.swan.ac.uk GW4PTS @ GB7SWN
　　
*/
　　
# Include
　　
# Include
　　
# Include
　　
# Include
　　
# Include
　　
# Include
　　
# Include
　　
# Include
　　
# Include
　　
# Include
　　
# Include
　　
/* # If _ GLIBC _> 1 */
　　
# Include
　　
# Include
　　
/* # Else
　　
# Include
　　
# Include
　　
# Endif */
　　
# Include
　　
# Include
　　
/*
　　
* Obtain a file handle on a raw ethernet type. In actual fact
　　
* You can also request the dummy types for AX.25 or 802.3 also
　　
*
　　
*-1 indicates an error
　　
* 0 or higher is a file descriptor which we have set non blocking
　　
*
　　
* WARNING: It is OK to listen to a service the system is using (eg arp)
　　
* But don't try and run a user mode stack on the same service or all
　　
* Hell will break loose.
　　
*/
　　
Int
　　
OpenNetworkType (unsigned short netid)
　　
{
　　
Int s = socket (AF_INET, SOCK_PACKET, htons (netid ));
　　
　　
If (s =-1)
　　
Return-1;
　　
Fcntl (s, F_SETFL, O_NDELAY );
　　
Return s;
　　
}
　　
/*
　　
* Close a file handle to a raw packet type.
　　
*/
　　
　　
Void
　　
CloseNetworkLink (int sock)
　　
{
　　
Close (sock );
　　
}
　　
/*
　　
* Write a packet to the network. You have to give a device
　　
* This function. This is a device name (eg 'eth0' for the first
　　
* Ethernet card). Please don't assume eth0, make it portable able
　　
*-Plip is ethernet like but not eth0, ditto for the de600's.
　　
*
　　
* Return:-1 is an error
　　
* Otherwise bytes written.
　　
*/
　　
Int
　　
WriteToNetwork (int sock, const char * device, const char * data, int len)
　　
{
　　
Struct sockaddr sa;
　　
Sa. sa_family = AF_INET;
　　
Strcpy (sa. sa_data, device );
　　
Return (sendto (sock, data, len, 0, & sa, sizeof (sa )));
　　
}
　　
/*
　　
* Read a packet from the network. The device parameter will
　　
* Be filled in by this routine (make it 32 bytes or more ).
　　
* If you want to work with one interface only you must filter
　　
* Yourself. Remember to make your buffer big enough for your
　　
* Data. Oversized packets will be truncated.
　　
*
　　
* Return:
　　
*-1 Error
　　
* Otherwise Size of packet received.
　　
*/
　　
Int
　　
ReadFromNetwork (int sock, char * device, char * data, int len)
　　
{
　　
Struct sockaddr sa;
　　
Int sz = sizeof (sa );
　　
Int error;
　　
Error = recvfrom (sock, data, len, 0, & sa, & sz );
　　
If (error =-1)
　　
Return-1;
　　
Strcpy (device, sa. sa_data );
　　
Return error;/* Actually size of specified ed packet */
　　
}
　　
/*
　　
* Handy support routines.
　　
*/
　　
/*
　　
* Obtain the hardware address of an interface.
　　
* Addr shoshould be a buffer of 8 bytes or more.
　　
*
　　
* Return:
　　
* 0 Success, buffer holds data.
　　
*-1 Error.
　　
*/
　　
　　
/*
　　
* NET2 or NET3-work for both.
　　
*/
　　
# If defined (OLD_SIOCGIFHWADDR) | (KERNEL_VERSION >=1003038)
　　
# Define NET3
　　
# Endif
　　
　　
Int
　　
GetDeviceHardwareAddress (char * device, char * addr)
　　
{
　　
Int s = socket (AF_INET, SOCK_DGRAM, 0 );
　　
Struct ifreq req;
　　
Int err;
　　
Strcpy (req. ifr_name, device );
　　
Err = ioctl (s, SIOCGIFHWADDR, & req );
　　
Close (s);/* Thanks Rob. for noticing this */
　　
If (err =-1)
　　
Return err;
　　
Memcpy (addr, req. ifr_hwaddr.sa_data, 8 );
　　
Return 0;
　　
}
　　
/*
　　
* Obtain the maximum packet size on an interface.
　　
*
　　
* Return:
　　
*> 0 Return is the mtu of the interface
　　
*-1 Error.
　　
*/
　　
Int
　　
GetDeviceMTU (char * device)
　　
{
　　
Int s = socket (AF_INET, SOCK_DGRAM, 0 );
　　
Struct ifreq req;
　　
Int err;
　　
Strcpy (req. ifr_name, device );
　　
Err = ioctl (s, SIOCGIFMTU, & req );
　　
Close (s);/* So I'll add this one as well. OK Alan? -Rob */
　　
If (err =-1)
　　
Return err;
　　
Return req. ifr_mtu;
　　
}
　　
# Define data_packet_len 1514
　　
Int
　　
Main (int argc, char * argv [])
　　
{
　　
Char devicename_rec [32];
　　
Unsigned char data [data_packet_len];
　　
Int netid = 0x03, sock_h = 0, I = 0, count_rec = 0;
　　
If (sock_h = OpenNetworkType (netid) <0)
　　
{
　　
Printf ("Can't open net_dectype % d \ n", netid );
　　
Return-1;
　　
}
　　
Printf ("Ready to receive 0x % x data packet... \ n", netid );
　　
For (;;){
　　
If (ReadFromNetwork (sock_h, devicename_rec, data, data_packet_len)> 0 ){
　　
Printf ("Received Packet = % d \ n", ++ count_rec );
　　
For (I = 0; I <100; I ++)
　　
Printf ("% 2x |", data [I]);
　　
Printf ("\ n ");
　　
}
　　
}
　　
}
　　
　　
/* The above programs are compiled and run well in Redhat 5.1. */