Objective
原创文章欢迎转载,请保留出处。若有任何疑问建议,欢迎回复。邮箱:[email protected]
Next, after successfully grasping the bag through tcpdump and Wireshark, try to write a clutch. Here we use the LIBPCAP library development.
Create a configuration Project
Here we use Eclipse for C + + development, installation, only need to go to eclipse official download decompression can be run, it is important to note that eclipse to start with root privileges, or can not grasp the package.
First create a blank C language Project, tool chain Select Linux GCC
Add source files, name MAIN.C, first to configure under, right click on Project, select Properties, Link pcap as shown:
Write a Grab Bag program
Here I do not introduce the Libpcap API, can refer to
http://www.ferrisxu.com/WinPcap/html/group__wpcapfunc.html#g659439bf5aa3988b5a92d31990fbf437
Here I wrote a simple grab bag, get 80 ports of 30 packets:
#include <stdio.h>#include <string.h>#include <pcap.h>voidPacket_handler (U_char *user,Const structPcap_pkthdr *pkt_header,ConstU_char *pkt_data) {pcap_dump (user, Pkt_header, pkt_data);//Output data to file printf("jacked a packet with length of [%d]\n", Pkt_header->len);//Print the length of the bag caught}intMainintargcChar*argv[]) {pcap_t *handle;//Session handle CharErrbuf[pcap_errbuf_size];//String that stores error informationBpf_u_int32 Mask;//Mask of the network in which it residesBpf_u_int32 net;//IP address of the host structBpf_program filter;//Well-compiled filters CharFilter_app[] ="Port";//BPF filtering rules, and tcpdump using the same filtering rules /* Probe devices and properties */ Char*dev;//Specify the device that needs to be caught our two devices under Linux eth0 and Lo are NIC and local loopback, respectivelydev = Pcap_lookupdev (errbuf);//Return to the first legitimate device, and here I am eth0Pcap_lookupnet (Dev, &net, &mask, errbuf);//dev = "Lo"; If you need to crawl local packets, such as the filter expression is host localhost, you can specify directly / * Open Session in Promiscuous mode * /handle = Pcap_open_live (Dev, Bufsiz,1,0, ERRBUF);/ * Compile and apply the filter * /Pcap_compile (handle, &filter, Filter_app,0, net); Pcap_setfilter (handle, &filter);/ * Define output file * /pcap_dumper_t* Out_pcap; Out_pcap = Pcap_dump_open (handle,"/home/max/pack.pcap");/ * Intercept 30 Packs * /Pcap_loop (Handle, -, Packet_handler, (U_char *) out_pcap);/ * Flush buffer * /Pcap_dump_flush (OUT_PCAP);/ * Close resource * /Pcap_close (handle); Pcap_dump_close (OUT_PCAP);return(0);}
Compile run, after running, start the browser casually browse, you can catch the package, and saved in the file.
If a program file is not specified in the launch configuration is present. Problem
Workaround: http://www.th7.cn/Program/cp/201408/269716.shtml
And then use Wireshark to read the file to try to parse
Successful, if you want to change the cost of the bag, only need to set the Dev to Lo and the BPF filter rules set to host localhost.
Implementation of packet capture program based on Libpcap