Implementation of packet capture program based on Libpcap

Source: Internet
Author: User

Objective
原创文章欢迎转载,请保留出处。若有任何疑问建议,欢迎回复。邮箱:[email protected]

Next, after successfully grasping the bag through tcpdump and Wireshark, try to write a clutch. Here we use the LIBPCAP library development.

Create a configuration Project

Here we use Eclipse for C + + development, installation, only need to go to eclipse official download decompression can be run, it is important to note that eclipse to start with root privileges, or can not grasp the package.

First create a blank C language Project, tool chain Select Linux GCC

Add source files, name MAIN.C, first to configure under, right click on Project, select Properties, Link pcap as shown:

Write a Grab Bag program

Here I do not introduce the Libpcap API, can refer to
http://www.ferrisxu.com/WinPcap/html/group__wpcapfunc.html#g659439bf5aa3988b5a92d31990fbf437

Here I wrote a simple grab bag, get 80 ports of 30 packets:

#include <stdio.h>#include <string.h>#include <pcap.h>voidPacket_handler (U_char *user,Const structPcap_pkthdr *pkt_header,ConstU_char *pkt_data) {pcap_dump (user, Pkt_header, pkt_data);//Output data to file    printf("jacked a packet with length of [%d]\n", Pkt_header->len);//Print the length of the bag caught}intMainintargcChar*argv[]) {pcap_t *handle;//Session handle    CharErrbuf[pcap_errbuf_size];//String that stores error informationBpf_u_int32 Mask;//Mask of the network in which it residesBpf_u_int32 net;//IP address of the host    structBpf_program filter;//Well-compiled filters    CharFilter_app[] ="Port";//BPF filtering rules, and tcpdump using the same filtering rules    /* Probe devices and properties */    Char*dev;//Specify the device that needs to be caught our two devices under Linux eth0 and Lo are NIC and local loopback, respectivelydev = Pcap_lookupdev (errbuf);//Return to the first legitimate device, and here I am eth0Pcap_lookupnet (Dev, &net, &mask, errbuf);//dev = "Lo"; If you need to crawl local packets, such as the filter expression is host localhost, you can specify directly    / * Open Session in Promiscuous mode * /handle = Pcap_open_live (Dev, Bufsiz,1,0, ERRBUF);/ * Compile and apply the filter * /Pcap_compile (handle, &filter, Filter_app,0, net); Pcap_setfilter (handle, &filter);/ * Define output file * /pcap_dumper_t* Out_pcap; Out_pcap = Pcap_dump_open (handle,"/home/max/pack.pcap");/ * Intercept 30 Packs * /Pcap_loop (Handle, -, Packet_handler, (U_char *) out_pcap);/ * Flush buffer * /Pcap_dump_flush (OUT_PCAP);/ * Close resource * /Pcap_close (handle); Pcap_dump_close (OUT_PCAP);return(0);}

Compile run, after running, start the browser casually browse, you can catch the package, and saved in the file.

If a program file is not specified in the launch configuration is present. Problem
Workaround: http://www.th7.cn/Program/cp/201408/269716.shtml

And then use Wireshark to read the file to try to parse

Successful, if you want to change the cost of the bag, only need to set the Dev to Lo and the BPF filter rules set to host localhost.

Implementation of packet capture program based on Libpcap

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.