Interception and Analysis of IP packets

I did the experiment of "IP packet interception and analysis" and got confused all morning. I went back to the dormitory and checked it online. I barely understood Windows 7 and ubantu...

---------------------------------------------- This is the program code ----------------------------------------------------------------

# Include <stdio. h>
# Include <string. h>
# Include <sys/socket. h>
# Include <sys/IOCTL. h>
# Include <netinet/IP. h>
# Include <netinet/if_ether.h>
# Include <net/If. h>

Int main ()
{
/* Set of interfaces to capture link frames */
Int I = 0;
Int FD;
/* Capture link frames using interfaces of the sock_packet type */
FD = socket (af_inet, sock_packet, htons (0x0003); // What is the meaning of the function return value?
// Af_inet = ARPA Internet protocols, that is, the TCP/IP protocol family
/* Set how the network adapter works */
 
Struct ifreq IFR; // In 'net/If. H'
Char * Dev = "eth0 ";
Strcpy (IFR. ifr_name, Dev); // Interface Name
I = IOCTL (FD, siocgifflags, & IFR); // siocgifflags (0x8913) indicates the work method of pulling
// Return 0: Success-1: Error

If (I <0)
{
Close (FD );
Perror ("Can't Get flags/N ");
// Exit (0 );
}
IFR. ifr_flags | = iff_promisc; // Add the "hybrid" method to the flag.
I = IOCTL (FD, siocsifflags, & IFR); // obtain all interface information
If (I <0)
{
Perror ("can't set promiscuous/N ");
// Exit (0 );
}
/* Read frames from the set interface and analyze the header */
Char EP [eth_frame_len];

Struct ethhdr * eh;
Struct iphdr * IP address;
Int FL;
Eh = (struct ethhdr *) EP; // eh points to the frame Header
IP = (struct iphdr *) (unsigned long) EP + eth_hlen); // eth_hlen frame Header Length

FL = read (FD, (struct etherpacket *) EP, sizeof (EP); // The captured data frame length

Printf ("data protocol type code: % x/N", eh-> h_proto );
Printf ("service type: % x/N", IP-> ToS );
Printf ("total length: % x/N", IP-> tot_len );
Printf ("Total ID domain: % x/N", IP-> ID );
Printf ("Slice Control and slice offset: % x/N", IP-> frag_off );
Printf ("lifecycle: % x/N", IP-> TTL );
Printf ("Protocol: % x/N", IP-> Protocol );
Printf ("checksum: % x/N", IP-> check );
Printf ("Source IP Address: % x/N", IP-> saddr );
Printf ("target address: % x/N", IP-> daddr );

Printf ("/N ");
}
Bytes -----------------------------------------------------------------------------------------------------------

 

 

After an afternoon's struggle, I understood the following points:

 

1. FD = socket (af_inet, sock_packet, htons (0x0003); this statement is used to obtain a socket. If the socket is successful, the socket is returned. If the socket fails, the "failed socket" is returned ", the socket type is int, so the success is 0, and-1 is returned for failure,

The following describes the socket:

Int socket (INT family, int type, int Protocol );

/*
* The tcp client establishes a connection with the TCP server. Calling this function triggers the TCP three-way handshake and establishes a connection. Before calling this function, you do not need to call the BIND function. The kernel determines the source IP address and selects a temporary port as the source port.
* Parameters:
Sockfd-set Interface Description
Servaddr-interface address structure containing the IP address and port number of the server to be connected
Size of the structure of the addrlen-servaddr Interface
* Return value: Success-0, failure--1
*/

 

2. I = IOCTL (FD, siocgifflags, & IFR); // siocgifflags (0x8913) indicates the work method of pulling
1. What is IOCTL.
IOCTL is a function used by the device driver to manage the device's I/O channels. To manage the I/O channel
Is to control some features of the device, such as the Serial Transmission baud rate, motor speed and so on. Number of calls
As follows:
Int IOCTL (int fd, IND cmd ,...);
FD indicates the File Identifier returned by the open function when the user program opens the device. CMD indicates
For the standby Control Command, as for the ellipsis behind it, it is some supplementary parameter. Generally, there is at most one, and either or not it is
Cmd.
The ioctl function is an attribute component in the file structure, that is, if your driver provides support for IOCTL
You can use the ioctl function in your program to control the I/O channel of the device.
Ii. Necessity of IOCTL
If you do not need ioctl, you can also control the I/O channel of the device, but that's pretty much the case. For example, we can
When implementing write in the driver, check whether there is any data flow with special conventions. If yes,
Then the control command is followed (usually used in socket programming ). However
As a result, the Division of code is unknown, the program structure is chaotic, and the programmer will also be dizzy.
Therefore, we use IOCTL to implement the control function. Remember, what a user program does is through the command code
To tell the driver what it wants to do, as to how to explain these commands and how to implement these commands, this is what the driver wants
.

The hybrid mode is the work mode used by network listeners. In fact, it is to change the NIC settings and change the mode in which the NIC only receives its own data packets to the one that is received no matter what data packets.

 

 

Bytes ---------------------------------------------------------------------------------------------------------------

Linux is so powerful and powerful that it is fascinating. Alas, I am sorry that I learned how to use GCC to compile and run C Programs a few days ago ....