#include <stdio.h> #include <pcap.h> #include <unistd.h> #include <stdlib.h>//#include < pcap/bpf.h> #include <netinet/ip.h> #include <netinet/ip_icmp.h> #include <netinet/tcp.h># include<netinet/udp.h> #include <netinet/ether.h> #include <arpa/inet.h> #define Ether_size 14/// Get_packet () callback function///header: A pointer to the PCAP_PKTHDR type of the received packet///packet: Packet data received void Get_packet (U_char*args, const struct PCAP_ PKTHDR *header,const U_char *packet) {static int count = 1;const char * payload;printf ("================================= =packet number:%d=============================\n ", count++);///ether_size: Ethernet Frame Header length 14 bytes///ip Header (TCP header (data))///IP header ( UDP header (data))///IP header (ICMP header (data)) struct IP * ip = (struct IP *) (packet + ether_size);p rintf ("IP header length:%d\n", Ip->ip _HL<<2);p rintf ("from%s\n", Inet_ntoa (IP->IP_SRC));p rintf ("to%s\n", Inet_ntoa (IP->IP_DST)); int ip_hl = ip->ip_hl<<2;///extends the message type//can analyze IP packets, ICMP packets, TCP packets, UDP packet switch (ip->ip_p) {case IPPROTO_TCp:{printf ("----Protocol TCP----\ n"), struct tcphdr *tcp = (struct TCPHDR *) (packet + + IP_HL);p rintf ("TCP-source:% D\n ", Ntohs (TCP-, source));p rintf (" tcp-dest:%d\n ", Ntohs (TCP-dest));p rintf (" tcp-seq:%d\n ", Ntohs ( SEQ);p rintf ("tcp-ack_seq:%d\n", Ntohs (TCP-ACK_SEQ));p rintf ("TCP, headerlenth:%d\n", TCP- Doff << 2);p rintf ("tcp-fin:%d\n", TCP-Fin);p rintf ("tcp-syn:%d\n", TCP-and SYN);p rintf ("TCP-R st:%d\n ", TCP-RST);p rintf (" tcp-psh:%d\n ", TCP-PSH);p rintf (" tcp-ack:%d\n ", TCP-Ack);p rintf (" TCP-urg:%d\n ", TCP-Urg);p rintf (" tcp-window:%d\n ", Ntohs (TCP-window));p rintf (" TCP-check:%d\n " , Ntohs (TCP-to-check),//printf ("TCP-urg_ptr:%d\n", TCP-URG_PTR); int h_size = tcp->doff<< 2;int pay Load_size = Ntohs (ip->ip_len)-Ip_hl-h_size;int i = payload_size;printf ("Payload is:%d\n", I); while (i > 0) {printf ( "%02x", packet[i]); if (i% = = 0) printf ("\ n"); i--;} printf ("\ n"); Case ipproto_udp:{printf ("----Protocol UDP----\ n"), struct udphdr *udp = (struct UDPHDR *) (packet + + IP_HL);p rintf ("UDP -source:%d\n, Ntohs (UDP-and source);p rintf ("UDP-dest:%d\n", Ntohs (UDP-dest));p rintf ("UDP- Length:%d\n ", Ntohs (UDP, Len));p rintf (" UDP-check:%d\n ", Ntohs (UDP-to-check); int payload_size = Ntohs (ip- >ip_len)-Ip_hl-8;int i = payload_size;printf ("Payload is:%d\n", I), while (i > 0) {printf ("%02x", packet[i]); if (i % = = 0) printf ("\ n"); i--;} printf ("\ n"); Case ipproto_icmp:{printf ("----Protocol ICMP----\ n"), struct icmphdr *icmp = (struct ICMPHDR *) (packet + + + IP_HL), if (ICM P-type = = 8) {printf ("--icmp_echo request--\n");p rintf ("ICMP-type:%d\n", ICMP-type);p rintf ("ICMP-and Co De:%d\n ", ICMP-and code);p rintf (" ICMP-and checksum:%d\n ", ICMP-and checksum);p rintf (" ICMP--id:%d\n ", ICMP- un.echo.id);p rintf ("ICMP-sequence:%d\n", ICMP-un.echo.sequence); int payload_size = Ntohs (ip->ip_len)-Ip_hl-8;int i = payload_size;printf ("Payload is:%d\n", I); while (i > 0) {prin TF ("%02x", packet[i]); if (i% = = 0) printf ("\ n"); i--;} printf ("\ n");} else if (ICMP-type = = 0) {printf ("--icmp_echo reply--\n");p rintf ("ICMP-type:%d\n", ICMP-type);p rintf (" ICMP-code:%d\n ", ICMP-and code);p rintf (" ICMP-and checksum:%d\n ", ICMP-and checksum);p rintf (" ICMP--id:%d\n ", ICMP-un.echo.id);p rintf (" ICMP-and sequence:%d\n ", ICMP-un.echo.sequence); int payload_size = Ntohs (ip- >ip_len)-Ip_hl-8;int i = payload_size;printf ("Payload is:%d\n", I), while (i > 0) {printf ("%02x", packet[i]); if (i % = = 0) printf ("\ n"); i--;} printf ("\ n");} else{printf ("ICMP-type:%d\n", ICMP-type);p rintf ("ICMP-code:%d\n", ICMP-and code);p rintf ("ICMP- Checksum:%d\n ", ICMP-checksum), int payload_size = Ntohs (ip->ip_len)-Ip_hl-8;int i = payload_size;printf (" Paylo Ad is:%d\n ", I); while (i > 0) {printf ("%02x ", Packet[i]); if (i% = 0) printf ("\ n"); i--;} printf ("\ n");} break;} Case ipproto_ip:{printf ("----Protocol IP----\ n"),//printf ("IP header length:%d\n", IP-ip_hl<<2);p rintf (" IP version:%d\n ", IP-ip_v);p rintf (" IP type of service:%d\n ", IP-ip_tos);p rintf (" IP total length:%d\n ", IP-> ; Ip_len);p rintf ("IP identification:%d\n", IP-ip_id);p rintf ("IP Fragment offset field:%d\n", IP-ip_off);p rintf ("IP Time to Live:%d\n", IP-ip_ttl);p rintf ("IP protocol:%d\n", IP-ip_p);p rintf ("IP checksum:%d\n", IP-IP _sum); int payload_size = Ntohs (ip->ip_len)-Ip_hl;int i = payload_size;printf ("Payload is:%d\n", I); while (i > 0) {PR intf ("%02x", packet[i]); if (i% = = 0) printf ("\ n"); i--;} printf ("\ n"); default:printf ("Protocol unknown\n"); return;}} int main (int argc,char*argv[]) {char *dev, errbuf[pcap_errbuf_size];struct bpf_program fp;char filter_exp[] = "Port 23"; Bpf_u_int32 mask;bpf_u_int32 net;struct pcap_pkthdr header;const U_char *packet;inT num_packets = 10;///pcap_lookupdev () Gets the network interface automatically, returns a string pointer to a network interface////If an error occurs, the ERRBUF stores the error message//If you want to specify manually, skip this step, Hard-code The network string to be monitored into pcap_open_live dev = Pcap_lookupdev (errbuf), if (dev==null) {printf ("error:%s\n", errbuf); exit (2);} printf ("The Sniff Interface is:%s\n", dev);///pcap_lookupnet () Get the IP address of the device, subnet mask and other information///net: IP address of the network interface///mask: Subnet mask for network interface if (Pcap_lookupnet (DEV,&NET,&MASK,ERRBUF) ==-1) {printf ("error:%s\n", errbuf); net = 0;mask = 0;} Pcap_open_live () Open Network interface///bufsiz: Grab the packet length//third parameter: 0 for non-promiscuous mode, 1 for promiscuous mode//Fourth parameter: Number of milliseconds to wait, over this value, the function that gets the packet returns immediately, 0 means wait until a packet arrives pcap_t * handle = Pcap_open_live (DEV,BUFSIZ,1,0,ERRBUF), if (handle = = NULL) {printf ("error:%s\n", Errbuf ); exit (2);} /* Here we test found that can not be filtered, commented out this part of the code, the program will work properly. Pcap_compile () Compile the filter expression///fp point to the compiled FILTER_EXP///FILTER_EXP filter expression///parameter four: Whether you need to optimize the filter expression if (Pcap_compile (handle,& fp,filter_exp,0,net) {==-1) {printf ("Can ' t parse filter%s:%s\n", Filter_exp,pcap_geterr (handle)); return (2);} Pcap_setfilter () Apply this filter expression///To complete the filter expression, we can use the Pcap_loop () or pcap_next () grab bag function to grab the IF (Pcap_setfilter (handle,&fp) {==-1) {printf ("Cant ' Install filter%s:%s\n", Filter_exp,pcap_geterr (handle)); return (2);} */printf ("hello\n");//packet = Pcap_next (Handle,&header);//printf ("Get a packet with length%d.\n", header.len);// Num_packets: The number of packets that need to be caught, once the num_packets packet is caught, Pcap_loop returns immediately. A negative number means that the packet is forever looped until the error///get_packet: The callback function pointer//pcap_loop (handle,num_packets,get_packet,null);p Cap_loop (handle,-1,get_ Packet,null);p Cap_freecode (&FP);///pcap_close () Releases the network interface///closes pcap_open_live () Gets the pcap_t of the network interface object and frees the related resources PCAP_ Close (handle); return (0);}
To implement a simple sniffer