先
放一段示例程序,这段程序我在RH9和AS4下编译通过,程序功能就是用从2.2内核加入的PF_PACKET协议族来进行底层数据包捕获并显示。
PF_PACKET协议族是与系统TCP/IP协议栈并行的同级别模块,即从PF_PACKET协议族得到的数据包是没有经过系统TCP/IP协议栈处理
的。而且,通过设置混杂模式,可以很容易的实现sniffer。
#include<errno.h>
#include<stdio.h>
#include<stdlib.h>
#include<string.h>
#include<sys/socket.h>
#include<fcntl.h>
#include<netpacket/packet.h>
#include<net/if.h>
#include<net/if_arp.h>
#include<netinet/in.h>
#include<netinet/ip.h>
#include<linux/if_ether.h>
#include<arpa/inet.h>
#include<sys/ioctl.h>
#include<unistd.h>
#define RED "\E[31m\E[1m"
#define GREEN "\E[32m\E[1m"
#define YELLOW "\E[33m\E[1m"
#define BLUE "\E[34m\E[1m"
#define NORMAL "\E[m"
int Get_IfaceIndex(int fd, const char* interfaceName)
{
struct ifreq ifr;
if (interfaceName == NULL)
{
return -1;
}
memset(&ifr, 0, sizeof(ifr));
strcpy(ifr.ifr_name, interfaceName);
if (ioctl(fd, SIOCGIFINDEX, &ifr) == -1)
{
printf("RED ioctl error\n");
return -1;
}
return ifr.ifr_ifindex;
}
int set_Iface_promisc(int fd, int dev_id)
{
struct packet_mreq mr;
memset(&mr,0,sizeof(mr));
mr.mr_ifindex = dev_id;
mr.mr_type = PACKET_MR_PROMISC;
if(setsockopt(fd, SOL_PACKET, PACKET_ADD_MEMBERSHIP,&mr,sizeof(mr))==-1)
{
fprintf(stderr,"GREEN set promisc failed! \n");
return -1;
}
return 0;
}
void usage(char *exename)
{
fprintf(stderr,RED"%s <interface> <packets num to capture>\n"NORMAL, exename);
}
int main(int argc, char **argv)
{
int listen_fd;
int ipak=0,maxk=0;
char buffer
[8192];
int frmlen;
struct sock
