LinuxSir.cn,穿越时空的Linuxsir!

 找回密码
 注册
搜索
热搜: shell linux mysql
查看: 701|回复: 2

who can help me! sniffer!

[复制链接]
发表于 2005-5-11 15:41:20 | 显示全部楼层 |阅读模式
I writed an source code of sniffer. The code is on the following:

#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>
/* the following is head of structure of ip and tcp*/
struct ip{
unsigned int ip_length:4; /*=4the length of head of ip*/
unsigned int ip_version:4;/*=4the version of ip,ipv4*/
unsigned char ip_tos; /*types of service*/
unsigned short ip_total_length; /*the total length of ip datagram*/
unsigned short ip_id;
unsigned short ip_flags;/*flags of ip*/
unsigned char ip_ttl;/*time of ip datagram's living*/
unsigned char ip_protocol; /*the above protocol of ip*/
unsigned short ip_cksum; /*the checksum of ip datagram's head*/
struct in_addr ip_source; /*the source address of ip*/
struct in_addr ip_dest;/*the destination address of ip*/
};
struct tcp{
unsigned short tcp_source_port; /*defination of tcp source port*/
unsigned short tcp_dest_port; /*defination of tcp dest port*/
unsigned short tcp_seqno; /*the sequence number of tcp*/
unsigned int tcp_ackno; /*the expected next sequence number of transgfer*/
unsigned int tcp_res1:4, /*=4 the following is some flags of tcp*/
tcp_hlen:4,/*=4*/
tcp_fin:1,/*=1,*/
tcp_syn:1,/*=1,*/
tcp_rst:1,/*=1,*/
tcp_psh:1,/*=1,*/
tcp_ack:1,/*=1,*/
tcp_urg:1,/*=1,*/
tcp_res2:2;/*=2;*/
unsigned short tcp_winsize; /*the max number of accepted bytes*/
unsigned short tcp_cksum;/*the checksum of tcp*/
unsigned short tcp_urgent;/*the flag of urgent*/
};
int main()
{
int i,sock,bytes_received,fromlen;
char buffer[65535];
/* unsigned short ftcpsource,ftcpdest;*/
struct sockaddr_in from; /*defination of the structure of socket*/
struct ip *ip; /*defination of ip and tcp*/
struct tcp *tcp;
sock=socket(AF_INET,SOCK_RAW,IPPROTO_TCP);
printf("sock is %d\n",sock);
if(sock!=-1)
{
while(1)
{
fromlen=sizeof from;
bytes_received=recvfrom(sock,buffer,sizeof buffer,0,(struct sockaddr *)&from,&fromlen);
if(bytes_received!=-1)
{
ip=(struct ip*)(buffer);
tcp=(struct tcp*)(buffer+(4*ip->ip_length));
printf("\nBytes received::5d\n",bytes_received);
printf("source address::s\n",inet_ntoa(from.sin_addr));
printf("dest address::s\n",inet_ntoa(ip->ip_dest));
printf("rotocol::d\n",ip->ip_protocol);
printf("source port:d\n",ntohs(tcp->tcp_source_port));
printf("Dest port::d\n",ntohs(tcp->tcp_dest_port));
}
}
but it can only get the packages through my own computer, (I've made the eth0 promisced)
who can tell me how to correct my code to get the packages on my lan. thank you!
发表于 2005-5-12 22:44:58 | 显示全部楼层
用libcap不就行了?
另外我记的UNP上写着原始套接口是发出去的,但是要收进来要使用链路层的代码才能接到,就是libcap
回复 支持 反对

使用道具 举报

 楼主| 发表于 2005-5-13 12:15:02 | 显示全部楼层
谢谢你!
I'll try it again!
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

快速回复 返回顶部 返回列表