为äºå¼åéè¦ï¼æå³å®ä½¿ç¨ææ°libpcapæºç å
å®è£
ãå¨Unixç¯å¢ä¸å®è£
libpcapåºï¼éè¦
c
ç¼è¯å¨ï¼flexï¼bisonçï¼å®è£
Ubuntuç³»ç»æ¶ï¼æ²¡æè¿äºå
ãå®è£
flexéè¦m4ç¼è¯ç¯å¢ï¼å¦åä¼æ示âGNU M4 is requiredâé误ã
1.å®è£
ç³»ç»ä¾èµå
sudo apt-get install gcc libc6-dev
sudo apt-get install m4
sudo apt-get install flex bison
2.ä¸è½½libpcapæºç 并å®è£
ä»å®ç½
http://www.tcpdump.org/ä¸è½½ææ°çlibpcapçæ¬
cd /usr/local/src
wget
http://www.tcpdump.org/release/libpcap-1.5.3.
tar.gztar zxvf libpcap-1.5.3.tar.gz
cd libpcap-1.5.3
./configure
make
sudo make install
3.å®è£
å¼åéè¦ç¨å°çä¾èµåº
sudo apt-get install libpcap-dev
4.æµè¯libpcapç
å°ç¨åºï¼å½å为pcap_demo.cï¼ä»¥æ£éªç¯å¢æ¯å¦é
ç½®æ£ç¡®
#include <pcap.h>
#include <
stdio.h>
int main(int argc, char *argv[])
{
pcap_t *handle;
/* Session handle */
char *dev; /* The device to sniff on */
char errbuf[PCAP_ERRBUF_SIZE];
/* Error string */
struct bpf_program fp;
/* The compiled filter */
char filter_exp[] = "port 80";
/* The filter expression */
bpf_u_int32 mask;
/* Our netmask */
bpf_u_int32 net;
/* Our IP */
struct pcap_pkthdr header;
/* The header that pcap gives us */
const u_char *packet;
/* The actual packet */
/* Define the device */
dev = pcap_lookupdev(errbuf);
if (dev == NULL) {
fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
return(2);
}
/* Find the properties for the device */
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf);
net = 0;
mask = 0;
}
/* Open the session in promiscuous mode */
handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf);
if (handle == NULL) {
fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
return(2);
}
/* Compile and apply the filter */
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
if (pcap_setfilter(handle, &fp) == -1) {
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
/* Grab a packet */
packet = pcap_next(handle, &header);
/* Print its length */
printf("Jacked a packet with length of [%d]\n", header.len);
/* And close the session */
pcap_close(handle);
return(0);
}
å¼å§ç¼è¯ï¼
gcc -g pcap_demo.c -o pcap_demo -lpcap
å¼å§æ§è¡
./pcap_demo
5.注æçé®é¢
5.1.注æ使ç¨rootç¨æ·æ¥æ§è¡ï¼æè
对æ®éç¨æ·ä½¿ç¨sudoæ¥æåæé
sudo pcap_demo
5.2.对ä¸äºPCAP APIå½æ°è¦æå
¨é¢å°ç解ï¼å¹¶æ¶å»æ´æ°ææ¡£ï¼æ¯å¦pcap_loopè¿ä¸ªå½æ°ï¼ä¸é¢æ¯å®ç½çman pageå°å
http://www.tcpdump.org/manpages/pcap.3pcap.html