CODE: //eth_txt.c //when detect ethenet frame,deplay the text //methods of use //eth_txt <the name of interface> //the example //eth_txt le0 //the method of end //input the control key C //read the head file #include<stdio.h> #include<sys/types.h> #include<sys/time.h> #include<sys/socket.h> #include<netinet/in.h> #include<netinet/in_systm.h> #include<netinet/ip.h> #include<netinet/if_ether.h> #include<pcap.h>//pcap programe library #include<netdb.h>//the use of DNS searching #define DEFAULT_SNAPLEN 68 #define MAXSTRINGSIZE 256 //the length of the string #define MAXENTRY 1024 //the max number of the fastcache in the table of the host //print the mac address of the packet void print_hwadd(u_char *hwadd){ int i; for(i=0;i<5;i++) printf("%2x:",hwadd[i]); printf("%2x",hwadd[i]); } //print the ip address of the packet void print_ipadd(u_char *ipadd){ int i; for(i=0;i<3;++i) printf("%d.",ipadd[i]); printf("%d\n",ipadd[i]); } //mean the data of the packet void packet_print(u_char *user,const struct pcap_pkthdr *h,const u_char *p) { struct ether_header *eth;//the pointer of the structe of the head of the ethernetpacket static long int counter=0; struct ether_arp *arppkt; struct ip *iph; struct icmphdr *icmp; printf("%d\n",(h->ts).tv_sec); printf("xiaobinker find data\n"); printf("%d\n",++counter); printf("%d\n",h->len); int i; eth=(struct ether_header *)p; print_hwadd(eth->ether_shost); printf("----"); print_hwadd(eth->ether_dhost); printf("\n"); printf("%x\n",ntohs(eth->ether_type)); if(ntohs(eth->ether_type)){ iph=(struct ip *)(p+sizeof(struct ether_header)); printf("Find IP "); if(iph->ip_p==0){ icmp=(struct icmphdr *)(p+sizeof(struct ether_header)+sizeof(struct ip)); printf("ICMP packet"); //printf("%d\n",icmp->type); } print_hostname((u_char *)&(iph->ip_src)); //print_ipadd((u_char *)&(iph->ip_src)); printf("======"); //print_ipadd((u_char *)&(iph->ip_dst)); print_hostname((u_char *)&(iph->ip_dst)); printf("\t%d",iph->ip_ttl); printf("\t%d",iph->ip_p); } unsigned int typeno; typeno=ntohs(eth->ether_type); if((typeno==ETHERTYPE_ARP)||(typeno==ETHERTYPE_REVARP)){ arppkt=(struct ether_arp *)(p+sizeof(struct ether_header)); if(typeno==ETHERTYPE_ARP) printf("arp"); else printf("rarp"); print_hwadd((u_char *)&(arppkt->arp_sha)); printf(","); print_ipadd((u_char *)&(arppkt->arp_spa)); printf("========"); print_hwadd((u_char *)&(arppkt->arp_tha)); printf(","); print_ipadd((u_char *)&(arppkt->arp_tpa)); } printf("\n"); fflush(stdout); } //the struct of the table (the use of host) struct { unsigned long int ipaddr; //the ip address char hostname[MAXSTRINGSIZE]; //the name of the host }nametable[MAXENTRY]; int tbllength=0; //converge the hostname void intohost(unsigned long int iadd,char *hn){ int i; extern int tbllength; for(i=0;i<tbllength;++i) if(nametable[i].ipaddr==iadd)break; if(i<tbllength){ strcpy(hn,nametable[i].hostname); } else{ fprintf(stderr,"Internal Error on void intohost()\n"); exit(1); } } //log the hostname void reghost(unsigned long int iadd){ int i; struct hostent *shostname; extern int tbllength; for(i=0;i<tbllength;++i){ if(nametable[i].ipaddr==iadd)break; } if(i==tbllength){ nametable[i].ipaddr=iadd; shostname=gethostbyaddr((char *)&iadd,sizeof(iadd),AF_INET); if(shostname!=NULL){ strcpy(nametable[i].hostname,shostname->h_name); } else{ strcpy(nametable[i].hostname,""); } tbllength++; } } //output the hostname void print_hostname(u_char *ipadd){ int i; unsigned long int iadd; struct hostent *hostname; char hn[MAXSTRINGSIZE]; iadd=*((unsigned long int *)(ipadd)); reghost(iadd); intohost(iadd,hn); if(strlen(hn)>0) printf("%s",hn); else{ for(i=0;i<3;++i) printf("%d:",ipadd[i]); printf("%d:",ipadd[i]); } } //main //the start and configure of getting packet int main(int argc,char **argv) { char ebuf[PCAP_ERRBUF_SIZE]; pcap_t *pd; if(argc<=1){ printf("usage:%s <network interface>\n",argv[0]); exit(0); } /*configure using pcap*/ if((pd=pcap_open_live(argv[1],DEFAULT_SNAPLEN,1,1000,ebuf))==NULL) { (void)fprintf(stderr,"%s",ebuf); exit(1); } /*get the packet by the pcap_loop*/ if(pcap_loop(pd,-1,packet_print,NULL)<0){ (void)fprintf(stderr,"pcap_loop:%s\n",pcap_geterr(pd)); exit(1); } pcap_close(pd); exit(0); } |
[火星人 ] 我在linux下寫的一個簡單的sniffier工具已經有549次圍觀