原始套接字IP报文嗅探

一个简单的Sniffer程序,可以用来捕获和打印接收到的IP数据包。

实现多IP报文、ARP、TCP和UDP的简单打印,

IP报文0800

ARP报文0806

TCP:6

UDP:17

ICMP:1

cpp 复制代码
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <linux/if_ether.h>
#include <linux/in.h>
//#include <arpa/inet.h>
#define BUFFER_MAX 2048

struct my_ethhdr {
    unsigned char h_dest[ETH_ALEN];
    unsigned char h_source[ETH_ALEN];
    unsigned short h_proto;
};

struct my_arphdr {
    unsigned short ar_hrd;
    unsigned short ar_pro;
    unsigned char ar_hln;
    unsigned char ar_pln;
    unsigned short ar_op;
    unsigned char ar_sha[ETH_ALEN];
    unsigned char ar_sip[4];
    unsigned char ar_tha[ETH_ALEN];
    unsigned char ar_tip[4];
};

struct my_iphdr {
    unsigned char ihl:4, version:4;
    unsigned char tos;
    unsigned short tot_len;
    unsigned short id;
    unsigned short frag_off;
    unsigned char ttl;
    unsigned char protocol;
    unsigned short check;
    unsigned int saddr;
    unsigned int daddr;
};

struct my_tcphdr {
    unsigned short source;
    unsigned short dest;
    unsigned int seq;
    unsigned int ack_seq;
    unsigned short res1:4, doff:4, fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, res2:2;
    unsigned short window;
    unsigned short check;
    unsigned short urg_ptr;
};

struct my_udphdr {
    unsigned short source;
    unsigned short dest;
    unsigned short len;
    unsigned short check;
};

struct my_icmphdr {
    uint8_t type;
    uint8_t code;
    uint16_t checksum;
    uint32_t data;
};

void uint32_ip_2_str_ip(uint32_t ip,char *str_ip) {
    unsigned char bytes[4];
    bytes[0] = (ip >> 24) & 0xFF;
    bytes[1] = (ip >> 16) & 0xFF;
    bytes[2] = (ip >> 8) & 0xFF;
    bytes[3] = ip & 0xFF;
    sprintf(str_ip,"%d.%d.%d.%d", bytes[0], bytes[1], bytes[2], bytes[3]);
}

int main(int argc, char *argv[])
{

	int sock, n_read, proto;        
	char buffer[BUFFER_MAX];
	struct my_ethhdr *ethhead;
	struct my_iphdr *iphead;
	struct my_tcphdr *tcphead;
	struct my_udphdr *udphead;
	struct my_icmphdr *icmphead;
	char *p;

	if((sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP))) < 0)
	{
		fprintf(stdout, "create socket error/n");
		exit(0);
	}

	while(1) 
	{
		n_read = recvfrom(sock, buffer, 2048, 0, NULL, NULL);

		if(n_read < 46) 
		{
			fprintf(stdout, "以太网帧数据长度最小为 46 字节\n");
			continue;
		}

		ethhead = (struct my_ethhdr *)buffer;
		int n = 0XFF;
		printf("MAC: %.2X:%02X:%02X:%02X:%02X:%02X==>""[%x]""==>"
				"%.2X:%.2X:%.2X:%.2X:%.2X:%.2X\n",
				ethhead->h_dest[0], ethhead->h_dest[1], ethhead->h_dest[2], ethhead->h_dest[3], ethhead->h_dest[4], ethhead->h_dest[5],ntohs(ethhead->h_proto),
				ethhead->h_source[0], ethhead->h_source[1], ethhead->h_source[2], ethhead->h_source[3], ethhead->h_source[4], ethhead->h_source[5]);

		iphead = (struct my_iphdr *)(buffer + 14);  
		char sip[32] = {};
		char dip[32] = {};
 		uint32_ip_2_str_ip(ntohl(iphead->saddr),sip); 
 		uint32_ip_2_str_ip(ntohl(iphead->daddr),dip); 
		printf("IP: %s ==[%d]=> %s\n",sip,iphead->protocol,dip);

	}
} 

使用root权限运行
~/下载/$ sudo ./a.out 
MAC: FF:FF:FF:FF:FF:FF==>[800]==>88:34:c1:b4:a1:23
IP: 192.168.10.155 ==[17]=> 192.168.10.255
MAC: 78:ab:be:32:67:1a==>[800]==>c1:34:b4:23:a1:a6
IP: 56.107.67.93 ==[6]=> 192.168.10.14
MAC: 78:ab:be:32:67:1a==>[800]==>c1:34:b4:23:a1:a6
IP: 56.107.67.93 ==[6]=> 192.168.10.14
MAC: 00:00:00:00:00:00==>[800]==>00:00:00:00:00:00
IP: 127.0.0.1 ==[1]=> 127.0.0.1
MAC: 00:00:00:00:00:00==>[800]==>00:00:00:00:00:00
IP: 127.0.0.1 ==[1]=> 127.0.0.1
^C
~/下载/$ 
更多原始套接字参看下面
https://blog.csdn.net/weixin_43288201/article/details/106266418
相关推荐
CHENKONG_CK8 小时前
晨控CK-FR102ANS-EIP与基恩士KVX520系列PLC配置EtherNet/IP通讯连接手册
网络
草根站起来10 小时前
“双算法SSL证书”伪方案、国产SSL证书营销话术与等保绑定乱象批判
网络·网络协议·ssl
Bobolink_10 小时前
跨境业务网络环境评估,“干净、一致、独享”三个关键指标
开发语言·网络·php·跨境网络·网络环境
humors22110 小时前
【分享】火绒恶意网址自定义规则,根据互联网应急中心部分威胁预警恶意代码制作
网络·安全·规则·火绒安全·恶意网址·应急中心
技术民工之路11 小时前
Python Socket编程零基础实战教程(TCP/UDP通信完整版)
python·tcp/ip·udp
广州灵眸科技有限公司12 小时前
瑞芯微RV1126B开发板(EASY-EAI-PI2) INI文件操作
java·前端·javascript·网络·人工智能
江华森12 小时前
Web 开发基础:HTTP 与 REST
前端·网络协议·http
星恒讯工业路由器13 小时前
VLAN在工业网络中为何越来越重要
网络·信息与通信·vlan·交换机·工业网络·网络隔离
rcms1527026921814 小时前
HITEK A1052100N-01 以太网端口模块
网络
KaMeidebaby14 小时前
卡梅德生物技术快报|抗体合成:多肽抗体合成工程化方案:Nsp2 保守肽多抗制备与多维度验证
前端·网络·数据库·人工智能·算法