raw socket sniffer
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了raw socket sniffer相关的知识,希望对你有一定的参考价值。
#include<stdio.h> #include<stdlib.h> #include<string.h> #include<netinet/ip_icmp.h> #include<netinet/tcp.h> #include<netinet/udp.h> #include<arpa/inet.h> #include<sys/socket.h> #include<sys/types.h> #define BUFFSIZE 1024 int main(){ int rawsock; char buff[BUFFSIZE]; int n; int count = 0; rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_TCP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_UDP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_ICMP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_RAW); if(rawsock < 0){ printf("raw socket error!\\n"); exit(1); } while(1){ n = recvfrom(rawsock,buff,BUFFSIZE,0,NULL,NULL); if(n<0){ printf("receive error!\\n"); exit(1); } count++; struct ip *ip = (struct ip*)buff; printf("%5d %20s",count,inet_ntoa(ip->ip_src)); printf("%20s %5d %5d\\n",inet_ntoa(ip->ip_dst),ip->ip_p,ntohs(ip->ip_len)); printf("\\n"); } }
所有IP的所有port都能接收
#include<stdio.h> #include<stdlib.h> #include<string.h> #include<netinet/ip_icmp.h> #include<netinet/tcp.h> #include<netinet/udp.h> #include<arpa/inet.h> #include<sys/socket.h> #include<sys/types.h> #define BUFFSIZE 1024 int main(){ int rawsock; char buff[BUFFSIZE]; int n; int count = 0; rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_TCP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_UDP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_ICMP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_RAW); if(rawsock < 0){ printf("raw socket error!\\n"); exit(1); } while(1){ n = recvfrom(rawsock,buff,BUFFSIZE,0,NULL,NULL); if(n<0){ printf("receive error!\\n"); exit(1); } count++; struct ip *ip = (struct ip*)buff; unsigned short dst_port; memcpy(&dst_port, buff + 22, sizeof(dst_port)); dst_port = ntohs(dst_port); if (5000 == dst_port || 6000 == dst_port) { printf("%5d %20s",count,inet_ntoa(ip->ip_src)); printf("%20s %5d %5d and port %d \\n",inet_ntoa(ip->ip_dst),ip->ip_p,ntohs(ip->ip_len), dst_port); printf("\\n"); } } }
[root@bogon raw-sockets-example]# ./sniffer 730 10.10.16.82 10.10.16.81 6 60 and port 6000 838 10.10.16.82 10.10.16.81 6 60 and port 6000 991 10.10.16.82 10.10.16.81 6 60 and port 6000 1359 10.10.16.82 10.10.16.81 6 60 and port 5000 1360 10.10.16.82 10.10.16.81 6 52 and port 5000 1473 10.10.16.82 10.10.16.81 6 57 and port 5000 1610 10.10.16.82 10.10.16.81 6 57 and port 5000 1956 10.10.16.82 10.10.16.81 6 57 and port 5000 4035 10.10.16.82 10.10.16.81 6 52 and port 5000 4414 10.10.16.1 10.10.16.81 6 60 and port 6000 4480 10.10.16.1 10.10.16.81 6 60 and port 6000 5938 10.10.16.1 10.10.16.81 6 60 and port 5000 5939 10.10.16.1 10.10.16.81 6 52 and port 5000 6167 10.10.16.1 10.10.16.81 6 57 and port 5000 6229 10.10.16.1 10.10.16.81 6 57 and port 5000 6271 10.10.16.1 10.10.16.81 6 57 and port 5000 6309 10.10.16.1 10.10.16.81 6 57 and port 5000 6343 10.10.16.1 10.10.16.81 6 57 and port 5000 6401 10.10.16.1 10.10.16.81 6 54 and port 5000 6403 10.10.16.1 10.10.16.81 6 52 and port 5000 6404 10.10.16.1 10.10.16.81 6 52 and port 5000
以上是关于raw socket sniffer的主要内容,如果未能解决你的问题,请参考以下文章