38 01 26 68 8e 20 b6 c4 e6 e7 79 e1 63 8e 80 11
87. 01 c5 f1 dd 00 00 01 01 08 0a 00 57 a1 2e 00 14
88. b7 25
89.
90. id: 10
91. Packet length: 66
92. Number of bytes: 66
93. Recieved time: Sat Apr 28 19:57:50 2012
94. 08 00 27 9c ff b1 0a 00 27 00 00 00 08 00 45 00
95. 00 34 d4 b2 40 00 40 06 74 5a c0 a8 38 01 c0 a8
96. 38 65 8e 20 26 68 79 e1 63 8e b6 c4 e6 e7 80 10
97. 00 e5 fb bc 00 00 01 01 08 0a 00 14 b7 25 00 57
98. a1 2e
99.
100. id: 11
101. Packet length: 66
102. Number of bytes: 66
103. Recieved time: Sat Apr 28 19:57:50 2012
104. 08 00 27 9c ff b1 0a 00 27 00 00 00 08 00 45 00
105. 00 34 d4 b3 40 00 40 06 74 59 c0 a8 38 01 c0 a8
106. 38 65 8e 20 26 68 79 e1 63 8e b6 c4 e6 e7 80 11
107. 00 e5 fb bb 00 00 01 01 08 0a 00 14 b7 25 00 57
108. a1 2e
109.
110. id: 12
111. Packet length: 66
112. Number of bytes: 66
113. Recieved time: Sat Apr 28 19:57:50 2012
114. 0a 00 27 00 00 00 08 00 27 9c ff b1 08 00 45 00
115. 00 34 47 ce 40 00 40 06 01 3f c0 a8 38 65 c0 a8
116. 38 01 26 68 8e 20 b6 c4 e6 e8 79 e1 63 8f 80 10
117. 01 c5 f1 dd 00 00 01 01 08 0a 00 57 a1 2e 00 14
118. b7 25
119.
120. id: 13
121. Packet length: 66
122. Number of bytes: 66
123. Recieved time: Sat Apr 28 19:57:50 2012
124. 08 00 27 9c ff b1 0a 00 27 00 00 00 08 00 45 00
125. 00 34 d4 b4 40 00 40 06 74 58 c0 a8 38 01 c0 a8
126. 38 65 8e 20 26 68 79 e1 63 8f b6 c4 e6 e8 80 10
127. 00 e5 fb b9 00 00 01 01 08 0a 00 14 b7 26 00 57
128. a1 2e
仔細(xì)研究即可發(fā)現(xiàn)服務(wù)器與客戶機(jī)是如何通過tcp通信的�����。
下面的這個(gè)程序可以獲取eth0的ip和子網(wǎng)掩碼等信息:
test5:
[cpp] view plain copy
1. #include <stdio.h>
2. #include <stdlib.h>
3. #include <pcap.h>
4. #include <errno.h>
5. #include <netinet/in.h>
6. #include <arpa/inet.h>
7.
8. int main()
9. {
10. /* ask pcap to find a valid device for use to sniff on */
11. char * dev; /* name of the device */
12. char errbuf[PCAP_ERRBUF_SIZE];
13. dev = pcap_lookupdev(errbuf);
14.
15. /* error checking */
16. if(!dev)
17. {
18. printf("pcap_lookupdev() error: %s\n", errbuf);
19. exit(1);
20. }
21.
22. /* print out device name */
23. printf("dev name: %s\n", dev);
24.
25. /* ask pcap for the network address and mask of the device */
26. bpf_u_int32 netp; /* ip */
27. bpf_u_int32 maskp; /* subnet mask */
28. int ret; /* return code */
29. ret = pcap_lookupnet(dev, &netp, &maskp, errbuf);
30.
31. if(ret == -1)
32. {
33. printf("pcap_lookupnet() error: %s\n", errbuf);
34. exit(1);
35. }
36.
37. /* get the network address in a human readable form */
38. char * net; /* dot notation of the network address */
39. char * mask; /* dot notation of the network mask */
40. struct in_addr addr;
41.
42. addr.s_addr = netp;
43. net = inet_ntoa(addr);
44.
45. if(!net)
46. {
47. perror("inet_ntoa() ip error: ");
48. exit(1);
49. }
50.
51. printf("ip: %s\n", net);
52.
53. /* do the same as above for the device's mask */
54. addr.s_addr = maskp;
55. mask = inet_ntoa(addr);
56.
57. if(!mask)
58. {
59. perror("inet_ntoa() sub mask error: ");
60. exit(1);
61. }
62.
63. printf("sub mask: %s\n", mask);
64.
65. return 0;
66. }
int pcap_lookupnet(const char * device, bpf_u_int32 * netp, bpf_u_int32 * maskp, char * errbuf)
可以獲取指定設(shè)備的ip地址����,子網(wǎng)掩碼等信息
netp:傳出參數(shù)�����,指定網(wǎng)絡(luò)接口的ip地址
maskp:傳出參數(shù)�����,指定網(wǎng)絡(luò)接口的子網(wǎng)掩碼
pcap_lookupnet()失敗返回-1
我們使用inet_ntoa()將其轉(zhuǎn)換為可讀的點(diǎn)分十進(jìn)制形式的字符串
本文的絕大部分來源于libpcap的官方文檔:libpcapHakin9LuisMartinGarcia.pdf�����,可以在官網(wǎng)下載�����,文檔只有9頁���,不過很詳細(xì)�����,還包括了數(shù)據(jù)鏈路層�����,網(wǎng)絡(luò)層��,傳輸層���,應(yīng)用層等的分析。很好�!
libpcap使用
時(shí)間:2018-09-29 來源:未知
