int main(){
?pcap_t *sniffer_des;
?char errbuf[PCAP_ERRBUF_SIZE];
?char *net_dev;
?bpf_u_int32 net, mask;
?struct bpf_program fp;
?const u_char *packet;
?struct pcap_pkthdr hdr;
?struct ether_header *eth_header;
?u_char *ptr;
?char filter[] = "port 80";
?net_dev = pcap_lookupdev(errbuf);
?if(net_dev == NULL){
??printf("get device error:%s\n", errbuf);
??return 1;
?}
?net_dev = "p3p1";
?if(pcap_lookupnet(net_dev, &net, &mask, errbuf) == -1){
??printf("get net error:%s\n", errbuf);
??return 1;
?}
?sniffer_des = pcap_open_live(net_dev, 65535, 1, 5000, errbuf);
?if(sniffer_des == NULL){
??printf("pcap_open_live%s\n", errbuf);
??return 1;
?}
?if(pcap_compile(sniffer_des, &fp, filter, 0, mask) == -1){
??printf("pcap_compile error\n");
??return 1;
?}
?if(pcap_setfilter(sniffer_des, &fp) == -1){
??printf("pcap_setfilter() error\n");
??return 1;
?}
?packet = pcap_next(sniffer_des, &hdr);
?if(packet == NULL){
??printf("pacap_next() failed\n");
??return 1;
?}
?printf("Packet length %d\n", hdr.len);
?printf("Sniffer time: %s\n", ctime((const time_t*)&hdr.ts.tv_sec));
?printf("length of portion present: %d\n", hdr.caplen);
?eth_header = (struct ether_header*)packet;
?if(ntohs(eth_header->ether_type) != ETHERTYPE_IP){
??printf("not ethernet packet\n");
??return 1;
?}
?ptr = eth_header->ether_dhost;
?int i = 0;
?printf("destination address(MAC):");
?while(i < ETHER_ADDR_LEN){
??printf(" %x", *ptr++);
??i++;
?}
?printf("\nsource address(MAC):");
?ptr = eth_header->ether_shost;
?i = 0;
?while(i < ETHER_ADDR_LEN){
??printf(" %x", *ptr++);
??i++;
?}
?printf("\n");
?return 0;
}
这个程序可以获取指定网卡的MAC地址,并获取指定端口的数据包,可以用于程序的分析。我电脑上面运行的结果。
?
上面的获取是一个一个的获取,效率很低,下面的程序可以指定获取数据包的个数
[cpp]
#include ??
#include ??
#include ??
?
void deal(u_char *user, const struct pcap_pkthdr *hdr, const u_char *packet){?
??? static int count = 0;?
??? struct ether_header *eth_header;?
??? u_char *ptr;?
?????
??? printf("Packet length %d\n", hdr->len);?
??? printf("length of portion present: %d\n", hdr->caplen);?
?
??? eth_header = (struct ether_header*)packet;?
??? if(ntohs(eth_header->ether_type) != ETHERTYPE_IP){?
??????? printf("not ethernet packet\n");?
??????? return;?
??? }?
?
??? ptr = eth_header->ether_dhost;?
??? int i = 0;?
??? printf("destination address(MAC):");?
??? while(i < ETHER_ADDR_LEN){?
??????? printf(" %x", *ptr++);?
??????? i++;?
??? }?
?
??? printf("\nsource address(MAC):");?
??? ptr = eth_header->ether_shost;?
??? i = 0;?
??? while(i < ETHER_ADDR_LEN){?
??????? printf(" %x", *ptr++);?
??????? i++;?
??? }?
?
??? printf("\nfinish deal with %d packet\n", count);?
??? count++;?
}?
int main(){?
??? pcap_t *sniffer_des;?
??? char errbuf[PCAP_ERRBUF_SIZE];?
??? char *net_dev;?
??? bpf_u_int32 net, mask;?
??? struct bpf_program fp;?
??? const u_char *packet;?
??? struct pcap_pkthdr hdr;?
?????
??? int ret;?
?
??? char filter[] = "port 80";?
?
??? net_dev = pcap_lookupdev(errbuf);?
??? if(net_dev == NULL){?
??????? printf("get device error:%s\n", errbuf);?
??????? return 1;?
??? }?
??? net_dev = "p3p1";?
??? if(pcap_lookupnet(net_dev, &net, &mask, errbuf) == -1){?
??????? printf("get net error:%s\n", errbuf);?
?