May 152006
 

今天研究了下pcap,简单写了段代码,能嗅探到混杂模式网卡接收到的所有包了,贴一下以备以后使用:

#include
#include
#include
#include
#include
#include
#include
#include
#include

#include

int main()
{
char *dev, errbuf[PCAP_ERRBUF_SIZE];
pcap_if_t * alldevsp;
dev = pcap_lookupdev(errbuf);
printf(“Device used: %sn”, dev);
int x=pcap_findalldevs(&alldevsp,errbuf);
pcap_if_t * ifdev;
for(ifdev=alldevsp;ifdev;ifdev=ifdev->next)
{
printf(“Device: %sn”,ifdev->name);
}

struct bpf_program filter;
char filter_app[] = “host 10.0.0″;
bpf_u_int32 mask;
bpf_u_int32 net;

pcap_t* adhandle;

adhandle = pcap_open_live(dev,100,1,1000,errbuf);
pcap_lookupnet(dev, &net, &mask, errbuf);
pcap_compile(adhandle, &filter, filter_app, 0, net);

pcap_setfilter(adhandle, &filter);

pcap_dumper_t* dumpfile;
dumpfile=pcap_dump_open(adhandle, “packet.dat”);
int re;
struct pcap_pkthdr* header;
u_char* pkt_data;
while((re=pcap_next_ex(adhandle,&header,(const u_char**)&pkt_data))>=0)
{
pcap_dump((unsigned char*)dumpfile,header,pkt_data);
}

pcap_freealldevs(alldevsp);
return(0);
}

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>