{"id":407,"date":"2018-03-14T15:24:33","date_gmt":"2018-03-14T07:24:33","guid":{"rendered":"http:\/\/www.max-shu.com\/blog\/?p=407"},"modified":"2018-03-14T15:24:33","modified_gmt":"2018-03-14T07:24:33","slug":"linux%e4%b8%8b%e7%9a%84%e7%b1%bb%e4%bc%bcwireshark%e3%80%81tcpdump%e7%9a%84ip%e6%8a%93%e5%8c%85%e7%a8%8b%e5%ba%8f","status":"publish","type":"post","link":"http:\/\/www.max-shu.com\/blog\/?p=407","title":{"rendered":"linux\u4e0b\u7684\u7c7b\u4f3cwireshark\u3001tcpdump\u7684IP\u6293\u5305\u7a0b\u5e8f"},"content":{"rendered":"
\u5f88\u4e45\u5199\u7684\u4e2a\u5c0f\u7a0b\u5e8f\uff0c\u53ef\u4ee5\u5b9e\u73b0\u7c7b\u4f3cwireshark\u3001tcpdump\u7684\u6293\u5305\u5206\u6790\u529f\u80fd\uff1a<\/div>\n
<\/div>\n
\n
<\/div>\n
\/*linux\u4e0b\u7528socket\u7684\u6293\u5305\u7a0b\u5e8f*\/<\/div>\n
<\/div>\n
#include <unistd.h><\/div>\n
#include <fcntl.h><\/div>\n
#include <stdio.h><\/div>\n
#include <stdlib.h><\/div>\n
#include <sys\/socket.h><\/div>\n
#include <netinet\/in.h><\/div>\n
#include <arpa\/inet.h><\/div>\n
#include <netinet\/ip.h><\/div>\n
#include <string.h><\/div>\n
#include <netdb.h><\/div>\n
#include <netinet\/tcp.h><\/div>\n
#include <netinet\/udp.h><\/div>\n
#include <stdlib.h><\/div>\n
#include <unistd.h><\/div>\n
#include <signal.h><\/div>\n
#include <net\/if.h><\/div>\n
#include <sys\/ioctl.h><\/div>\n
#include <sys\/stat.h><\/div>\n
#include <fcntl.h><\/div>\n
#include <linux\/if_ether.h><\/div>\n
#include <net\/ethernet.h><\/div>\n
<\/div>\n
\/*<\/div>\n
<\/div>\n
#define ETH_ALEN 6<\/div>\n
************************eth\u7684\u7ed3\u6784**************************************<\/div>\n
struct ether_header<\/div>\n
{<\/div>\n
\u00a0 u_int8_t \u00a0ether_dhost[ETH_ALEN]; \u00a0 \u00a0 \u00a0\/\/ destination eth addr<\/div>\n
\u00a0 u_int8_t \u00a0ether_shost[ETH_ALEN]; \u00a0 \u00a0 \u00a0\/\/ source ether addr<\/div>\n
\u00a0 u_int16_t ether_type; \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \/\/ packet type ID field<\/div>\n
} __attribute__ ((__packed__));<\/div>\n
<\/div>\n
***********************IP\u7684\u7ed3\u6784***********************************<\/div>\n
struct iphdr<\/div>\n
{<\/div>\n
#if __BYTE_ORDER == __LITTLE_ENDIAN<\/div>\n
\u00a0 \u00a0 unsigned int ihl:4;<\/div>\n
\u00a0 \u00a0 unsigned int version:4;<\/div>\n
#elif __BYTE_ORDER == __BIG_ENDIAN<\/div>\n
\u00a0 \u00a0 unsigned int version:4;<\/div>\n
\u00a0 \u00a0 unsigned int ihl:4;<\/div>\n
#else<\/div>\n
# error “Please fix <bits\/endian.h>”<\/div>\n
#endif<\/div>\n
\u00a0 \u00a0 u_int8_t tos;<\/div>\n
\u00a0 \u00a0 u_int16_t tot_len;<\/div>\n
\u00a0 \u00a0 u_int16_t id;<\/div>\n
\u00a0 \u00a0 u_int16_t frag_off;<\/div>\n
\u00a0 \u00a0 u_int8_t ttl;<\/div>\n
\u00a0 \u00a0 u_int8_t protocol;<\/div>\n
\u00a0 \u00a0 u_int16_t check;<\/div>\n
\u00a0 \u00a0 u_int32_t saddr;<\/div>\n
\u00a0 \u00a0 u_int32_t daddr;<\/div>\n
};<\/div>\n
<\/div>\n
***********************TCP\u7684\u7ed3\u6784****************************<\/div>\n
struct tcphdr<\/div>\n
{<\/div>\n
\u00a0 \u00a0 u_int16_t source;<\/div>\n
\u00a0 \u00a0 u_int16_t dest;<\/div>\n
\u00a0 \u00a0 u_int32_t seq;<\/div>\n
\u00a0 \u00a0 u_int32_t ack_seq;<\/div>\n
#if __BYTE_ORDER == __LITTLE_ENDIAN<\/div>\n
\u00a0 \u00a0 u_int16_t res1:4;<\/div>\n
\u00a0 \u00a0 u_int16_t doff:4;<\/div>\n
\u00a0 \u00a0 u_int16_t fin:1;<\/div>\n
\u00a0 \u00a0 u_int16_t syn:1;<\/div>\n
\u00a0 \u00a0 u_int16_t rst:1;<\/div>\n
\u00a0 \u00a0 u_int16_t psh:1;<\/div>\n
\u00a0 \u00a0 u_int16_t ack:1;<\/div>\n
\u00a0 \u00a0 u_int16_t urg:1;<\/div>\n
\u00a0 \u00a0 u_int16_t res2:2;<\/div>\n
#elif __BYTE_ORDER == __BIG_ENDIAN<\/div>\n
\u00a0 \u00a0 u_int16_t doff:4;<\/div>\n
\u00a0 \u00a0 u_int16_t res1:4;<\/div>\n
\u00a0 \u00a0 u_int16_t res2:2;<\/div>\n
\u00a0 \u00a0 u_int16_t urg:1;<\/div>\n
\u00a0 \u00a0 u_int16_t ack:1;<\/div>\n
\u00a0 \u00a0 u_int16_t psh:1;<\/div>\n
\u00a0 \u00a0 u_int16_t rst:1;<\/div>\n
\u00a0 \u00a0 u_int16_t syn:1;<\/div>\n
\u00a0 \u00a0 u_int16_t fin:1;<\/div>\n
#else<\/div>\n
#error “Adjust your <bits\/endian.h> defines”<\/div>\n
#endif<\/div>\n
\u00a0 \u00a0 u_int16_t window;<\/div>\n
\u00a0 \u00a0 u_int16_t check;<\/div>\n
\u00a0 \u00a0 u_int16_t urg_ptr;<\/div>\n
};<\/div>\n
<\/div>\n
***********************UDP\u7684\u7ed3\u6784*****************************<\/div>\n
struct udphdr<\/div>\n
{<\/div>\n
\u00a0 u_int16_t source;<\/div>\n
\u00a0 u_int16_t dest;<\/div>\n
\u00a0 u_int16_t len;<\/div>\n
\u00a0 u_int16_t check;<\/div>\n
};<\/div>\n
*\/<\/div>\n
<\/div>\n
<\/div>\n
void die(char *why, int n)<\/div>\n
{<\/div>\n
\u00a0 \u00a0 perror(why);<\/div>\n
\u00a0 \u00a0 exit(n);<\/div>\n
}<\/div>\n
<\/div>\n
\/*\u4fee\u6539\u7f51\u5361\u6210PROMISC(\u6df7\u6742)\u6a21\u5f0f*\/<\/div>\n
int do_promisc(char *nif, int sock )<\/div>\n
{<\/div>\n
\u00a0 \u00a0 struct ifreq ifr;<\/div>\n
<\/div>\n
\u00a0 \u00a0 strncpy(ifr.ifr_name, nif,strlen(nif)+1);<\/div>\n
\u00a0 \u00a0 if((ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)) \u00a0\/\/\u83b7\u5f97flag<\/div>\n
\u00a0 \u00a0 {<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 die(“NET_CAPTURE: ioctl get SIOCGIFFLAGS error!\\n”, 2);<\/div>\n
\u00a0 \u00a0 }<\/div>\n
<\/div>\n
\u00a0 \u00a0 ifr.ifr_flags |= IFF_PROMISC; \u00a0\/\/\u91cd\u7f6eflag\u6807\u5fd7<\/div>\n
<\/div>\n
\u00a0 \u00a0 if(ioctl(sock, SIOCSIFFLAGS, &ifr) == -1 ) \u00a0\/\/\u6539\u53d8\u6a21\u5f0f<\/div>\n
\u00a0 \u00a0 {<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 die(“NET_CAPTURE: ioctl: set IFF_PROMISC error!\\n”, 3);<\/div>\n
\u00a0 \u00a0 }<\/div>\n
}<\/div>\n
<\/div>\n
void main(int argc,char *argv[])<\/div>\n
{<\/div>\n
\u00a0 \u00a0 struct sockaddr_in addr,remote_addr;<\/div>\n
\u00a0 \u00a0 struct ether_header *peth;<\/div>\n
\u00a0 \u00a0 struct iphdr *pip;<\/div>\n
\u00a0 \u00a0 struct tcphdr *ptcp;<\/div>\n
\u00a0 \u00a0 struct udphdr *pudp;<\/div>\n
\u00a0 \u00a0 char mac[16];<\/div>\n
\u00a0 \u00a0 int i,sock, r, len;<\/div>\n
\u00a0 \u00a0 int sendSock;<\/div>\n
\u00a0 \u00a0 char *data;<\/div>\n
\u00a0 \u00a0 char *ptemp;<\/div>\n
\u00a0 \u00a0 char ss[32] = {0}, dd[32] = {0};<\/div>\n
\u00a0 \u00a0 unsigned short ssPort,ddPort;<\/div>\n
\u00a0 \u00a0 unsigned short monPort1,monPort2,monPort3,monPort4,monPort5;<\/div>\n
\u00a0 \u00a0 unsigned short sendPort;<\/div>\n
\u00a0 \u00a0 char *if_name,*sendIp;<\/div>\n
\u00a0 \u00a0 int isDebug=0;<\/div>\n
<\/div>\n
\u00a0 \u00a0 if(argc != 9)<\/div>\n
\u00a0 \u00a0 {<\/div>\n
\u00a0 \u00a0\u00a0 printf(“NET_CAPTURE: COMMAND LINE FORMAT:\\n”);<\/div>\n
\u00a0 \u00a0\u00a0 printf(” \u00a0 \u00a0net_caputure if_name sendIp sendPort monPort1 monPort2 monPort3 monPort4 monPort5\\n”);<\/div>\n
\u00a0 \u00a0\u00a0 printf(” \u00a0 \u00a0 \u00a0if_name: captured intface name: eth0, bond0, br0\\n”);<\/div>\n
\u00a0 \u00a0\u00a0 printf(” \u00a0 \u00a0 \u00a0sendIp: send captured packages to this IP address\\n”);<\/div>\n
\u00a0 \u00a0\u00a0 printf(” \u00a0 \u00a0 \u00a0sendPort: send captured packages to this IP address’s UDP port\\n”);<\/div>\n
\u00a0 \u00a0\u00a0 printf(” \u00a0 \u00a0 \u00a0monPortX: capture these port’s UDP\/TCP packages\\n”);<\/div>\n
\u00a0 \u00a0\u00a0 printf(” \u00a0 \u00a0 \u00a0 \u00a0if monPort1 is 0, capture all UDP\/TCP packages in this if_name\\n”);<\/div>\n
\u00a0 \u00a0\u00a0 printf(” \u00a0 \u00a0EXAMPLE: .\/net_caputure eth0 172.16.154.250 5555 80 8080 8443 8000 3306\\n”);<\/div>\n
\u00a0 \u00a0\u00a0 die(“NET_CAPTURE: parameter is error\\n”, 1);<\/div>\n
\u00a0 \u00a0 }<\/div>\n
\u00a0 \u00a0 if_name = argv[1];<\/div>\n
\u00a0 \u00a0 sendIp = argv[2];<\/div>\n
\u00a0 \u00a0 sendPort = (unsigned short)atoi(argv[3]);<\/div>\n
\u00a0 \u00a0 monPort1 = (unsigned short)atoi(argv[4]);<\/div>\n
\u00a0 \u00a0 monPort2 = (unsigned short)atoi(argv[5]);<\/div>\n
\u00a0 \u00a0 monPort3 = (unsigned short)atoi(argv[6]);<\/div>\n
\u00a0 \u00a0 monPort4 = (unsigned short)atoi(argv[7]);<\/div>\n
\u00a0 \u00a0 monPort5 = (unsigned short)atoi(argv[8]);<\/div>\n
<\/div>\n
\u00a0 \u00a0 memset(&remote_addr, 0, sizeof(remote_addr));<\/div>\n
\u00a0 \u00a0 remote_addr.sin_family=AF_INET;<\/div>\n
\u00a0 \u00a0 remote_addr.sin_addr.s_addr=inet_addr(sendIp);<\/div>\n
\u00a0 \u00a0 remote_addr.sin_port=htons(sendPort);<\/div>\n
<\/div>\n
\u00a0 \u00a0 \/*\u5efa\u7acbsocket, man socket\u53ef\u4ee5\u770b\u5230\u4e0a\u9762\u51e0\u4e2a\u5b8f\u7684\u610f\u601d*\/<\/div>\n
\u00a0 \u00a0 if((sock = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) == -1)<\/div>\n
\u00a0 \u00a0 {<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 die(“NET_CAPTURE: create monitor socket error\uff01\\n”, 1);<\/div>\n
\u00a0 \u00a0 }<\/div>\n
\u00a0 \u00a0 if((sendSock = socket(PF_INET, SOCK_DGRAM, 0)) == -1)<\/div>\n
\u00a0 \u00a0 {<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 die(“NET_CAPTURE: create sending socket error\uff01\\n”, 1);<\/div>\n
\u00a0 \u00a0 }<\/div>\n
<\/div>\n
\u00a0 \u00a0 \/*eth0\u4e3a\u7f51\u5361\u540d\u79f0 *\/<\/div>\n
\u00a0 \u00a0 do_promisc(if_name, sock);<\/div>\n
<\/div>\n
\u00a0 \u00a0 system(“ifconfig”);<\/div>\n
\u00a0 \u00a0 printf(“\\n”);<\/div>\n
\u00a0 \u00a0 printf(“NET_CAPTURE: Use \\”touch net_capture.debug\\” to output debug information\\n”);<\/div>\n
\u00a0 \u00a0 printf(“NET_CAPTURE: Use \\”rm net_capture.debug\\” to shutdown debug information\\n”);<\/div>\n
\u00a0 \u00a0 printf(“\\n”);<\/div>\n
<\/div>\n
\u00a0 \u00a0 char buf[65536+40] = {0};<\/div>\n
\u00a0 \u00a0 for(;;)<\/div>\n
\u00a0 \u00a0 {<\/div>\n
\u00a0\u00a0 \u00a0\/*Use “touch net_capture.debug” to output debug information*\/<\/div>\n
\u00a0\u00a0 \u00a0\/*Use “rm net_capture.debug” to shutdown debug information*\/<\/div>\n
\u00a0\u00a0 \u00a0\u00a0 if(access(“net_capture.debug”, F_OK)==0)<\/div>\n
\u00a0 \u00a0\u00a0 isDebug = 1;<\/div>\n
\u00a0 \u00a0\u00a0 else<\/div>\n
\u00a0 \u00a0\u00a0 isDebug = 0;<\/div>\n
<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 len = sizeof(addr);<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 r = recvfrom(sock, (char *)buf, sizeof(buf), 0, (struct sockaddr *)&addr, (socklen_t *)&len);<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \/*\u8c03\u8bd5\u7684\u65f6\u5019\u53ef\u4ee5\u589e\u52a0\u4e00\u4e2a\u8f93\u51far\u7684\u8bed\u53e5\u5224\u65ad\u662f\u5426\u6293\u5230\u5305*\/<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 buf[r] = 0;<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 ptemp = buf;<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 peth = (struct ether_header *)ptemp;<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 if(r <= sizeof(struct ether_header)) \/*only ethernet package*\/<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0\u00a0 continue;<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 if(ntohs(peth->ether_type)!=0x0800)<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0\u00a0 continue;<\/div>\n
<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \/*\u6307\u9488\u540e\u79fbeth\u5934\u7684\u957f\u5ea6*\/<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 ptemp += sizeof(struct ether_header);<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \/*pip\u6307\u5411ip\u5c42\u7684\u5305\u5934*\/<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \/*pip = (struct ip *)ptemp;*\/<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 pip = (struct iphdr *)ptemp;<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 if(r <= sizeof(struct ether_header)+sizeof(struct iphdr)) \/*only ip package*\/<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0\u00a0 continue;<\/div>\n
<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \/*\u6307\u9488\u540e\u79fbip\u5934\u7684\u957f\u5ea6 *\/<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 ptemp += sizeof(struct ip);<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \/*\u6839\u636e\u4e0d\u540c\u534f\u8bae\u5224\u65ad\u6307\u9488\u7c7b\u578b*\/<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 switch(pip->protocol)<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 {<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 case IPPROTO_TCP:<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 {<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \/*ptcp\u6307\u5411tcp\u5934\u90e8*\/<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 ptcp = (struct tcphdr *)ptemp;<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 strcpy(ss, inet_ntoa(*(struct in_addr*)&(pip->saddr)));<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 strcpy(dd, inet_ntoa(*(struct in_addr*)&(pip->daddr)));<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 ssPort = ntohs(ptcp->source);<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 ddPort = ntohs(ptcp->dest);<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 if(monPort1 == 0<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 || ssPort == monPort1 || ssPort == monPort2 || ssPort == monPort3 || ssPort == monPort4 || ssPort == monPort5<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 || ddPort == monPort1 || ddPort == monPort2 || ddPort == monPort3 || ddPort == monPort4 || ddPort == monPort5)<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 {<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 if(isDebug == 1)<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 printf(“TCP pkt: FROM [%15s:%-5d] TO [%15s:%-5d], len:%d\\n”,<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 \u00a0\u00a0ss, ssPort,<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 dd, ddPort,<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 r);<\/div>\n
if((sendto(sendSock, buf, r, 0, (struct sockaddr *)&remote_addr, sizeof(struct sockaddr)))<0)<\/div>\n
{<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0\u00a0 printf(“NET_CAPTURE: sendto error\\n”);<\/div>\n
\u00a0\u00a0 \u00a0close(sock);<\/div>\n
\u00a0 \u00a0\u00a0 close(sendSock);<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0\u00a0 return;<\/div>\n
}<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 }<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 break;<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 }<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 case IPPROTO_UDP:<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 {<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \/*pudp\u6307\u5411udp\u5934\u90e8*\/<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 pudp = (struct udphdr *)ptemp;<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 strcpy(ss, inet_ntoa(*(struct in_addr*)&(pip->saddr)));<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 strcpy(dd, inet_ntoa(*(struct in_addr*)&(pip->daddr)));<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 ssPort = ntohs(pudp->source);<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 ddPort = ntohs(pudp->dest);<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 if(monPort1 == 0<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 || ssPort == monPort1 || ssPort == monPort2 || ssPort == monPort3 || ssPort == monPort4 || ssPort == monPort5<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 || ddPort == monPort1 || ddPort == monPort2 || ddPort == monPort3 || ddPort == monPort4 || ddPort == monPort5)<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 {<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 if(strcmp(dd,sendIp) != 0 || ddPort != sendPort)<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 {<\/div>\n
\u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0if(isDebug == 1)<\/div>\n
\u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0\u00a0printf(“UDP pkt: FROM [%15s:%-5d] TO [%15s:%-5d], len:%d, payload len:%d\\n”,<\/div>\n
\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 \u00a0 \u00a0 \u00a0ss,<\/div>\n
\u00a0 \u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0 \u00a0 \u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0ssPort,<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0dd,<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0ddPort,<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0 \u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0r,<\/div>\n
\u00a0 \u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 \u00a0 \u00a0 \u00a0ntohs(pudp->len)<\/div>\n
\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 \u00a0 \u00a0);<\/div>\n
if((sendto(sendSock, buf, r, 0, (struct sockaddr *)&remote_addr, sizeof(struct sockaddr)))<0)<\/div>\n
{<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0\u00a0 printf(“NET_CAPTURE: sendto error\\n”);<\/div>\n
\u00a0\u00a0 \u00a0close(sock);<\/div>\n
\u00a0 \u00a0\u00a0 close(sendSock);<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0\u00a0 return;<\/div>\n
}<\/div>\n
}<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 }<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 break;<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 }<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 case IPPROTO_ICMP:<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 {<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 strcpy(ss, inet_ntoa(*(struct in_addr*)&(pip->saddr)));<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 strcpy(dd, inet_ntoa(*(struct in_addr*)&(pip->daddr)));<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 if(isDebug == 1)<\/div>\n
\u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0printf(“ICMP pkt: FROM [%s] TO [%s]\\n”, ss, dd);<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 break;<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 }<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 case IPPROTO_IGMP:<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 {<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 if(isDebug == 1)<\/div>\n
\u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0printf(“IGMP pkt:\\n”);<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 break;<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 }<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 case 81:<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 {<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 if(isDebug == 1)<\/div>\n
\u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0printf(“VMTP(Virtual Machine Terminal Protocol) pkt:\\n”);<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 break;<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 }<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 default:<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 {<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 if(isDebug == 1)<\/div>\n
\u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0printf(“Unkown pkt, protocl:%d\\n”, pip->protocol);<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 break;<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 }<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 } \/*end switch*\/<\/div>\n
\u00a0 \u00a0 \u00a0 \u00a0 \/*perror(“dump”);*\/<\/div>\n
\u00a0 \u00a0 }<\/div>\n
\u00a0 \u00a0 close(sock);<\/div>\n
\u00a0 \u00a0 close(sendSock);<\/div>\n
}<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

\u5f88\u4e45\u5199\u7684\u4e2a\u5c0f\u7a0b\u5e8f\uff0c\u53ef\u4ee5\u5b9e\u73b0\u7c7b\u4f3cwireshark\u3001tcpdump\u7684\u6293\u5305\u5206\u6790\u529f\u80fd\uff1a \/*linux\u4e0b\u7528socke …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15,186],"tags":[9,346,344,343,345,348,347,92],"class_list":["post-407","post","type-post","status-publish","format-standard","hentry","category-linuxandroid","category-186","tag-linux","tag-socket","tag-tcpdump","tag-wireshark","tag-345","tag-348","tag-347","tag-92"],"views":2084,"_links":{"self":[{"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/407","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=407"}],"version-history":[{"count":1,"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/407\/revisions"}],"predecessor-version":[{"id":408,"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/407\/revisions\/408"}],"wp:attachment":[{"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=407"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=407"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=407"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}