?? ipdump.c
字號:
#include <stdio.h>#include <stdlib.h>#include <unistd.h>#include <sys/time.h>#include <sys/socket.h>#include <net/ethernet.h>#include <netinet/in_systm.h>#include <netinet/in.h>#include <netinet/ip.h>#include <netinet/ip_icmp.h>#include <getopt.h> //added for getopt()&&optarg,optind#define __FAVOR_BSD //due to some BSD style structure,tcphdr#include <netinet/tcp.h>#include <netinet/udp.h>#include <netinet/if_ether.h>#include <arpa/inet.h>#ifdef __linux#include <linux/sockios.h>#include <linux/if.h>#else#include <sys/ioctl.h>#include <net/bpf.h>#include <net/if.h>#include <fcntl.h>#endif#define MAXSIZE 4096#define OPTNUM 8#define ON 1#define OFF 0enum{ ETHER, ARP, IP, TCP, UDP, ICMP, DUMP, ALL };#ifdef __linuxint open_bpf (char *ifname);#endifvoid print_ethernet (struct ether_header *eth);void print_arp (struct ether_arp *arp);void print_ip (struct ip *ip);void print_icmp (struct icmp *icmp);void print_tcp (struct tcphdr *tcp);void print_udp (struct udphdr *udp);void dump_packet (unsigned char *buff, int len);char *mac_ntoa (u_char * d);char *tcp_ftoa (int flag);char *ip_ttoa (int flag);char *ip_ftoa (int flag);void help (char *cmd);struct ip *ip; //this structure can be used for allintmain (int argc, char *argv[]){ struct ether_header *eth; struct ether_arp *arp; //struct ip *ip; struct icmp *icmp; struct tcphdr *tcp; struct udphdr *udp; int s; //socket int len; //received len int c; //char from getopt() int disp; //flg of displaying on screen char buff[MAXSIZE]; //recv buffer char *p; //datagram header pointer char *p0; //datagram pointer char ifname[256] = "x10"; //FreeBSD socket int opt[OPTNUM]; //area flag //extern int optind; //getopt() variable#ifndef __linux int bpf_len; //len received from BPF struct bpf_hdr *bp; //BPF header struct#endif //init value of every type packet //setbuf(stdout,NULL); opt[ETHER] = OFF; opt[ARP] = ON; opt[IP] = ON; opt[TCP] = ON; opt[UDP] = ON; opt[ICMP] = ON; opt[DUMP] = OFF; opt[ALL] = OFF;while ((c = getopt (argc, argv, "aei:p:dh") != EOF)) //command parameter process { switch (c) { case 'a': //all { opt[ALL] = ON; break; } case 'i': //ifname { strcpy (ifname, optarg); break; } case 'e': //ethernet { opt[ETHER] = ON; break; } case 'd': //dump { opt[DUMP] = ON; break; } case 'p': //protocol { opt[ARP] = OFF; opt[IP] = OFF; opt[TCP] = OFF; opt[UDP] = OFF; opt[ICMP] = OFF; optind--; while (argv[optind] != NULL && argv[optind][0] != '-') { if (strcmp (argv[optind], "arp" == 0)) //arp opt[ARP] = ON; else if (strcmp (argv[optind], "ip" == 0)) //ip opt[IP] = ON; else if (strcmp (argv[optind], "tcp" == 0)) //tcp opt[TCP] = ON; else if (strcmp (argv[optind], "udp" == 0)) //udp opt[UDP] = ON; else if (strcmp (argv[optind], "icmp" == 0)) //icmp opt[ICMP] = ON; else if (strcmp (argv[optind], "other" == 0)) //other ; else { help (argv[0]); exit (EXIT_FAILURE); } optind ; } break; } case 'h': //help case '?': default: { help (argv[0]); exit (EXIT_FAILURE); break; } } } if (optind < argc) { while (optind < argc) { printf ("%s", argv[optind ]); } printf ("\n"); help (argv[0]); exit (EXIT_FAILURE); }#ifdef __linux //***********open socket with promiscuous*************** if ((s = socket (AF_INET, SOCK_PACKET, htons (ETH_P_ALL))) < 0) //if ((s = socket (AF_INET, SOCK_STREAM, 0)) < 0) { perror ("socket"); exit (EXIT_FAILURE); } if (strcmp (ifname, "x10") != 0) { struct sockaddr sa; memset (&sa, 0, sizeof sa); sa.sa_family = AF_INET; strcpy (sa.sa_data, ifname); if (bind (s, &sa, sizeof sa) < 0) { perror ("bind"); exit (EXIT_FAILURE); } }#else if ((s = open_bpf (ifname)) < 0) { exit (EXIT_FAILURE); } bpf_len = 0;#endif while (1) {#ifndef __linux //******input from UNIX bpf******* if (bpf_len <= 0) { //*********get some packet at onece******** if ((bpf_len = read (s, buff, MAXSIZE)) < 0) { perror ("read"); exit (EXIT_FAILURE); } bp = (struct bpf_hdr *) buff; } else { //*********move the next bpf pointer******* bp = (struct bpf hdr *) ((char *) bp+ bp->bh_hdrlen+ bp->bh_caplen); bp = (struct bpf hdr *) BPF_WORDALIGN ((int) bp); } //*******init Ethernet header pointer******** p = p0 = (char *) bp+ bp->bh_hdrlen; len = bp->bh_caplen;#ifdef DEBUG //*******display BPF header struct*********** printf ("hdrlen=%d,", bp->bh_hdrlen); printf ("caplen=%d,", bp->bh_caplen); printf ("datalen=%d\n", bp->bh_datalen);#endif //*******process unit before next while loop** bpf_len -= BPF_WORDALIGN (bp->bh_hdrlen bp->bh_caplen);#else //*******input from Linux SOCK_PACKET******** if ((len = read (s, buff, MAXSIZE)) < 0) { perror ("read"); exit (EXIT_FAILURE); } //*******init Ethernet header pointer********* p = p0 = buff;#endif //*******packet displaying process unit******* disp = OFF; //flag of whether display on screen //*******set the header of Ethernet's struct*** eth = (struct ether_header *) p; p = p + sizeof (struct ether_header); //ethernet datagram pointer if (ntohs (eth->ether_type) == ETHERTYPE_ARP) //arp packet { if (opt[ARP] == ON) { if (opt[ETHER] == ON) { print_ethernet (eth); } arp = (struct ether_arp *) p; print_arp (arp); disp = ON; } } else if ((ntohs (eth->ether_type) == ETHERTYPE_IP) && (eth->ether_dhost != eth->ether_shost)) //ip packet { ip = (struct ip *) p; if (strcmp (inet_ntoa (*(struct in_addr *) &(ip->ip_src)), "127.0.0.1" != 0)) { p = p + ((int) (ip->ip_hl) << 2); if (opt[IP] == ON && opt[TCP] == OFF && opt[UDP] == OFF && opt[ICMP] == OFF) { if (opt[ETHER] == ON) { print_ethernet (eth); } print_ip (ip); disp = ON; } switch (ip->ip_p) { case IPPROTO_TCP: tcp = (struct tcphdr *) p; p = p + ((int) (tcp->th_off) << 2); if (opt[TCP] == ON) { if (opt[IP] == ON) { if (opt[ETHER] == ON) { print_ethernet(eth); } print_ip (ip); } print_tcp (tcp); disp = ON; } break; case IPPROTO_UDP: udp = (struct udphdr *) p; p = p + sizeof (struct udphdr); if (opt[UDP] == ON) { if (opt[IP] == ON) { if (opt[ETHER] == ON) { print_ethernet (eth); } print_ip (ip); } print_udp (udp); disp = ON; } break; case IPPROTO_ICMP: icmp = (struct icmp *) p; p = p + sizeof (struct udphdr); if (opt[ICMP] == ON) { if (opt[IP] == ON) { if (opt[ETHER] == ON) { print_ethernet (eth); } print_ip (ip); } print_icmp (icmp); disp = ON; } break; default: if (opt[ALL] == ON) { if (opt[IP] == ON) { if (opt[ETHER] == ON) { print_ethernet (eth); } print_ip (ip); } printf ("IP Protocol : unknown\n"); disp = ON; } break; } } else { if (opt[ALL] == ON) { if (opt[ETHER] == ON) { print_ethernet (eth); } printf ("Ethernet protocol:unknow\n"); disp = ON; } } if (disp == ON) { if (opt[DUMP] == ON) { dump_packet (p0, len); } printf ("\n"); } } } return EXIT_SUCCESS;}/************************************************convert mac add. to str************************************************/char *mac_ntoa (u_char * d){ static char str[50]; sprintf (str, "%02x:%02x:%02x:%02x:%02x:%02x", d[0], d[1], d[2], d[3], d[4], d[5]); return str;}/************************************************disp Ethernet header************************************************/voidprint_ethernet (struct ether_header *eth){ int type = ntohs (eth->ether_type); //Ethernet type if (type <= 1500) { printf ("IEEE 802.3 Ethernet Frame:\n"); } else { printf ("Ethernet Frame:\n"); } printf (" ------------------------------------------ \n"); printf ("|Destination MAC Address: % 17s|\n", mac_ntoa (eth->ether_dhost)); printf (" ------------------------------------------ \n"); printf ("|Source MAC Address:% 17s|\n",?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -