raw socket sniffer
作者:互联网
#include<stdio.h> #include<stdlib.h> #include<string.h> #include<netinet/ip_icmp.h> #include<netinet/tcp.h> #include<netinet/udp.h> #include<arpa/inet.h> #include<sys/socket.h> #include<sys/types.h> #define BUFFSIZE 1024 int main(){ int rawsock; char buff[BUFFSIZE]; int n; int count = 0; rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_TCP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_UDP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_ICMP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_RAW); if(rawsock < 0){ printf("raw socket error!\n"); exit(1); } while(1){ n = recvfrom(rawsock,buff,BUFFSIZE,0,NULL,NULL); if(n<0){ printf("receive error!\n"); exit(1); } count++; struct ip *ip = (struct ip*)buff; printf("%5d %20s",count,inet_ntoa(ip->ip_src)); printf("%20s %5d %5d\n",inet_ntoa(ip->ip_dst),ip->ip_p,ntohs(ip->ip_len)); printf("\n"); } }
所有IP的所有port都能接收
#include<stdio.h> #include<stdlib.h> #include<string.h> #include<netinet/ip_icmp.h> #include<netinet/tcp.h> #include<netinet/udp.h> #include<arpa/inet.h> #include<sys/socket.h> #include<sys/types.h> #define BUFFSIZE 1024 int main(){ int rawsock; char buff[BUFFSIZE]; int n; int count = 0; rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_TCP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_UDP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_ICMP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_RAW); if(rawsock < 0){ printf("raw socket error!\n"); exit(1); } while(1){ n = recvfrom(rawsock,buff,BUFFSIZE,0,NULL,NULL); if(n<0){ printf("receive error!\n"); exit(1); } count++; struct ip *ip = (struct ip*)buff; unsigned short dst_port; memcpy(&dst_port, buff + 22, sizeof(dst_port)); dst_port = ntohs(dst_port); if (5000 == dst_port || 6000 == dst_port) { printf("%5d %20s",count,inet_ntoa(ip->ip_src)); printf("%20s %5d %5d and port %d \n",inet_ntoa(ip->ip_dst),ip->ip_p,ntohs(ip->ip_len), dst_port); printf("\n"); } } }
[root@bogon raw-sockets-example]# ./sniffer 730 10.10.16.82 10.10.16.81 6 60 and port 6000 838 10.10.16.82 10.10.16.81 6 60 and port 6000 991 10.10.16.82 10.10.16.81 6 60 and port 6000 1359 10.10.16.82 10.10.16.81 6 60 and port 5000 1360 10.10.16.82 10.10.16.81 6 52 and port 5000 1473 10.10.16.82 10.10.16.81 6 57 and port 5000 1610 10.10.16.82 10.10.16.81 6 57 and port 5000 1956 10.10.16.82 10.10.16.81 6 57 and port 5000 4035 10.10.16.82 10.10.16.81 6 52 and port 5000 4414 10.10.16.1 10.10.16.81 6 60 and port 6000 4480 10.10.16.1 10.10.16.81 6 60 and port 6000 5938 10.10.16.1 10.10.16.81 6 60 and port 5000 5939 10.10.16.1 10.10.16.81 6 52 and port 5000 6167 10.10.16.1 10.10.16.81 6 57 and port 5000 6229 10.10.16.1 10.10.16.81 6 57 and port 5000 6271 10.10.16.1 10.10.16.81 6 57 and port 5000 6309 10.10.16.1 10.10.16.81 6 57 and port 5000 6343 10.10.16.1 10.10.16.81 6 57 and port 5000 6401 10.10.16.1 10.10.16.81 6 54 and port 5000 6403 10.10.16.1 10.10.16.81 6 52 and port 5000 6404 10.10.16.1 10.10.16.81 6 52 and port 5000
标签:5000,socket,rawsock,raw,10.10,sniffer,include,port,16.81 来源: https://www.cnblogs.com/dream397/p/14773627.html