其他分享
首页 > 其他分享> > raw socket sniffer

raw socket sniffer

作者:互联网

 

#include<stdio.h>
#include<stdlib.h>
#include<string.h>
#include<netinet/ip_icmp.h>
#include<netinet/tcp.h>
#include<netinet/udp.h>
#include<arpa/inet.h>
#include<sys/socket.h>
#include<sys/types.h>

#define BUFFSIZE 1024

int main(){

        int rawsock;
        char buff[BUFFSIZE];
        int n;
        int count = 0;

        rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_TCP);
//      rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_UDP);
//      rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_ICMP);
//      rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_RAW);
        if(rawsock < 0){
                printf("raw socket error!\n");
                exit(1);
        }
        while(1){
                n = recvfrom(rawsock,buff,BUFFSIZE,0,NULL,NULL);
                if(n<0){
                        printf("receive error!\n");
                        exit(1);
                }

                count++;
                struct ip *ip = (struct ip*)buff;
                printf("%5d     %20s",count,inet_ntoa(ip->ip_src));
                printf("%20s    %5d     %5d\n",inet_ntoa(ip->ip_dst),ip->ip_p,ntohs(ip->ip_len));
                printf("\n");
        }
}

 

 

 

所有IP的所有port都能接收

 

#include<stdio.h>
#include<stdlib.h>
#include<string.h>
#include<netinet/ip_icmp.h>
#include<netinet/tcp.h>
#include<netinet/udp.h>
#include<arpa/inet.h>
#include<sys/socket.h>
#include<sys/types.h>

#define BUFFSIZE 1024

int main(){

        int rawsock;
        char buff[BUFFSIZE];
        int n;
        int count = 0;

        rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_TCP);
//      rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_UDP);
//      rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_ICMP);
//      rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_RAW);
        if(rawsock < 0){
                printf("raw socket error!\n");
                exit(1);
        }
        while(1){
                n = recvfrom(rawsock,buff,BUFFSIZE,0,NULL,NULL);
                if(n<0){
                        printf("receive error!\n");
                        exit(1);
                }

                count++;
                struct ip *ip = (struct ip*)buff;
                unsigned short dst_port;
                memcpy(&dst_port, buff + 22, sizeof(dst_port));
        dst_port = ntohs(dst_port);
                if (5000 == dst_port || 6000 == dst_port)
                {
                printf("%5d     %20s",count,inet_ntoa(ip->ip_src));
                printf("%20s    %5d     %5d and port %d \n",inet_ntoa(ip->ip_dst),ip->ip_p,ntohs(ip->ip_len), dst_port);
                printf("\n");
                }
        }
}

 

 

 

[root@bogon raw-sockets-example]# ./sniffer 
  730            10.10.16.82         10.10.16.81            6      60 and port 6000 

  838            10.10.16.82         10.10.16.81            6      60 and port 6000 

  991            10.10.16.82         10.10.16.81            6      60 and port 6000 

 1359            10.10.16.82         10.10.16.81            6      60 and port 5000 

 1360            10.10.16.82         10.10.16.81            6      52 and port 5000 

 1473            10.10.16.82         10.10.16.81            6      57 and port 5000 

 1610            10.10.16.82         10.10.16.81            6      57 and port 5000 

 1956            10.10.16.82         10.10.16.81            6      57 and port 5000 

 4035            10.10.16.82         10.10.16.81            6      52 and port 5000 

 4414             10.10.16.1         10.10.16.81            6      60 and port 6000 

 4480             10.10.16.1         10.10.16.81            6      60 and port 6000 

 5938             10.10.16.1         10.10.16.81            6      60 and port 5000 

 5939             10.10.16.1         10.10.16.81            6      52 and port 5000 

 6167             10.10.16.1         10.10.16.81            6      57 and port 5000 

 6229             10.10.16.1         10.10.16.81            6      57 and port 5000 

 6271             10.10.16.1         10.10.16.81            6      57 and port 5000 

 6309             10.10.16.1         10.10.16.81            6      57 and port 5000 

 6343             10.10.16.1         10.10.16.81            6      57 and port 5000 

 6401             10.10.16.1         10.10.16.81            6      54 and port 5000 

 6403             10.10.16.1         10.10.16.81            6      52 and port 5000 

 6404             10.10.16.1         10.10.16.81            6      52 and port 5000 

 

标签:5000,socket,rawsock,raw,10.10,sniffer,include,port,16.81
来源: https://www.cnblogs.com/dream397/p/14773627.html