libpcap 捕获的 ipheader 中的源地址和目标地址始终为 NULL。
我写了一个小程序来使用 libpcap。 问题是我捕获的标头的源地址和目标地址字段似乎始终为空。
代码:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <linux/if_ether.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <pcap.h>
#include <arpa/inet.h>
#define BUFFERSIZE 65535
char errbuf[PCAP_ERRBUF_SIZE];
void sniffloop(u_char *, const struct pcap_pkthdr *, const u_char *);
void usage(char *name){
fprintf(stderr, "usage: %s <interface> <secret>", name);
exit(1);
}
int main(int argc, char **argv){
pcap_t *sniffsess;
struct bpf_program filter;
if(argc<3){
usage(argv[0]);
return 1;
}
if(!(sniffsess=pcap_open_live(argv[1], BUFFERSIZE, 0, 1000, errbuf))){
fprintf(stderr, "%s: couldn't open devices for sniffing: %s\n", argv[0], errbuf);
return 1;
}
if(pcap_datalink(sniffsess)!=DLT_EN10MB){
fprintf(stderr, "%s: %s not an ethernet device", argv[0], argv[1]);
return 1;
}
if(pcap_compile(sniffsess, &filter, "icmp", 0, 0)==-1){
fprintf(stderr, "%s: couldn't parse icmp filter", argv[0]);
return 1;
}
if(pcap_setfilter(sniffsess, &filter)==-1){
fprintf(stderr, "%s: couldn't set icmp filter", argv[0]);
return 1;
}
// daemonize here.
pcap_loop(sniffsess, -1, sniffloop, NULL);
}
void sniffloop(u_char *args, const struct pcap_pkthdr *hdr, const u_char *pkt){
struct ethhdr *ehdr=(struct ethhdr *)pkt;
struct iphdr *ipheader=(struct iphdr *)pkt+sizeof(struct ethhdr);
struct icmphdr *icmpheader=(struct icmphdr*)pkt+sizeof(structethhdr)+ipheader->ihl*4;
char *data=(char *)pkt+sizeof(struct ethhdr)+ipheader->ihl*4+sizeof(struct icmphdr);
struct in_addr source,destination;
source.s_addr=ipheader->saddr;
destination.s_addr=ipheader->daddr;
printf("sourceaddress is %p\ndestinationaddess is %p\n", ipheader->saddr, ipheader->daddr);
}
输出:
spongebob code # ./icmpexec br0 foo
sourceaddress is (nil)
destinationaddess is (nil)
sourceaddress is (nil)
destinationaddess is (nil)
我已经寻找答案,但没有找到任何东西。 我认为很可能我在协议头中的一些偏移量是错误的。
感谢您查看此内容! :D
I've written a little program to play around with libpcap.
The problem is that the source and destination address fields of my captured header seem always to be nulls.
Code:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <linux/if_ether.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <pcap.h>
#include <arpa/inet.h>
#define BUFFERSIZE 65535
char errbuf[PCAP_ERRBUF_SIZE];
void sniffloop(u_char *, const struct pcap_pkthdr *, const u_char *);
void usage(char *name){
fprintf(stderr, "usage: %s <interface> <secret>", name);
exit(1);
}
int main(int argc, char **argv){
pcap_t *sniffsess;
struct bpf_program filter;
if(argc<3){
usage(argv[0]);
return 1;
}
if(!(sniffsess=pcap_open_live(argv[1], BUFFERSIZE, 0, 1000, errbuf))){
fprintf(stderr, "%s: couldn't open devices for sniffing: %s\n", argv[0], errbuf);
return 1;
}
if(pcap_datalink(sniffsess)!=DLT_EN10MB){
fprintf(stderr, "%s: %s not an ethernet device", argv[0], argv[1]);
return 1;
}
if(pcap_compile(sniffsess, &filter, "icmp", 0, 0)==-1){
fprintf(stderr, "%s: couldn't parse icmp filter", argv[0]);
return 1;
}
if(pcap_setfilter(sniffsess, &filter)==-1){
fprintf(stderr, "%s: couldn't set icmp filter", argv[0]);
return 1;
}
// daemonize here.
pcap_loop(sniffsess, -1, sniffloop, NULL);
}
void sniffloop(u_char *args, const struct pcap_pkthdr *hdr, const u_char *pkt){
struct ethhdr *ehdr=(struct ethhdr *)pkt;
struct iphdr *ipheader=(struct iphdr *)pkt+sizeof(struct ethhdr);
struct icmphdr *icmpheader=(struct icmphdr*)pkt+sizeof(structethhdr)+ipheader->ihl*4;
char *data=(char *)pkt+sizeof(struct ethhdr)+ipheader->ihl*4+sizeof(struct icmphdr);
struct in_addr source,destination;
source.s_addr=ipheader->saddr;
destination.s_addr=ipheader->daddr;
printf("sourceaddress is %p\ndestinationaddess is %p\n", ipheader->saddr, ipheader->daddr);
}
output:
spongebob code # ./icmpexec br0 foo
sourceaddress is (nil)
destinationaddess is (nil)
sourceaddress is (nil)
destinationaddess is (nil)
I've searched for an answer, but didn't find something.
I think it's most likely that I got some of the offsets in the protocolheaders wrong.
Thank you for looking over this! :D
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你所有的地址计算都是错误的。例如:
需要是:
All your address computations are wrong. For example:
needs to be: