使用 pcap、MAC 地址过滤器进行无线嗅探
我正在用 C 语言编写一个无线数据包嗅探器程序。我已经使用airmon-ng 将无线接口设置为监视模式,现在我正在嗅探接口“mon0”。我使用的是linux(ubuntu 10.10)。
我想将 MAC 地址设置为数据包的过滤器。 我已经这样做了,如下所示,但它说 “mon0没有分配IPV4地址”
pcap_lookupnet(dev,&net,&mask,errbuf);
printf("%s\n",errbuf);
/* Open the session in promiscuous mode */
handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf);
if (handle == NULL) {
printf("Couldn't open device %s: %s\n", dev, errbuf);
return 2;
}
if(pcap_compile(handle,&fp,argv[0],0,net)==-1){
fprintf(stderr,"Error calling pcap_compile\n");exit(1);}
if(pcap_setfilter(handle,&fp) == -1){
fprintf(stderr,"Error setting filter\n");exit(1);}
/* The call pcap_loop() and pass our callback function */
pcap_loop(handle, 10, my_callback, NULL);
请帮助我,我如何设置MAC地址过滤器?
I am writing a wireless packet sniffer program in C. I have set my wireless interface in monitor mode using airmon-ng, and now i am sniffing on the interface "mon0". I am using linux(ubuntu 10.10).
I want to set MAC address as the filter for the packets.
I have done it as shown below, but it says
"mon0 no IPV4 address assigned"
pcap_lookupnet(dev,&net,&mask,errbuf);
printf("%s\n",errbuf);
/* Open the session in promiscuous mode */
handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf);
if (handle == NULL) {
printf("Couldn't open device %s: %s\n", dev, errbuf);
return 2;
}
if(pcap_compile(handle,&fp,argv[0],0,net)==-1){
fprintf(stderr,"Error calling pcap_compile\n");exit(1);}
if(pcap_setfilter(handle,&fp) == -1){
fprintf(stderr,"Error setting filter\n");exit(1);}
/* The call pcap_loop() and pass our callback function */
pcap_loop(handle, 10, my_callback, NULL);
Please help me, how i can set the filter for MAC address??
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
“未分配 IPV4 地址”是来自
pcap_lookupnet()的错误。这意味着您尝试捕获的网络接口没有分配 IPv4 地址。airmon-ng所做的是为 Wi-Fi 适配器创建一个“监控”接口;适配器的常规网络接口可能分配有一个 IP 地址,但监视器接口不会有一个 IP 地址。IP 地址唯一重要的地方是 IP 广播过滤器表达式;如果您没有过滤 IPv4 广播地址(您可能不会这样做),则无需获取 IPv4 地址。引用
pcap_compile()手册页:因此只需将 0 作为“net”参数传递给
pcap_compile()即可。如果你想搜索发送到特定MAC地址的数据包,你可以使用wlan dst XX:XX:XX:XX:XX:XX;如果您想搜索从特定 MAC 地址发送的数据包,您可以使用 wlan src XX:XX:XX:XX:XX:XX ;如果您想搜索发送到或来自特定 MAC 地址的数据包,您可以使用
wlan host XX:XX:XX:XX:XX:XX。如果您关心接入点地址,而不是工作站地址,则需要使用过滤器,例如wlan ra XX:XX:XX:XX:XX:XX或wlan ta XX:XX:XX:XX:XX:XX,至少对于较新版本的 libpcap 是这样。 (请参阅 pcap-filter 手册页,或者,如果您没有 pcap-filter 手册页,请参阅 tcpdump 手册页了解详细信息。)"no IPV4 address assigned" is an error from
pcap_lookupnet(). All it means is that the network interface on which you're trying to capture does not have an IPv4 address assigned to it. Whatairmon-ngdid was to create a "monitor" interface for the Wi-Fi adapter; the regular network interface for the adapter might have an IP address assigned to it, but the monitor interface won't have one.The only place where the IP address matters is for
ip broadcastfilter expressions; if you're not filtering for IPv4 broadcast addresses, which you probably won't be, there's no need to get the IPv4 address. To quote thepcap_compile()man page:so just pass 0 as the "net" argument to
pcap_compile().If you want to search for packets being sent to a particular MAC address, you can just use
wlan dst XX:XX:XX:XX:XX:XX; if you want to search for packets being sent from a particular MAC address, you can just usewlan src XX:XX:XX:XX:XX:XX; if you want to search for packets being sent to or from a particular MAC address, you can just usewlan host XX:XX:XX:XX:XX:XX. If you care about the access point address, rather than the station address, you'll need to use filters such aswlan ra XX:XX:XX:XX:XX:XXorwlan ta XX:XX:XX:XX:XX:XX, at least with newer versions of libpcap. (See the pcap-filter man page or, if you don't have a pcap-filter man page, the tcpdump man page for details.)