标签:5000 socket rawsock raw 10.10 sniffer include port 16.81
#include<stdio.h> #include<stdlib.h> #include<string.h> #include<netinet/ip_icmp.h> #include<netinet/tcp.h> #include<netinet/udp.h> #include<arpa/inet.h> #include<sys/socket.h> #include<sys/types.h> #define BUFFSIZE 1024 int main(){ int rawsock; char buff[BUFFSIZE]; int n; int count = 0; rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_TCP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_UDP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_ICMP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_RAW); if(rawsock < 0){ printf("raw socket error!\n"); exit(1); } while(1){ n = recvfrom(rawsock,buff,BUFFSIZE,0,NULL,NULL); if(n<0){ printf("receive error!\n"); exit(1); } count++; struct ip *ip = (struct ip*)buff; printf("%5d %20s",count,inet_ntoa(ip->ip_src)); printf("%20s %5d %5d\n",inet_ntoa(ip->ip_dst),ip->ip_p,ntohs(ip->ip_len)); printf("\n"); } }
所有IP的所有port都能接收
#include<stdio.h> #include<stdlib.h> #include<string.h> #include<netinet/ip_icmp.h> #include<netinet/tcp.h> #include<netinet/udp.h> #include<arpa/inet.h> #include<sys/socket.h> #include<sys/types.h> #define BUFFSIZE 1024 int main(){ int rawsock; char buff[BUFFSIZE]; int n; int count = 0; rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_TCP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_UDP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_ICMP); // rawsock = socket(AF_INET,SOCK_RAW,IPPROTO_RAW); if(rawsock < 0){ printf("raw socket error!\n"); exit(1); } while(1){ n = recvfrom(rawsock,buff,BUFFSIZE,0,NULL,NULL); if(n<0){ printf("receive error!\n"); exit(1); } count++; struct ip *ip = (struct ip*)buff; unsigned short dst_port; memcpy(&dst_port, buff + 22, sizeof(dst_port)); dst_port = ntohs(dst_port); if (5000 == dst_port || 6000 == dst_port) { printf("%5d %20s",count,inet_ntoa(ip->ip_src)); printf("%20s %5d %5d and port %d \n",inet_ntoa(ip->ip_dst),ip->ip_p,ntohs(ip->ip_len), dst_port); printf("\n"); } } }
[root@bogon raw-sockets-example]# ./sniffer 730 10.10.16.82 10.10.16.81 6 60 and port 6000 838 10.10.16.82 10.10.16.81 6 60 and port 6000 991 10.10.16.82 10.10.16.81 6 60 and port 6000 1359 10.10.16.82 10.10.16.81 6 60 and port 5000 1360 10.10.16.82 10.10.16.81 6 52 and port 5000 1473 10.10.16.82 10.10.16.81 6 57 and port 5000 1610 10.10.16.82 10.10.16.81 6 57 and port 5000 1956 10.10.16.82 10.10.16.81 6 57 and port 5000 4035 10.10.16.82 10.10.16.81 6 52 and port 5000 4414 10.10.16.1 10.10.16.81 6 60 and port 6000 4480 10.10.16.1 10.10.16.81 6 60 and port 6000 5938 10.10.16.1 10.10.16.81 6 60 and port 5000 5939 10.10.16.1 10.10.16.81 6 52 and port 5000 6167 10.10.16.1 10.10.16.81 6 57 and port 5000 6229 10.10.16.1 10.10.16.81 6 57 and port 5000 6271 10.10.16.1 10.10.16.81 6 57 and port 5000 6309 10.10.16.1 10.10.16.81 6 57 and port 5000 6343 10.10.16.1 10.10.16.81 6 57 and port 5000 6401 10.10.16.1 10.10.16.81 6 54 and port 5000 6403 10.10.16.1 10.10.16.81 6 52 and port 5000 6404 10.10.16.1 10.10.16.81 6 52 and port 5000
标签:5000,socket,rawsock,raw,10.10,sniffer,include,port,16.81 来源: https://www.cnblogs.com/dream397/p/14773627.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。