Raw Socket（原始套接字）实现Sniffer（嗅探）

参考资料：

　　https://www.xuebuyuan.com/3190946.html

　　https://blog.csdn.net/zxygww/article/details/52093308

 

    int socketfd = socket(AF_INET,SOCK_RAW,IPPROTO_ICMP);/*在网络层使用的原始套接字*/

    int socketfd = socket(PF_PACKET,SOCK_RAW,htons(ETH_P_IP));/*在链路层使用*/

 

　　实验下图所示程序能够抓到packet。

#include <stdio.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <linux/if_ether.h>
#include <linux/in.h>

#define BUFFER_MAX 2048

int main()
{
    int sockfd, n_read, proto;
    char buff[BUFFER_MAX] = {0};


    //创建socket
    sockfd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP));
    if (sockfd < 0) {
        perror("sock ");
        return -1;
    }

    while (1) {
        n_read = recvfrom(sockfd, buff, sizeof(buff), 0, NULL, NULL);

        if (n_read < 42) {
            fprintf(stderr, "packet corrupt\n");
            continue;
        }

        //报文解析
        {
            char *p = buff;

            printf("mac: %02x%02x%02x%02x%02x%02x===>%02x%02x%02x%02x%02x%02x\n",
                    p[6]&0xff, p[7]&0xff, p[8]&0xff, p[9]&0xff, p[10]&0xff, p[11]&0xff,
                    p[0]&0xff, p[1]&0xff, p[2]&0xff, p[3]&0xff, p[4]&0xff, p[5]&0xff);
        }
    }

    return 0;
}