LuvSea

리눅스 패킷 캡쳐(Packet Capture) , [PCAP] 본문

sTudy

리눅스 패킷 캡쳐(Packet Capture) , [PCAP]

사랑海 2009. 8. 24. 09:36
336x280(권장), 300x250(권장), 250x250, 200x200 크기의 광고 코드만 넣을 수 있습니다.
사용 라이브러리 :
pcap - packet capture library ([root@wowlinux pcap]# man 3 pcap)


source code
1
#include·#include·····using·namespace·std;····int·main()····{········char·errbuf[PCAP_ERRBUF_SIZE];········char·*·pDevice;········pDevice·=·pcap_lookupdev(errbuf);········cout·<<·pDevice·<<·endl;········pcap_t·*·pPcap;············pPcap·=·pcap_open_live(pDevice,1500,·1,·0,·errbuf);········if(NULL·==·pPcap)········{············cout·<<·errbuf·<<·endl;············return·0;········}········const·u_char·*·pData;········struct·pcap_pkthdr·h;········pData·=·pcap_next(pPcap,·&h);········for(int·i·=·0;·i·<30;·++i)········{············printf("[%02x]",·*(pData+i));············if(9·==·i·%·10)················cout·<<·endl;········}········cout·<<·endl;························pcap_close(pPcap);········return·0;····}
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
   
struct pcap_pkthdr 
1
struct·pcap_pkthdr{struct·timeval·ts;·//·time·stampu_int32_t·caplen;·//·length·of·portion·presentu_int32_t·len;·//·length·this·packet·(off·wire)}
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
compile
g++ pcap.cc -o pcap -lpcap

실행 결과
  


패킷 구조

 Preamble(8)  DA(6)  SA(6)  Type(2)  Info(46~1500)  FCS(4)
() = byte

DA(Destination Address) : Receiver MAC Address [00][0c] ... [a3][ac]
SA(Source Address) : Sender MAC Address [00][16] ... [4d][17]
Protocal Type : [08][00]
Info(User Information) : [45][00] ... [00][10]

IP packet Header 구조 ( [45][00] ... )




망할 WowLinux...왜 해더파일 추가해도 에러가 나는지 ㅡ,.ㅡ...