前言
libpcap库安装
环境:
centos 7.9
安装编译
tar -zxvf libpcap-1.10.4 cd libpcap-1.10.4 ./configure make && make install
./configure 时 报错:Neither flex nor lex was found
yum install flex lex
libpcap库使用
https://www.tcpdump.org/pcap.html
此处实现的是抓tcp syn包
#include <iostream> #include <pcap.h> #include <netinet/ip.h> #include <netinet/tcp.h> #include <netinet/ether.h> void packetHandler(unsigned char* userData, const struct pcap_pkthdr* pkthdr, const unsigned char* packetData) { struct ethhdr* ethHeader = (struct ethhdr*)packetData; if (ntohs(ethHeader->h_proto) == ETH_P_IP) { struct iphdr* ipHeader = (struct iphdr*)(packetData + sizeof(struct ethhdr)); if (ipHeader->protocol == IPPROTO_TCP) { struct tcphdr* tcpHeader = (struct tcphdr*)(packetData + sizeof(struct ethhdr) + ipHeader->ihl * 4); if (tcpHeader->syn) { char source_ip[INET_ADDRSTRLEN]; char dest_ip[INET_ADDRSTRLEN]; inet_ntop(AF_INET, &ipHeader->saddr, source_ip, INET_ADDRSTRLEN); inet_ntop(AF_INET, &ipHeader->daddr, dest_ip, INET_ADDRSTRLEN); printf("Received TCP SYN packet from %s:%u to %s:%u\n", source_ip, ntohs(tcpHeader->source), dest_ip, ntohs(tcpHeader->dest)); } } } } int main2(int argc, char *argv[]) { char *dev, errbuf[PCAP_ERRBUF_SIZE]; dev = pcap_lookupdev(errbuf); if (dev == NULL) { fprintf(stderr, "Couldn't find default device: %s\n", errbuf); return(2); } printf("Device: %s\n", dev); return(0); } int main3() { char errbuf[PCAP_ERRBUF_SIZE]; pcap_if_t* alldevs; pcap_if_t* device; // 获取系统上的所有网络设备 if (pcap_findalldevs(&alldevs, errbuf) == -1) { std::cerr << "Error finding devices: " << errbuf << std::endl; return 1; } // 遍历并打印设备列表 int deviceCount = 0; for (device = alldevs; device != nullptr; device = device->next) { deviceCount++; std::cout << "Device " << deviceCount << ": " << device->name << std::endl; if (device->description) std::cout << " Description: " << device->description << std::endl; else std::cout << " Description: N/A" << std::endl; } // 释放设备列表 pcap_freealldevs(alldevs); return 0; } int main() { char errbuf[PCAP_ERRBUF_SIZE]; pcap_t* handle; // 打开网络设备或捕获文件,这里使用默认网络设备 "eth0",你需要根据实际情况修改 handle = pcap_open_live("ens33", BUFSIZ, 1, 1000, errbuf); if (handle == nullptr) { std::cerr << "Error opening device: " << errbuf << std::endl; return 1; } // 开始捕获数据包,packetHandler 是回调函数,每捕获一个数据包都会调用它 if (pcap_loop(handle, 0, packetHandler, nullptr) < 0) { std::cerr << "Error in pcap_loop" << std::endl; return 1; } // 关闭捕获会话 pcap_close(handle); return 0; }
注意:
使用vscode,c++ debug时 链接pcap库 g++执行加“-lpcap“
并且 加 “-std=gnu++0x” 避免c++11特性不支持报错
总结
以上就是今天要讲的内容,本文仅仅简单介绍了libpcap安装和使用。
参考: