论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2007-03-13 15:43 |只看该作者 |倒序浏览

程序的功能很简单，就是提取出网络数据包的源地址和改包所使用的网络协议，大家可以看看源代码：

#define __KERNEL__
#define MODULE
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
static struct nf_hook_ops nfho;
unsigned int hook_func(unsigned int hooknum,
                     struct sk_buff **skb,
                     const struct net_device *in,
                     const struct net_device *out,
                     int (*okfn)(struct sk_buff *))
{
struct sk_buff *sb = *skb;
unsigned char src_ip[4];
*(unsigned int *)src_ip = sb->nh.iph->saddr;
printk("A packet from:%d.%d.%d.%d Detected!",
               src_ip[0],src_ip[1],src_ip[2],src_ip[3]);
switch(sb->nh.iph->protocol)
{
   case IPPROTO_TCP:
         printk("It's a TCP PACKET\n");break;
   case IPPROTO_ICMP:
      printk("It's a ICMP PACKET\n");break;
   case IPPROTO_UDP:
      printk("It's a UDP PACKET\n");break;
}
return NF_ACCEPT;
}
int init_module()
{

nfho.hook = hook_func;
nfho.hooknum  = NF_IP_PRE_ROUTING;
nfho.pf    = PF_INET;
nfho.priority = NF_IP_PRI_FIRST;
nf_register_hook(&nfho);
return 0;
}
void cleanup_module()
{
nf_unregister_hook(&nfho);
}
这实际上是对前面几篇文章的几个小程序的组合，实际上就是对sk_buff 结构体的的两个元素进行了检测，就得到了源地址和协议的信息。上面的这条语句对于那些C不是很熟悉的人可能吃力了一点：
*(unsigned int *)src_ip = sb->nh.iph->saddr;
我稍微的解释一下，网络的源地址是4个子节的int，因此我定义了一个4个子节的数组src_ip，从而每一个子节里面就存储的点分十进制的一个数，为了一次完成赋值，我把src_ip 转成unsigned int指针，就可以一次4个字节一起访问了。
下面是这个程序的测试结果：
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.8 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.106.246 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.106.112 Detected!It's a UDP PACKET
A packet from:210.43.107.8 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.106.246 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.106.112 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.106.246 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.106.112 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.106.254 Detected!It's a UDP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.230 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.107.230 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.107.230 Detected!It's a UDP PACKET
A packet from:210.43.106.96 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.106.112 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.107.230 Detected!It's a UDP PACKET
A packet from:210.43.106.96 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.106.112 Detected!It's a UDP PACKET
A packet from:210.43.107.230 Detected!It's a UDP PACKET
A packet from:210.43.106.96 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.106.112 Detected!It's a UDP PACKET
A packet from:210.43.107.230 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.106.96 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.106.96 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.130 Detected!It's a ICMP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.106.96 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.130 Detected!It's a ICMP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.106.112 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.130 Detected!It's a ICMP PACKET
A packet from:210.43.106.96 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.106.112 Detected!It's a UDP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
如果需要对包的端口进行分析的话，就要对IP报文的数据段(sb->data)进行分析了（TCP和UDP等包都是作为IP的数据而存在的），大家可以参考一下相应的资料。

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/15315/showart_257888.html

网络技术, 网络技术

文库|博客

返回列表

Chinaunix › 论坛 › IT运维 › 网络技术 › 网络技术文档中心 › 基于Netfilter的网络数据包分析

基于Netfilter的网络数据包分析 [复制链接]