- 论坛徽章:
- 0
|
我以前看unp之后写过一个截包分析协议的程序,是这样写的:
- if((sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP))) < 0)
- {
- fprintf(stdout, "create socket error\n");
- exit(0);
- }
- while(1)
- {
- memset(buffer,0,BUFF_LEN);
- n_read = recvfrom(sock, buffer, BUFF_LEN, 0, NULL, NULL);
- ...........//分析buffer内数据
- }
复制代码 截出来的内容:
source mac:00:90:0b:18:0a:cd,dest mac:00:24:21:1e:05:37
source ip: 66.249.89.99,dest ip:192.168.41.38
message length:52.
time to live:44.
Protocol: TCP
Begin TCP protocol analyse.
source port:80, dest port:46582
sequence number is 48683
ack number is 44315
TCP flag:ACK
TCP windows is 114
TCP checksum is 32451 |
|