论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2009-11-19 13:22 |只看该作者 |倒序浏览

Linux 可否通过 socke t实现抓取基于某个VLAN tag的二层报文？

文库|博客

chenyx

版主

论坛徽章:: 381

2楼 [报告]

发表于 2009-11-19 13:57 |只看该作者

应该不行,交换机在包到达端口时untag了

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

Roemer

小富即安

论坛徽章:: 0

3楼 [报告]

发表于 2009-11-19 15:19 |只看该作者

我们设备的端口可以接到~
参考

#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <linux/if_ether.h>
#include <linux/in.h>
#include <linux/if.h>
#include <linux/sockios.h>
#include <sys/socket.h>
#include <netpacket/packet.h>
#include <net/ethernet.h> /* the L2 protocols */

#define BUFFER_MAX 2048

int vlan_bind(int fd)
{
struct sockaddr_ll sll;
struct ifreq ifstruct;
struct ifreq ifreq;

  memset(  &sll, 0, sizeof(sll) );
  sll.sll_family = AF_PACKET;
  sll.sll_protocol = htons(ETH_P_ALL);

  strcpy(ifstruct.ifr_name, "eth0.1");
  ioctl(fd, SIOCGIFINDEX, &ifstruct);
  sll.sll_ifindex = ifstruct.ifr_ifindex;


  ioctl (fd, SIOCGIFHWADDR, &ifstruct);
  memcpy (sll.sll_addr, ifstruct.ifr_ifru.ifru_hwaddr.sa_data, sizeof(sll.sll_addr));


  if( bind(fd,  (struct  sockaddr *)&sll, sizeof(sll)) ==  -1  )
  {
       printf(  "bind: ERROR\n" );
   return -1;
  }

#if 0
  ioctl (fd, SIOCGIFFLAGS, &ifreq);
  ifreq.ifr_flags |= (IFF_UP | IFF_BROADCAST | IFF_MULTICAST);
  ifreq.ifr_flags &= ~IFF_ALLMULTI;
  ioctl (fd, SIOCSIFFLAGS, &ifreq);
#endif

  return 0;
}

int main(int argc, char *argv[])
{

      int sock, n_read, proto;
      char buffer[BUFFER_MAX];
      char  *ethhead, *iphead, *tcphead, *udphead, *icmphead, *p;




   if((sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0)
   {
      fprintf(stdout, "create socket error\n");
      return -1;
   }

   vlan_bind(sock);


  while(1)
  {
   n_read = recvfrom(sock, buffer, 2048, 0, NULL, NULL);
      /*
      14 6(dest)+6(source)+2(type or length)
      +
      20 ip header
      +
      8 icmp,tcp or udp header
      = 42
      */
if(n_read < 42)
{
   fprintf(stdout, "Incomplete header, packet corrupt\n");
   continue;
}

      ethhead = buffer;
      p = ethhead;
      int n = 0XFF;
            printf("MAC: %.2X:%02X:%02X:%02X:%02X:%02X==>"
                        "%.2X:%.2X:%.2X:%.2X:%.2X:%.2X\n",
      p[6]&n, p[7]&n, p[8]&n, p[9]&n, p[10]&n, p[11]&n,
      p[0]&n, p[1]&n, p[2]&n,p[3]&n, p[4]&n, p[5]&n);

               iphead = ethhead + 14;
               p = iphead + 12;

         printf("IP: %d.%d.%d.%d => %d.%d.%d.%d\n",
         p[0]&0XFF, p[1]&0XFF, p[2]&0XFF, p[3]&0XFF,
         p[4]&0XFF, p[5]&0XFF, p[6]&0XFF, p[7]&0XFF);
         proto = (iphead + 9)[0];
         p = iphead + 20;
         printf("Protocol: ");
         switch(proto)
            {
            case IPPROTO_ICMP: printf("ICMP\n");break;
            case IPPROTO_IGMP: printf("IGMP\n");break;
            case IPPROTO_IPIP: printf("IPIP\n");break;
            case IPPROTO_TCP :
            case IPPROTO_UDP :
printf("%s,", proto == IPPROTO_TCP ? "TCP": "UDP");
printf("source port: %u,",(p[0]<<8)&0XFF00 |  p[1]&0XFF);
printf("dest port: %u\n", (p[2]<<8)&0XFF00 | p[3]&0XFF);
      break;
case IPPROTO_RAW : printf("RAW\n");break;
default:printf("Unkown, please query in include/linux/in.h\n");
      }
}
}

[[i] 本帖最后由 Roemer 于 2009-11-19 16:21 编辑 [/i]]

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

Roemer

小富即安

论坛徽章:: 0

4楼 [报告]

发表于 2009-11-19 15:20 |只看该作者

eth0.1是eth0 的VLAN 连接

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

返回列表

Chinaunix › 论坛 › 程序设计 › Linux环境编程 › Linux 抓取基于VLAN的二层报文

Linux 抓取基于VLAN的二层报文 [复制链接]