文章目录
- 前言
- libpcap库安装
- 安装编译
- ./configure 时 报错:Neither flex nor lex was found
- libpcap库使用
- 总结
前言
官网
libpcap库安装
环境:
centos 7.9
安装编译
libpcap 下载
tar -zxvf libpcap-1.10.4
cd libpcap-1.10.4
./configure
make && make install
./configure 时 报错:Neither flex nor lex was found
yum install flex lex
libpcap库使用
https://www.tcpdump.org/pcap.html
此处实现的是抓tcp syn包
#include <iostream>
#include <pcap.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/ether.h>void packetHandler(unsigned char* userData, const struct pcap_pkthdr* pkthdr, const unsigned char* packetData) {struct ethhdr* ethHeader = (struct ethhdr*)packetData;if (ntohs(ethHeader->h_proto) == ETH_P_IP) {struct iphdr* ipHeader = (struct iphdr*)(packetData + sizeof(struct ethhdr));if (ipHeader->protocol == IPPROTO_TCP) {struct tcphdr* tcpHeader = (struct tcphdr*)(packetData + sizeof(struct ethhdr) + ipHeader->ihl * 4);if (tcpHeader->syn) {char source_ip[INET_ADDRSTRLEN];char dest_ip[INET_ADDRSTRLEN];inet_ntop(AF_INET, &ipHeader->saddr, source_ip, INET_ADDRSTRLEN);inet_ntop(AF_INET, &ipHeader->daddr, dest_ip, INET_ADDRSTRLEN);printf("Received TCP SYN packet from %s:%u to %s:%u\n",source_ip, ntohs(tcpHeader->source),dest_ip, ntohs(tcpHeader->dest));}}}
}int main2(int argc, char *argv[])
{char *dev, errbuf[PCAP_ERRBUF_SIZE];dev = pcap_lookupdev(errbuf);if (dev == NULL) {fprintf(stderr, "Couldn't find default device: %s\n", errbuf);return(2);}printf("Device: %s\n", dev);return(0);
}int main3() {char errbuf[PCAP_ERRBUF_SIZE];pcap_if_t* alldevs;pcap_if_t* device;// 获取系统上的所有网络设备if (pcap_findalldevs(&alldevs, errbuf) == -1) {std::cerr << "Error finding devices: " << errbuf << std::endl;return 1;}// 遍历并打印设备列表int deviceCount = 0;for (device = alldevs; device != nullptr; device = device->next) {deviceCount++;std::cout << "Device " << deviceCount << ": " << device->name << std::endl;if (device->description)std::cout << " Description: " << device->description << std::endl;elsestd::cout << " Description: N/A" << std::endl;}// 释放设备列表pcap_freealldevs(alldevs);return 0;
}int main() {char errbuf[PCAP_ERRBUF_SIZE];pcap_t* handle;// 打开网络设备或捕获文件,这里使用默认网络设备 "eth0",你需要根据实际情况修改handle = pcap_open_live("ens33", BUFSIZ, 1, 1000, errbuf);if (handle == nullptr) {std::cerr << "Error opening device: " << errbuf << std::endl;return 1;}// 开始捕获数据包,packetHandler 是回调函数,每捕获一个数据包都会调用它if (pcap_loop(handle, 0, packetHandler, nullptr) < 0) {std::cerr << "Error in pcap_loop" << std::endl;return 1;}// 关闭捕获会话pcap_close(handle);return 0;
}
注意:
使用vscode,c++ debug时 链接pcap库 g++执行加“-lpcap“
并且 加 “-std=gnu++0x” 避免c++11特性不支持报错
总结
以上就是今天要讲的内容,本文仅仅简单介绍了libpcap安装和使用。
参考:
libpcap库使用
libpcap简单使用
关于博主
wx/qq:binary-monster/1113673178
CSDN:https://blog.csdn.net/qq1113673178
码云:https://gitee.com/shiver
Github: https://github.com/ShiverZm
个人博客:www.shiver.fun
