Code:
#include "ipstat.h"
void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
const struct sniff_ethernet *ethernet;
const struct sniff_ip *ip;
u_int size_ip;
ethernet = (struct sniff_ethernet*)(packet);
ip = (struct sniff_ip*)(packet + SIZE_ETHERNET);
size_ip = IP_HL(ip)*4;
u_int len = ntohs(ip->ip_len);
u_int hlen = IP_HL(ip); /* header length */
u_int version = IP_V(ip);/* ip version */
u_int off = ntohs(ip->ip_off);
if ((off & 0x1fff) == 0) {
fprintf(stdout,"src:%s ",
inet_ntoa(ip->ip_src));
fprintf(stdout,"dst:%s hlen:%d version:%d len:%d id:%u offset:0 ",
inet_ntoa(ip->ip_dst),
hlen*4,version,len,ip->ip_id,off);
fprintf(stdout, "proto:%u", ip->ip_p);
}
else {
fprintf(stdout,"src:%s ",
inet_ntoa(ip->ip_src));
fprintf(stdout,"dst:%s hlen:%d version:%d len:%d id:%u offset:%d ",
inet_ntoa(ip->ip_dst),
hlen*4,version,len,ip->ip_id,off);
fprintf(stdout, "proto:%u", ip->ip_p);
}
fprintf(stdout, " => %u - %u <=\n", ip->ip_off, off);
}
int main(int argc, char *argv[])
{
pcap_t *handle;
char *device;
char errbuf[PCAP_ERRBUF_SIZE];
struct bpf_program compiled_filter;
char raw_filter[] = "ip and src 192.168.1.20 and not tcp";
bpf_u_int32 mask;
bpf_u_int32 net;
//struct pcap_pkthdr header;
//const u_char *packet;
device = pcap_lookupdev(errbuf);
if (device == NULL) {
fprintf(stderr, "Could not find default device: %s", errbuf);
return 1;
}
if (pcap_lookupnet(device, &net, &mask, errbuf) == -1) {
fprintf(stderr, "Could not get netmask for device %s: %s\n", device, errbuf);
net = 0;
mask = 0;
}
handle = pcap_open_live(device, BUFSIZ, 1, 1000, errbuf);
if (handle == NULL) {
fprintf(stderr, "Could not open device %s: %s\n", device, errbuf);
return 2;
}
if (pcap_compile(handle, &compiled_filter, raw_filter, 0, net) == -1) {
fprintf(stderr, "Could not parse filter %s: %s\n", raw_filter, pcap_geterr(handle));
return 3;
}
if (pcap_setfilter(handle, &compiled_filter) == -1) {
fprintf(stderr, "Could not install filter %s: %s\n", raw_filter, pcap_geterr(handle));
return 4;
}
pcap_loop(handle, 10, got_packet, NULL);
pcap_close(handle);
return 0;
}
Ich hoffe mir kann Jemand die richtige Richtung weisen.
Lesezeichen