Cでパケットスニッフィングプログラムを作成しようとしていますが、さまざまなパブリックソースで実行しようとしているコードは、イーサネットjar "em1"からのトラフィックを返さずに常に "nflogインターフェイス"を読み取ります。
コードは次のように表示されます。 -
/*************************************************** * file: testpcap1.c * Date: Thu Mar 08 17:14:36 MST 2001 * Author: Martin Casado * Location: LAX Airport (hehe) * * Simple single packet capture program *****************************************************/
include
include
include /* if this gives you an error try pcap/pcap.h */
include
include
include
include
include /* includes net/ethernet.h */
int main(int argc, char **argv) { int i; char dev; //char dev[] = "em1"; / Device to sniff on / char errbuf[PCAP_ERRBUF_SIZE]; pcap_t descr; const u_char packet; struct pcap_pkthdr hdr; / pcap.h */ struct ether_header eptr; / net/ethernet.h */
u_char *ptr; /* printing out hardware header info */
/* grab a device to peak into... */
dev = pcap_lookupdev(errbuf);
if(dev == NULL)
{
printf("%s\n",errbuf);
exit(1);
}
printf("DEV: %s\n",dev);
/* open the device for sniffing.
pcap_t *pcap_open_live(char *device,int snaplen, int prmisc,int to_ms,
char *ebuf)
snaplen - maximum size of packets to capture in bytes
promisc - set card in promiscuous mode?
to_ms - time to wait for packets in miliseconds before read
times out
errbuf - if something happens, place error string here
Note if you change "prmisc" param to anything other than zero, you will
get all packets your device sees, whether they are intendeed for you or
not!! Be sure you know the rules of the network you are running on
before you set your card in promiscuous mode!! */
descr = pcap_open_live(dev,BUFSIZ,0,-3,errbuf);
if(descr == NULL)
{
printf("pcap_open_live(): %s\n",errbuf);
exit(1);
}
/*
grab a packet from descr (yay!)
u_char *pcap_next(pcap_t *p,struct pcap_pkthdr *h)
so just pass in the descriptor we got from
our call to pcap_open_live and an allocated
struct pcap_pkthdr */
packet = pcap_next(descr,&hdr);
if(packet == NULL)
{/* dinna work *sob* */
printf("Didn't grab packet\n");
exit(1);
}
/* struct pcap_pkthdr {
struct timeval ts; time stamp
bpf_u_int32 caplen; length of portion present
bpf_u_int32; lebgth this packet (off wire)
}
*/
printf("Grabbed packet of length %d\n",hdr.len);
printf("Recieved at ..... %s\n",ctime((const time_t*)&hdr.ts.tv_sec));
printf("Ethernet address length is %d\n",ETHER_HDR_LEN);
/* lets start with the ether header... */
eptr = (struct ether_header *) packet;
/* Do a couple of checks to see what packet type we have..*/
if (ntohs (eptr->ether_type) == ETHERTYPE_IP)
{
printf("Ethernet type hex:%x dec:%d is an IP packet\n",
ntohs(eptr->ether_type),
ntohs(eptr->ether_type));
}else if (ntohs (eptr->ether_type) == ETHERTYPE_ARP)
{
printf("Ethernet type hex:%x dec:%d is an ARP packet\n",
ntohs(eptr->ether_type),
ntohs(eptr->ether_type));
}else {
printf("Ethernet type %x not IP", ntohs(eptr->ether_type));
exit(1);
}
/* copied from Steven's UNP */
ptr = eptr->ether_dhost;
i = ETHER_ADDR_LEN;
printf(" Destination Address: ");
do{
printf("%s%x",(i == ETHER_ADDR_LEN) ? " " : ":",*ptr++);
}while(--i>0);
printf("\n");
ptr = eptr->ether_shost;
i = ETHER_ADDR_LEN;
printf(" Source Address: ");
do{
printf("%s%x",(i == ETHER_ADDR_LEN) ? " " : ":",*ptr++);
}while(--i>0);
printf("\n");
return 0;
}
出力は次のように返されます。
DEV : nflog
それからずっと点滅しました。
ここで何が間違っている可能性がありますか?
また、Devをem1として宣言しようとしましたが、出力は次のようになります。
DEV: em1 Didn't grab packet
Tcpdump -D
次の出力を提供します:-
tcpdump -D 1.nflog (Linux netfilter log (NFLOG) interface) 2.nfqueue (Linux netfilter queue (NFQUEUE) interface) 3.em1 4.usbmon1 (USB bus number 1) 5.usbmon2 (USB bus number 2) 6.usbmon3 (USB bus number 3) 7.usbmon4 (USB bus number 4) 8.any (Pseudo-device that captures on all interfaces) 9.lo
答え1
ここで何が間違っている可能性がありますか?
問題は、pcap_lookup()
キャプチャしたいデバイスが返されると信頼していることです。これが行われるという保証はなく、代わりにユーザーにデバイスを指定させる必要があります。