Fatal编程技术网
  • cplusplus/
  • C++ 为什么所有捕获的数据包都使用C+中的libpcap+;长度为零?

C++ 为什么所有捕获的数据包都使用C+中的libpcap+;长度为零?

c++

C++ 为什么所有捕获的数据包都使用C+中的libpcap+;长度为零?,c++,libpcap,C++,Libpcap,我按照上面提到的步骤编写了一个示例CPP程序来捕获我的网络适配器流量,我编译并成功运行的最后一个程序如下: 1 #include <pcap.h> 2 #include <stdio.h> 3 #include <chrono> 4 #include <thread> 5 6 int main(int argc, char *argv[]) 7 { 8 pcap_t *handle; /*

我按照上面提到的步骤编写了一个示例CPP程序来捕获我的网络适配器流量,我编译并成功运行的最后一个程序如下:

  1 #include <pcap.h>
  2 #include <stdio.h>
  3 #include <chrono>
  4 #include <thread>
  5 
  6 int main(int argc, char *argv[])
  7 {
  8     pcap_t *handle;         /* Session handle */
  9     char *dev;          /* The device to sniff on */
 10     char errbuf[PCAP_ERRBUF_SIZE];  /* Error string */
 11     struct bpf_program fp;      /* The compiled filter */
 12     char filter_exp[] = "port 23";  /* The filter expression */
 13     bpf_u_int32 mask;       /* Our netmask */
 14     bpf_u_int32 net;        /* Our IP */
 15     struct pcap_pkthdr header;  /* The header that pcap gives us */
 16     const u_char *packet;       /* The actual packet */
 17 
 18     /* Define the device */
 19     dev = pcap_lookupdev(errbuf);
 20     if (dev == NULL) {
 21         fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
 22         return(2);
 23     }
 24 
 25     fprintf(stderr, "%s\n", dev);                                                                                    
 26 
 27     /* Find the properties for the device */
 28     if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
 29         fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf);
 30         net = 0;
 31         mask = 0;
 32     }
 33     /* Open the session in promiscuous mode */
 34     handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf);
 35     if (handle == NULL) {
 36         fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
 37         return(2);
 38     }
 39     /* Compile and apply the filter */
 40     if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
 41         fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
 42         return(2);
 43     }
 44     if (pcap_setfilter(handle, &fp) == -1) {
 45         fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
 46         return(2);
 47     }
 48 
 49     int x = 100;
 50     for(int i=0; i<30; i++){
 51         /* Grab a packet */
 52         packet = pcap_next(handle, &header);
 53         /* Print its length */
 54         printf("Jacked a packet with length of [%d]\n", header.len);
 55        
 56         std::this_thread::sleep_for(std::chrono::milliseconds(x));
 57     }
 58     /* And close the session */
 59     pcap_close(handle);
 60
 61     return(0);
 62 }
我的网络配置:

ghasemi@ghasemi-MS-7693:~/Desktop/cpp_1$ ifconfig 
enp5s0    Link encap:Ethernet  HWaddr 4c:cc:6a:0d:30:91  
          inet addr:192.168.1.170  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::fcb0:4105:1c21:4214/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7377903 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5250371 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:10572328217 (10.5 GB)  TX bytes:363236585 (363.2 MB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:7403 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7403 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:2404900 (2.4 MB)  TX bytes:2404900 (2.4 MB)

vmnet1    Link encap:Ethernet  HWaddr 00:50:56:c0:00:01  
          inet addr:172.16.66.1  Bcast:172.16.66.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:252 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

vmnet8    Link encap:Ethernet  HWaddr 00:50:56:c0:00:08  
          inet addr:192.168.18.1  Bcast:192.168.18.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:253 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
您使用telnet端口编译一个过滤器。您只读取30个数据包,中间有100毫秒的暂停。这只相当于3秒。并且您不检查
pcap\u next()
的返回代码,它很可能返回
NULL
,请参阅

返回值

pcap_next()在成功时返回指向数据包数据的指针,如果发生错误或未从实时捕获读取数据包,则返回NULL

所以,我猜,在这3秒钟内,telnet根本没有流量,如果您检查
数据包
,就没有输出,例如

/* Grab a packet */
packet = pcap_next(handle, &header);
/* Print its length */
if (packet != NULL)
    printf("Jacked a packet with length of [%d]\n", header.len);
如果我不需要任何过滤器呢?我不知道。但是我想,你会得到所有的包裹,不管它们来自哪里,或者目的地是什么。只要试着省去
pcap\u compile
pcap\u setfilter
,您就会看到。 
/* Grab a packet */
packet = pcap_next(handle, &header);
/* Print its length */
if (packet != NULL)
    printf("Jacked a packet with length of [%d]\n", header.len);