[pcap 라이브러리] 6. 자신의 Network에 필터를 적용하여 패킷 캡쳐 소스 코드
자신의 Network에 필터를 적용하여 패킷 캡쳐
core_ehp.h//pc_netfilter.c #include "core_ehp.h"
void catch_handler(u_char *args,cp_pkthdr *handle,cu_char *packet); void decode_eth(cu_char *base); int decode_ip(cu_char *base); int decode_tcp(cu_char *base); void decode_data(cu_char *packet,u_int len); void view_ether_addr(const char *pre,cu_char *base);
int main(int argc,char **argv){ cu_char *packet; char errbuf[PCAP_ERRBUF_SIZE]; char *device; pcap_t *pcap_handle;
device = pcap_lookupdev(errbuf); if(device == 0){ printf("fail lookupdev...%s\n",errbuf); return 1;} printf("find device: %s sniffing\n",device);
bpf_u_int32 net_ip; bpf_u_int32 mask; struct in_addr net_addr, mask_addr;
if(pcap_lookupnet(device, &net_ip, &mask, errbuf) < 0) { printf("%s\n",errbuf); return 2; }//if
pcap_handle = pcap_open_live(device, 4096, 2, 0, errbuf); if(pcap_handle == 0){ printf("fail pcap_open_live...%s\n",errbuf); } struct bpf_program fcode; char filter[1000]=""; int i = 0; for(i=1;i<argc;++i){ sprintf(filter+strlen(filter)," %s",argv[i]); }//for
if(pcap_compile(pcap_handle,&fcode,filter, 0,net_ip)<0){ printf("fail compile. check sytax\n"); return 3; }//if
if(pcap_setfilter(pcap_handle, &fcode)<0){ printf("\nfail setfilter.\n"); return 4; }//if
pcap_loop(pcap_handle,3,catch_handler,0);
pcap_close(pcap_handle); return 0; } ...중략... |