我的项目是关于在混杂模式下从以太网嗅探数据。即客户端接收数据包并将其保存在名为" sniff_data.bin"的二进制文件中。并将其发送到服务器。然后服务器处理它(区分tcp,udp,icmp)。我已经实现了这个,但问题是客户端发送的文件大小与服务器中收到的文件不匹配。我的意思是说我已经给了10个数据来嗅探最多10个数据包。但在服务器端只显示3个数据包。任何人都可以帮我解决为什么会出现这个问题? 我的客户代码是:
int main( int argc,char *argv[])
{
int infosockfd,cont,cont2;
int len,fh;
struct sockaddr_in address;
int result;
int buffsize=1024;
char buffer[1024];
char *fname = "/home/shishira/Desktop/packet_capture/sniff_data.bin";
/* Create a socket for the client. */
if((infosockfd = socket(AF_INET,SOCK_STREAM,0))>0)
printf("\n -------------------------Information Agent-------------------------\n");
printf("\n Socket was created\n");
/* Name the socket, as agreed with the server. */
address.sin_family = AF_INET;
address.sin_addr.s_addr = inet_addr("127.0.0.1");
address.sin_port = ntohs(9734);
len = sizeof(address);
data_capture(); //program included for capturing the data from ethernet
printf("\n 'sniff_data' binary file has been created\n");
/* Create a socket for the client. */
if((infosockfd = socket(AF_INET,SOCK_STREAM,0))>0)
printf("\n -------------------------Information Agent-------------------------\n");
printf("\n Socket was created\n");
/* Name the socket, as agreed with the server. */
address.sin_family = AF_INET;
address.sin_addr.s_addr = inet_addr("127.0.0.1");
address.sin_port = ntohs(9734);
len = sizeof(address);
data_capture();
printf("\n 'sniff_data' binary file has been created\n");
/* Now connect the socket to the task_agents socket. */
if((result = connect(infosockfd, (struct sockaddr *)&address, len))==0)
printf("\n Connecting to the Task agent\n");
if(result == -1)
{
perror("Error in connection\n");
exit(1);
}
fh = open(fname , O_RDONLY);
if(fh==-1)
{
perror("sniff_data File not opened!!\n");
return(1);
}
int total=0;
// int fff=0;
do
{
cont=read(fh, buffer, buffsize);
total=total+cont; //this is used to debug
printf(" data read=%d\n",total);
cont2=write(infosockfd,buffer,cont);
}
while (cont>0);
close(fh);
printf("\n Information agent has sent 'sniff_data' binary file to the Task agent\n\n");
close(infosockfd);
exit(0);
}
以下是终端中的输出,其中info代理是客户端,任务代理是服务器。客户端收到11个数据包,因为我给了count = 10;但是当服务器接收并处理它时,它只接收3个数据包?为什么。我觉得从二进制文件中读取数据有问题吗?是吗?如果是这样,如何解决它。请有人指导我
-------------------------Information Agent-------------------------
Socket was created
Entered Promiscuous Mode Successfully
Client Receiving the Packets...
total recieved packets are 156
total recieved packets are 305
total recieved packets are 367
total recieved packets are 459
total recieved packets are 640
total recieved packets are 807
total recieved packets are 972
total recieved packets are 1151
total recieved packets are 1237
total recieved packets are 1323
total recieved packets are 1409
Done
'sniff_data' binary file has been created
Connecting to the Task agent
data read=1024
data read=1409
data read=1409
Information agent has sent 'sniff_data' binary file to the Task agent
---------------------------Task Agent---------------------------
Socket was created
Task agent waiting...
Information agent is connected
Starting..
TCP : 0 UDP : 0 ICMP : 0 Others : 3 Total : 3
Finished
Task agent processed the contents and saved it in 'info_agent_report' file
答案 0 :(得分:2)
TCP是流协议,而不是消息协议。这意味着无论您在套接字上调用send(2)(或等效write(2))的次数如何,并且无论传递给这些调用的缓冲区大小如何,线上的数据在语义上都是正确的单个连续的字节流。消息之间没有边界。
因此,当接收器读取TCP流时,它只能看到相同的字节流。我们无法保证每次拨打recv(2)(或等效read(2))只会读取通过send(2)调用发送的一条消息。您可能会收到一半消息,消息被分段,或者您可能在一次呼叫中收到多条消息。你永远不能确定。
如果您希望在TCP之上拥有基于消息的协议,则需要自己构建该层。一种非常简单的方法是为每条消息添加长度。这样,接收者知道每个消息何时结束以及下一个消息何时开始。还有其他更复杂的方案。