我试图用pcap做一些简单的数据包捕获,所以我创建了一个通过eth0监听的句柄。我的问题是我的代码末尾附近的pcap_loop(handle, 10, myCallback, NULL);行。我试图使用pcap_loop。
预期的输出应该是:
eth0
Activated!
1
2
3
...
10
Done processing packets!
当前输出缺少增量:
eth0
Activated!
Done processing packets!
目前它正在跳过直接处理数据包!"完成处理数据包!"而且我不知道为什么。即使它没有进入回调,它仍然应该等待数据包作为; count'参数(参见pcap_loop的文档)设置为10.
#include <iostream>
#include <pcap.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <arpa/inet.h>
void myCallback(u_char *useless, const struct pcap_pkthdr* hdr, const u_char*packet){
static int count = 1;
std::cout <<count<<std::endl;
count ++;
}
int main(){
char errbuf[PCAP_ERRBUF_SIZE];
char * devName;
char* net;
char* mask;
const u_char*packet;
struct in_addr addr;
struct pcap_pkthdr hdr;
bpf_u_int32 netp;
bpf_u_int32 maskp;
pcap_if_t *devs;
pcap_findalldevs(&devs, errbuf);
devName = pcap_lookupdev(errbuf);
std::cout <<devName<<std::endl;
int success = pcap_lookupnet(devName, &netp, &maskp, errbuf);
if(success<0){
exit(EXIT_FAILURE);
}
pcap_freealldevs(devs);
//Create a handle
pcap_t *handle = pcap_create(devName, errbuf);
pcap_set_promisc(handle, 1);
pcap_can_set_rfmon(handle);
//Activate the handle
if(pcap_activate(handle)){
std::cout <<"Activated!"<<std::endl;
}
else{
exit(EXIT_FAILURE);
}
pcap_loop(handle, 10, myCallback, NULL);
std::cout <<"Done processing packets!"<<std::endl;
//close handle
pcap_close(handle);
}
答案 0 :(得分:1)
pcap_findalldevs(&devs, errbuf);
这个电话并没有做任何有用的事情,因为除了释放devs以外,你没有做任何事情。{1}}。 (您也不会检查它是成功还是失败。)除非您需要了解可以捕获的设备 all ,否则您也可以将其删除。
pcap_can_set_rfmon(handle);
所有人都没有做任何有用的事情,因为你没有检查它的返回值。如果您在Wi-Fi设备上捕获,并且想要在监控模式下捕获,则在创建之后和激活句柄之前,在句柄上调用pcap_set_rfmon() - 而不是pcap_can_set_rfmon()。
//Activate the handle if(pcap_activate(handle)){ std::cout <<"Activated!"<<std::endl; } else{ exit(EXIT_FAILURE); }
引用pcap_activate()手册页:
RETURN VALUE
pcap_activate() returns 0 on success without warnings, PCAP_WARN-
ING_PROMISC_NOTSUP on success on a device that doesn't support promis-
cuous mode if promiscuous mode was requested, PCAP_WARNING on success
with any other warning, PCAP_ERROR_ACTIVATED if the handle has already
been activated, PCAP_ERROR_NO_SUCH_DEVICE if the capture source speci-
fied when the handle was created doesn't exist, PCAP_ERROR_PERM_DENIED
if the process doesn't have permission to open the capture source,
PCAP_ERROR_RFMON_NOTSUP if monitor mode was specified but the capture
source doesn't support monitor mode, PCAP_ERROR_IFACE_NOT_UP if the
capture source is not up, and PCAP_ERROR if another error occurred. If
PCAP_WARNING or PCAP_ERROR is returned, pcap_geterr() or pcap_perror()
may be called with p as an argument to fetch or display a message
describing the warning or error. If PCAP_WARNING_PROMISC_NOTSUP,
PCAP_ERROR_NO_SUCH_DEVICE, or PCAP_ERROR_PERM_DENIED is returned,
pcap_geterr() or pcap_perror() may be called with p as an argument to
fetch or display an message giving additional details about the problem
that might be useful for debugging the problem if it's unexpected.
这意味着上面的代码100%错误 - 如果pcap_activate()返回非零值,则可能失败,如果它返回0,则成功
如果返回值为负,则表示错误值,并且失败。如果它不为零而是正数,那么它就是一个警告值;它已成功,但是,例如,它可能没有开启混杂模式,因为操作系统或设备可能不会设置混杂模式。
所以你想要的是,而不是:
//Activate the handle
int status;
status = pcap_activate(handle);
if(status >= 0){
if(status == PCAP_WARNING){
// warning
std:cout << "Activated, with warning: " << pcap_geterror(handle) << std::endl;
}
else if (status != 0){
// warning
std:cout << "Activated, with warning: " << pcap_statustostr(status) << std::endl;
}
else{
// no warning
std::cout <<"Activated!"<<std::endl;
}
}
else{
if(status == PCAP_ERROR){
std:cout << "Failed to activate: " << pcap_geterror(handle) << std::endl;
}
else{
std:cout << "Failed to activate: " << pcap_statustostr(status) << std::endl;
}
exit(EXIT_FAILURE);
}