我正在使用libpcap开发一个C应用程序。 我可以使用我开发的代码捕获帧:
void ethernetCaptureHandler( u_char *args, const struct pcap_pkthdr *packet_header, const u_char *packet_body)
{
struct ether_header *eptr;
eptr = (struct ether_header *) packet_body;
fprintf(stdout,"ethernet header source: %s\n"
,ether_ntoa((const struct ether_addr *)&eptr->ether_shost));
fprintf(stdout," destination: %s\n"
,ether_ntoa((const struct ether_addr *)&eptr->ether_dhost));
}
void *listenEthernetFrame(void *ehternetInterface){ //Thread Handler
struct ether_header *eptr;
char error_buffer[PCAP_ERRBUF_SIZE];
pcap_t *handle;
int timeout_limit = 10000; /* In milliseconds */
char *ethernet = (char *)ehternetInterface;
/* Open device for live capture */
handle = pcap_open_live(
ethernet,
BUFSIZ,
0,
timeout_limit,
error_buffer
);
if (handle == NULL) {
fprintf(stderr, "Could not open device %s: %s\n", ethernet, error_buffer);
return 2;
}
pcap_loop(handle, 0, ethernetCaptureHandler, NULL);
}
ethernetCaptureHandler函数可以监听以太网帧,你可以看到我可以获得mac source和mac destination。 问题是:有没有办法知道框架是发送还是接收? (假设帧mac源和mac目的地没有从节点变为另一个)
否则,有没有办法只捕获收到的帧?