这是我第一篇关于stackoverflow的文章。
我正在使用libpcap(1.2.1)进行数据包分析,我已经管理了一些示例,我已经编写了部分分析器,然后我意识到了一件事。
我的ifconfig说:
wlan0 Link encap:Ethernet HWaddr 90:00:4e:96:80:b1
inet addr:192.168.100.100 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::9200:4eff:fe96:80b1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:304853 errors:0 dropped:0 overruns:0 frame:0
TX packets:279099 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:403507845 (403.5 MB) TX bytes:28330813 (28.3 MB)
你可以看到ip地址 192.168.100.100
然后我再次编译示例显示dev名称,netmask和ip,这个例子使用libpcap,我得到了这个:
DEV: wlan0
NET: 192.168.100.0
MASK: 255.255.255.0
这是不正确的我认为
该示例的代码是:
#include <stdio.h>
#include <stdlib.h>
#include <pcap.h>
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
int main(int argc, char **argv)
{
char *dev; /* name of the device to use */
char *net; /* dot notation of the network address */
char *mask;/* dot notation of the network mask */
int ret; /* return code */
char errbuf[PCAP_ERRBUF_SIZE];
bpf_u_int32 netp; /* ip */
bpf_u_int32 maskp;/* subnet mask */
struct in_addr addr;
/* ask pcap to find a valid device for use to sniff on */
dev = pcap_lookupdev(errbuf);
/* error checking */
if(dev == NULL)
{
printf("%s\n",errbuf);
exit(1);
}
/* print out device name */
printf("DEV: %s\n",dev);
/* ask pcap for the network address and mask of the device */
ret = pcap_lookupnet(dev,&netp,&maskp,errbuf);
if(ret == -1)
{
printf("%s\n",errbuf);
exit(1);
}
/* get the network address in a human readable form */
addr.s_addr = netp;
net = inet_ntoa(addr);
if(net == NULL)/* thanks Scott :-P */
{
perror("inet_ntoa");
exit(1);
}
printf("NET: %s\n",net);
/* do the same as above for the device's mask */
addr.s_addr = maskp;
mask = inet_ntoa(addr);
if(mask == NULL)
{
perror("inet_ntoa");
exit(1);
}
printf("MASK: %s\n",mask);
return 0;
}
有什么问题?
提前致谢
答案 0 :(得分:0)
正如代码所说,192.168.100.0是网络地址,而不是您的IP地址。网络地址是通过按位AND运算您的IP地址和网络掩码生成的。