處于一些目的，有時需要對到達網口的所有網絡數據進行捕獲，系統也提供了這樣的接口，稍微懂網絡編程的都知道SOCK_DGRAM、SOCK_STREAM,差不多就UDP、TCP之類的吧。但是還有一個很少用的叫SOCK_RAW,原始套接字，使用它你可以捕獲網卡上的所有網絡數據，當然這需要超級用戶權限。貼個列子吧，網上摘的，具體出處忘了

#include

#include

#include

#include

#include

#include

#include

#include

#include

#include

#include

#include /* the L2 protocols */

#include

#include

#include

#define BUFFER_MAX 2048

int main(int argc, char *argv[])

{

int sock, n_read;

char buffer[BUFFER_MAX];

struct sockaddr_ll sll;

struct ifreq ifstruct;

if((sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0)

{

perror( "create socket error");

return -1;

}

memset(&sll, 0, sizeof(sll));

sll.sll_family = PF_PACKET;

sll.sll_protocol = htons(ETH_P_ALL);

//get net card index ethx->index

strcpy(ifstruct.ifr_name, "eth0");

ioctl(sock, SIOCGIFINDEX, &ifstruct);

sll.sll_ifindex = ifstruct.ifr_ifindex;

//bind net card

if (bind(sock, (struct sockaddr *)&sll, sizeof(sll)) == -1)

{

perror("bind error:\n");

return -1;

}

while(1)

{

n_read = recvfrom(sock, buffer, 2048, 0, NULL, NULL);

if(n_read <= 0)

{

perror("recvfrom\n");

return -1;

}

//process packet

}

return 0;

}

其實原始套接字不僅可以捕獲數據，也可以發送數據，而且是任意格式的數據，從MAC頭到IP頭之類的數據段都在自己的控制范圍之內，什么ARP攻擊、

DDoS攻擊之類的都離不開原始套接字吧，不過這些封包是重點，這里篇幅有限不涉及封包了吧，只介紹如何將數據發出去

#include

#include

#include

#include

#include

#include

#include

#include

#include

#include

#include

#include /* the L2 protocols */

#include

#include

#include

#define BUFFER_MAX 2048

int main(int argc, char *argv[])

{

int sockfd;

int n_write;

int n_res;

struct sockaddr_ll sll;

struct ifreq ifstruct;

char buffer[BUFFER_MAX];

char MAC_BUFFER[ETH_ALEN]= {0x00,0x18,0x82,0xab,0xd2,0xf9};

char TYPE_BUFFER[2] = {0x88,0x66};

if((sockfd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0)

{

perror("create socket error:");

return -1;

}

n_res = 0;

n_write = 0;

memset(&sll, 0, sizeof(sll));

sll.sll_family = PF_PACKET;

sll.sll_protocol = htons(ETH_P_ALL);

//get netcard interface index ethx->ifindex

strcpy(ifstruct.ifr_name, "eth0");

ioctl(sockfd, SIOCGIFINDEX, &ifstruct);

sll.sll_ifindex = ifstruct.ifr_ifindex;

//get the local netcard mac

strcpy(ifstruct.ifr_name, "eth0");

ioctl(sockfd, SIOCGIFHWADDR, &ifstruct);

memcpy(sll.sll_addr, ifstruct.ifr_ifru.ifru_hwaddr.sa_data, ETH_ALEN);

sll.sll_halen = ETH_ALEN;

//bind the netcard

if(bind(sockfd, (struct sockaddr *)&sll, sizeof(sll)) == -1)

{

perror("bind error:");

return -1;

}

//get the netcard work mode

memset(&ifstruct, 0, sizeof(ifstruct));

strcpy(ifstruct.ifr_name, "eth0");

if(ioctl(sockfd, SIOCGIFFLAGS, &ifstruct) == -1)

{

perror("iotcl error:");

return -1;

}

//set the netcard work mode

ifstruct.ifr_flags |= IFF_PROMISC;

if(ioctl(sockfd, SIOCSIFFLAGS, &ifstruct) == -1)

{

perror("iotcl()\n");

printf("Fun:%s Line:%d\n", __func__, __LINE__);

return -1;

}

memcpy(buffer,MAC_BUFFER,ETH_ALEN);

memcpy(buffer+6,sll.sll_addr,ETH_ALEN);

memcpy(buffer+12,TYPE_BUFFER,2);

while(1)

{

n_res = sendto(sockfd, buffer, 1024,

0, (struct sockaddr *)&sll, sizeof(sll));

if(n_res < 0)

{

perror("sendto error:");

return -1;

}

n_write += n_res;

if(n_write >= 2048 * 2560)

{

break;

}

}

return 0;

}

總結

以上是生活随笔為你收集整理的linux 原始套接字 绑定网卡,Linux网络数据捕获之原始套接字的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。