windows环境下如何进行raw socket编程抓取MAC封装的数据包?(已有linux下的程序)
如题,linux环境下的代码我已经有啦,但是也不知怎么改动使其能够在windows环境下工作(主要是包含的头文件不知怎么样改动),有高手帮忙么? linux环境下的代码如下:
#include<sys/socket.h>
#include<sys/ioctl.h>
#include<unistd.h>
#include<sys/types.h>
#include<sys/stat.h>
#include<fcntl.h>
#include<errno.h>
#include<linux/if_ether.h>
#include<linux/if_packet.h>
#include<linux/if.h>
#include<stdio.h>
#include<stdlib.h>
#include<string.h>
#include<netinet/in.h>
#include<netdb.h>
#include<linux/errno.h>
void showpacket(unsigned char* buffer);
int main (int argc,char *argv[])
{
int rawsock;
int ret;
int sd;
int Len,recv_len,socklen,bcount;
int i,j;
int k=0;
FILE *fd;
extern int errno;
struct ifreq req;
struct sockaddr_ll addr;
struct sockaddr_ll in_addr;
unsigned char buffer[2048] = {0};
unsigned char buff[2000] ={0};
unsigned char buffbmp[76800] ={0};
unsigned char buffrec2[64][1200] ={0};
bzero(buffbmp,sizeof(buffbmp));
char path[]="/home/jiaojiao/jiaodi.txt";
char s[]="hello,jiaodi";
socklen=sizeof(struct sockaddr_ll);
rawsock=socket(PF_PACKET,SOCK_RAW,htons(ETH_P_ALL));
if((rawsock=socket(PF_PACKET,SOCK_RAW,htons(ETH_P_ALL)))<0)
{
printf("error:create raw socket!!!\n");
exit(0);
}
memset(&addr, 0 , sizeof(addr));
addr.sll_family = AF_PACKET;//填写AF_PACKET,不再经协议层处理
addr.sll_protocol = htons(ETH_P_ALL);
strcpy(req.ifr_name,"eth1");//通过设备名称获取index
ret=ioctl(rawsock,SIOCGIFINDEX,&req);
printf("ret=%d\n",ret);
addr.sll_ifindex = req.ifr_ifindex;//网卡eth0的index,非常重要,系统把数据往哪张网卡上发,就靠这个标识
addr.sll_pkttype = PACKET_OUTGOING;//标识包的类型为发出去的包
addr.sll_halen = 6; //目标MAC地址长度为6
addr.sll_addr[0] = 0x6c;
addr.sll_addr[1] = 0xf0;
addr.sll_addr[2] = 0x49;
addr.sll_addr[3] = 0x78;
addr.sll_addr[4] = 0x55;
addr.sll_addr[5] = 0x22;
//组装数据
/*for( i=0;i<64;i++)
{
buffer[0]=0x6c;
buffer[1]=0xf0;
buffer[2]=0x49;
buffer[3]=0x78;
buffer[4]=0x55;
buffer[5]=0x22; //目的MAC
buffer[6]=0x00;
buffer[7]=0xb0;
buffer[8]=0xc4;
buffer[9]=0x01;
buffer[10]=0x9b;
buffer[11]=0xe5; //源MAC
buffer[12]=0x04;
buffer[13]=0xb2; //数据长度
buffer[14]=0x00;
buffer[15]=0x00;
for(j=16;j<1216;j++)
{
buffer[j]=j%256;
}
Len = sendto(rawsock, buffer,1216, 0, (const struct sockaddr *)&addr, sizeof(addr));
//注意 此处的发送缓冲区长度不能与接收缓冲区长度一样,否则报错发送字节太长,应 设为发送字节的长度
memset(buffer, 0 , sizeof(buffer));
}
//显示发送数据
printf("Len=%d\n",Len);
perror("sendto");
*/
while(k<64)
{
bzero(buff,sizeof(buff));
recv_len =recvfrom(rawsock, buff,sizeof(buff), 0, (struct sockaddr*)&addr,&socklen);
if(recv_len==-1) continue ;
if(buff[1]==0xb0)
{
printf("%d:\n",k);
printf("recv_len=%d\n",recv_len);
memcpy(buffrec2[k],buff+16,1200);
k++;
}
}
//生成bmp文件
unsigned char header[54]={0};
bzero(header,sizeof(header));
const char *file;
const char *wfile;
FILE *pFile = 0; /**< 文件指针 */
FILE *wpFile = 0;
/** 打开文件,并检查错误 */
pFile = fopen("bmphead", "rb");
if(pFile == 0)
return -1;
/** 读入位图文件头信息 */
fread(header,54,1,pFile);
wpFile = fopen("bmpoutput.bmp", "wb");
if(wpFile == 0)
return -1;
fwrite(header,54,1,wpFile);
int kk=0;
for(kk=0;kk<64;kk++)
fwrite(buffrec2[k], 1200, 1, wpFile);
fclose(wpFile);
fclose(pFile); /**< 关闭文件 */
}
[解决办法]
想简单就用winpcap。复杂点用ddk里的ndisprot驱动模版稍微改下就行。
[解决办法]
用WinCap可以抓到MAC层的数据,在网上搜一下,有实现的例子.
