View
79
Download
0
Category
Preview:
DESCRIPTION
597435012 羅淑美 597435003 張麗娟 597435004 許智威 597435010 周玉玲 597435015 洪江西. 第 四 組 網 路 封 包 監 測 程 式. Introduction Functions 程式整體介紹 程式相關問題 Appendix. Agenda. Introduction. 1.1 Purpose 1.2 System 1.3 選擇網路介面 1.4 封包抓取參數 1.5 封包過濾. 1.1 Purpose. 1.Packet capture library (libpcap) 網路封包擷取 - PowerPoint PPT Presentation
Citation preview
597435012 597435003 597435004 597435010 597435015
AgendaIntroductionFunctionsAppendix
Introduction1.1 Purpose1.2 System1.31.41.5
1.1 Purpose1.Packet capture library (libpcap) 2.headerpayload 3.(IP address/ICMP/ALL)4.Filter/All Packet 5.Save/Load
1.2 system
Linux base C ::rpm.:(:tcpdump.doc)
1.3 pcap_lookupdev( )pcap_open_live( )pcap_compile( )pcap_setfilter( )pcap_next( )pcap_loop( )
1.3:
errbuf
char *pcap_lookupdev(char *errbuf)
1.4
//device //snaplen bytes //promisc promiscuousnon-promiscuous //to_ms kernel space user space //errbuf packet capture descriptor NULL
pcap_t *pcap_open_live(const char *device, int snaplen, int promisc, int to_ms, char *errbuf)
1.5 (1/4),.
&
pcap_compile()
pcap_setfilter()
1.5(2/4)
1filter express = ip , express = src ip 2filterBPF program
3BPF programfilter ()
1.5 (3/4)
//pcap_t *p pcap_open_live packet capture descriptor//str //netmasknetmask //struct bpf_program *fpfpstruct bpf_program bpf_program
pcap_compile(pcap_t *p, struct bpf_program *fp, char *str, int optimize, bpf_u_int32 netmask)
1.5 (4/4)
//
//device //netp //maskp
pcap_setfilter(pcap_t *p, struct bpf_program *fp)
pcap_lookupnet(const char *device,bpf_u_int32 *netp,bpf_u_int32 *maskp,char *errbuf)
FunctionsPcap_next()Pcap_loop()
Pcap_next() Pcap_next()
1.The first argument is our session handler. 2.The second argument is a pointer to a structure that holds general information about the packet, specifically the time in which it was sniffed, the length of this packet, and the length of his specific portion (incase it is fragmented, for example.) pcap_next() returns a u_char pointer to the packet that is described by this structure
u_char *pcap_next(pcap_t *p, struct pcap_pkthdr *h)
Pcap_loop()Pcap_loop()
1.The first argument is our session handle.2.Following that is an integer that tells pcap_loop() how many packets it should sniff for before returning (a negative value means it should sniff until an error occurs).3. The third argument is the name of the callback function (just its identifier, no parentheses). 4.The last argument is useful in some applications, but many times is simply set as NULL .
int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
1.11.2
1.1
1.2 item 1
1.2 item 2
1.2 item 3
1.2 item 5
1.2 item 6
1. 2.3.
bug1.Item 4-Save/Load information to File merge into codec. 1/17 ,savenetcapture_01182. Pcap_loop()
=>=>=>=>web office Demo=>=>Filter=>IP adress:Filter ICMP:Filter all:Save/load:Code :,:Demo:,
(I)
2008/11/152008/11/252008/12/22008/12/8Skypeskypeskypeallallallall1. 2. 3.1. 2. 3. Wireshark/ TCPdump 4. 11/27 Presentation 1. Web office ==> 2. 1. and final define define=> => => => => Presentation=>
(II)
2008/12/92008/12/112008/12/252009/1/13skypeskypeskypeskypeallallallall1.Go through, .Weoffice , codecheck : code-->1/6 --> IP address --> ICMP --> all --> save/load --> code --> , --> 1/9 -> -->1/12 Review -->1/13 Demo=>& -> 1/181. Review 2. check 1/18 demo
Appendixhttp://www.wireshark.org/http://docstore.mik.ua/orelly/networking_2ndEd/tshoot/ch05_04.htmhttp://www.at.tcpdump.org/pcap.htm
Thank You !
pcap_next()pcap_open_livepcaket capture descriptorPcap_next()u_char
pcappcap,pcap_loop()pcap_dispatch()user space
task1. 2. 3.Web office pcaplayer 2EthernetLayer 3 IPLayer 4 TCP UDPICMPICMP Protocol layer 2 Header14 bytes type0x0800PayloadIPICMP Protocol IP HeaderProtocol FieldC Header Filed CTCPDUMP
Recommended