Thông tin tài liệu
1
libpcap
libpcap
Packet Sniffing for Security
Alisa Neeman
2
Introduction
Introduction
libpcap is an open source C library for
putting your NIC in promiscuous mode.
Today I’ll go over a few C gotchas and
how to use the libpcap API
Any C programmers?
Planning to go to grad school?
3
Agenda
Agenda
Installing libpcap
C stuff
Basic libpcap program
–
Grab a device to sniff
–
Filters/Event Loops
–
Packet structure
4
Getting the library
Getting the library
Linux:
http://sourceforge.net/projects/libpcap/
VC++:
Winpcaphttp://winpcap.polito.it/install/
default.htm
Cygwin: Wpcap (haven’t tried this)
http://www.rootlabs.com/windump/
5
Install on Linux
Install on Linux
gunzip libpcap-0.7.1.tar.gz
tar -xvf libpcap-0.7.1.tar
cd libpcap-0.7.1
./configure
make
6
Install for Windows VC++
Install for Windows VC++
Get both Developer's pack download and
Windows 95/98/ME/NT/2000/XP install package.
Run install and reboot (this installs the .dll and inserts a
link in your registry).
You need to insert a copy of pcap.h into
C:\Program Files\Microsoft Visual
Studio\VC98\Include
(There is a copy of pcap.h in the Winpcap
developer's pack in wpdpack/Include. In fact you
can copy over all the .h files )
7
VC++, cont’d
VC++, cont’d
You also need to add the lib files.
Copy everything from wpdpack/Lib to
C:\Program Files\Microsoft Visual
Studio\VC98\Lib
go to Project -> Settings -> click on the
Link tab, and type in wpcap.lib and
wsock32.lib in addition to the lib files that
are already there.
8
Avoiding C Gotchas
Avoiding C Gotchas
Always declare variables at the beginning of a
block (no Java/C++ messiness!!)
Nothing ‘new’: Always free what you malloc
malloc( sizeof ( thingYouWantToAllocate ));
Always check the return value (no Exceptions!)
if (thing_didnt_work()) {
fprintf(stderr, "ERROR: thing didn't work\n");
exit(-1);
} /* if (thing_didnt_work) */
9
C cont’d
C cont’d
Output is formatted.
char person[ ] = “baby”;
printf(“give me %d, %s\n”, 5, person);
%d: int
%x: hex
%s: string
%f: double
10
Get to the point!
Get to the point!
Pass by reference explicitly
- Pass-by-reference prototype
int doSomething( Thing *);
Choice 1:
Thing * t;
doSomething( t );
Choice 2:
Thing t;
doSomething( &t );
•
Arrays are always in reference mode:
char * is like char[0]
[...]... Under the covers this is an array of contiguous bytes struct pcap_pkthdr { struct timeval ts; //time stamp bpf_u_int32 caplen; // length of //portion present bpf_u_int32; //packet length } 11 Overview of libpcap Open live What to include and how to compile Going Live Main Event Loop Reading from a packet Filters ether ARP TCP UDP IP ICMP 12 What to include and how to compile gcc sniff.c -lpcap . 1
libpcap
libpcap
Packet Sniffing for Security
Alisa Neeman
2
Introduction
Introduction
libpcap is an open source C library.
how to use the libpcap API
Any C programmers?
Planning to go to grad school?
3
Agenda
Agenda
Installing libpcap
C stuff
Basic libpcap program
–
Grab
Ngày đăng: 23/03/2014, 00:20
Xem thêm: libpcap doc