C: libpcap 不捕获 wlan0 数据包
C: libpcap doesn't capture wlan0 packets
我是 C 的新手,有点困惑。我已经阅读了一些有关此问题的主题,但其中 none 对我有用。我正在尝试使用 libpcap 捕获 wlan0 数据包,但出了点问题。 pcap_next() function returns null 但我不明白为什么。这是我的代码:
#include <pcap.h>
#include <stdio.h>
#include <string.h>
void dump(const unsigned char *data_buffer, const unsigned int length) {
unsigned char byte;
unsigned int i, j;
for(i=0; i < length; i++) {
byte = data_buffer[i];
printf("%02x ", data_buffer[i]); // Display byte in hex.
if(((i%16)==15) || (i==length-1)) {
for(j=0; j < 15-(i%16); j++)
printf(" ");
printf("| ");
for(j=(i-(i%16)); j <= i; j++) { // Display printable bytes from line.
byte = data_buffer[j];
if((byte > 31) && (byte < 127)) // Outside printable char range
printf("%c", byte);
else
printf(".");
}
printf("\n"); // End of the dump line (each line is 16 bytes)
} // End if
} // End for
}
int main() {
struct pcap_pkthdr header;
const u_char *packet;
char errbuf[PCAP_ERRBUF_SIZE];
char *device;
pcap_t *pcap_handle;
int i;
device = "wlan0";
printf("Sniffing on device %s\n", device);
pcap_handle = pcap_open_live(device, 4096, 1, 0, errbuf);
for(i=0; i < 3; i++) {
packet = pcap_next(pcap_handle, &header);
printf("Got a %d byte packet\n", header.len);
dump(packet, header.len);
}
pcap_close(pcap_handle);
}
我得到的输出是
正在设备 wlan0 上嗅探
得到一个 0 字节数据包
得到一个 0 字节数据包
得到一个 0 字节数据包
这就是我以 root 身份编译 gcc -o test test.c -l pcap 和 运行 程序的方式。谢谢
pcap_next() returns a pointer to the packet data on success, and
returns NULL if an error occured, or if no packets were read from a
live capture (if, for example, they were discarded because they didn't
pass the packet filter, or if, on platforms that support a read
timeout that starts before any packets arrive, the timeout expires
before any packets arrive, or if the file descriptor for the capture
device is in non-blocking mode and no packets were available to be
read), or if no more packets are available in a ''savefile.''
Unfortunately, there is no way to determine whether an error occured
or not.
http://linux.die.net/man/3/pcap_next
所以应该没问题。我的建议是检查 NULL,什么也不做(或 i--;),然后继续处理下一个数据包。或者使用 pcap_next_ex() 并检查错误。
pcap_open_live() 甚至 return 是有效句柄吗?请检查 return 值。
我是 C 的新手,有点困惑。我已经阅读了一些有关此问题的主题,但其中 none 对我有用。我正在尝试使用 libpcap 捕获 wlan0 数据包,但出了点问题。 pcap_next() function returns null 但我不明白为什么。这是我的代码:
#include <pcap.h>
#include <stdio.h>
#include <string.h>
void dump(const unsigned char *data_buffer, const unsigned int length) {
unsigned char byte;
unsigned int i, j;
for(i=0; i < length; i++) {
byte = data_buffer[i];
printf("%02x ", data_buffer[i]); // Display byte in hex.
if(((i%16)==15) || (i==length-1)) {
for(j=0; j < 15-(i%16); j++)
printf(" ");
printf("| ");
for(j=(i-(i%16)); j <= i; j++) { // Display printable bytes from line.
byte = data_buffer[j];
if((byte > 31) && (byte < 127)) // Outside printable char range
printf("%c", byte);
else
printf(".");
}
printf("\n"); // End of the dump line (each line is 16 bytes)
} // End if
} // End for
}
int main() {
struct pcap_pkthdr header;
const u_char *packet;
char errbuf[PCAP_ERRBUF_SIZE];
char *device;
pcap_t *pcap_handle;
int i;
device = "wlan0";
printf("Sniffing on device %s\n", device);
pcap_handle = pcap_open_live(device, 4096, 1, 0, errbuf);
for(i=0; i < 3; i++) {
packet = pcap_next(pcap_handle, &header);
printf("Got a %d byte packet\n", header.len);
dump(packet, header.len);
}
pcap_close(pcap_handle);
}
我得到的输出是
正在设备 wlan0 上嗅探
得到一个 0 字节数据包
得到一个 0 字节数据包
得到一个 0 字节数据包
这就是我以 root 身份编译 gcc -o test test.c -l pcap 和 运行 程序的方式。谢谢
pcap_next() returns a pointer to the packet data on success, and returns NULL if an error occured, or if no packets were read from a live capture (if, for example, they were discarded because they didn't pass the packet filter, or if, on platforms that support a read timeout that starts before any packets arrive, the timeout expires before any packets arrive, or if the file descriptor for the capture device is in non-blocking mode and no packets were available to be read), or if no more packets are available in a ''savefile.'' Unfortunately, there is no way to determine whether an error occured or not.
http://linux.die.net/man/3/pcap_next
所以应该没问题。我的建议是检查 NULL,什么也不做(或 i--;),然后继续处理下一个数据包。或者使用 pcap_next_ex() 并检查错误。
pcap_open_live() 甚至 return 是有效句柄吗?请检查 return 值。