Libpcap使用简介.pdf

所需积分/C币:11 2019-11-17 3MB PDF
评分

Libpcap使用简介,无线驱动开发技术相关资料,用兴趣可以自行下载。Libpcap使用简介,无线驱动开发技术相关资料,用兴趣可以自行下载。
Programming with Libpcap ies it from the card buffer to a block through but, as we will see later, Python, Java, C# or Ruby. Libpcap of memory in kernel space. Then, it they usually offer advanced filtering runs on most UNIX-like operating determines which type of packet has capabilities. As packet capture may systems (Linux, Solaris, BSD, HP been received looking at the ether- involve security risks, most systems UX.. there is also a Windows ver- type field of the Ethernet header and require administrator privileges in sion named Winpcap. Today, libpcap passes it to the appropriate protocol order to use this feature. Figure 1 is maintained by the Tcpdump group handler in the protocol stack. In most illustrates the capture process Full documentation and source code cases the frame will contain an iPv4 is available from the tcpdump' s official datagram so the IPv4 packet handler Libpcap siteathttp://www.tcpdump.org.(http willbecalledThishandlerperformsLibpcapisanopensourcelibrarythat//www.winpcap.org/forWinpcap) a number of check to ensure, for provides a high level interface to net- example, that the packet is not cor- work packet capture systems. It was Our First Steps rupt and that is actually destined created in 1994 by McCanne, Leres With Libpcap for this host. If all tests are passed, and Jacobson researchers at the that we know the basics of the IP headers are removed and Lawrence Berkeley National Labora- packet capture let us write our own the remainder is passed to the next tory from the University of California at sniffing application protocol handler(probably TCP or Berkeley as part of a research project The first thing we need is a net- UDP). This process is repeated until to investigate and improve TCP and work interface to listen on. We can the data gets to the application layer Internet gateway performance either specify one explicitly or let where it is processed by the user Libpcap authors main objective libpcap get one for us. The function level application was to create a platform-independ char *pcap lookurdev(char *erroufy When we use a sniffer, packets ent API to eliminate the need for returns a pointer to a string contain go through the same process de- system-dependent packet capture ing the name of the first network scribed above but with one differ- modules in each application, as vir- device that is suitable for packet cap ence: the network driver also sends tually every OS vendor implements ture. Usually this function is called a copy of any received or transmitted its own capture mechanisms when end-users do not specify any packet to a part of the kernel called The libpcap API is designed to network interface. It is generally the packet filter. Packet filters are be used from c and C++. However, a bad idea to use hard coded inter- what makes packet capture pos- there are many wrappers that allow face names as they are usually not sible. By default they let any packet its use from languages like Perl, portable across platforms Sniffer Transmitted Packet Packet filte Received Monitor NETWORK CARD Packet ARD DRIVER Web browser Protocol Stack FTP Serve Hardware Kernel Space User Space Figure 1 Elements involved in the capture process www.haking.org/en hakin9 2/2008 39 Attack The errbuf argument of psap mented by libpcap take this param Once we have the name of the lookupdev() is a user supplied buffer eter. When allocating the buffer we network device we have to open that the library uses to store an error have to be careful because it must be it. The functi ap t "pcap message in case something goes able to hold at least PCAP ERRBUF open live(cons: char device,int wrong. Many of the functions imple- SIZE bytes(currently defined as 256). snaplen, -nt promisc, int to ns, char *errkuf) does that. It returns an Listing 1. Structure pcap pkthdr interface handler of type rcap t that will be used later when calling the rest struct pcap pkthar of the functions provided by libpcap struct timeval ts; / Timestamp ot capture The first argument of pcap bof u int 32 caplen; / Nunber cf bytes thdt were stored * bof u int 32 len; / TctaI length of the packet * oFen live() is a string containing the name of the network interface we want to open. The second one Listing 2. Simple sniffer is the maximum number of bytes to capture. setting a low value for this ★ o compile: gcc simplesniffer. c -o simplesniffer -Pcap */ parameter might be useful in case we are only interested in grabbing #include <pcap. h headers or when programming for 主nc1ude< string.h> embedded systems with important #include <stdlib. h memory limitations. Typically the #detine MAXBYTES2CAPTURE 2048 aximum ethernet frame size is void processPacket l u char *arg, const struct pcap pkthdr* pkthdr, const types like FDDI or 802. 11 have big- l1 char packetI ger limits. A value of 65535 should h to hold any int i=0,:*counter int argi any network printf ("Packet Count: d\n,++*counter) The option to ms defines how printf (" Received Packet Size: ad\n", p<thdr->len); many milliseconds should the kernel printf(" Payload: \n") vait betore copying the captured or (1=0; i<pkthdr->-en: i++)i information from kernel space to if( isprint(packet[i])) user space. Changes of context are printf(" c", packet[il)i computationally expensive. If we else capturing a high volume of network traffic it is better to let the kernel group some packets before cross if(i816==05i1=0)1i==p<thdr->e1-1) printf(n") ing the kernel-userspace bound- ary. A value of zero will cause the return read operations to wait forever until gh packets arrived to the net- work interfa tion does not provide any suggestion pcap t descr- NULL or this value to have an idea we char errbulf I PCAP FRRRUF STZF], *devi ceNUl.; can examine what other sniffers do memset(errbuf,0, PCAP ERRBUF SIZEi Tcpdump uses a value of 1000, dsniff uses 512 and ettercap distinguishes / Get the name of the iirs: device suitable for capture* between different operating systems device pcap lookupdev(errbu-)i using 0 for Linux or Open BSD and 10 print ("Opening device s\n", device)i for the rest The prom - sc flag decides wheth /* Open device in promiscuous mode * er the network interface should be r= pcap open live(device, MAXBYIES2CAPTJEE, 1, 512, errbuf) put into promiscuous mode or not / Loop forever caII processPacket() for every received packer%, That is, whether the network card pcap loop(descr, -l, processPacket, (u char * should accept packets that are not destined to it or not. Specify 0 for return o non-promiscuous and any other value for promiscuous mode. Note that even if we tell libpcap to listen 40 hakin 9 2/2008 www.haking.org/en Attack in non-promiscuous mode, if the You are probably wondering if the struct pcap pkthdrr pkthdr, conet u interface was already in promiscu- function only returns an integer,where packet) ous mode it may stay that way. We are the packets that were captured? should not take for granted that we The answer is a bit tricky. pcap lcop( The first argument is the user pointer will not receive traffic destined for does not return those packets, instead, that we passed to pcap loop(), the other hosts, instead, it is better to it calls a user-defined function every second one is a pointer to a structure use the filtering capabilities that lib- time there is a packet ready to be read. that contains information about the pcap provides, as we will see later. This way we can do our own process- captured packet Listing 1 shows the Once we have a network inter- ing in a separate function instead of definition of this structure face open for packet capture, we calling pcap next() in a loop and The caplen member has usually have to actually tell pcap that we process everything inside. However the same value as len except the want to start getting packets For this there is a problem. If pcap lcop0) situation when the size of the cap we have some options: calls our function, how can we pass ar- tured packet exceeds the snaplen guments to it? Do we have to use ugly specified in open pcap live( The function const u char globals? The answer is no, the libpcap The third alternative is to use int *pcap next(pcap t *p, struct guys thought about this problem and pcap dispatch(pcap t *p, int cnt, pcap pktrdr *h) takes the included a way to pass information to pcap handler callback. har pcap t handler returned by the callback function. This is the user user), which is similar to pcap pcap oper. live, a pointer to argument. This pointer is passed in 100p) but it also returns when the a structure of type pcap pkthdr every call. The pointer is of type u to ns timeout specified in pcap and returns the first packet that char so we will have to cast it for our oren live( elapses arrives to the network interface own needs when calling pcap 1co?() Listing 1 provides an example The function int and when using it inside the callback of a simple sniffer that prints the cn-r function. Our packet processing func- raw data that it captures. Note that pcap landler callback, u char tion must have a specific prototype, header file pcap. h must be included *user)is used to collect packets otherwise pcap 100p() wouldn't Error checks have been omitted for and process them. It will not know how to use it. This is the way it clarity turn until cnt packets have been should be declared: captured. A ative cnt value Once will cause pcap locp() to return void furction name (u char *userarg We Capture a packet only in case of error. const When a packet is captured, the only thing that our application has got a bunch of bytes. Usually, the net- work card driver and the protocol I Capture Loop stack process that data for us but when we are capturing packets fron Initialize Capture our own application we do it at the Network Set Filter Interface west level so we are the ones in charge of making the data rational To do that there are some things that should be taken into account Exit Close Process Data Link Type 一-1- Packet Although Ethe seems to be present everywhere, there are a lot of different technologies and standards that operate at the data link layer. In order to be able to decode packets Figure 2. Normal program flow of a pcap application captured from a network interface we must know the underlying data link type so we are able to interpret the headers used in that layer ETHERNET EADER IP HEADER TCP HEADER PAYLOAD ETHERNET CHECKSUM e function type of the device opened by Figure 3. Data encapsulation in Ethernet networks using the TCP/P pcap open live(). Libpcap is able protocol to distinguish over 180 different link 42 hakin 9 2/2008 www.haking.org/en Programming with Libpcap types. However, it is the responsibil- defined. A complete list can be found for example, we capture a packet that ityoftheusertoknowthespecificathttp://www.iana.org/assignments/istargetedtoorcomesfromport80 details of any particular technology. protocol-numbers and it is payload is plain ascll text, it This means that we, as program will probably be some kind of Http mers, must know the exact format Application Layer Protocol traffic between a web browser and a of the data link headers that the cap- Ok, so we have got the Ethernet web server. However, this is not exact tured packets will have. In most ap- header, the IP header, the TCP science so we have to be very care plications we would just want to know header and now what?. Application ful when handling the TCP payload, it the length of the header so we know layer protocols are a bit harder to may contain unexpected data where the iP datagram starts distinguish. The TCP header does Table 1 summarizes the most not provide any information about Malformed Packets common data link types, their the payload it transports but TCP In Louis Amstrong's wonderful world names in libpcap and the offsets port numbers can give as a clue. If, everything is beautiful and perfect that should be applied to the start Table 1. Common data link types of the captured data to get the next protocol header. Data Link Type Pcap Alias Offset (in bytes) Probably the best way to handle Ethernet 10/100/1000 Mbs the different link layer header sizes DLT EN10MB is to implement a function that take Wi-Fi802.11 a pcap t structure and returns the DLT IEEE802 11 offset that should be used to get the FDDI( Fiber Distributed Data 21 network layer headers. Dsniff takes Interface DLT FFDI this approach. Have a look at func- PPPoE (PPP over Ethernet) 14(Ethernet)+6 tion pcap dloff( in file pcap util.c DLE PPE ETHER (PPP)=20 from the dsniff source code SD Loopback DLT NULL Network Layer Protocol Point to Point(Dial-up) The next step is to determine what DLT PPE follows the data link layer header From now on we will assume that we Table 2. Network layer protocols and ethertype values are working with Ethernet networks. Network Layer Protocol Ethertype Value The Ethernet header has a 16-bit Internet Protocol Version 4(IPv4) 0x0800 field named ethertype which speci nternet Protocol Version 6(IPv6) 0x86DD fies the protocol that comes next. Ta 0x0806 ble 2 lists the most popular network Address Resolution Protocol (ARP) layer protocols and their ethertype Reverse Address Resolution Protocol (RARP)0x8035 value AppleTalk over Ethernet(EtherTalk) 0x809B When testing this value we Point-to-Point Protocol (PPP)) 0x880B must remember that it is received in PPPOE Discovery Stage 0X8863 network byte order so we will have 0x8864 to convert it to our host's ordering PPPOE Session Stage scheme using the function ntohs( Simple Network Management Protocol(SNMP) 0x814C Transport Layer Protocol Table 3. Transport layer protocols Once we know which network layer Protocol RFC protocol was used to route our cap- Internet Control Message Protocol 0x01 RFC 792 tured packet we have to find out (ICMP which protocol comes next. Assum Internet Group Management Protocol0x02RFC 3376 ng that the captured packet has an iP datagram knowing the next(IGMP protocol is easy, a quick look at the Transmission Control Protocol(TCP) 0X06 RFC: 793 protocol field of the IPv4 header(in Exterior Gateway Protocol 0×08RFC888 IPv6 is called next header) will tell User Datagram Protocol(UDP) RFC 768 s. Table 3 summarizes the most IPv6 Routing Header 0x2B RFC 1883 common transport layer protocols IPv6 Fragment Header 0x2C RFC 1883 their hexadecimal value and the RFC document in which they are ICMP for IPv6 0×3A RFC 1883 www.haking.org/en hakin9 2/2008 3 Attack but sniffers usually live in hell. Net- we cannot blindly trust the protocol we are expecting an arP packet works do not always carry valid pack- field of an ip datagram to contain the on an Ethernet network, packets ets. Sometimes packets may not be correct value for the following header. with a length different than=4+ crafted according to the standards Not even the fields that specify lengths 28= 42 bytes should be discard- or may get corrupted in their way. can be trusted. If we want to design ed. Failing to check the length of These situations must be taken into a powerful packet analyzer, avoiding a packet may result in a noisy account when designing an applica- segmentation faults and headaches. segmentation fault when trying to tion that handles sniffed traffic every detail must be checked access the received data The fact that an echertype value Here are a few tips Check iP and tcp checksums says that the next header is of type If checksums are not valid then ARP does not mean we will actually Check the whole size of the re- the data contained in the head find an ARP header In the same way ceived packet. If, for example, ers may be garbage. However, Listing 3 Simple ARP sniffer /*Simple ARP Sniffe descr- pcap open -ive(argv [1], MAXBYTES2CAPTURE, 0, / To compile: gcc arpsniffer. c -o arpsniff -Pcap *, 512, errbuf)i Look up info from the capture device.*. #inclIne <string. h> /* Compiles the filter expression irt a BPE filter /x ARE Header, ( assuming Ethernet+IP74 pcap compile( descr, &filter,"ar mask) #fdef ne ARP REQJEST 1 / ARP Reques defne ARP REPLY 2 / ARP Reply Load the ilter program into the packet capture typedef struct arphdr I device. * u int16 t htype Hardware Type pcap netfilter(descr, &filter u int16 t ptypei 4 ProtocoL Type u char leni Hardware Address Lergth while(1)( u char plen, x protocol Address Length x, u int16 t oper: x Operation Code packet= pcap next (descr, &pkthcri/* Get one packet u char sha6」 /* Sender hardware address u char spa[4] Sender Ip addres arpheader-(struct arphdr *)(packet+14)i/* Point to u char tha[6li / Target hardware address th∈AFP上 eader yarphdr ti printf(\n\rEceived Packet Size: d bytes \n" pkthar. len)i f defne MAXBYTES2CAPTURE 2048 printf ("hardware type: s\n", (ntchs(arpheader chtype)== 1)?Ethernet int main (int argc, char argv[:)i l Unknown" printf("Protocol type: ss\n",(ntchs(arp pe)=- Cx0E00)?"IPv4 bpf a int32 netaddr-0, nask=0; /* To Store network Unknown")i address ann netmask */ print f("Operation: s\n",(ntors(arpheader->per)=- struct opf program filter / place to store the ARE REQUEST)? ARE Request BFF filter pr ogram "ARE Reply char errbuf I PCAP ERRDUF SIZE rror buffer If is Ethernet and Ip1, print packet contents * pcap t *descr= NULL / Network interface if (ntohs (arpheader->htype,==1 & rohs(arpheader >ptype)== CX0E0)[ struct ucap pkthdr pkthdr / Packet information printf("Sender MAC:") timestamp;③i2e,,,)* for(1-0, 1<611++)printf("s02K: " arpheader->sha [i]) const unsigned char *packet=NULL; / Received raw printf("\sEnder IP: m for(=0; 1<4; 1++)printf( sd., arpneader->spa[i1)i arphdr t *arpheader= NULL, / Pointer to the ARP printf("\target MAC: header for(1-0, 1<611++)printf("902K: " arpheader->tha [i]) memset(errbuf,0, PCAP ERRBUF S-ZE,; printf("\mArget Ip for(i=0; i<4: i+-)printf("d " arpreader->tpa[i]) if (arcc printf("\n")i printf ("USAGE: arps- ffer <interface>\n") exit(1)i / Open network device for packe capture * 44 hakin 9 2/2008 www.haking.org/en Programming with Libpcap the fact that checksums are cor an iP address, checks should CPu time. Capturing everything that rect does not guarantee that the be made to ensure that the data flows past the network card could packet contains valid header actually represents a valid IPv4 easily degrade the overall perform- values address ance of our host and cause the kel Check encoding Http Or Smtp nel to drop packets are text oriented protocols while Filtering Packets If we really need to capture all Ethernet or TCP/IP use binary fo As we saw before, the capture proc- traffic, then there is little we can do rmat. Check whether you have ess takes place in the kernel while to optimize the capture process, but what you expect our application runs at user lev if we are only interested in a specific Any data extracted from a packet When the kernel gets a packet from type of packets we can tell the kernel for later use should be validated. the network interface it has to copy to filter the incoming traffic so we just For example, If the payload of it from kernel space to user space, get a copy of the packets that match a packet is supposed to contain consuming a significant amount of a filter expression. The part of the Listing 4. TCP RST Attack too/ /A simple TCP RST Attack tool char errbuf[ PCAP ERRBUF SIZE] memset'errbuf, 0, PCAF ERRDUF SIZE)i cp rese print ("USAGE: tcpsyndcs <intertace>\n")i I def ne USE BSD Using ESp Ip header ex⊥t(1) #include <netinet /ip h> / Internet Protocol x Open network device for packet capture * define FAVOR BSD /4 Using EsD ICP header descr- pcap open live(argv[ll, MAXBYTES2CAPTURE, 1, 512 #inclde <,netinet/tcp. h> Transmission. Control Protocol * /* Look up info from the capture device #inc⊥ce<pcap.h> / Lirpcap pcap lookupnet( argyll &netaddr, &mask, errbuf Hfinclace <string.h> /* String operations /* Compiles the filter expression: Packets with ACK or aCK flags set 7/ # incline <stdlib.h> / Standard library pcap comp- le(descr, &filter, "(tcp[13]==0x10)or definitions ./ (tcp[l 0x18)",1,mask) define MAXBYTES 2CAPTURE 204 8 x Load the lilter program into the packet capture int TCP RST send(tcp seg seg, tcp seg ack, unsigned pcap setiiter (descr, filter) long src ip, unsigned long dst ip, u short src prt u chort while(1)[ dst prt, u short win)i ext( descr, &p<thdr) This function crafts a custom TCP/IP packet with the RST fiag set phdr-(struct ip *)(packe=+14)i/* Assuming is and sends it through a raw socket. Check Ethernet! */ http://www.programming-pcap.aldabaknocking.com/for tcphdr=(struct tcrhdr *)(packet +14+20):/x Assuming the full example.*/ no IP options! * ⊥ntf /*1...17 printf!"Received racket 8d: \r",++count)i printf: ACK: u\n", nohl (tcphdr->th ack))i return 0 printf: "Seo: u'in", nohl(tcphdr->th seq))i print:DST IP: s\n", inet r toa(iphdr->ip dst))i printf: SRC IP: s\1", inet I: tuc(iphir->ip src))i int main(int argc, char xargv[: )I printf: "SRC PORT: 9d\n", ntors(tcprdr->th sport))i printf! "DST PORT %d\n", ntors(tcnrdr->th dport) int count=0 printf: n")i bpf 1 int32 netaddr=0, nask=0 pcap t *descr- NULL TCP RST send( tcphdr->th ack, 0, iphdr->ip dst. s addr struct opf program filter struct ip *iphd struct tcphar * tcphdr struct pcap pkthdr pkthdri return 0 const unsigned char * packet-NULL www.haking.org/en hakin9 2/2008 45 Attack kernel that provides this functionalit is the system's packet filter About the author A packet filter is basically a user Luis Martin Garcia is a graduate in Computer Science from the University of Salaman defined routine that is called by the ca, Spain, and is currently pursuing his Master's degree in Information Security. He is network card driver for every packet also the creator of Aldaba, an open source Port Knocking and Single Packet Authoriza that it gets. If the routine validates tionsystemforGnu/lInux,availableathttp://www.aldabaknocking.com the packet, it is delivered to our ap plication, otherwise it is only passed to the protocol stack for the usual processing On the net Every operating system imple http://www.tcpdumporg/-tcpdumpandlibpcapofficialsite ments its own packet filtering mecha http.://www.stearns.org/doc/pcap-apps.htm/-listoftoolsbasedonlibpcap, nisms. However, many of them are http://ftp.gnumonks.org/pub/doc/packet-journey-2.4.htm/-thejourneyofapacket based on the same architecture the through the Linux network stack BSD Packet Filter or BPF. Libpcap http://www.tcpdump.org/papers/bpf-usenix93.pdf-paperabouttheBpffilter provides complete support for BPF written by the original authors of libpcap, based packet filters. This includes http://www.cs.ucr.edu/-marios/ethereal-tcpdump.pdf-atutorialonlibpcapfilter platforms like *BSD, AIX, Tru64 expressions. Mac Os or Linux On systems that do not accept BPF filters, libpcap is not able to provide kernel level filter packets with the sYN flag set and char *dev ce, bpf u int32 *netp ing but it is still capable of selecting whose destination port is either bpf u int 32 *maskp, char terrbuf) traffic by reading all the packets will do it for us and evaluating the BPF filters in icmp [icmptypel--icmp-ecorep-y Once we have a compiled BPF user-space, inside the library. This or icmp[icmmptype]== icmp-echo program we have to insert it into involves considerable computational returns ICMP ping requests and the kernel calling the function int overhead but it provides unmatched replies pcap se-filter(pcap t *p,st portability ether dst 00: 00: 09: c1: 0e: 82 brf program *fp). If everything eturns Ethernet frames whose goes well we can call pcap loop( Setting a Filter destination MAC address match- or pcap next( and start grab Setting a filter involves three steps es00:eC:09:c1:0e:82 bing packets. Listing 3 shows an constructing the filter expression ip[81--5 returns packets whose example of a simple application compiling the expression into a P TTL value equals 5 hat captures ARP traffic. Listing BPF program and finally applying 4 shows a bit more advanced tool the filter Once we have the filter expression that listens for TCP packets with BPF programs are written in a we have to translate it into some- the ACK or PSH-ACK flags set and special language similar to assem- thing the kernel can understand, resets the connection, resulting in a bly. However, libpcap and tcpdump a BPF program. The function int denial of service for everyone in the implement a high level language pcap compile(pcap t " struct network. Error checks and some that lets us define filters in a much bpf program Afp, char *str, int portions of code have been omit easier way. The specific syntax of optimize, bpt u int 32 netmask) ted for clarity. Full examples can thislanguageisoutofthescopecompilesthefilterexpressionbefoundinhttpprogramming ofthisarticleThefullspecificationpointedbystrintoBpfcodeThepcapaldabaknocking.com can be found in the manual page argument fp is a pointer to a struc for tcpdump. Here are some ex- ture of type struct hpf program that Conclusion amples we should declare before the call to In this article we have explored the pcap compile(). The optimize flag basics of packet capture and learned src nost 192.. 1.77 returns controls whether the filter program how to implement simple sniffing packets whose source IP ad- should be optimized for efficiency applications using the pcap library dress is192.168.1.77, or not. The last argument is the net- However, libpcap offers additional cst port 30 returns packets mask of the network on which pack- functionality that has not been cov hose TCP/UDP destination port ets will be captured Unless we want ered here(dumping packets to cap- is 80 to test for broadcast addresses the ture files, injecting packets, getting not tcp Returns any packet that netmask parameter can be safely statistics, etc). Full documentation does not use the tCP protocol, set to zero. However, if we need to and some tutorials can be found in tcp[13]=- 0x02 and (dst port determine the network mask, thethe pcap man page or at tcpdump's 2 or dst port 23) returns TCP function int pcap loocupnet(const official site. o 46 hakin 9 2/2008 www.haking.org/en

...展开详情
立即下载 最低0.43元/次 身份认证VIP会员低至7折
举报 举报 收藏 收藏
分享
3MB
Libpcap使用简介.pdf

Libpcap使用简介,无线驱动开发技术相关资料,用兴趣可以自行下载。Libpcap使用简介,无线驱动开发技术相关资料,用兴趣可以自行下载。

2019-11-17
508KB
libpcap-0.9.8.tar.gz

libpcap-0.9.8.tar.gz<br>免费下载:<br>http://www.fs2you.com/files/816df728-16b3-11dd-9544-0014221f4662/

2008-04-30
605KB
libpcap-1.4.0.tar.gz

libpcap是unix/linux平台下的网络数据包捕获函数包,大多数网络监控软件都以它为基础。

2013-09-11
813KB
libpcap-1.9.0

linux下libpcap-1.9.0的源码。可以在Linux下编译。参考Readme文件。

2018-07-24
2.54MB
libpcap-master

libpcap-master.rar 需求的可以下载。个人已经编译过了。

2018-10-24
118KB
libpcap-devel-1.5.3-11.el7.x86_64.rpm

libpcap-devel-1.5.3-11.el7.x86_64.rpm 下载不到正确包的同志自取,不能零积分下载最少只能1积分请见谅

2018-08-26
237KB
论文研究-基于多核网络处理器平台的Libpcap性能评估 .pdf

基于多核网络处理器平台的Libpcap性能评估,马骁,徐钊,网络数据包捕获机制是网络入侵检测系统运行的基础,Libpcap是当前流行的linux操作系统下的底层数据包捕获函数库之一。本文基于linux平�

2019-08-15
3.25MB
tcpdump(tcpdump-4.9.2.tar.gz & libpcap-1.8.1.tar.gz)源码及工具

编译教程:https://blog.csdn.net/onlyshi/article/details/81081707 该资源已包含了mipsel-linux-uclibc平台的bin文件,可直接拷贝到目标系统使用

2019-01-17
156KB
libjpcap.so

JPcap移植到Android平台,这是编译后的库文件,在Android项目中可通过JPcap中的Java接口对之进行调用。

2011-10-08
109KB
libpcap-0.9.4-15.el5.x86_64.rpm

64位RM包 libpcap-0.9.4-15.el5.x86_64

2012-02-20
139KB
libpcap-1.5.3-12.el7.x86_64.rpm

Centos 7.x tcpdump 离线安装所需的软件(libpcap-1.5.3-12.el7.x86_64.rpm).

2020-05-21
133.67MB
libpcap抓包程序.zip

本程序为“libpcap抓包分析项目”的资源文件,仅供大家学习参考使用,希望对大家有所帮助。

2019-07-12
27.69MB
wireshark-1.12.0最新源码

关于 Wireshark 不用多说,网上的介绍很多!如何编译? 安装编译工具:   $sudo apt-get install build-essential   为了成功编译Wireshark,您需要安装GTK+的开发文件和GLib库(libraries)。   $sudo apt-get install libgtk2.0-dev libglib2.0-dev   安装Checkinstall以便管理您系统中直接由源代码编译安装的软件。   $sudo apt-get install checkinstall 下载后的文件名:wireshark-1.2.2.tar.bz2

2014-08-27
116KB
libpcap-devel-0.9.4-14.el5.x86_64

libpcap-devel-0.9.4-14.el5.x86_64.rpm,安装iftop64位系统时所需的依赖包

2012-09-19
149KB
libpcap网络抓包入门.rar

libpcap网络抓包入门.rar

2007-11-03
233KB
libpcap+libpcap-devel

libpcap-1.4.0-4.20130826git2dbcaa1.el6.x86_64.rpm libpcap-devel-1.4.0-4.20130826git2dbcaa1.el6.x86_64.rpm

2017-12-26
20KB
简单的libpcap和socket发包程序.rar

简介: 程序主要功能: 1.arp、icmp、tcp、udp四种协议的数据包构造 2.使用socket发送以上四种数据包 3.使用libpcap发送数据包 附:可以简单的设置数据包数据部分的长度,发送重复次数。 **程序运行环境是Linux,需要输入dev_name是网卡(例如:eth0).

2018-03-30
131KB
libpcap-devel-1.4.0-4.20130826git2dbcaa1.el6.x86_64.rpm

libpcap-devel-1.4.0-4.20130826git2dbcaa1.el6.x86_64.rpm

2018-03-16
57KB
pypcapfile, 纯 python 库,用于处理libpcap的savefiles.zip

pypcapfile, 纯 python 库,用于处理libpcap的savefiles pypcapfile pypcapfile是一个纯 python 库,用于处理libpcap的savefiles 。安装安装最简单的方法是从 pypi:sudo pip install pypcapfile

2019-09-17
3MB
这是libpcap使用示例程序和文档

这是libpcap的使用示例程序和文档,具体请参考: http://blog.csdn.net/htttw/article/details/7521053

2012-04-28
img
少茗
  • 领英

    绑定领英第三方账户获取
  • GitHub

    绑定GitHub第三方账户获取
  • 签到新秀

    累计签到获取,不积跬步,无以至千里,继续坚持!
  • 分享王者

    成功上传51个资源即可获取

关注 私信 TA的资源

上传资源赚积分,得勋章
相关内容推荐