Modifiziertes Sniffex.c <\/p>\n\n\n\n
kann jetzt auch save + offline-read<\/p>\n\n\n\n
\/*\n * sniffex.c\n *\n * Sniffer example of TCP\/IP packet capture using libpcap.\n * \n * Version 0.1.1 (2005-07-05)\n * Copyright (c) 2005 The Tcpdump Group\n *\n * This software is intended to be used as a practical example and \n * demonstration of the libpcap library; available at:\n * http:\/\/www.tcpdump.org\/\n *\n ****************************************************************************\n *\n * This software is a modification of Tim Carstens' \"sniffer.c\"\n * demonstration source code, released as follows:\n * \n * sniffer.c\n * Copyright (c) 2002 Tim Carstens\n * 2002-01-07\n * Demonstration of using libpcap\n * timcarst -at- yahoo -dot- com\n * \n * \"sniffer.c\" is distributed under these terms:\n * \n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and\/or other materials provided with the distribution.\n * 4. The name \"Tim Carstens\" may not be used to endorse or promote\n * products derived from this software without prior written permission\n *\n * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND\n * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE\n * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\n * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\n * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF\n * SUCH DAMAGE.\n * <end of \"sniffer.c\" terms>\n *\n * This software, \"sniffex.c\", is a derivative work of \"sniffer.c\" and is\n * covered by the following terms:\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Because this is a derivative work, you must comply with the \"sniffer.c\"\n * terms reproduced above.\n * 2. Redistributions of source code must retain the Tcpdump Group copyright\n * notice at the top of this source file, this list of conditions and the\n * following disclaimer.\n * 3. Redistributions in binary form must reproduce the above copyright\n * notice, this list of conditions and the following disclaimer in the\n * documentation and\/or other materials provided with the distribution.\n * 4. The names \"tcpdump\" or \"libpcap\" may not be used to endorse or promote\n * products derived from this software without prior written permission.\n *\n * THERE IS ABSOLUTELY NO WARRANTY FOR THIS PROGRAM.\n * BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY\n * FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN\n * OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND\/OR OTHER PARTIES\n * PROVIDE THE PROGRAM \"AS IS\" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED\n * OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF\n * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS\n * TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE\n * PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,\n * REPAIR OR CORRECTION.\n * \n * IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING\n * WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND\/OR\n * REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,\n * INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING\n * OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED\n * TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY\n * YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER\n * PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE\n * POSSIBILITY OF SUCH DAMAGES.\n * <end of \"sniffex.c\" terms>\n * \n ****************************************************************************\n *\n * Below is an excerpt from an email from Guy Harris on the tcpdump-workers\n * mail list when someone asked, \"How do I get the length of the TCP\n * payload?\" Guy Harris' slightly snipped response (edited by him to\n * speak of the IPv4 header length and TCP data offset without referring\n * to bitfield structure members) is reproduced below:\n * \n * The Ethernet size is always 14 bytes.\n * \n * <snip>...<\/snip>\n *\n * In fact, you *MUST* assume the Ethernet header is 14 bytes, *and*, if \n * you're using structures, you must use structures where the members \n * always have the same size on all platforms, because the sizes of the \n * fields in Ethernet - and IP, and TCP, and... - headers are defined by \n * the protocol specification, not by the way a particular platform's C \n * compiler works.)\n *\n * The IP header size, in bytes, is the value of the IP header length,\n * as extracted from the \"ip_vhl\" field of \"struct sniff_ip\" with\n * the \"IP_HL()\" macro, times 4 (\"times 4\" because it's in units of\n * 4-byte words). If that value is less than 20 - i.e., if the value\n * extracted with \"IP_HL()\" is less than 5 - you have a malformed\n * IP datagram.\n *\n * The TCP header size, in bytes, is the value of the TCP data offset,\n * as extracted from the \"th_offx2\" field of \"struct sniff_tcp\" with\n * the \"TH_OFF()\" macro, times 4 (for the same reason - 4-byte words).\n * If that value is less than 20 - i.e., if the value extracted with\n * \"TH_OFF()\" is less than 5 - you have a malformed TCP segment.\n *\n * So, to find the IP header in an Ethernet packet, look 14 bytes after \n * the beginning of the packet data. To find the TCP header, look \n * \"IP_HL(ip)*4\" bytes after the beginning of the IP header. To find the\n * TCP payload, look \"TH_OFF(tcp)*4\" bytes after the beginning of the TCP\n * header.\n * \n * To find out how much payload there is:\n *\n * Take the IP *total* length field - \"ip_len\" in \"struct sniff_ip\" \n * - and, first, check whether it's less than \"IP_HL(ip)*4\" (after\n * you've checked whether \"IP_HL(ip)\" is >= 5). If it is, you have\n * a malformed IP datagram.\n *\n * Otherwise, subtract \"IP_HL(ip)*4\" from it; that gives you the length\n * of the TCP segment, including the TCP header. If that's less than\n * \"TH_OFF(tcp)*4\" (after you've checked whether \"TH_OFF(tcp)\" is >= 5),\n * you have a malformed TCP segment.\n *\n * Otherwise, subtract \"TH_OFF(tcp)*4\" from it; that gives you the\n * length of the TCP payload.\n *\n * Note that you also need to make sure that you don't go past the end \n * of the captured data in the packet - you might, for example, have a \n * 15-byte Ethernet packet that claims to contain an IP datagram, but if \n * it's 15 bytes, it has only one byte of Ethernet payload, which is too \n * small for an IP header. The length of the captured data is given in \n * the \"caplen\" field in the \"struct pcap_pkthdr\"; it might be less than \n * the length of the packet, if you're capturing with a snapshot length \n * other than a value >= the maximum packet size.\n * <end of response>\n * \n ****************************************************************************\n * \n * Example compiler command-line for GCC:\n * gcc -Wall -o sniffex_hp sniffex_hp.c -lpcap\n * \n ****************************************************************************\n *\n * Code Comments\n *\n * This section contains additional information and explanations regarding\n * comments in the source code. It serves as documentaion and rationale\n * for why the code is written as it is without hindering readability, as it\n * might if it were placed along with the actual code inline. References in\n * the code appear as footnote notation (e.g. [1]).\n *\n * 1. Ethernet headers are always exactly 14 bytes, so we define this\n * explicitly with \"#define\". Since some compilers might pad structures to a\n * multiple of 4 bytes - some versions of GCC for ARM may do this -\n * \"sizeof (struct sniff_ethernet)\" isn't used.\n * \n * 2. Check the link-layer type of the device that's being opened to make\n * sure it's Ethernet, since that's all we handle in this example. Other\n * link-layer types may have different length headers (see [1]).\n *\n * 3. This is the filter expression that tells libpcap which packets we're\n * interested in (i.e. which packets to capture). Since this source example\n * focuses on IP and TCP, we use the expression \"ip\", so we know we'll only\n * encounter IP packets. The capture filter syntax, along with some\n * examples, is documented in the tcpdump man page under \"expression.\"\n * Below are a few simple examples:\n *\n * Expression\t\t\tDescription\n * ----------\t\t\t-----------\n * ip\t\t\t\t\tCapture all IP packets.\n * tcp\t\t\t\t\tCapture only TCP packets.\n * tcp port 80\t\t\tCapture only TCP packets with a port equal to 80.\n * ip host 10.1.2.3\t\tCapture all IP packets to or from host 10.1.2.3.\n *\n ****************************************************************************\n *\n *\/\n\n#define APP_NAME\t\t\"sniffex\"\n#define APP_DESC\t\t\"Sniffer example using libpcap\"\n#define APP_COPYRIGHT\t\"Copyright (c) 2005 The Tcpdump Group\"\n#define APP_DISCLAIMER\t\"THERE IS ABSOLUTELY NO WARRANTY FOR THIS PROGRAM.\"\n\n#include <pcap.h>\n#include <stdio.h>\n#include <string.h>\n#include <stdlib.h>\n#include <ctype.h>\n#include <errno.h>\n#include <sys\/types.h>\n#include <sys\/socket.h>\n#include <netinet\/in.h>\n#include <arpa\/inet.h>\n\n\/* default snap length (maximum bytes per packet to capture) *\/\n#define SNAP_LEN 1518\n\n\/* ethernet headers are always exactly 14 bytes [1] *\/\n#define SIZE_ETHERNET 14\n\n\/* Ethernet addresses are 6 bytes *\/\n#define ETHER_ADDR_LEN\t6\n\n\/* Ethernet header *\/\npcap_dumper_t* pdumper;\n\nstruct sniff_ethernet {\n u_char ether_dhost[ETHER_ADDR_LEN]; \/* destination host address *\/\n u_char ether_shost[ETHER_ADDR_LEN]; \/* source host address *\/\n u_short ether_type; \/* IP? ARP? RARP? etc *\/\n};\n\n\/* IP header *\/\nstruct sniff_ip {\n u_char ip_vhl; \/* version << 4 | header length >> 2 *\/\n u_char ip_tos; \/* type of service *\/\n u_short ip_len; \/* total length *\/\n u_short ip_id; \/* identification *\/\n u_short ip_off; \/* fragment offset field *\/\n #define IP_RF 0x8000 \/* reserved fragment flag *\/\n #define IP_DF 0x4000 \/* dont fragment flag *\/\n #define IP_MF 0x2000 \/* more fragments flag *\/\n #define IP_OFFMASK 0x1fff \/* mask for fragmenting bits *\/\n u_char ip_ttl; \/* time to live *\/\n u_char ip_p; \/* protocol *\/\n u_short ip_sum; \/* checksum *\/\n struct in_addr ip_src,ip_dst; \/* source and dest address *\/\n};\n#define IP_HL(ip) (((ip)->ip_vhl) & 0x0f)\n#define IP_V(ip) (((ip)->ip_vhl) >> 4)\n\n\/* TCP header *\/\ntypedef u_int tcp_seq;\n\nstruct sniff_tcp {\n u_short th_sport; \/* source port *\/\n u_short th_dport; \/* destination port *\/\n tcp_seq th_seq; \/* sequence number *\/\n tcp_seq th_ack; \/* acknowledgement number *\/\n u_char th_offx2; \/* data offset, rsvd *\/\n#define TH_OFF(th) (((th)->th_offx2 & 0xf0) >> 4)\n u_char th_flags;\n #define TH_FIN 0x01\n #define TH_SYN 0x02\n #define TH_RST 0x04\n #define TH_PUSH 0x08\n #define TH_ACK 0x10\n #define TH_URG 0x20\n #define TH_ECE 0x40\n #define TH_CWR 0x80\n #define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)\n u_short th_win; \/* window *\/\n u_short th_sum; \/* checksum *\/\n u_short th_urp; \/* urgent pointer *\/\n};\n\nvoid\ngot_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet);\n\nvoid\nprint_payload(const u_char *payload, int len);\n\nvoid\nprint_hex_ascii_line(const u_char *payload, int len, int offset);\n\nvoid\nprint_app_banner(void);\n\nvoid\nprint_app_usage(void);\n\n\/*\n * app name\/banner\n *\/\nvoid\nprint_app_banner(void)\n{\n\n\tprintf(\"%s - %s\\n\", APP_NAME, APP_DESC);\n\tprintf(\"%s\\n\", APP_COPYRIGHT);\n\tprintf(\"%s\\n\", APP_DISCLAIMER);\n\tprintf(\"\\n\");\n\nreturn;\n}\n\n\/*\n * print help text\n *\/\nvoid\nprint_app_usage(void)\n{\n\n\tprintf(\"Usage: %s [interface]\\n\", APP_NAME);\n\tprintf(\"\\n\");\n\tprintf(\"Options:\\n\");\n\tprintf(\" interface Listen on <interface> for packets.\\n\");\n\tprintf(\"\\n\");\n\nreturn;\n}\n\n\/*\n * print data in rows of 16 bytes: offset hex ascii\n *\n * 00000 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a GET \/ HTTP\/1.1..\n *\/\nvoid\nprint_hex_ascii_line(const u_char *payload, int len, int offset)\n{\n\n\tint i;\n\tint gap;\n\tconst u_char *ch;\n\n\t\/* offset *\/\n\tprintf(\"%05d \", offset);\n\t\n\t\/* hex *\/\n\tch = payload;\n\tfor(i = 0; i < len; i++) {\n\t\tprintf(\"%02x \", *ch);\n\t\tch++;\n\t\t\/* print extra space after 8th byte for visual aid *\/\n\t\tif (i == 7)\n\t\t\tprintf(\" \");\n\t}\n\t\/* print space to handle line less than 8 bytes *\/\n\tif (len < 8)\n\t\tprintf(\" \");\n\t\n\t\/* fill hex gap with spaces if not full line *\/\n\tif (len < 16) {\n\t\tgap = 16 - len;\n\t\tfor (i = 0; i < gap; i++) {\n\t\t\tprintf(\" \");\n\t\t}\n\t}\n\tprintf(\" \");\n\t\n\t\/* ascii (if printable) *\/\n\tch = payload;\n\tfor(i = 0; i < len; i++) {\n\t\tif (isprint(*ch))\n\t\t\tprintf(\"%c\", *ch);\n\t\telse\n\t\t\tprintf(\".\");\n\t\tch++;\n\t}\n\n\tprintf(\"\\n\");\n\nreturn;\n}\n\n\/*\n * print packet payload data (avoid printing binary data)\n *\/\nvoid\nprint_payload(const u_char *payload, int len)\n{\n\n\tint len_rem = len;\n\tint line_width = 16;\t\t\t\/* number of bytes per line *\/\n\tint line_len;\n\tint offset = 0;\t\t\t\t\t\/* zero-based offset counter *\/\n\tconst u_char *ch = payload;\n\n\tif (len <= 0)\n\t\treturn;\n\n\t\/* data fits on one line *\/\n\tif (len <= line_width) {\n\t\tprint_hex_ascii_line(ch, len, offset);\n\t\treturn;\n\t}\n\n\t\/* data spans multiple lines *\/\n\tfor ( ;; ) {\n\t\t\/* compute current line length *\/\n\t\tline_len = line_width % len_rem;\n\t\t\/* print line *\/\n\t\tprint_hex_ascii_line(ch, line_len, offset);\n\t\t\/* compute total remaining *\/\n\t\tlen_rem = len_rem - line_len;\n\t\t\/* shift pointer to remaining bytes to print *\/\n\t\tch = ch + line_len;\n\t\t\/* add offset *\/\n\t\toffset = offset + line_width;\n\t\t\/* check if we have line width chars or less *\/\n\t\tif (len_rem <= line_width) {\n\t\t\t\/* print last line and get out *\/\n\t\t\tprint_hex_ascii_line(ch, len_rem, offset);\n\t\t\tbreak;\n\t\t}\n\t}\n\nreturn;\n}\n\n\/*\n * dissect\/print packet\n *\/\nvoid\ngot_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)\n{\n\n\tstatic int count = 1; \/* packet counter *\/\n\t\n\t\/* declare pointers to packet headers *\/\n\tconst struct sniff_ethernet *ethernet; \/* The ethernet header [1] *\/\n\tconst struct sniff_ip *ip; \/* The IP header *\/\n\tconst struct sniff_tcp *tcp; \/* The TCP header *\/\n\tconst char *payload; \/* Packet payload *\/\n\n\tint size_ip;\n\tint size_tcp;\n\tint size_payload;\n\tpcap_dump( pdumper, header, packet);\n\tprintf(\"\\nPacket number %d:\\n\", count);\n\tcount++;\n\t\n\t\/* define ethernet header *\/\n\tethernet = (struct sniff_ethernet*)(packet);\n\t\n\t\/* define\/compute ip header offset *\/\n\tip = (struct sniff_ip*)(packet + SIZE_ETHERNET);\n\tsize_ip = IP_HL(ip)*4;\n\tif (size_ip < 20) {\n\t\tprintf(\" * Invalid IP header length: %u bytes\\n\", size_ip);\n\t\treturn;\n\t}\n\n\t\/* print source and destination IP addresses *\/\n\tprintf(\" From: %s\\n\", inet_ntoa(ip->ip_src));\n\tprintf(\" To: %s\\n\", inet_ntoa(ip->ip_dst));\n\t\n\t\/* determine protocol *\/\t\n\tswitch(ip->ip_p) {\n\t\tcase IPPROTO_TCP:\n\t\t\tprintf(\" Protocol: TCP\\n\");\n\t\t\tbreak;\n\t\tcase IPPROTO_UDP:\n\t\t\tprintf(\" Protocol: UDP\\n\");\n\t\t\treturn;\n\t\tcase IPPROTO_ICMP:\n\t\t\tprintf(\" Protocol: ICMP\\n\");\n\t\t\treturn;\n\t\tcase IPPROTO_IP:\n\t\t\tprintf(\" Protocol: IP\\n\");\n\t\t\treturn;\n\t\tdefault:\n\t\t\tprintf(\" Protocol: unknown\\n\");\n\t\t\treturn;\n\t}\n\t\n\t\/*\n\t * OK, this packet is TCP.\n\t *\/\n\t\n\t\/* define\/compute tcp header offset *\/\n\ttcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip);\n\tsize_tcp = TH_OFF(tcp)*4;\n\tif (size_tcp < 20) {\n\t\tprintf(\" * Invalid TCP header length: %u bytes\\n\", size_tcp);\n\t\treturn;\n\t}\n\t\n\tprintf(\" Src port: %d\\n\", ntohs(tcp->th_sport));\n\tprintf(\" Dst port: %d\\n\", ntohs(tcp->th_dport));\n\t\n\t\/* define\/compute tcp payload (segment) offset *\/\n\tpayload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_tcp);\n\t\n\t\/* compute tcp payload (segment) size *\/\n\tsize_payload = ntohs(ip->ip_len) - (size_ip + size_tcp);\n\t\n\t\/*\n\t * Print payload data; it might be binary, so don't just\n\t * treat it as a string.\n\t *\/\n\tif (size_payload > 0) {\n\t\tprintf(\" Payload (%d bytes):\\n\", size_payload);\n\t\tprint_payload(payload, size_payload);\n\t}\n\nreturn;\n}\n\nint main(int argc, char **argv)\n{\n\n\tchar *dev = NULL;\t\t\t\/* capture device name *\/\n\tchar errbuf[PCAP_ERRBUF_SIZE];\t\t\/* error buffer *\/\n\tpcap_t *handle;\t\t\t\t\/* packet capture handle *\/\n char *filename=\"file.pcap\";\n\tpcap_t* pd = pcap_open_dead(DLT_EN10MB, 65535);\n pdumper = pcap_dump_open(pd, filename);\n \n\n\tchar filter_exp[] = \"ip\";\t\t\/* filter expression [3] *\/\n\tstruct bpf_program fp;\t\t\t\/* compiled filter program (expression) *\/\n\tbpf_u_int32 mask;\t\t\t\/* subnet mask *\/\n\tbpf_u_int32 net;\t\t\t\/* ip *\/\n\tint num_packets = 100;\t\t\t\/* number of packets to capture *\/\n\n\tprint_app_banner();\n\n\t\/* check for capture device name on command-line *\/\n\tif (argc == 2) {\n\t\tdev = argv[1];\n\t}\n\telse if (argc > 2) {\n\t\tfprintf(stderr, \"error: unrecognized command-line options\\n\\n\");\n\t\tprint_app_usage();\n\t\texit(EXIT_FAILURE);\n\t}\n\telse {\n\t\t\/* find a capture device if not specified on command-line *\/\n\t\tdev = pcap_lookupdev(errbuf);\n\t\tif (dev == NULL) {\n\t\t\tfprintf(stderr, \"Couldn't find default device: %s\\n\",\n\t\t\t errbuf);\n\t\t\texit(EXIT_FAILURE);\n\t\t}\n\t}\n\t\n\t\/* get network number and mask associated with capture device *\/\n\t\/*if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {\n\t\tfprintf(stderr, \"Couldn't get netmask for device %s: %s\\n\",\n\t\t dev, errbuf);\n\t\tnet = 0;\n\t\tmask = 0;\n\t} *\/\n\n\t\/* print capture info *\/\n\tprintf(\"Device: %s\\n\", dev);\n\tprintf(\"Number of packets: %d\\n\", num_packets);\n\tprintf(\"Filter expression: %s\\n\", filter_exp);\n\n\t\/* open capture device *\/\n\thandle = pcap_open_offline(dev, errbuf);\n\tif (handle == NULL) {\n\t\tfprintf(stderr, \"Couldn't open file %s: %s\\n\", dev, errbuf);\n\t\texit(EXIT_FAILURE);\n\t}\n\n\t\/* make sure we're capturing on an Ethernet device [2] *\/\n\tif (pcap_datalink(handle) != DLT_EN10MB) {\n\t\tfprintf(stderr, \"%s is not an Ethernet\\n\", dev);\n\t\texit(EXIT_FAILURE);\n\t}\n\n\t\/* compile the filter expression *\/\n\tif (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {\n\t\tfprintf(stderr, \"Couldn't parse filter %s: %s\\n\",\n\t\t filter_exp, pcap_geterr(handle));\n\t\texit(EXIT_FAILURE);\n\t}\n\n\t\/* apply the compiled filter *\/\n\tif (pcap_setfilter(handle, &fp) == -1) {\n\t\tfprintf(stderr, \"Couldn't install filter %s: %s\\n\",\n\t\t filter_exp, pcap_geterr(handle));\n\t\texit(EXIT_FAILURE);\n\t}\n\n\t\/* now we can set our callback function *\/\n\tpcap_loop(handle, num_packets, got_packet, NULL);\n\n\t\/* cleanup *\/\n\tpcap_freecode(&fp);\n\tpcap_close(handle);\n\n\tprintf(\"\\nCapture complete.\\n\");\n\nreturn 0;\n}\n<\/pre>\n","protected":false},"excerpt":{"rendered":"Modifiziertes Sniffex.c kann jetzt auch save + offline-read \/* * sniffex.c * * Sniffer example of TCP\/IP packet capture using libpcap. * * Version 0.1.1 (2005-07-05) * Copyright (c) 2005 The Tcpdump Group * * This software is intended to be used as a practical example and * demonstration of the libpcap library; available at: … <\/p>\n