自己动手学TCP/IP--以太网帧

xitong

浏览: 6203312 次

最近访客更多访客>>

gegewuqin9

summer_1988

u012363178

devcang

博主相关

博客

微博

相册

留言

关于我

文章分类

全部博客 (7329)

社区版块

存档分类

2013-05 ( 45)
2013-04 ( 98)
2013-03 ( 45)
更多存档...

数据链路层主要的功能

把网络层的包封装成帧
对帧的校验和确认
流量的控制

数据链路层生成以太网帧，以太网帧的主要格式如下。

太网帧的传输大小是由传输媒介决定的，数据帧的大小是64—1518。帧头14个字节，分别是目标MAC地址

（6个字节）+源MAC地址（6个字节）+协议类型（2个字节），帧尾是32位的CRC冗余校验。对于两个字

节协议字段，0×0800主要用于IP协议，还有一些其他的网络协议，比如Novell IPX等。

这里先介绍以太网帧头格式，用libcap抓出来的包最后的CRC冗余校验已经在物理网卡上完成。下面是代码

#include <pcap.h>
#include <stdio.h>
#include <stdlib.h> 				
#include <string.h>
#include <sys/socket.h>
#include <arpa/inet.h>		
#include <net/ethernet.h>
#include <netinet/ip_icmp.h>	//Provides declarations for icmp header
#include <netinet/udp.h>		//Provides declarations for udp header
#include <netinet/tcp.h>		//Provides declarations for tcp header
#include <netinet/ip.h>		//Provides declarations for ip header

#define BUFFER_SIZE 2048
#define HIGH4(a) (((a&0xf0))>>4)
#define LOW4(a) (a&0x0f)

int size ;

void process_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *buffer);

void print_mac(const u_char *packet_buffer);
void mac_to_str(char *szMac, unsigned char mac[6]);

int main(int argc,char *argv[])
{
	pcap_if_t *alldevsp , *device;
	pcap_t *handle; //Handle of the device that shall be sniffed

	char errbuf[100] , *devname , devs[100][100];
	int count = 1 , n;

	//First get the list of available devices
	printf("Finding available devices ... ");
	if( pcap_findalldevs( &alldevsp , errbuf) )
	{
		printf("Error finding devices : %s" , errbuf);
		exit(1);
	}
	printf("Done");

	//Print the available devices
	printf("\nAvailable Devices are :\n");
	for(device = alldevsp ; device != NULL ; device = device->next)
	{
		printf("%d. %s - %s\n" , count , device->name , device->description);
		if(device->name != NULL)
		{
			strcpy(devs[count] , device->name);
		}
		count++;
	}

	//Ask user which device to sniff
	printf("Enter the number of the device you want to sniff : ");
	scanf("%d" , &n);
	devname = devs[n];

	//Open the device for sniffing
	printf("Opening device %s for sniffing ... " , devname);
	handle = pcap_open_live(devname , 65536 , 1 , 0 , errbuf);

	if (handle == NULL)
	{
		fprintf(stderr, "Couldn't open device %s : %s\n" , devname , errbuf);
		exit(1);
	}
	printf("Done\n");

	//Put the device in sniff loop
	pcap_loop(handle , -1 , process_packet , NULL);

	return 0;
}

void process_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *buffer)
{
	size = header->len;
	print_mac(buffer);
}

void print_mac(const u_char *packet_buffer)
{
	struct ethhdr *ethernet_header = NULL;			//ether header	
	char sour_mac[40] = {'\0'};			//<linux/if_ether.h>
	char des_mac[40] = {'\0'};			//#define ETH_ALEN   6
	ethernet_header = (struct ethhdr *)packet_buffer;
	
	mac_to_str(sour_mac,ethernet_header->h_source);
	mac_to_str(des_mac,ethernet_header->h_dest);
	printf("length of ethernet_head : %d \n",sizeof(struct ethhdr));
	printf("des_MAC : %s\n",des_mac);
	printf("sour_MAC : %s\n",sour_mac);
	printf("Protocal : %x\n",ntohs(ethernet_header->h_proto));
}

//MAC地址翻译
void mac_to_str(char *szMac, unsigned char mac[6])
{
	sprintf(szMac, "%X%X:%X%X:%X%X:%X%X:%X%X:%X%X"
			, HIGH4(mac[0]), LOW4(mac[0])
			, HIGH4(mac[1]), LOW4(mac[1])
			, HIGH4(mac[2]), LOW4(mac[2])
			, HIGH4(mac[3]), LOW4(mac[3])
			, HIGH4(mac[4]), LOW4(mac[4])
			, HIGH4(mac[5]), LOW4(mac[5])
			);
}

$ gcc get_mac.c -o get_mac -lpcap

分享到：