问题
When i run a simple packet sniffer coded in C on my Mac OS X, i got no output at all, this is a strange thing! can someone help me to understand what going on.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
int main(void) {
int i, recv_length, sockfd;
u_char buffer[9000];
if ((sockfd = socket(PF_INET, SOCK_RAW, IPPROTO_TCP)) == -1) {
printf("Socket failed!!\n");
return -1;
}
for(i=0; i < 3; i++) {
recv_length = recv(sockfd, buffer, 8000, 0);
printf("Got some bytes : %d\n", recv_length);
}
return 0;
}
I compile it and run it on my box and nothing is going:
MacOsxBox:Desktop evariste$sudo ./simpleSniffer
Thanks for your help.
回答1:
This will not work on *BSD (including OSX/Darwin). See the investigation here for more details:
b. FreeBSD
**********
FreeBSD takes another approach. It *never* passes TCP or UDP packets to raw
sockets. Such packets need to be read directly at the datalink layer by using
libraries like libpcap or the bpf API. It also *never* passes any fragmented
datagram. Each datagram has to be completeley reassembled before it is passed
to a raw socket.
FreeBSD passes to a raw socket:
a) every IP datagram with a protocol field that is not registered in
the kernel
b) all IGMP packets after kernel finishes processing them
c) all ICMP packets (except echo request, timestamp request and address
mask request) after kernel finishes processes them
Moral of the story: use libpcap
for this. It will make your life much easier. (If you use MacPorts, do sudo port install libpcap
.)
回答2:
I run it and get:
# ./a.out
Got some bytes : 176
Got some bytes : 168
Got some bytes : 168
#
I'm guessing it's going to be something really odd, like you don't have permission to open a socket and stderr is redirected oddly.
I'd suggest the good old-fashioned wolf-trap debugging:
printf("I got ti 1\n");
if ((sockfd = socket(PF_INET, SOCK_RAW, IPPROTO_TCP)) == -1) {
printf("Socket failed!!\n");
return -1;
}
printf("I got to 2\n");
for(i=0; i < 3; i++) {
printf("About to read socket.\n");
recv_length = recv(sockfd, buffer, 8000, 0);
printf("Got some bytes : %d\n", recv_length);
}
printf("Past the for loop.\n");
...and see what it says.
来源:https://stackoverflow.com/questions/6878603/strange-raw-socket-on-mac-os-x