问题
I am trying to write an application to sniff traffic being sent to an ethernet port on my server. My application never needs to send data. It only needs to receive and decode the 5-tuple.
I am opening the socket with:
socket (AF_INET, SOCK_RAW, htons (ETH_P_ALL))
and setting it to promiscuous mode:
struct ifreq ifr;
ioctl (raw_socket, SIOCGIFFLAGS, &ifr);
/* Set the old flags plus the IFF_PROMISC flag */
ifr.ifr_flags |= IFF_PROMISC;
ioctl (raw_socket, SIOCSIFFLAGS, &ifr);
I am using recv to receive data from the socket, but it appears that I'm not receiving the full packets including the from/to IP addresses inside the packet.
Any idea how best to do this?
来源:https://stackoverflow.com/questions/27069400/read-raw-ipv4-in-promiscuous-mode-on-linux