问题
I need to write a packet sniffer in Linux that detects HTTPS packet that are sent and save the url from the request. I found code for this in security-freak and ran it. This code runs and only sniffs the received packet but I need to get the sent packet in the sniffer. How do I get the sent packet in this code?
I can't use any library like libcap (forbidden). The code is :sniffer.c
回答1:
You should be using ETH_P_ALL instead of ETH_P_IP as the protocol. ETH_P_IP only listens for incoming IP packets.
回答2:
Why can't you use any library? Homework?
It's hard to answer without having examples from your code, for example how you set sll_pkttype.
The urlsnarf tool in the dnsiff suite could be worth a look.
回答3:
With appropriate libpcap or DNET usage You should be able to get all network traffic on the desired layer (protocol - 5) (also this outgoing). But You should know that already.
You need to go through the above libraries manuals and find the appropriate filtering.
来源:https://stackoverflow.com/questions/1637835/packet-sniffing-using-raw-sockets-in-linux-in-c