LibPCAP packet capture function library

tags: qualcom2

Reference for the original blog

pcap_compile()

  This is used to compile the user input filter string to filter information, which can determine which packages are user acquisition.

Filter expressions contain one or more elements. Each element typically contains three different modifiers: 3 different modes of modified ID name or numbers:

  Type modifier Note The ID belongs to that type. The type of modifier that can be used is Host, Net, Port, Portrange. For example, 'Host Foo', 'Net 128.3', 'Port 20', 'POR-TRANGE 6000-6008'. If the ID does not specify a type, Host is the default.

  Path direction modifier Specify the path direction of the ID. The path modifiers that can be used include SRC, DST, SRC OR DST, SRCAND DST, ADDR1, ADDR2, ADDR3, AND AddR4. Example 'SRC Foo', 'DST NET 128.3', 'SRC or DST Port FTP-DATA'. If ID has no path modifier, default SRC or DST. Addr1, addr2, addr3, and addr4 are only for unlimited networks, in the link layer, if it is a mixed mode, you can specify the filter direction with inBound, OutBound.

  Agreement modifier To limit the matching protocol. Protocol modifiers Ether, FDDI, TR, WLAN, IP, IP6, ARP, RARP, DECNET, TCP AND UDP. Example Ether SRC FOO ',' ARP NET 128.3 ',' TCP Port 21 ',' UDP PortRange 7000-7009 ',' WLAN Addr2 0: 2: 3: 4: 5: 6 '. If there is no agreement, the default is All protocols match, such as 'src foo', IP ARP RARP protocols match
The FDDI protocol is equivalent to the Ether protocol, like the FDDI parser, like the Ether meaning, the FDDI header information contains an Ethernet source, destination address, and the type of destination, which can specify the FDDI header domain to filter the designated domain. . The FDDI head also contains other domains, but cannot be applied and filtered.
TR and WLANs are equivalent to Ether in the filter parser. The previous version of the FDDI header information is also applicable to the head of the 802.11 wireless LAN.

In addition to the above three modifiers, there are some special modifications and arithmetic computing: Gateway, Broadcast, Less, Greater.

  The arithmetic operation as shown below:
Combined complex filter expressions can be combined with and, or, not. For example, 'Host foo and not port ftp and not port ftp-data', if multiple expressions are combined in AND, or, NOT, multiple expressions have the same modifiers, and they can omit the first expression. For example, 'TCP DST port ftp or ftp-data or domain' is equivalent to 'TCP DST Port FTP or TCP DST PORT FTP-DATA or TCP DSTPORT DOMAIN'

Intelligent Recommendation

libpcap packet capture analysis project (2)

In project (1), we successfully captured the data packet and extracted the basic information in the data packet. This time we will output the various protocols used by the data packet and output the m...

libpcap packet capture analysis project (1)

First introduce the usage of libpcap library functions: Here I use two functions, pcap_open_live () and pcap_next (), you can jump through the portal to see the specific usage. The comments in the cod...

libpcap packet capture analysis project (4)

In project three, we completed the parsing of a package in the "hospital mirror stream.pcapng" file. The next thing we need to do is to write the parsed data into the file, so that the TS st...

Analysis of libpcap packet capture mechanism (3)

At present, the network packet capture system under the Linux operating system is generally built on the libpcap packet capture platform. The English meaning of libpcap is Library of Packet Capture, t...

Analysis of libpcap packet capture mechanism (4)

1. Process and performance analysis of traditional Linux network protocol stack The Linux network protocol stack is a typical system for processing network packets. It includes the entire process from...

More Recommendation

LibPCAP Library Program Guide - Filter Packet

One of the most powerful features of WinPCAP and LibPCAP is the engine with filtering packets. It provides an effective way to get some packets in the network, which is also an integral part of the Wi...

WinPcap / libpcap network packet capture TCP header flag

Recent WinPcap / libpcap fetch packet network, and to extract HTML image. To analyze TCP packets when they were big-endian out of the head. Finally, patience and the flag bit fields are read out. TCP ...

Talk to the network protocol analysis technology! Network Packet Capture Technology LIBPCAP

In practical applications, the technical representative to realize network packet capture is libpcap. LibPCAP is a professional cross-platform network packet capture development package. Use libpcap c...

Libpcap function

1. libpcap data type definition 2. pcap_t *pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) Get the packet capture descriptor used to capture network packets. The device p...

Linux network packet capture/packet capture technology comparison: napi, libpcap, afpacket, PF_RING, PACKET_MMAP, DPDK, XDP (eXpress Data Path)

Table of Contents 1. Traditional Linux network protocol stack process and performance analysis The main problem of the protocol stack Resource allocation and release for a single packet level Serial a...

Copyright  DMCA © 2018-2026 - All Rights Reserved - www.programmersought.com  User Notice

Top