原始以太网数据包捕获 [英] Raw Ethernet Packet Capture
问题描述
我正在写一个非常基本的原始以太网嗅探器,基于我在Andreas Schaufler的原始以太网文章中找到的
:
http://aschauf.landshut.org/fh /linux...w/ch01s03.html
我正在尝试打印每个以太网帧的输出
十六进制和字符表示。我是网络新手
用C编程。这里是一段代码片段:
而(1)
{
length = recvfrom(s,buffer,ETH_FRAME_LEN,0,NULL,NULL);
if(length == -1) {
printf(接收以太网帧错误... \ n);
}
else {
printf(" Hex:\ n\ n");
for(int i = 0; i< length; i ++)
{
printf("%x" buffer [i]);
}
printf(" \ n\\\
Char:\ n \ n");
for(int i = 0; i< length; i ++)
{
printf("%c" buffer [i]);
}
}
}
我得到的大部分字符都以两位十六进制显示
表示,如此A0。但有时我会得到类似
" FFFFFFFF"或FFFFFFA0。为什么会这样?我还比较了使用Linux wireshark嗅探器和我的程序的
结果,并且
注意到帧的不同十六进制值。我知道wireshark
是正确的,所以我做错了什么?感谢任何帮助。
注意:我之前在alt.comp.lang.c中发布了这个,并且有人将其命名为
" mimus" FFFFFFFF表示FFFFFFFF。行为可能是签名/未签名
问题。我怎么知道呢?
10月22日下午2:58,gustavo.sam ... @ gmail.com写道:
我正在根据我发现的内容编写一个非常基本的原始以太网嗅探器
$在Andreas Schaufler的原始以太网文章中的b $ b: http ://aschauf.landshut.org/fh/linux...w/ch01s03.html
我正在尝试打印每个以太网帧的输出
十六进制和字符表示。我是网络新手
用C编程。这里是一段代码片段:
而(1)
{
length = recvfrom(s,buffer,ETH_FRAME_LEN,0,NULL,NULL);
if(length == -1) {
printf(接收以太网帧错误... \ n);
}
else {
printf(" Hex:\ n\ n");
for(int i = 0; i< length; i ++)
{
printf("%x" buffer [i]);
}
printf(" \ n\\\
Char:\ n \ n");
for(int i = 0; i< length; i ++)
{
printf("%c" buffer [i]);
}
}
}
我得到的大部分字符都以两位十六进制显示
表示,如此A0。但有时我会得到类似
" FFFFFFFF"或FFFFFFA0。为什么会这样?我还比较了使用Linux wireshark嗅探器和我的程序的
结果,并且
注意到帧的不同十六进制值。我知道wireshark
是正确的,所以我做错了什么?感谢任何帮助。
注意:我之前在alt.comp.lang.c中发布了这个,并且有人将其命名为
" mimus" FFFFFFFF表示FFFFFFFF。行为可能是签名/未签名
问题。我该怎么说?
未指定缓冲区的数据类型,但我猜是签名字符。
printf()函数是一个varadic功能。所以签名的char将
推广到默认促销活动?
如果海报被命名为减号,那会更有趣。
我想如果你把你的数据类型更改为unsigned char,它可能会让你感到惊讶。
< blockquote> gu************@gmail.com 写道:
[...]
注意:我之前在alt.comp.lang.c中发布了这个名为
" mimus" FFFFFFFF表示FFFFFFFF。行为可能是签名/未签名
问题。我该怎么说?
%X说明符期望''unsigned int''类型,你可以尝试例如
int write_hex(FILE * out,unsigned char * binary,size_t binary_len)
{
size_t i;
int n = 0;
for(i = 0; i< binary_len; i ++)
{
n = fprintf(out,"%02X",binary [i] );
}
返回n;
}
代替。
-
Tor< torust [at] online [dot] no>
技术技能掌握复杂性,虽然创意很精通
简单>
Tor Rustad写道:
gu ************ @ gmail.com 写道:
[...]
>注意:我之前在alt.comp.lang.c中发布了这个,并且有人命名为
" mimus" FFFFFFFF表示FFFFFFFF。行为可能是签名/未签名的问题。我该怎么说?
%X说明符期望''unsigned int''类型,你可以尝试例如
int write_hex(FILE * out,unsigned char * binary,size_t binary_len)
{
size_t i;
int n = 0;
for(i = 0; i< binary_len; i ++)
{
n = fprintf(out,"%02X",binary [i] );
我忘记在这里输入一些错误,检查n< 0,还有'n''返回
值相当误导,因为它通常不会返回打印的总额
长度。
-
Tor< torust [at] online [dot ]没有>
技术技能是掌握复杂性,而创造力是精通
的简单性
Hi,
I am writing a very basic raw ethernet sniffer based on what I found
in Andreas Schaufler''s raw ethernet article:
http://aschauf.landshut.org/fh/linux...w/ch01s03.html
I''m trying to print the output of each ethernet frame in both
hexadecimal and character representations. I''m new at network
programming in C. Here''s a code snippet:
while(1)
{
length = recvfrom(s, buffer, ETH_FRAME_LEN, 0, NULL, NULL);
if (length == -1) {
printf("Error receiving ethernet frame...\n");
}
else {
printf("Hex:\n\n");
for (int i = 0; i < length; i++)
{
printf("%x" buffer[i]);
}
printf("\n\nChar:\n\n");
for (int i = 0; i < length; i++)
{
printf("%c" buffer[i]);
}
}
}
Most of the characters I get are shown in two digit hexadecimal
representation like this "A0". But sometimes I get something like
"FFFFFFFF" or "FFFFFFA0". Why does this happen? I also compared the
results of using the Linux wireshark sniffer and my program, and
noticed different hexadecimal values for the frames. I know wireshark
is correct, so what am I doing wrong? Any help is appreciated.
Note: I posted this in alt.comp.lang.c before and someone named
"mimus" said the "FFFFFFFF" behavior could be a signed/unsigned
problem. How can I tell?
On Oct 22, 2:58 pm, gustavo.sam...@gmail.com wrote:Hi,
I am writing a very basic raw ethernet sniffer based on what I found
in Andreas Schaufler''s raw ethernet article:http://aschauf.landshut.org/fh/linux...w/ch01s03.html
I''m trying to print the output of each ethernet frame in both
hexadecimal and character representations. I''m new at network
programming in C. Here''s a code snippet:
while(1)
{
length = recvfrom(s, buffer, ETH_FRAME_LEN, 0, NULL, NULL);
if (length == -1) {
printf("Error receiving ethernet frame...\n");
}
else {
printf("Hex:\n\n");
for (int i = 0; i < length; i++)
{
printf("%x" buffer[i]);
}
printf("\n\nChar:\n\n");
for (int i = 0; i < length; i++)
{
printf("%c" buffer[i]);
}
}
}
Most of the characters I get are shown in two digit hexadecimal
representation like this "A0". But sometimes I get something like
"FFFFFFFF" or "FFFFFFA0". Why does this happen? I also compared the
results of using the Linux wireshark sniffer and my program, and
noticed different hexadecimal values for the frames. I know wireshark
is correct, so what am I doing wrong? Any help is appreciated.
Note: I posted this in alt.comp.lang.c before and someone named
"mimus" said the "FFFFFFFF" behavior could be a signed/unsigned
problem. How can I tell?The data type of buffer is not specified, but I guess signed char.
The printf() function is a varadic function. So signed char will
promote to what by default promotions?
It would have been funnier if the poster was named ''minus''.
I guess that if you change your data type to unsigned char, it may
surprise you a bit.
gu************@gmail.com wrote:
[...]
Note: I posted this in alt.comp.lang.c before and someone named
"mimus" said the "FFFFFFFF" behavior could be a signed/unsigned
problem. How can I tell?The %X specifier expect an ''unsigned int'' type, you can try e.g.
int write_hex(FILE *out, unsigned char *binary, size_t binary_len)
{
size_t i;
int n = 0;
for (i=0; i<binary_len; i++)
{
n = fprintf(out, "%02X", binary[i]);
}
return n;
}
instead.
--
Tor <torust [at] online [dot] no>
"Technical skill is mastery of complexity, while creativity is mastery
of simplicity"
Tor Rustad wrote:gu************@gmail.com wrote:
[...]
>Note: I posted this in alt.comp.lang.c before and someone named
"mimus" said the "FFFFFFFF" behavior could be a signed/unsigned
problem. How can I tell?
The %X specifier expect an ''unsigned int'' type, you can try e.g.
int write_hex(FILE *out, unsigned char *binary, size_t binary_len)
{
size_t i;
int n = 0;
for (i=0; i<binary_len; i++)
{
n = fprintf(out, "%02X", binary[i]);I forgot to put in some error check here for n<0, also the ''n'' return
value is rather misleading, since it typically doesn''t return the total
length printed.
--
Tor <torust [at] online [dot] no>
"Technical skill is mastery of complexity, while creativity is mastery
of simplicity"
这篇关于原始以太网数据包捕获的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
