在Mac OS X奇怪的原始套接字 [英] Strange RAW Socket on Mac OS X

问题描述

当我在我的Mac OS X上运行在C简单的数据包嗅探器codeD，我得到任何输出，这是一个奇怪的事情！有人可以帮助我了解什么事情。

When i run a simple packet sniffer coded in C on my Mac OS X, i got no output at all, this is a strange thing! can someone help me to understand what going on.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>

int main(void) {
   int i, recv_length, sockfd;

   u_char buffer[9000];

   if ((sockfd = socket(PF_INET, SOCK_RAW, IPPROTO_TCP)) == -1) {
        printf("Socket failed!!\n");

        return -1;
   }

   for(i=0; i < 3; i++) {
      recv_length = recv(sockfd, buffer, 8000, 0);
      printf("Got some bytes : %d\n", recv_length);
   }

   return 0;
}

我编译它，并在我的设备上运行，并没有什么会：

I compile it and run it on my box and nothing is going:

MacOsxBox:Desktop evariste$sudo ./simpleSniffer

感谢您的帮助。

推荐答案

这不会对* BSD（包括OSX /达尔文）工作。见调查这里了解更多详情：

This will not work on *BSD (including OSX/Darwin). See the investigation here for more details:

b. FreeBSD
**********

FreeBSD takes another approach. It *never* passes TCP or UDP packets to raw
sockets. Such packets need to be read directly at the datalink layer by using
libraries like libpcap or the bpf API. It also *never* passes any fragmented 
datagram. Each datagram has to be completeley reassembled before it is passed
to a raw socket.
FreeBSD passes to a raw socket:
    a) every IP datagram with a protocol field that is not registered in
    the kernel
    b) all IGMP packets after kernel finishes processing them
    c) all ICMP packets (except echo request, timestamp request and address
    mask request) after kernel finishes processes them

这个故事告诉我们：使用的libpcap 这一点。它会让你的生活变得更轻松。 （如果你使用的MacPorts，做 sudo的港口安装的libpcap ）

Moral of the story: use libpcap for this. It will make your life much easier. (If you use MacPorts, do sudo port install libpcap.)

这篇关于在Mac OS X奇怪的原始套接字的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！