IT博客汇
  • 首页
  • 精华
  • 技术
  • 设计
  • 资讯
  • 扯淡
  • 权利声明
  • 登录 注册

    VS2013配置libtins

    一根稻草发表于 2014-12-23 00:00:00
    love 0

    Linux下使用C库libnet,跨平台的Python库scapy都是不错的选择,Windows平台一直没有找到理想的C/C++数据包构造库, 今天就来学习一下libtins,libtins是一个跨平台的C++数据包构造和嗅探库。

    libtins is a high-level, multiplatform C++ network packet sniffing and crafting library.

    1. 下载编译好的libtins库
      download here
      注意这是Release版本,相应的应用程序也应该是Relase,否则会出现_ITERATOR_DEBUG_LEVEL连接错误。

    2. 下载编译好的winpcap库
      download here

    3. 配置include目录和lib目录
      分别是libtins和wpdPack的include和lib目录

    4. 加入连接依赖库

      Ws2_32.lib
      Iphlpapi.lib
      wpcap.lib
      tins.lib

    5. 测试程序
      ARP Monitor 这个测试程序不能直接在windows下中跑,因为命令行参数是网卡名称,windows下面这个名字太长,它不像Linux下面eth0, wlan0等,windows下的网络设备名一般是下面这种东西:

      \Device\NPF_{2D0129D9-349C-4541-ADCB-C8C325E86AE3}

    而且获取不方便!就是你把这个设备名给程序,也会出错。Ok,利用libtins的网络接口类NetworkInterface 和IP地址和MAC地址类[IPv4Address]来获取网络设备名,将arp-monitor的命令行参数由设备名改成IP地址,让libtins自己根据IP地址找设备名吧,所以修改之后的测试程序如下:

    #include tins.h><span>
    #include 
    #include 
    #include 
    
    using namespace Tins;
    
    class arp_monitor {
    public:
        void run(Sniffer &sniffer);
    private:
        bool callback(const PDU &pdu);
    
        std::map<IPv4Address, HWAddress<6>> addresses;
    };
    
    void arp_monitor::run(Sniffer &sniffer)
    {
        sniffer.sniff_loop(
            std::bind(
            &arp_monitor::callback,
            this,
            std::placeholders::_1
            )
            );
    }
    
    bool arp_monitor::callback(const PDU &pdu)
    {
        // Retrieve the ARP layer
        const ARP &arp = pdu.rfind_pdu<ARP>();
        // Is it an ARP reply?
        if (arp.opcode() == ARP::REPLY) {
            // Let's check if there's already an entry for this address
            auto iter = addresses.find(arp.sender_ip_addr());
            if (iter == addresses.end()) {
                // We haven't seen this address. Save it.
                addresses.insert({ arp.sender_ip_addr(), arp.sender_hw_addr() });
                std::cout << "[INFO] " << arp.sender_ip_addr() << " is at "
                    << arp.sender_hw_addr() << std::endl;
            }
            else {
                // We've seen this address. If it's not the same HW address, inform it
                if (arp.sender_hw_addr() != iter->second) {
                    std::cout << "[WARNING] " << arp.sender_ip_addr() << " is at "
                        << iter->second << " but also at " << arp.sender_hw_addr()
                        << std::endl;
                }
            }
        }
        return true;
    }
    
    int main(int argc, char *argv[])
    {
        if (argc != 2) {
            std::cout << "Usage: " << *argv << " \n";
            return 1;
        }
        arp_monitor monitor;
        // Sniff on the provided interface in promiscuous mode
        NetworkInterface eth0(IPv4Address((const char*)argv[1])); 
        Sniffer sniffer(eth0.name(), Sniffer::PROMISC);
    
        // Only capture arp packets
        sniffer.set_filter("arp");
        monitor.run(sniffer);
    }

    注意是Release哦,因为tins.lib是release的

    执行

    arp-monitor 192.168.0.110
    

    监控结果

    [INFO] 192.168.0.120 is at 90:b1:1c:0e:9e:c4
    [WARNING] 192.168.0.120 is at 90:b1:1c:0e:9e:c4 but also at 78:2b:cb:3d:61:56
    


沪ICP备19023445号-2号
友情链接