谁熟悉libnids吗,熟悉的话帮我看看下面的问题

ztj111 · 发表于 2006-5-16 15:22:57

我写了一个程序如下:
#include "nids.h"
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <arpa/inet.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
void
tcp_protocol_callback (struct tcp_stream *tcp_connection, void **arg)
{
int i;
char address_string[1024];
char content[65535];
char content_urgent[65535];
struct tuple4 ip_and_port = tcp_connection->addr;
strcpy (address_string,
               inet_ntoa (*((struct in_addr *) &(ip_and_port.saddr))));
sprintf (address_string + strlen (address_string), " :  %i",
               ip_and_port.source);
strcat (address_string, " <---> ");
strcat (address_string,
               inet_ntoa (*((struct in_addr *) &(ip_and_port.daddr))));
  sprintf (address_string + strlen (address_string), " :  %i",
               ip_and_port.dest);
strcat (address_string, "\n");
  switch (tcp_connection->nids_state)

{
   case NIDS_JUST_EST:
      tcp_connection->client.collect++;
      tcp_connection->server.collect++;
      tcp_connection->server.collect_urg++;
      tcp_connection->client.collect_urg++;
      printf ("%sTCP联接建立\n", address_string);
      return;
   case NIDS_CLOSE:
   printf ("--------------------------------\n");
   printf ("%sTCP联接正常关闭", address_string);
   return;
case NIDS_RESET:
   printf ("--------------------------------\n");
   printf ("%sTCP连接被RST关闭", address_string);
   return;
case NIDS_DATA:
   {
      struct half_stream *hlf;
      if (tcp_connection->server.count_new_urg)
      {
         printf ("--------------------------------\n");
         strcpy (address_string,
                  inet_ntoa (*((struct in_addr *) &(ip_and_port.saddr))));
         sprintf (address_string + strlen (address_string), " : %i",
                  ip_and_port.source);
         strcat (address_string, " urgent---> ");
         strcat (address_string,
                  inet_ntoa (*((struct in_addr *) &(ip_and_port.daddr))));
         sprintf (address_string + strlen (address_string), " : %i",
                  ip_and_port.dest);
         strcat (address_string, "\n");
         address_string[strlen (address_string) + 1] = 0;
         address_string[strlen (address_string)] =
            tcp_connection->server.urgdata;
         printf ("%s", address_string);
         return;
      }
      if (tcp_connection->client.count_new_urg)
      {
         printf ("--------------------------------\n");
         strcpy (address_string,
                  inet_ntoa (*((struct in_addr *) &(ip_and_port.saddr))));
         sprintf (address_string + strlen (address_string), " : %i",
                  ip_and_port.source);
         strcat (address_string, " <--- urgent ");
         strcat (address_string,
                  inet_ntoa (*((struct in_addr *) &(ip_and_port.daddr))));
         sprintf (address_string + strlen (address_string), " : %i",
                  ip_and_port.dest);
         strcat (address_string, "\n");
         address_string[strlen (address_string) + 1] = 0;
         address_string[strlen (address_string)] =
            tcp_connection->client.urgdata;
         printf ("%s", address_string);
         return;
      }
      if (tcp_connection->client.count_new)
      {
         hlf = &tcp_connection->client;
         strcpy (address_string,
                  inet_ntoa (*((struct in_addr *) &(ip_and_port.saddr))));
         sprintf (address_string + strlen (address_string), ": %i",
                  ip_and_port.source);
         strcat (address_string, " <--- ");
         strcat (address_string,
                  inet_ntoa (*((struct in_addr *) &(ip_and_port.daddr))));
         sprintf (address_string + strlen (address_string), ": %i",
                  ip_and_port.dest);
         strcat (address_string, "\n");
         printf ("--------------------------------\n");
         printf ("%s", address_string);
         memcpy (content, hlf->data, hlf->count_new);
         content[hlf->count_new] = '\0';
      }
      else
      {
         hlf = &tcp_connection->server;
         strcpy (address_string,
                  inet_ntoa (*((struct in_addr *) &(ip_and_port.saddr))));
         sprintf (address_string + strlen (address_string), ": %i",
                  ip_and_port.source);
         strcat (address_string, " ---> ");
         strcat (address_string,
                  inet_ntoa (*((struct in_addr *) &(ip_and_port.daddr))));
         sprintf (address_string + strlen (address_string), ": %i",
                  ip_and_port.dest);
         strcat (address_string, "\n");
         printf ("--------------------------------\n");
         printf ("%s", address_string);
         memcpy (content, hlf->data, hlf->count_new);
         content[hlf->count_new] = '\0';
         printf ("\n");
      }
   }
default:
   break;
}
  return;
}

int
main ()

{
  if (!nids_init ())
{
   printf ("出现错误: %s\n", nids_errbuf);
   exit (1);
}
  nids_register_tcp (tcp_protocol_callback);
  nids_run ();
  return 0;
}
运行的时候怎么捕获的数据包都与我的机子有关,libnids的默认设置网卡是混杂模式,我应该是能捕获局域网中所由的包啊?

x11 · 发表于 2006-5-16 15:50:41

1. 请使用论坛系统支持的标签使代码格式良好
2.在交换式网络中，混杂模式也只能收到自己的包，除非你所连的端口是镜像口
3.我没用过libnids，呵呵

ztj111 · 发表于 2006-5-16 16:16:36

谢谢你的回复,其实我在发贴的时候格式是好的,发了后就变成那个样子了.
我的网络可能不是交换式网络,因为我用tcpdump能够抓获局域网中所有的包

x11 · 发表于 2006-5-16 18:57:14

可以使用［code］［/code］、［php］［/php］，［］应该是半角的，为了发帖我写的是全角

x11 · 发表于 2006-5-16 19:15:28

http://blog.codelphi.com/freegnu/archive/2004/10/25/26745.aspx
我查到这么一篇，看看对你有没有帮助

ztj111 · 发表于 2006-5-17 10:03:52

这个我已经看过了,不过还是谢谢你

		自动登录	找回密码
密码			注册