How to use C to perform network packet sniffing?

Using C to capture network packets requires relying on the libpcap or Npcap library. Open the network interface through pcap_open_live, capture the data packets with pcap_loop, parse the Ethernet and IP header information in the callback function, and extract the source and destination IP addresses. Administrator rights are required and BPF filters are configured correctly to improve performance. 1. Install libpcap-dev or Npcap; 2. Write code to register a callback function to process the original packet; 3. Link the -lpcap library when compiling.

Using C to perform network packet sniffing typically requires leveraging a library like libpcap (on Linux/Unix) or WinPcap/Npcap (on Windows), since raw packet capture is not supported directly by standard C. These libraries provide low-level access to network interfaces.

1. Set Up the Environment

Install the appropriate packet capture library:

• Linux : Install libpcap-dev via package manager (eg, sudo apt install libpcap-dev )
• Windows : Install Npcap or WinPcap and link against their development libraries

Compile your C code with the pcap library:

2. Basic Packet Sniffing Code Example

Here's a minimal C example using libpcap to capture and print basic packet info:

#include <pcap.h>
#include <iostream>
#include <netinet>
#include <netinet>
<p>void packetHandler(u_char <em>userData, const struct pcap_pkthdr</em> pkthdr, const u_char <em>packet) {
struct ether_header</em> eth_hdr = (struct ether_header <em>)packet;
if (ntohs(eth_hdr-&gt;ether_type) == ETHERTYPE_IP) {
struct iphdr</em> ip_hdr = (struct iphdr*)(packet sizeof(struct ether_header));
std::cout saddr &amp; 0xFF saddr &gt;&gt; 8) &amp; 0xFF saddr &gt;&gt; 16) &amp; 0xFF saddr &gt;&gt; 24) &amp; 0xFF
 "
daddr &amp; 0xFF daddr &gt;&gt; 8) &amp; 0xFF daddr &gt;&gt; 16) &amp; 0xFF daddr &gt;&gt; 24) &amp; 0xFF
</p>
<p> int main() {
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *handle = pcap_open_live("eth0", BUFSIZ, true, 1000, errbuf);</p><pre class='brush:php;toolbar:false;'> if (handle == nullptr) {
    std::cerr << "Error: " << errbuf << std::endl;
    return 1;
}

std::cout << "Listening on interface eth0..." << std::endl;
pcap_loop(handle, 0, packetHandler, nullptr);
pcap_close(handle);
return 0;

}

3. Key Considerations

• You need administrator/root privileges to capture packets
• Replace "eth0" with the correct interface name (use pcap_findalldevs() to list available interfaces)
• Packets are received in raw binary format—parse headers manually (Ethernet, IP, TCP, etc.)
• Use pcap_compile() and pcap_setfilter() to apply BPF filters (eg, only HTTP traffic)
• Be cautious with performance: processing every packet can be CPU-intensive

4. Alternative: Cross-Platform Tools

If you want more abstraction, consider integrating with tools like:

• Raw sockets (limited, platform-specific)
• DPDK for high-speed packet processing
• Boost.Asio for higher-level networking (not for raw sniffing)

Basically, libpcap is the go-to solution for packet sniffing in C. It's mature, portable, and well-documented. Just remember to handle permissions and parsing carefully.

The above is the detailed content of How to use C to perform network packet sniffing?. For more information, please follow other related articles on the PHP Chinese website!