libpcap监听网络端口数据

下面的代码是监听本机源80地址流出的数据， 并以字符的形式打印出来。

代码：

#include <pcap.h>  
#include <time.h>  
#include <stdlib.h>  
#include <stdio.h>  
  
void getPacket(u_char * arg, const struct pcap_pkthdr * pkthdr, const u_char * packet)  
{  
  int * id = (int *)arg;  
    
  printf("id: %d\n", ++(*id));  
  printf("Packet length: %d\n", pkthdr->len);  
  printf("Number of bytes: %d\n", pkthdr->caplen);  
  printf("Recieved time: %s", ctime((const time_t *)&pkthdr->ts.tv_sec));   
    
  int i;  
  for(i=0; i<pkthdr->len; ++i)  
  {   
    //printf(" %02x", packet[i]);  
    printf(" %c", packet[i]);  
    if( (i + 1) % 16 == 0 )   
    {   
        //printf("\n");  
    }   
  }   
  
  //printf("%s\n", packet);

  printf("\n\n");  
}  


int main()  
{  
  char errBuf[PCAP_ERRBUF_SIZE], * devStr;  
    
  /* get a device */  
  //devStr = pcap_lookupdev(errBuf);  
  devStr = "eth1";
    
  if(devStr)  
  {   
    printf("success: device: %s\n", devStr);  
  }   
  else  
  {   
    printf("error: %s\n", errBuf);  
    exit(1);  
  }   
    
  /* open a device, wait until a packet arrives */  
  pcap_t * device = pcap_open_live(devStr, 65535, 1, 0, errBuf);  
    
  if(!device)  
  {   
    printf("error: pcap_open_live(): %s\n", errBuf);  
    exit(1);  
  }   
    
  /* construct a filter */  
  struct bpf_program filter;  
  pcap_compile(device, &filter, "src port 80", 1, 0);  
  //pcap_compile(device, &filter, "dst port 80", 1, 0);  
  pcap_setfilter(device, &filter);

  /* wait loop forever */
  int id = 0;
  pcap_loop(device, -1, getPacket, (u_char*)&id);

  pcap_close(device);

  return 0;
}

编译：

gcc test.c -o test -lpcap