通过gopacket构造以太网帧结构发送二层报文

waini1110 · · 201 次点击 · 开始浏览    置顶
> ## 使用工具。 >>1. windows10 >>2. golang version 1.11.5 >>3. gopacket 1.11.5 >>4. wireshark 2.6.6 >>5. npcap 0.99 >>6. gcc 8.1.0 > ## 代码。 ```go package main import ( "fmt" "log" "net" "time" "github.com/google/gopacket/layers" "github.com/google/gopacket" "github.com/google/gopacket/pcap" ) var ( snapshot_len int32 = 65535 promiscuous bool = false err error timeout time.Duration = 30 * time.Second handle *pcap.Handle buffer gopacket.SerializeBuffer options gopacket.SerializeOptions ) func main() { devices, err := pcap.FindAllDevs() if err != nil { log.Fatal(err) } for _, value := range devices { if value.Description == "Realtek PCIe GbE Family Controller" { //Open device handle, err = pcap.OpenLive(value.Name, snapshot_len, promiscuous, timeout) if err != nil { log.Fatal(err) } } fmt.Println(value.Description, value.Name) } // Send raw bytes over wire rawBytes := []byte{'A', 'b', 'C'} // This time lets fill out some information ipLayer := &layers.IPv4{ Protocol: 17, Flags: 0x0000, IHL: 0x45, TTL: 0x80, Id: 0x1234, Length: 0x014e, SrcIP: net.IP{0, 0, 0, 0}, DstIP: net.IP{255, 255, 255, 255}, } ethernetLayer := &layers.Ethernet{ EthernetType: 0x0800, SrcMAC: net.HardwareAddr{0xFF, 0xAA, 0xFA, 0xAA, 0xFF, 0xAA}, DstMAC: net.HardwareAddr{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, } udpLayer := &layers.UDP{ SrcPort: layers.UDPPort(68), DstPort: layers.UDPPort(67), Length: 0x013a, } // And create the packet with the layers buffer = gopacket.NewSerializeBuffer() gopacket.SerializeLayers(buffer, options, ethernetLayer, ipLayer, udpLayer, gopacket.Payload(rawBytes), ) outgoingPacket := buffer.Bytes() for { time.Sleep(time.Second * 3) err = handle.WritePacketData(outgoingPacket) if err != nil { log.Fatal(err) } } handle.Close() } ``` >>代码就不多讲了,官方的例子,这里构造了以太网帧结构,IP包头,和UDP包头,模拟构造的是bootp,也就是dhcp报文的格式。 >##注意事项 >>1.在pacp.go中,作者写死了路径,所以需要改为npcap的路径 ```go #cgo windows CFLAGS: -I C:/npcap/Include #cgo windows,386 LDFLAGS: -L C:/npcap/Lib -lwpcap #cgo windows,amd64 LDFLAGS: -L C:/npcap/Lib/x64 -lwpcap ``` >>2.pcap.go中,第63行-78行是win32的东西,注释掉, ```go //#ifdef WIN32 //#define pcap_statustostr pcap_strerror // //// WinPcap also doesn't export pcap_can_set_rfmon and pcap_set_rfmon, //// as those are handled by separate libraries (airpcap). //// https://www.winpcap.org/docs/docs_412/html/group__wpcapfunc.html //// Stub out those functions here, returning values that indicate rfmon //// setting is unavailable/unsuccessful. //int pcap_can_set_rfmon(pcap_t *p) { // return 0; //} // //int pcap_set_rfmon(pcap_t *p, int rfmon) { // return PCAP_ERROR; //} //#endif ``` >>3.下载npcap的SDK,安装npcap ![WXW3R0}1_[K$L[BL76@{2O0.png](https://static.studygolang.com/190130/ed763f8610a79c1877468ed56c15affa.png) >>4.替换windows自带的wincap.dll和Packet.dll. 将C:\Windows\System32\Npcap下的wincap.dll和Packet.dll.复制到C:\Windows\System32\下 >>5.编译成功 >>6.查看报文结构 ![6~8G[XZU@3LSVQF8~58XQ2M.png](https://static.studygolang.com/190130/b43b57800ded98b6bae24460d814fda7.png)
201 次点击  
加入收藏 微博
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传