13.8.1 获取ICMP数据
这节,您将学习怎样使用 syscall 库获取原始 ICMP 网络数据,和 syscall.SetsockoptInt() 去设置 socket 选项。牢记发送原始 ICMP 数据是非常困难的,因为您不得不自己构造原始网络包。这个程序的名称是 syscallNet.go,并显示在四个部分中。
syscallNet.go 的第一部分如下:
1
package main
2
3
import(
4
"fmt"
5
"os"
6
"syscall"
7
)
Copied!
syscallNet.go 的第二部分包含代码如下:
1
func main() {
2
fd, err := syscall.Socket(syscall.AF_INET, syscall.SOCK_RAW, syscall.IPPROTO_ICMP)
3
if err != nil {
4
fmt.Println("Error in syscall.Socket:", err)
5
return
6
}
7
f := os.NewFile(uintptr(fd), "captureICMP")
8
if f == nil {
9
fmt.Println("Error is os.NewFile:", err)
10
return
11
}
Copied!
syscall.AF_INET 参数告诉 syscall.Socket() 您想使用 IPv4。 syscall.SOCK_RAW 参数使生成的 socket 成为原始 socket。这最后一个参数,syscall.IPPROTO_ICMP,告诉 syscall.Socket() 您只对 ICMP 通信感兴趣。
syscallNet.go 的第三部分如下:
1
err = syscall.SetsockoptInt(fd, syscall.SOL_SOCKET, syscall.SO_RCVBUF, 256)
2
if err != nil {
3
fmt.Println("Error in syscall.Socket:", err)
4
return
5
}
Copied!
调用 syscall.SetsockoptInt() 设置 socket 的接收 buffer 大小为 256。syscall.SOL_SOCKET 参数是为了说明您想要在 socket 层级上工作。
syscallNet.go 的其余 Go 代码如下:
1
for {
2
buf := make([]byte, 1024)
3
numRead, err := f.Read(buf)
4
if err != nil {
5
fmt.Println(err)
6
}
7
fmt.Printf("% X\n", buf[:numRead])
8
}
9
}
Copied!
由于 for 循环,syscallNet.go 将一直抓取 ICMP 网络包直到您手动终止它。
在 macOS High Sierra 机器上执行 syscallNet.go 将产生如下输出:
1
$ sudo go run syscallNet.go
2
45 00 40 00 BC B6 00 00 40 01 00 00 7F 00 00 01 7F 00 00 01 00 00 3F 36 71 45 00 00 5A CB 6A 90 00 0B 9F 1A 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37
3
45 00 40 00 62 FB 00 00 40 01 00 00 7F 00 00 01 7F 00 00 01 00 00 31 EF 71 45 00 01 5A CB 6A 91 00 0B AC 5F 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37
4
45 00 40 00 9A 5F 00 00 40 01 00 00 7F 00 00 01 7F 00 00 01 00 00 31 EF 71 45 00 01 5A CB 6A 91 00 0B AC 5F 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37
5
45 00 40 00 6E 0D 00 00 40 01 00 00 7F 00 00 01 7F 00 00 01 00 00 31 EF 71 45 00 01 5A CB 6A 91 00 0B AC 5F 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37
6
45 00 40 00 3A 07 00 00 40 01 00 00 7F 00 00 01 7F 00 00 01 00 00 31 EF 71 45 00 01 5A CB 6A 91 00 0B AC 5F 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37
7
45 00 24 00 45 55 00 00 40 01 00 00 7F 00 00 01 7F 00 00 01 00 00 31 EF 71 45 00 01 5A CB 6A 91 00 0B AC 5F 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37
8
45 00 24 00 E8 1E 00 00 40 01 00 00 7F 00 00 01 7F 00 00 01 00 00 31 EF 71 45 00 01 5A CB 6A 91 00 0B AC 5F 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37
9
45 00 24 00 2A 4B 00 00 40 01 00 00 7F 00 00 01 7F 00 00 01 00 00 31 EF 71 45 00 01 5A CB 6A 91 00 0B AC 5F 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37
Copied!
在 Debian Linux 机器上运行 syscallNet.go 将产生如下输出:
1
# go run syscallNet.go
2
45 00 00 54 7F E9 40 00 40 01 BC BD 7F 00 00 01 7F 00 00 01 08 00 6F 07 53 E3 00 01 FA 6A CB 5A 00 00 00 00 AA 7B 06 00 00 00 00 00 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37
3
45 00 00 54 7F EA 00 00 40 01 FC BC 7F 00 00 01 7F 00 00 01 00 00 77 07 53 E3 00 01 FA 6A CB 5A 00 00 00 00 AA 7B 06 00 00 00 00 00 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37
4
45 C0 00 44 68 54 00 00 34 01 8B 8E 86 77 DC 57 6D 4A C1 FD 03 0A 8F 27 00 00 00 00 45 00 00 28 40 4F 40 00 34 06 74 6A 6D 4A C1 FD 86 77 DC 57 B0 B8 DD 96 00 00 00 00 52 F1 AB DA 50 14 00 00 90 9E 00 00
5
45 00 00 54 80 4E 40 00 40 01 BC 58 7F 00 00 01 7F 00 00 01 08 00 7E 01 53 E3 00 02 FB 6A CB 5A 00 00 00 00 9A 80 06 00 00 00 00 00 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37
6
45 00 00 54 80 4F 00 00 40 01 FC 57 7F 00 00 01 7F 00 00 01 00 00 86 01 53 E3 00 02 FB 6A CB 5A 00 00 00 00 9A 80 06 00 00 00 00 00 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37
7
45 00 00 54 80 9B 40 00 40 01 BC 0B 7F 00 00 01 7F 00 00 01 08 00 93 EC 53 E3 00 03 FC 6A CB 5A 00 00 00 00 9A 80 06 00 00 00 00 00 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37
Copied!
Copy link