#include "pcap.h"/* 4 bytes IP address */typedef struct ip_address{ u_cha

1. #include "pcap.h"
2.  
3. /* 4 bytes IP address */
4. typedef struct ip_address{
5. u_char byte1;
6. u_char byte2;
7. u_char byte3;
8. u_char byte4;
9. }ip_address;
10.  
11. /* IPv4 header */
12. typedef struct ip_header{
13. u_char ver_ihl; // Version (4 bits) + Internet header length (4 bits)
14. u_char tos; // Type of service
15. u_short tlen; // Total length
16. u_short identification; // Identification
17. u_short flags_fo; // Flags (3 bits) + Fragment offset (13 bits)
18. u_char ttl; // Time to live
19. u_char proto; // Protocol
20. u_short crc; // Header checksum
21. ip_address saddr; // Source address
22. ip_address daddr; // Destination address
23. u_int op_pad; // Option + Padding
24. }ip_header;
25.  
26. /* UDP header*/
27. typedef struct udp_header{
28. u_short sport; // Source port
29. u_short dport; // Destination port
30. u_short len; // Datagram length
31. u_short crc; // Checksum
32. }udp_header;
33.  
34. /* prototype of the packet handler */
35. void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data);
36.  
37.  
38. main()
39. {
40. pcap_if_t *alldevs;
41. pcap_if_t *d;
42. int inum;
43. int i=0;
44. pcap_t *adhandle;
45. char errbuf[PCAP_ERRBUF_SIZE];
46. u_int netmask;
47. char packet_filter[] = ""; // ip and tcp
48.  
49. struct bpf_program fcode;
50.  
51. /* Retrieve the device list */
52. if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1) {
53. fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
54. exit(1);
55. }
56.  
57. /* Print the list */
58. for(d=alldevs; d; d=d->next) {
59. if (d->description) {
60. printf("%d.) %s\n", ++i, d->description);
61. }else {
62. printf("%d.) (No description available)\n");
63. ++i;
64. }
65. }
66.  
67. if(i==0){
68. printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
69. return -1;
70. }
71.  
72. printf("Enter the interface number (1-%d):",i);
73. scanf("%d", &inum);
74.  
75. if(inum < 1 || inum > i){
76. printf("\nInterface number out of range.\n");
77. /* Free the device list */
78. pcap_freealldevs(alldevs);
79. return -1;
80. }
81.  
82. /* Jump to the selected adapter */
83. for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
84.  
85. /* Open the adapter */
86. if ( (adhandle = pcap_open(d->name, // name of the device
87. 65536, // portion of the packet to capture.
88. // 65536 grants that the whole packet will be captured on all the MACs.
89. PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode
90. 1000, // read timeout
91. NULL, // remote authentication
92. errbuf // error buffer
93. ) ) == NULL)
94. {
95. fprintf(stderr,"\nUnable to open the adapter. %s is not supported\n");
96. /* Free the device list */
97. pcap_freealldevs(alldevs);
98. return -1;
99. }
100.  
101. /* Check the link layer. We support only Ethernet for simplicity. */
102. if(pcap_datalink(adhandle) != DLT_EN10MB) {
103. fprintf(stderr,"\nThis program works only on Ethernet networks.\n");
104. /* Free the device list */
105. pcap_freealldevs(alldevs);
106. return -1;
107. }
108.  
109. if(d->addresses != NULL) {
110. /* Retrieve the mask of the first address of the interface */
111. netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;
112. } else {
113. /* If the interface is without addresses we suppose to be in a C class network */
114. netmask=0xffffff;
115. }
116.  
117. //compile the filter
118. if (pcap_compile(adhandle, &fcode, packet_filter, 1, netmask) <0 ){
119. fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n");
120. /* Free the device list */
121. pcap_freealldevs(alldevs);
122. return -1;
123. }
124.  
125. //set the filter
126. if (pcap_setfilter(adhandle, &fcode)<0){
127. fprintf(stderr,"\nError setting the filter.\n");
128. /* Free the device list */
129. pcap_freealldevs(alldevs);
130. return -1;
131. }
132.  
133. printf("\nlistening on %s\n", d->description);
134. /* At this point, we don't need any more the device list. Free it */
135. pcap_freealldevs(alldevs);
136. /* start the capture */
137. pcap_loop(adhandle, 0, packet_handler, NULL);
138. return 0;
139.  
140. }
141.  
142. /* Callback function invoked by libpcap for every incoming packet */
143. void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data){
144. struct tm *ltime;
145. char timestr[16];
146. ip_header *ih;
147. udp_header *uh;
148. u_int ip_len;
149. u_short sport,dport;
150. time_t local_tv_sec;
151.  
152. /* convert the timestamp to readable format */
153. local_tv_sec = header->ts.tv_sec;
154. ltime=localtime(&local_tv_sec);
155. strftime( timestr, sizeof timestr, "%H:%M:%S", ltime);
156.  
157. /* print timestamp and length of the packet */
158. printf("%s.%.6d len:%d ", timestr, header->ts.tv_usec, header->len);
159.  
160. /* retireve the position of the ip header */
161. ih = (ip_header *) (pkt_data +
162. 14); //length of ethernet header
163.  
164. /* retireve the position of the udp header */
165. ip_len = (ih->ver_ihl & 0xf) * 4;
166. uh = (udp_header *) ((u_char*)ih + ip_len);
167.  
168. /* convert from network byte order to host byte order */
169. sport = ntohs( uh->sport );
170. dport = ntohs( uh->dport );
171.  
172. /* print ip addresses and udp ports */
173. printf("%d.%d.%d.%d:%d -> %d.%d.%d.%d:%d\n",
174. ih->saddr.byte1,
175. ih->saddr.byte2,
176. ih->saddr.byte3,
177. ih->saddr.byte4,
178. sport,
179. ih->daddr.byte1,
180. ih->daddr.byte2,
181. ih->daddr.byte3,
182. ih->daddr.byte4,
183. dport);
184. }