#include "pcap.h"#include <stdio.h>#include <winsock2.h>#include <string

1. #include "pcap.h"
2.  
3. #include <stdio.h>
4. #include <winsock2.h>
5. #include <string.h>
6.  
7. #pragma comment (lib, "wpcap.lib")
8. #pragma comment (lib, "ws2_32.lib" )
9.  
10.  
11. int pkt_length; //패킷 총길이
12. unsigned short in_checksum(unsigned short *ptr,int nbytes);
13. void tcp_ip_parser(unsigned char *sample_packet);
14. void capture_syn_packet(unsigned char *syn_packet, const unsigned char *src);
15.  
16. struct ether_addr
17. {
18.     unsigned char ether_addr_octet[6];
19. };
20.  
21. struct ether_header
22. {
23.     struct  ether_addr ether_dhost;
24.     struct  ether_addr ether_shost;
25.     unsigned short ether_type;
26. };
27.  
28. struct pseudo_header{
29.    unsigned int source_address;
30.    unsigned int dest_address;
31.    unsigned char placeholder;
32.    unsigned char protocol;
33.    unsigned short tcp_length;
34. };
35.  
36.  
37. struct ip_header
38. {
39.    unsigned char ip_header_len:4;
40.    unsigned char ip_version:4;
41.    unsigned char ip_tos;
42.    unsigned short ip_total_length;  
43.  
44.    unsigned short ip_id;
45.    unsigned char ip_frag_offset:5;
46.    unsigned char ip_more_fragment:1;
47.    unsigned char ip_dont_fragment:1;
48.    unsigned char ip_reserved_zero:1;
49.    unsigned char ip_frag_offset1;
50.    unsigned char ip_ttl;
51.    unsigned char ip_protocol;
52.    unsigned short ip_checksum;
53. //   unsigned int ip_srcaddr;
54. //   unsigned int ip_destaddr;
55.     struct in_addr ip_srcaddr;
56.     struct in_addr ip_destaddr;
57.  
58. };
59.  
60.  
61. struct tcp_header
62. {
63.     unsigned short source_port;
64.     unsigned short dest_port;
65.     unsigned int sequence;
66.     unsigned int acknowledge;
67.     unsigned char ns:1;
68.     unsigned char reserved_part1:3;
69.     unsigned char data_offset:4;
70.     unsigned char fin:1;
71.     unsigned char syn:1;
72.     unsigned char rst:1;
73.     unsigned char psh:1;
74.     unsigned char ack:1;
75.     unsigned char urg:1;
76.     unsigned char ecn:1;
77.     unsigned char cwr:1;
78.     unsigned short window;
79.     unsigned short checksum;
80.     unsigned short urgent_pointer;
81. };
82.  
83. void build_packet(unsigned char* packet);
84.  
85. int packet_length;
86. int packet_size;
87.  
88.  
89. //packet data
90. unsigned char  packet[65536] = {0x0,};
91. unsigned char  syn_packet[65536] = {0x0,};
92. // ethernet header
93.  
94. unsigned char dst_mac[]= "\x00\x09\x97\xc7\x26\x07";
95. unsigned char src_mac[]= "\x00\x24\xbe\x66\xef\xb8";
96.  
97. char dest_ip[] = "165.246.12.215";
98. char src_ip[] = "165.246.67.135";
99.  
100.  
101. unsigned char syn_packet1[] =   //62byte
102. "\x00\x50\x56\xe6\xb2\x42\x00\x0c\x29\xd8\x80\x4a\x08\x00\x45\x00"
103. "\x00\x30\xc1\x57\x40\x00\x80\x06\xbe\xaf\xc0\xa8\xed\x84\xa5\xf6"
104. "\x26\x9d\x0a\x8e\x1e\x62\x11\x73\xbd\x8e\x00\x00\x00\x00\x70\x02"
105. "\xfa\xf0\x15\x7c\x00\x00\x02\x04\x05\xb4\x01\x01\x04\x02";
106.  
107. int main(){
108.    
109.     pcap_if_t *alldevs=NULL;
110.  
111.     char errbuf[PCAP_ERRBUF_SIZE];
112.  
113.         // find all network adapters
114.     if (pcap_findalldevs(&alldevs, errbuf)==-1){
115.         printf("dev find failed\n");
116.         return -1;
117.     }
118.     if (alldevs==NULL){
119.         printf("no devs found\n");
120.         return -1;
121.     }
122.     // print them
123.     pcap_if_t *d; int i;
124.     for(d=alldevs,i=0; d!=NULL; d=d->next){
125.         printf("%d-th dev: %s ", ++i, d->name);
126.         if (d->description)
127.             printf(" (%s)\n", d->description);
128.         else
129.             printf(" (No description available)\n");
130.     }
131.  
132.     int inum;
133.  
134.     printf("enter the interface number: ");
135.     scanf("%d", &inum);
136.     for(d=alldevs, i=0; i<inum-1; d=d->next, i++); // jump to the i-th dev
137.  
138.     // open
139.     pcap_t  *fp;
140.     if ((fp = pcap_open_live(d->name,      // name of the device
141.                65536,                   // capture size
142.                1,  // promiscuous mode
143.                20,                    // read timeout
144.                errbuf
145.                ))==NULL){
146.         printf("pcap open failed\n");
147.         pcap_freealldevs(alldevs);
148.         return -1;
149.     }
150.  
151.     printf("pcap open successful\n");
152.  
153.     struct bpf_program  fcode;
154.     if (pcap_compile(fp,  // pcap handle
155.                 &fcode,  // compiled rule
156.                 "host 192.168.237.132 and port 7778",  // filter rule
157.                 1,            // optimize
158.                 NULL) < 0){
159.         printf("pcap compile failed\n");
160.         pcap_freealldevs(alldevs);
161.         return -1;
162.     }
163.     if (pcap_setfilter(fp, &fcode) <0 ){
164.         printf("pcap compile failed\n");
165.         pcap_freealldevs(alldevs);
166.         return -1;
167.     }
168.  
169.     pcap_freealldevs(alldevs); // we don't need this anymore
170.     int res;
171.     struct pcap_pkthdr *header;
172.     const unsigned char *pkt_data;
173.  
174.     int cnt=0;
175. //  build_packet(packet);
176.     /*
177.     while((res=pcap_next_ex(fp, &header,&pkt_data))>=0){
178.             if (res==0) continue;
179.    
180.         tcp_ip_parser((unsigned char*)pkt_data);
181.         if ( cnt == 0 )
182.         {
183.             capture_syn_packet(syn_packet,pkt_data);
184.         }
185.         cnt++;     
186.         break;
187.  
188.     }
189.     */
190.  
191.     system("pause");
192.  
193.     //tcp_ip_parser(pkt_data);
194.     if (pcap_sendpacket(fp, syn_packet1, 62 )!=0){  //packet send!
195.            printf("err in packet send:%s\n",pcap_geterr(fp));
196.     }
197.  
198.     while((res=pcap_next_ex(fp, &header,&pkt_data))>=0){
199.             if (res==0) continue;
200.    
201.         tcp_ip_parser((unsigned char*)pkt_data);
202.  
203.     }
204.  
205.  
206.     return 0;
207. }
208.  
209.  
210. void build_packet(unsigned char* packet){
211.    
212.     struct ether_header  *myeh;
213.     struct ip_header  *myih;
214.     struct tcp_header *myth;
215.  
216.     myeh = (struct ether_header *)packet;  
217.     myih = (struct ip_header *)(packet + 14);
218.     myth = (struct tcp_header*) (packet + 14 + 20);
219.  
220.     //build ethernet header start;
221.  
222.     myeh->ether_dhost.ether_addr_octet[0] = dst_mac[0];
223.     myeh->ether_dhost.ether_addr_octet[1] = dst_mac[1];
224.     myeh->ether_dhost.ether_addr_octet[2] = dst_mac[2];
225.     myeh->ether_dhost.ether_addr_octet[3] = dst_mac[3];
226.     myeh->ether_dhost.ether_addr_octet[4] = dst_mac[4];
227.     myeh->ether_dhost.ether_addr_octet[5] = dst_mac[5];
228.  
229.     myeh->ether_shost.ether_addr_octet[0] = src_mac[0];
230.     myeh->ether_shost.ether_addr_octet[1] = src_mac[1];
231.     myeh->ether_shost.ether_addr_octet[2] = src_mac[2];
232.     myeh->ether_shost.ether_addr_octet[3] = src_mac[3];
233.     myeh->ether_shost.ether_addr_octet[4] = src_mac[4];
234.     myeh->ether_shost.ether_addr_octet[5] = src_mac[5];
235.    
236.     myeh->ether_type = htons(0x0800);
237.  
238.     //build ethernet header end;
239.  
240.     //build ip header start
241.  
242.     myih->ip_header_len=0x5;
243.     myih->ip_version = 0x4;
244.  
245.     myih->ip_tos = 0x0;
246.  
247.     myih->ip_total_length = ntohs(0x34);
248.    
249.     myih->ip_id = htons(0x6e2c);
250.     myih->ip_frag_offset = 0;
251.     myih->ip_more_fragment = 0;
252.     myih->ip_dont_fragment = 1;
253.     myih->ip_reserved_zero =0;
254.     myih->ip_frag_offset1 =0;
255.     myih->ip_ttl = 0x80;
256.     myih->ip_protocol = 0x06;
257. //  myih->ip_checksum = 0;
258.     myih->ip_checksum = in_checksum((unsigned short *)myih, 20);
259.  
260.     myih->ip_srcaddr.S_un.S_addr = inet_addr(src_ip);
261.     myih->ip_destaddr.S_un.S_addr = inet_addr(dest_ip);
262.    
263.     // build ip header end
264.  
265.     myth->source_port = htons(0x1c63);
266.     myth->dest_port = htons(0x1e62);
267.     myth->sequence = htons(0x57e);
268.     myth->acknowledge = htons(0x0);
269.  
270.     myth->ns = 0;
271.     myth->reserved_part1 = 0;
272.     myth->data_offset = 0x08;
273.  
274.     myth->fin = 0;
275.     myth->syn = 1;
276.     myth->rst = 0;
277.     myth->psh = 0;
278.     myth->ack = 0;
279.     myth->urg = 0;
280.     myth->ecn = 0;
281.     myth->cwr = 0;
282.     myth->window = htons(0x2000);
283.     myth->checksum = 0;
284.     myth->urgent_pointer = 0x0;
285. //  myth->checksum= in_checksum((unsigned short *)seudo, sizeof(struct pseudo_header)+20);
286.  
287.     struct pseudo_header  psh;
288.     psh.source_address=inet_addr("165.246.67.216");  // ip of your PC
289.     psh.dest_address=inet_addr("165.246.12.215");
290.     psh.placeholder=0;  // reserved
291.     psh.protocol=6;  // protocol number for tcp
292.     psh.tcp_length=htons(20); // tcp header size. data size is 0: no data for now
293.  
294.     unsigned char *seudo;
295.     seudo = (unsigned char *)malloc(sizeof(struct pseudo_header)+20);
296.     memcpy(seudo, &psh, sizeof(struct pseudo_header));
297.     memcpy(seudo+sizeof(struct pseudo_header), myth, sizeof(struct tcp_header));
298.  
299.     myth->checksum= in_checksum((unsigned short *)seudo, sizeof(struct pseudo_header)+20);
300.  
301. //  printf("\n%x\n",packet[17]);
302.  
303.     int i;
304.     for ( i =1;i <= pkt_length ;i++)
305.     {
306.         printf("%02x ",packet[i-1]);
307.         if ( i % 16 == 0)
308.             printf("\n");
309.  
310.  
311.     }
312.  
313.     printf("\n");
314.  
315.  
316.  
317. }
318.  
319.  
320. unsigned short in_checksum(unsigned short *ptr,int nbytes) {
321.     register long sum;
322.     unsigned short oddbyte;
323.     register short answer;
324.  
325.     sum=0;
326.     while(nbytes>1) {
327.         sum+=*ptr++;
328.         nbytes-=2;
329.     }
330.     if(nbytes==1) {
331.         oddbyte=0;
332.         *((u_char*)&oddbyte)=*(u_char*)ptr;
333.         sum+=oddbyte;
334.     }
335.  
336.     sum = (sum>>16)+(sum & 0xffff);
337.     sum = sum + (sum>>16);
338.     answer=(SHORT)~sum;
339.    
340.     return(answer);
341. }
342.  
343. void tcp_ip_parser(unsigned char *sample_packet)
344. {
345.     struct ether_header  *myeh;
346.     struct ip_header  *myih;
347.     struct tcp_header *myth;
348.  
349.     myeh = (struct ether_header*) sample_packet;
350.     myih = (struct ip_header*)(sample_packet+14);
351.     myth = (struct tcp_header *)(sample_packet + 14 + 20);
352.  
353.     ///////// ethernet parsing //////////
354.  
355.  
356.     printf("dst mac_address = ");
357.     printf("%02x ",myeh->ether_dhost.ether_addr_octet[0]);
358.     printf("%02x ",myeh->ether_dhost.ether_addr_octet[1]);
359.     printf("%02x ",myeh->ether_dhost.ether_addr_octet[2]);
360.     printf("%02x ",myeh->ether_dhost.ether_addr_octet[3]);
361.     printf("%02x ",myeh->ether_dhost.ether_addr_octet[4]);
362.     printf("%02x ",myeh->ether_dhost.ether_addr_octet[5]);
363.  
364.     printf("\n");
365.    
366.     printf("src mac_address = ");
367.     printf("%02x ",myeh->ether_shost.ether_addr_octet[0]);
368.     printf("%02x ",myeh->ether_shost.ether_addr_octet[1]);
369.     printf("%02x ",myeh->ether_shost.ether_addr_octet[2]);
370.     printf("%02x ",myeh->ether_shost.ether_addr_octet[3]);
371.     printf("%02x ",myeh->ether_shost.ether_addr_octet[4]);
372.     printf("%02x ",myeh->ether_shost.ether_addr_octet[5]);
373.    
374.     printf("\n");
375.  
376.     printf("ehter_type = %02x\n",myeh->ether_type);
377.  
378.  
379.     ///////// ethernet parsing //////////
380.  
381.     ///////// ip parsing //////////
382.  
383.  
384. //  printf("%x\n",(unsigned char*)myih+1);
385.  
386.     printf("ip_header_len = %02x\n",(myih->ip_header_len));
387.    
388.     printf("ip_version = %02x\n",myih->ip_version);
389.  
390.     printf("ip_tos = %02x\n",myih->ip_tos);
391.  
392.     printf("ip_total_length = %02x\n",ntohs(myih->ip_total_length));
393.  
394.     pkt_length = ntohs(myih->ip_total_length) + 14;
395.  
396.     printf("ip_ident = %02x\n",ntohs(myih->ip_id));
397.  
398.     printf("ip_frag_offset = %02x\n",myih->ip_frag_offset);
399.  
400.     printf("ip_more_fragment = %02x\n",myih->ip_more_fragment);
401.  
402.     printf("ip_dont_fragment = %02x\n",myih->ip_dont_fragment);
403.  
404.     printf("ip_reserved_zero = %02x\n",myih->ip_reserved_zero);
405.  
406.     printf("ip_frag_offset1 = %02x\n",myih->ip_frag_offset1);
407.  
408.     printf("ip_ttl = %02x\n",myih->ip_ttl);
409.  
410.     printf("ip_protocol = %02x\n",myih->ip_protocol);
411.  
412.     printf("ip_checksum = %02x\n",ntohs(myih->ip_checksum));
413.  
414.     printf("src ip addr = %s\n",inet_ntoa(myih->ip_srcaddr));
415.  
416.     printf("dst ip addr = %s\n",inet_ntoa(myih->ip_destaddr));
417.  
418.  
419.     ///////// ip parsing //////////
420.  
421.     ////////// tcp parsing ////////////
422.  
423.     printf("tcp sorce_port = %02x\n",ntohs(myth->source_port));
424.  
425.     printf("tcp dest_port = %02x\n",ntohs(myth->dest_port));
426.  
427.     printf("tcp sequence = %02x\n",ntohs(myth->sequence));
428.  
429.     printf("tcp acknowledge = %02x\n",ntohs(myth->acknowledge));
430.  
431.     printf("tcp ns bit = %02x\n",myth->ns);
432.  
433.     printf("tcp reserved_part1 = %02x\n",myth->reserved_part1);
434.  
435.     printf("tcp data_offset = %02x\n",myth->data_offset);
436.  
437.     printf("tcp fin = %02x\n",myth->fin);
438.  
439.     printf("tcp syn = %02x\n",myth->syn);
440.  
441.     printf("tcp rst = %02x\n",myth->rst);
442.  
443.     printf("tcp psh = %02x\n",myth->psh);
444.  
445.     printf("tcp ack = %02x\n",myth->ack);
446.  
447.     printf("tcp urg = %02x\n",myth->urg);
448.  
449.     printf("tcp ecn = %02x\n",myth->ecn);
450.  
451.     printf("tcp cwr = %02x\n",myth->cwr);
452.  
453.     printf("tcp window = %02x\n",ntohs(myth->window));
454.  
455.     printf("tcp checksum = %02x\n",ntohs(myth->checksum));
456.  
457.     printf("tcp urgent_pointer = %02x\n",ntohs(myth->urgent_pointer));
458.    
459.     printf("==============================================\n");
460.    
461.     printf("pkt total length = %d\n",pkt_length);
462.    
463.     printf("==============================================\n");
464.     ////////// tcp parsing ////////////
465.    
466. }
467.  
468. void capture_syn_packet(unsigned char *syn_packet, const unsigned char *src)
469. {
470.     FILE *fp;
471.  
472.     fp = fopen("syn_packet.txt","w");
473.     if ( fp == NULL )
474.         return;
475.     int i;
476.  
477.     for ( i =0;i < pkt_length; i++)
478.     {
479.         syn_packet[i] = src[i];
480.     }
481.  
482.  
483.     printf("=========captured first syn packet! st ============\n");
484.     for ( i =1;i <= pkt_length; i++)
485.     {
486.         printf("%02x ",syn_packet[i-1]);
487.         fprintf(fp, "\\x%02x",syn_packet[i-1]);
488.         if ( i % 16 == 0){
489.             printf("\n");
490.             fprintf(fp,"\n");
491.         }
492.  
493.        
494.     }
495.     printf("\n=========captured first syn packet! ed ============\n");
496.  
497.     fclose (fp);
498. }