API tools faq
paste
Guest User

Untitled

a guest
Oct 17th, 2015
223
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.66 KB | None | 0 0
raw download clone embed print report
  1.  
  2. /*
  3. Simple Sniffer in winsock
  4. Author : Silver Moon ( [email protected] )
  5. */
  6.  
  7. #include "stdio.h"
  8. #include "winsock2.h"
  9.  
  10. #pragma comment(lib,"ws2_32.lib") //For winsock
  11.  
  12. #define SIO_RCVALL _WSAIOW(IOC_VENDOR,1) //this removes the need of mstcpip.h
  13.  
  14. void StartSniffing (SOCKET Sock); //This will sniff here and there
  15.  
  16. void ProcessPacket (char* , int); //This will decide how to digest
  17. void PrintIpHeader (char*);
  18. void PrintIcmpPacket (char* , int);
  19. void PrintUdpPacket (char* , int);
  20. void PrintTcpPacket (char* , int);
  21. void ConvertToHex (char* , unsigned int);
  22. void PrintData (char* , int);
  23.  
  24. typedef struct ip_hdr
  25. {
  26. unsigned char ip_header_len:4; // 4-bit header length (in 32-bit words) normally=5 (Means 20 Bytes may be 24 also)
  27. unsigned char ip_version :4; // 4-bit IPv4 version
  28. unsigned char ip_tos; // IP type of service
  29. unsigned short ip_total_length; // Total length
  30. unsigned short ip_id; // Unique identifier
  31.  
  32. unsigned char ip_frag_offset :5; // Fragment offset field
  33.  
  34. unsigned char ip_more_fragment :1;
  35. unsigned char ip_dont_fragment :1;
  36. unsigned char ip_reserved_zero :1;
  37.  
  38. unsigned char ip_frag_offset1; //fragment offset
  39.  
  40. unsigned char ip_ttl; // Time to live
  41. unsigned char ip_protocol; // Protocol(TCP,UDP etc)
  42. unsigned short ip_checksum; // IP checksum
  43. unsigned int ip_srcaddr; // Source address
  44. unsigned int ip_destaddr; // Source address
  45. } IPV4_HDR;
  46.  
  47. typedef struct udp_hdr
  48. {
  49. unsigned short source_port; // Source port no.
  50. unsigned short dest_port; // Dest. port no.
  51. unsigned short udp_length; // Udp packet length
  52. unsigned short udp_checksum; // Udp checksum (optional)
  53. } UDP_HDR;
  54.  
  55. // TCP header
  56. typedef struct tcp_header
  57. {
  58. unsigned short source_port; // source port
  59. unsigned short dest_port; // destination port
  60. unsigned int sequence; // sequence number - 32 bits
  61. unsigned int acknowledge; // acknowledgement number - 32 bits
  62.  
  63. unsigned char ns :1; //Nonce Sum Flag Added in RFC 3540.
  64. unsigned char reserved_part1:3; //according to rfc
  65. unsigned char data_offset:4; /*The number of 32-bit words in the TCP header.
  66. This indicates where the data begins.
  67. The length of the TCP header is always a multiple
  68. of 32 bits.*/
  69.  
  70. unsigned char fin :1; //Finish Flag
  71. unsigned char syn :1; //Synchronise Flag
  72. unsigned char rst :1; //Reset Flag
  73. unsigned char psh :1; //Push Flag
  74. unsigned char ack :1; //Acknowledgement Flag
  75. unsigned char urg :1; //Urgent Flag
  76.  
  77. unsigned char ecn :1; //ECN-Echo Flag
  78. unsigned char cwr :1; //Congestion Window Reduced Flag
  79.  
  80. ////////////////////////////////
  81.  
  82. unsigned short window; // window
  83. unsigned short checksum; // checksum
  84. unsigned short urgent_pointer; // urgent pointer
  85. } TCP_HDR;
  86.  
  87. typedef struct icmp_hdr
  88. {
  89. BYTE type; // ICMP Error type
  90. BYTE code; // Type sub code
  91. USHORT checksum;
  92. USHORT id;
  93. USHORT seq;
  94. } ICMP_HDR;
  95.  
  96. FILE *logfile;
  97. int tcp=0,udp=0,icmp=0,others=0,igmp=0,total=0,i,j;
  98. struct sockaddr_in source,dest;
  99. char hex[2];
  100.  
  101. //Its free!
  102. IPV4_HDR *iphdr;
  103. TCP_HDR *tcpheader;
  104. UDP_HDR *udpheader;
  105. ICMP_HDR *icmpheader;
  106.  
  107. int main()
  108. {
  109. SOCKET sniffer;
  110. struct in_addr addr;
  111. int in;
  112.  
  113. char hostname[100];
  114. struct hostent *local;
  115. WSADATA wsa;
  116.  
  117. logfile=fopen("log.txt","w");
  118. if(logfile == NULL)
  119. {
  120. printf("Unable to create file.");
  121. }
  122.  
  123. //Initialise Winsock
  124. printf("\nInitialising Winsock...");
  125. if (WSAStartup(MAKEWORD(2,2), &wsa) != 0)
  126. {
  127. printf("WSAStartup() failed.\n");
  128. return 1;
  129. }
  130. printf("Initialised");
  131.  
  132. //Create a RAW Socket
  133. printf("\nCreating RAW Socket...");
  134. sniffer = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
  135. if (sniffer == INVALID_SOCKET)
  136. {
  137. printf("Failed to create raw socket.\n");
  138. return 1;
  139. }
  140. printf("Created.");
  141.  
  142. //Retrive the local hostname
  143. if (gethostname(hostname, sizeof(hostname)) == SOCKET_ERROR)
  144. {
  145. printf("Error : %d",WSAGetLastError());
  146. return 1;
  147. }
  148. printf("\nHost name : %s \n",hostname);
  149.  
  150. //Retrive the available IPs of the local host
  151. local = gethostbyname(hostname);
  152. printf("\nAvailable Network Interfaces : \n");
  153. if (local == NULL)
  154. {
  155. printf("Error : %d.\n",WSAGetLastError());
  156. return 1;
  157. }
  158.  
  159. for (i = 0; local->h_addr_list[i] != 0; ++i)
  160. {
  161. memcpy(&addr, local->h_addr_list[i], sizeof(struct in_addr));
  162. printf("Interface Number : %d Address : %s\n",i,inet_ntoa(addr));
  163. }
  164.  
  165. printf("Enter the interface number you would like to sniff : ");
  166. scanf("%d",&in);
  167.  
  168. memset(&dest, 0, sizeof(dest));
  169. memcpy(&dest.sin_addr.s_addr,local->h_addr_list[in],sizeof(dest.sin_addr.s_addr));
  170. dest.sin_family = AF_INET;
  171. dest.sin_port = 0;
  172.  
  173. printf("\nBinding socket to local system and port 0 ...");
  174. if (bind(sniffer,(struct sockaddr *)&dest,sizeof(dest)) == SOCKET_ERROR)
  175. {
  176. printf("bind(%s) failed.\n", inet_ntoa(addr));
  177. return 1;
  178. }
  179. printf("Binding successful");
  180.  
  181. //Enable this socket with the power to sniff : SIO_RCVALL is the key Receive ALL ;)
  182.  
  183. j=1;
  184. printf("\nSetting socket to sniff...");
  185. if (WSAIoctl(sniffer, SIO_RCVALL, &j, sizeof(j), 0, 0, (LPDWORD) &in , 0 , 0) == SOCKET_ERROR)
  186. {
  187. printf("WSAIoctl() failed.\n");
  188. return 1;
  189. }
  190. printf("Socket set.");
  191.  
  192. //Begin
  193. printf("\nStarted Sniffing\n");
  194. printf("Packet Capture Statistics...\n");
  195. StartSniffing(sniffer); //Happy Sniffing
  196.  
  197. //End
  198. closesocket(sniffer);
  199. WSACleanup();
  200.  
  201. return 0;
  202. }
  203.  
  204. void StartSniffing(SOCKET sniffer)
  205. {
  206. char *Buffer = (char *)malloc(65536); //Its Big!
  207. int mangobyte;
  208.  
  209. if (Buffer == NULL)
  210. {
  211. printf("malloc() failed.\n");
  212. return;
  213. }
  214.  
  215. do
  216. {
  217. mangobyte = recvfrom(sniffer , Buffer , 65536 , 0 , 0 , 0); //Eat as much as u can
  218.  
  219. if(mangobyte > 0)
  220. {
  221. ProcessPacket(Buffer, mangobyte);
  222. }
  223. else
  224. {
  225. printf( "recvfrom() failed.\n");
  226. }
  227. }
  228. while (mangobyte > 0);
  229.  
  230. free(Buffer);
  231. }
  232.  
  233. void ProcessPacket(char* Buffer, int Size)
  234. {
  235. iphdr = (IPV4_HDR *)Buffer;
  236. ++total;
  237.  
  238. switch (iphdr->ip_protocol) //Check the Protocol and do accordingly...
  239. {
  240. case 1: //ICMP Protocol
  241. ++icmp;
  242. PrintIcmpPacket(Buffer,Size);
  243. break;
  244.  
  245. case 2: //IGMP Protocol
  246. ++igmp;
  247. break;
  248.  
  249. case 6: //TCP Protocol
  250. ++tcp;
  251. PrintTcpPacket(Buffer,Size);
  252. break;
  253.  
  254. case 17: //UDP Protocol
  255. ++udp;
  256. PrintUdpPacket(Buffer,Size);
  257. break;
  258.  
  259. default: //Some Other Protocol like ARP etc.
  260. ++others;
  261. break;
  262. }
  263. printf("TCP : %d UDP : %d ICMP : %d IGMP : %d Others : %d Total : %d\r",tcp,udp,icmp,igmp,others,total);
  264. }
  265.  
  266. void PrintIpHeader (char* Buffer )
  267. {
  268. unsigned short iphdrlen;
  269.  
  270. iphdr = (IPV4_HDR *)Buffer;
  271. iphdrlen = iphdr->ip_header_len*4;
  272.  
  273. memset(&source, 0, sizeof(source));
  274. source.sin_addr.s_addr = iphdr->ip_srcaddr;
  275.  
  276. memset(&dest, 0, sizeof(dest));
  277. dest.sin_addr.s_addr = iphdr->ip_destaddr;
  278.  
  279. fprintf(logfile,"\n");
  280. fprintf(logfile,"IP Header\n");
  281. fprintf(logfile," |-IP Version : %d\n",(unsigned int)iphdr->ip_version);
  282. fprintf(logfile," |-IP Header Length : %d DWORDS or %d Bytes\n",(unsigned int)iphdr->ip_header_len,((unsigned int)(iphdr->ip_header_len))*4);
  283. fprintf(logfile," |-Type Of Service : %d\n",(unsigned int)iphdr->ip_tos);
  284. fprintf(logfile," |-IP Total Length : %d Bytes(Size of Packet)\n",ntohs(iphdr->ip_total_length));
  285. fprintf(logfile," |-Identification : %d\n",ntohs(iphdr->ip_id));
  286. fprintf(logfile," |-Reserved ZERO Field : %d\n",(unsigned int)iphdr->ip_reserved_zero);
  287. fprintf(logfile," |-Dont Fragment Field : %d\n",(unsigned int)iphdr->ip_dont_fragment);
  288. fprintf(logfile," |-More Fragment Field : %d\n",(unsigned int)iphdr->ip_more_fragment);
  289. fprintf(logfile," |-TTL : %d\n",(unsigned int)iphdr->ip_ttl);
  290. fprintf(logfile," |-Protocol : %d\n",(unsigned int)iphdr->ip_protocol);
  291. fprintf(logfile," |-Checksum : %d\n",ntohs(iphdr->ip_checksum));
  292. fprintf(logfile," |-Source IP : %s\n",inet_ntoa(source.sin_addr));
  293. fprintf(logfile," |-Destination IP : %s\n",inet_ntoa(dest.sin_addr));
  294. }
  295.  
  296. void PrintTcpPacket(char* Buffer, int Size)
  297. {
  298. unsigned short iphdrlen;
  299.  
  300. iphdr = (IPV4_HDR *)Buffer;
  301. iphdrlen = iphdr->ip_header_len*4;
  302.  
  303. tcpheader=(TCP_HDR*)(Buffer+iphdrlen);
  304.  
  305. fprintf(logfile,"\n\n***********************TCP Packet*************************\n");
  306.  
  307. PrintIpHeader( Buffer );
  308.  
  309. fprintf(logfile,"\n");
  310. fprintf(logfile,"TCP Header\n");
  311. fprintf(logfile," |-Source Port : %u\n",ntohs(tcpheader->source_port));
  312. fprintf(logfile," |-Destination Port : %u\n",ntohs(tcpheader->dest_port));
  313. fprintf(logfile," |-Sequence Number : %u\n",ntohl(tcpheader->sequence));
  314. fprintf(logfile," |-Acknowledge Number : %u\n",ntohl(tcpheader->acknowledge));
  315. fprintf(logfile," |-Header Length : %d DWORDS or %d BYTES\n"
  316. ,(unsigned int)tcpheader->data_offset,(unsigned int)tcpheader->data_offset*4);
  317. fprintf(logfile," |-CWR Flag : %d\n",(unsigned int)tcpheader->cwr);
  318. fprintf(logfile," |-ECN Flag : %d\n",(unsigned int)tcpheader->ecn);
  319. fprintf(logfile," |-Urgent Flag : %d\n",(unsigned int)tcpheader->urg);
  320. fprintf(logfile," |-Acknowledgement Flag : %d\n",(unsigned int)tcpheader->ack);
  321. fprintf(logfile," |-Push Flag : %d\n",(unsigned int)tcpheader->psh);
  322. fprintf(logfile," |-Reset Flag : %d\n",(unsigned int)tcpheader->rst);
  323. fprintf(logfile," |-Synchronise Flag : %d\n",(unsigned int)tcpheader->syn);
  324. fprintf(logfile," |-Finish Flag : %d\n",(unsigned int)tcpheader->fin);
  325. fprintf(logfile," |-Window : %d\n",ntohs(tcpheader->window));
  326. fprintf(logfile," |-Checksum : %d\n",ntohs(tcpheader->checksum));
  327. fprintf(logfile," |-Urgent Pointer : %d\n",tcpheader->urgent_pointer);
  328. fprintf(logfile,"\n");
  329. fprintf(logfile," DATA Dump ");
  330. fprintf(logfile,"\n");
  331.  
  332. fprintf(logfile,"IP Header\n");
  333. PrintData(Buffer,iphdrlen);
  334.  
  335. fprintf(logfile,"TCP Header\n");
  336. PrintData(Buffer+iphdrlen,tcpheader->data_offset*4);
  337.  
  338. fprintf(logfile,"Data Payload\n");
  339. PrintData(Buffer+iphdrlen+tcpheader->data_offset*4
  340. ,(Size-tcpheader->data_offset*4-iphdr->ip_header_len*4));
  341.  
  342. fprintf(logfile,"\n###########################################################");
  343. }
  344.  
  345. void PrintUdpPacket(char *Buffer,int Size)
  346. {
  347. unsigned short iphdrlen;
  348.  
  349. iphdr = (IPV4_HDR *)Buffer;
  350. iphdrlen = iphdr->ip_header_len*4;
  351.  
  352. udpheader = (UDP_HDR *)(Buffer + iphdrlen);
  353.  
  354. fprintf(logfile,"\n\n***********************UDP Packet*************************\n");
  355.  
  356. PrintIpHeader(Buffer);
  357.  
  358. fprintf(logfile,"\nUDP Header\n");
  359. fprintf(logfile," |-Source Port : %d\n",ntohs(udpheader->source_port));
  360. fprintf(logfile," |-Destination Port : %d\n",ntohs(udpheader->dest_port));
  361. fprintf(logfile," |-UDP Length : %d\n",ntohs(udpheader->udp_length));
  362. fprintf(logfile," |-UDP Checksum : %d\n",ntohs(udpheader->udp_checksum));
  363.  
  364. fprintf(logfile,"\n");
  365. fprintf(logfile,"IP Header\n");
  366.  
  367. PrintData(Buffer,iphdrlen);
  368.  
  369. fprintf(logfile,"UDP Header\n");
  370.  
  371. PrintData(Buffer+iphdrlen,sizeof(UDP_HDR));
  372.  
  373. fprintf(logfile,"Data Payload\n");
  374.  
  375. PrintData(Buffer+iphdrlen+sizeof(UDP_HDR) ,(Size - sizeof(UDP_HDR) - iphdr->ip_header_len*4));
  376.  
  377. fprintf(logfile,"\n###########################################################");
  378. }
  379.  
  380. void PrintIcmpPacket(char* Buffer , int Size)
  381. {
  382. unsigned short iphdrlen;
  383.  
  384. iphdr = (IPV4_HDR *)Buffer;
  385. iphdrlen = iphdr->ip_header_len*4;
  386.  
  387. icmpheader=(ICMP_HDR*)(Buffer+iphdrlen);
  388.  
  389. fprintf(logfile,"\n\n***********************ICMP Packet*************************\n");
  390. PrintIpHeader(Buffer);
  391.  
  392. fprintf(logfile,"\n");
  393.  
  394. fprintf(logfile,"ICMP Header\n");
  395. fprintf(logfile," |-Type : %d",(unsigned int)(icmpheader->type));
  396.  
  397. if((unsigned int)(icmpheader->type)==11)
  398. {
  399. fprintf(logfile," (TTL Expired)\n");
  400. }
  401. else if((unsigned int)(icmpheader->type)==0)
  402. {
  403. fprintf(logfile," (ICMP Echo Reply)\n");
  404. }
  405.  
  406. fprintf(logfile," |-Code : %d\n",(unsigned int)(icmpheader->code));
  407. fprintf(logfile," |-Checksum : %d\n",ntohs(icmpheader->checksum));
  408. fprintf(logfile," |-ID : %d\n",ntohs(icmpheader->id));
  409. fprintf(logfile," |-Sequence : %d\n",ntohs(icmpheader->seq));
  410. fprintf(logfile,"\n");
  411.  
  412. fprintf(logfile,"IP Header\n");
  413. PrintData(Buffer,iphdrlen);
  414.  
  415. fprintf(logfile,"UDP Header\n");
  416. PrintData(Buffer+iphdrlen,sizeof(ICMP_HDR));
  417.  
  418. fprintf(logfile,"Data Payload\n");
  419. PrintData(Buffer+iphdrlen+sizeof(ICMP_HDR) , (Size - sizeof(ICMP_HDR) - iphdr->ip_header_len*4));
  420.  
  421. fprintf(logfile,"\n###########################################################");
  422. }
  423.  
  424. /*
  425. Print the hex values of the data
  426. */
  427. void PrintData (char* data , int Size)
  428. {
  429. char a , line[17] , c;
  430. int j;
  431.  
  432. //loop over each character and print
  433. for(i=0 ; i < Size ; i++)
  434. {
  435. c = data[i];
  436.  
  437. //Print the hex value for every character , with a space. Important to make unsigned
  438. fprintf(logfile," %.2x", (unsigned char) c);
  439.  
  440. //Add the character to data line. Important to make unsigned
  441. a = ( c >=32 && c <=128) ? (unsigned char) c : '.';
  442.  
  443. line[i%16] = a;
  444.  
  445. //if last character of a line , then print the line - 16 characters in 1 line
  446. if( (i!=0 && (i+1)%16==0) || i == Size - 1)
  447. {
  448. line[i%16 + 1] = '\0';
  449.  
  450. //print a big gap of 10 characters between hex and characters
  451. fprintf(logfile ," ");
  452.  
  453. //Print additional spaces for last lines which might be less than 16 characters in length
  454. for( j = strlen(line) ; j < 16; j++)
  455. {
  456. fprintf(logfile , " ");
  457. }
  458.  
  459. fprintf(logfile , "%s \n" , line);
  460. }
  461. }
  462.  
  463. fprintf(logfile , "\n");
  464. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!