LulZBoT (qbot) WITH SNIFFER SERVER

1. #include<stdio.h>   //For standard things
2. #include<stdlib.h>  //malloc
3. #include<string.h>  //memset
4. #include<netinet/ip_icmp.h> //Provides declarations for icmp header
5. #include<netinet/udp.h> //Provides declarations for udp header
6. #include<netinet/tcp.h> //Provides declarations for tcp header
7. #include<netinet/ip.h>  //Provides declarations for ip header
8. #include<sys/socket.h>
9. #include<arpa/inet.h>
10.  
11. void ProcessPacket(unsigned char* , int);
12. void print_ip_header(unsigned char* , int);
13. void print_tcp_packet(unsigned char* , int);
14. void print_udp_packet(unsigned char * , int);
15. void print_icmp_packet(unsigned char* , int);
16. void PrintData (unsigned char* , int);
17.  
18. int sock_raw;
19. FILE *logfile;
20. int tcp=0,udp=0,icmp=0,others=0,igmp=0,total=0,i,j;
21. struct sockaddr_in source,dest;
22.  
23. int main()
24. {
25.     int saddr_size , data_size;
26.     struct sockaddr saddr;
27.     struct in_addr in;
28.    
29.     unsigned char *buffer = (unsigned char *)malloc(65536); //Its Big!
30.    
31.     logfile=fopen("log.txt","w");
32.     if(logfile==NULL) printf("Unable to create file.");
33.     printf("Starting...\n");
34.     //Create a raw socket that shall sniff
35.     sock_raw = socket(AF_INET , SOCK_RAW , IPPROTO_TCP);
36.     if(sock_raw < 0)
37.     {
38.         printf("Socket Error\n");
39.         return 1;
40.     }
41.     while(1)
42.     {
43.         saddr_size = sizeof saddr;
44.         //Receive a packet
45.         data_size = recvfrom(sock_raw , buffer , 65536 , 0 , &saddr , &saddr_size);
46.         if(data_size <0 )
47.         {
48.             printf("Recvfrom error , failed to get packets\n");
49.             return 1;
50.         }
51.         //Now process the packet
52.         ProcessPacket(buffer , data_size);
53.     }
54.     close(sock_raw);
55.     printf("Finished");
56.     return 0;
57. }
58.  
59. void ProcessPacket(unsigned char* buffer, int size)
60. {
61.     //Get the IP Header part of this packet
62.     struct iphdr *iph = (struct iphdr*)buffer;
63.     ++total;
64.     switch (iph->protocol) //Check the Protocol and do accordingly...
65.     {
66.         case 1:  //ICMP Protocol
67.             ++icmp;
68.             //PrintIcmpPacket(Buffer,Size);
69.             break;
70.        
71.         case 2:  //IGMP Protocol
72.             ++igmp;
73.             break;
74.        
75.         case 6:  //TCP Protocol
76.             ++tcp;
77.             if(
78.             print_tcp_packet(buffer , size);
79.             break;
80.        
81.         case 17: //UDP Protocol
82.             ++udp;
83.             print_udp_packet(buffer , size);
84.             break;
85.        
86.         default: //Some Other Protocol like ARP etc.
87.             ++others;
88.             break;
89.     }
90.     printf("TCP : %d   UDP : %d   ICMP : %d   IGMP : %d   Others : %d   Total : %d\r",tcp,udp,icmp,igmp,others,total);
91. }
92.  
93. void print_ip_header(unsigned char* Buffer, int Size)
94. {
95.     unsigned short iphdrlen;
96.        
97.     struct iphdr *iph = (struct iphdr *)Buffer;
98.     iphdrlen =iph->ihl*4;
99.    
100.     memset(&source, 0, sizeof(source));
101.     source.sin_addr.s_addr = iph->saddr;
102.    
103.     memset(&dest, 0, sizeof(dest));
104.     dest.sin_addr.s_addr = iph->daddr;
105.    
106.     fprintf(logfile,"\n");
107.     fprintf(logfile,"IP Header\n");
108.     fprintf(logfile,"   |-IP Version        : %d\n",(unsigned int)iph->version);
109.     fprintf(logfile,"   |-IP Header Length  : %d DWORDS or %d Bytes\n",(unsigned int)iph->ihl,((unsigned int)(iph->ihl))*4);
110.     fprintf(logfile,"   |-Type Of Service   : %d\n",(unsigned int)iph->tos);
111.     fprintf(logfile,"   |-IP Total Length   : %d  Bytes(Size of Packet)\n",ntohs(iph->tot_len));
112.     fprintf(logfile,"   |-Identification    : %d\n",ntohs(iph->id));
113.     //fprintf(logfile,"   |-Reserved ZERO Field   : %d\n",(unsigned int)iphdr->ip_reserved_zero);
114.     //fprintf(logfile,"   |-Dont Fragment Field   : %d\n",(unsigned int)iphdr->ip_dont_fragment);
115.     //fprintf(logfile,"   |-More Fragment Field   : %d\n",(unsigned int)iphdr->ip_more_fragment);
116.     fprintf(logfile,"   |-TTL      : %d\n",(unsigned int)iph->ttl);
117.     fprintf(logfile,"   |-Protocol : %d\n",(unsigned int)iph->protocol);
118.     fprintf(logfile,"   |-Checksum : %d\n",ntohs(iph->check));
119.     fprintf(logfile,"   |-Source IP        : %s\n",inet_ntoa(source.sin_addr));
120.     fprintf(logfile,"   |-Destination IP   : %s\n",inet_ntoa(dest.sin_addr));
121. }
122.  
123. void print_tcp_packet(unsigned char* Buffer, int Size)
124. {
125.     unsigned short iphdrlen;
126.    
127.     struct iphdr *iph = (struct iphdr *)Buffer;
128.     iphdrlen = iph->ihl*4;
129.    
130.     struct tcphdr *tcph=(struct tcphdr*)(Buffer + iphdrlen);
131.            
132.     fprintf(logfile,"\n\n***********************TCP Packet*************************\n");   
133.        
134.     print_ip_header(Buffer,Size);
135.        
136.     fprintf(logfile,"\n");
137.     fprintf(logfile,"TCP Header\n");
138.     fprintf(logfile,"   |-Source Port      : %u\n",ntohs(tcph->source));
139.     fprintf(logfile,"   |-Destination Port : %u\n",ntohs(tcph->dest));
140.     fprintf(logfile,"   |-Sequence Number    : %u\n",ntohl(tcph->seq));
141.     fprintf(logfile,"   |-Acknowledge Number : %u\n",ntohl(tcph->ack_seq));
142.     fprintf(logfile,"   |-Header Length      : %d DWORDS or %d BYTES\n" ,(unsigned int)tcph->doff,(unsigned int)tcph->doff*4);
143.     //fprintf(logfile,"   |-CWR Flag : %d\n",(unsigned int)tcph->cwr);
144.     //fprintf(logfile,"   |-ECN Flag : %d\n",(unsigned int)tcph->ece);
145.     fprintf(logfile,"   |-Urgent Flag          : %d\n",(unsigned int)tcph->urg);
146.     fprintf(logfile,"   |-Acknowledgement Flag : %d\n",(unsigned int)tcph->ack);
147.     fprintf(logfile,"   |-Push Flag            : %d\n",(unsigned int)tcph->psh);
148.     fprintf(logfile,"   |-Reset Flag           : %d\n",(unsigned int)tcph->rst);
149.     fprintf(logfile,"   |-Synchronise Flag     : %d\n",(unsigned int)tcph->syn);
150.     fprintf(logfile,"   |-Finish Flag          : %d\n",(unsigned int)tcph->fin);
151.     fprintf(logfile,"   |-Window         : %d\n",ntohs(tcph->window));
152.     fprintf(logfile,"   |-Checksum       : %d\n",ntohs(tcph->check));
153.     fprintf(logfile,"   |-Urgent Pointer : %d\n",tcph->urg_ptr);
154.     fprintf(logfile,"\n");
155.     fprintf(logfile,"                        DATA Dump                         ");
156.     fprintf(logfile,"\n");
157.        
158.     fprintf(logfile,"IP Header\n");
159.     PrintData(Buffer,iphdrlen);
160.        
161.     fprintf(logfile,"TCP Header\n");
162.     PrintData(Buffer+iphdrlen,tcph->doff*4);
163.        
164.     fprintf(logfile,"Data Payload\n"); 
165.     PrintData(Buffer + iphdrlen + tcph->doff*4 , (Size - tcph->doff*4-iph->ihl*4) );
166.                        
167.     fprintf(logfile,"\n###########################################################");
168. }
169.  
170. void print_udp_packet(unsigned char *Buffer , int Size)
171. {
172.    
173.     unsigned short iphdrlen;
174.    
175.     struct iphdr *iph = (struct iphdr *)Buffer;
176.     iphdrlen = iph->ihl*4;
177.    
178.     struct udphdr *udph = (struct udphdr*)(Buffer + iphdrlen);
179.    
180.     fprintf(logfile,"\n\n***********************UDP Packet*************************\n");
181.    
182.     print_ip_header(Buffer,Size);          
183.    
184.     fprintf(logfile,"\nUDP Header\n");
185.     fprintf(logfile,"   |-Source Port      : %d\n" , ntohs(udph->source));
186.     fprintf(logfile,"   |-Destination Port : %d\n" , ntohs(udph->dest));
187.     fprintf(logfile,"   |-UDP Length       : %d\n" , ntohs(udph->len));
188.     fprintf(logfile,"   |-UDP Checksum     : %d\n" , ntohs(udph->check));
189.    
190.     fprintf(logfile,"\n");
191.     fprintf(logfile,"IP Header\n");
192.     PrintData(Buffer , iphdrlen);
193.        
194.     fprintf(logfile,"UDP Header\n");
195.     PrintData(Buffer+iphdrlen , sizeof udph);
196.        
197.     fprintf(logfile,"Data Payload\n"); 
198.     PrintData(Buffer + iphdrlen + sizeof udph ,( Size - sizeof udph - iph->ihl * 4 ));
199.    
200.     fprintf(logfile,"\n###########################################################");
201. }
202.  
203. void print_icmp_packet(unsigned char* Buffer , int Size)
204. {
205.     unsigned short iphdrlen;
206.    
207.     struct iphdr *iph = (struct iphdr *)Buffer;
208.     iphdrlen = iph->ihl*4;
209.    
210.     struct icmphdr *icmph = (struct icmphdr *)(Buffer + iphdrlen);
211.            
212.     fprintf(logfile,"\n\n***********************ICMP Packet*************************\n");  
213.    
214.     print_ip_header(Buffer , Size);
215.            
216.     fprintf(logfile,"\n");
217.        
218.     fprintf(logfile,"ICMP Header\n");
219.     fprintf(logfile,"   |-Type : %d",(unsigned int)(icmph->type));
220.            
221.     if((unsigned int)(icmph->type) == 11)
222.         fprintf(logfile,"  (TTL Expired)\n");
223.     else if((unsigned int)(icmph->type) == ICMP_ECHOREPLY)
224.         fprintf(logfile,"  (ICMP Echo Reply)\n");
225.     fprintf(logfile,"   |-Code : %d\n",(unsigned int)(icmph->code));
226.     fprintf(logfile,"   |-Checksum : %d\n",ntohs(icmph->checksum));
227.     //fprintf(logfile,"   |-ID       : %d\n",ntohs(icmph->id));
228.     //fprintf(logfile,"   |-Sequence : %d\n",ntohs(icmph->sequence));
229.     fprintf(logfile,"\n");
230.  
231.     fprintf(logfile,"IP Header\n");
232.     PrintData(Buffer,iphdrlen);
233.        
234.     fprintf(logfile,"UDP Header\n");
235.     PrintData(Buffer + iphdrlen , sizeof icmph);
236.        
237.     fprintf(logfile,"Data Payload\n"); 
238.     PrintData(Buffer + iphdrlen + sizeof icmph , (Size - sizeof icmph - iph->ihl * 4));
239.    
240.     fprintf(logfile,"\n###########################################################");
241. }
242.  
243. void PrintData (unsigned char* data , int Size)
244. {
245.    
246.     for(i=0 ; i < Size ; i++)
247.     {
248.         if( i!=0 && i%16==0)   //if one line of hex printing is complete...
249.         {
250.             fprintf(logfile,"         ");
251.             for(j=i-16 ; j<i ; j++)
252.             {
253.                 if(data[j]>=32 && data[j]<=128)
254.                     fprintf(logfile,"%c",(unsigned char)data[j]); //if its a number or alphabet
255.                
256.                 else fprintf(logfile,"."); //otherwise print a dot
257.             }
258.             fprintf(logfile,"\n");
259.         }
260.        
261.         if(i%16==0) fprintf(logfile,"   ");
262.             fprintf(logfile," %02X",(unsigned int)data[i]);
263.                
264.         if( i==Size-1)  //print the last spaces
265.         {
266.             for(j=0;j<15-i%16;j++) fprintf(logfile,"   "); //extra spaces
267.            
268.             fprintf(logfile,"         ");
269.            
270.             for(j=i-i%16 ; j<=i ; j++)
271.             {
272.                 if(data[j]>=32 && data[j]<=128) fprintf(logfile,"%c",(unsigned char)data[j]);
273.                 else fprintf(logfile,".");
274.             }
275.             fprintf(logfile,"\n");
276.         }
277.     }
278. }