API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 25th, 2019
72
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.54 KB | None | 0 0
raw download clone embed print report
  1. // #include <Python.h>
  2.  
  3. #include <pcap.h>
  4. #include <pcap/pcap.h>
  5. #include <stdio.h>
  6. #include <sys/types.h>
  7. #include <sys/socket.h>
  8. #include <arpa/inet.h>
  9. #include <netpacket/packet.h>
  10. #include <net/ethernet.h> /* the L2 protocols */
  11. #include <net/if.h>
  12. #include <netdb.h>
  13. #include <strings.h>
  14. #include <stdio.h>
  15. #include <string.h>
  16. #include <stdlib.h>
  17. #include <netinet/in.h> /* sockaddr_in{} and other Internet defns */
  18. #include <netinet/udp.h>
  19. #include <netinet/ip.h>
  20. #include <ctype.h>
  21. #include <sys/types.h>
  22. #include <sys/socket.h>
  23. #include <arpa/inet.h>
  24. #include <sys/ioctl.h>
  25.  
  26. #define SNAP_LEN 100
  27.  
  28. char *dev; /* The device to sniff on */
  29.  
  30. int tcp=0;
  31. int udp=0;
  32. int icmp=0;
  33. int ip=0;
  34. int ip4=0;
  35. int ip6 = 0;
  36. int unknown=0;
  37. int sctp=0;
  38. int tcp_sum_len = 0;
  39. int udp_sum_len = 0;
  40. int icmp_sum_len = 0;
  41.  
  42.  
  43.  
  44. int cols = 80;
  45. int lines = 24;
  46.  
  47. const char *_inet_ntop( struct sockaddr *pcliaddr, char *str, int len)
  48. {
  49. struct sockaddr_in6* cliaddr;
  50. struct sockaddr_in* cliaddrv4;
  51.  
  52. if(pcliaddr == NULL)
  53. return NULL;
  54.  
  55. if( pcliaddr->sa_family == AF_INET6 ){
  56. cliaddr = (struct sockaddr_in6*) pcliaddr;
  57. return inet_ntop(AF_INET6, (struct sockaddr *) &cliaddr->sin6_addr, str, len);
  58. }
  59. else{
  60. cliaddrv4 = (struct sockaddr_in*) pcliaddr;
  61. return inet_ntop(AF_INET, (struct sockaddr *) &cliaddrv4->sin_addr, str, len);
  62. }
  63. }
  64.  
  65. int analyse(const u_char* buff, struct pcap_pkthdr header)
  66. {
  67. // u_char out[2048];
  68. // char buf[100];
  69.  
  70. int n = header.len;
  71.  
  72. struct ethhdr *hdr;
  73. struct ip *ipv4hdr;
  74. struct udphdr *uhdr;
  75. hdr = (struct ethhdr *)buff;
  76.  
  77. ipv4hdr = (struct ip *)(buff+sizeof(struct ethhdr));
  78. // uhdr = (struct udphdr *)(buff+sizeof(struct ethhdr)+sizeof(struct ip));
  79.  
  80. // printf("SRC MAC addr = %02x:%02x:%02x:%02x:%02x:%02x\n",
  81. // (int) hdr->h_source[0], (int) hdr->h_source[1], (int) hdr->h_source[2],
  82. // (int) hdr->h_source[3], (int) hdr->h_source[4],(int) hdr->h_source[5] );
  83. // printf("DST MAC addr = %02x:%02x:%02x:%02x:%02x:%02x\n",
  84. // (int) hdr->h_dest[0], (int) hdr->h_dest[1], (int) hdr->h_dest[2],
  85. // (int) hdr->h_dest[3], (int) hdr->h_dest[4],(int) hdr->h_dest[5] );
  86. // printf("Proto = 0x%04x\n", ntohs( hdr->h_proto));
  87.  
  88.  
  89. int type = ntohs(hdr->h_proto);
  90. // int method;
  91. if( type == ETHERTYPE_IPV6 || type == ETHERTYPE_IP ) {
  92. if(type == ETHERTYPE_IPV6)
  93. // method = AF_INET6;
  94. ip6++;
  95. else
  96. ip4++;
  97. // method = AF_INET;
  98.  
  99. // inet_ntop( method, &ipv4hdr->ip_src, buf, 100);
  100. // printf("IP src addr = %s\n", buf);
  101. // inet_ntop( method, &ipv4hdr->ip_dst, buf, 100);
  102. // printf("IP dst addr = %s\n", buf);
  103.  
  104. switch(ipv4hdr->ip_p) {
  105. case IPPROTO_TCP:
  106. tcp++;
  107. tcp_sum_len = tcp_sum_len + ntohs(ipv4hdr->ip_len);
  108. break;
  109. case IPPROTO_UDP:
  110. udp++;
  111. udp_sum_len = udp_sum_len + ntohs(ipv4hdr->ip_len);
  112. break;
  113. case IPPROTO_ICMP:
  114. icmp++;
  115. icmp_sum_len = icmp_sum_len + ntohs(ipv4hdr->ip_len);
  116. break;
  117. case IPPROTO_IP:
  118. ip++;
  119. break;
  120. case IPPROTO_SCTP:
  121. sctp++;
  122. break;
  123. default:
  124. unknown++;
  125. break;
  126. }
  127. // //char *out=buff+sizeof(struct ethhdr)+sizeof(struct ip)+sizeof(struct udphdr);
  128.  
  129. // memcpy(out,buff+sizeof(struct ethhdr)+sizeof(struct ip)+sizeof(struct udphdr),
  130. // (n-sizeof(struct ethhdr)+sizeof(struct ip)+sizeof(struct udphdr)) );
  131.  
  132. // int k=0;
  133. // printf("DATA = ");
  134. // for(k=0; k< (n-sizeof(struct ethhdr)+sizeof(struct ip)+sizeof(struct udphdr)); k++){
  135. // if((isprint(out[k])))
  136. // printf("%c",out[k] );
  137. // else
  138. // printf("-");
  139. // }
  140. // printf("\n");
  141. // fflush(stdout);
  142. // return 1;
  143. // }
  144. // else
  145. // printf("IP PROTO = %d", ipv4hdr->ip_p );
  146. }
  147. // printf("\n");
  148. // fflush(stdout);
  149. return n;
  150. }
  151.  
  152. pcap_t* setup(char* device, char* filter_exp)
  153. {
  154. char errbuf[PCAP_ERRBUF_SIZE]; /* Error string */
  155. struct bpf_program fp; /* The compiled filter */
  156. bpf_u_int32 mask; /* Our netmask */
  157. bpf_u_int32 net; /* Our IP */
  158. char str1[INET6_ADDRSTRLEN], str2[INET6_ADDRSTRLEN];
  159. pcap_if_t *alldevsp=NULL, *devsp=NULL;
  160. pcap_addr_t *p_addr;
  161.  
  162. /* Define the device */
  163. dev = pcap_lookupdev(errbuf);
  164. if (dev == NULL) {
  165. fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
  166. }
  167.  
  168. /* Find the properties for the default device */
  169. if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
  170. fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf);
  171. net = 0;
  172. mask = 0;
  173. }
  174. // printf("localnet = %s, netmask = %s\n",
  175. // inet_ntop(AF_INET, &net, str1, sizeof(str1)),
  176. // inet_ntop(AF_INET, &mask, str2, sizeof(str2)));
  177.  
  178. // /*Find all devices*/
  179. // printf("Other devices to be used are: \n");
  180.  
  181. // if( pcap_findalldevs( &alldevsp, errbuf) == -1 ) {
  182. // fprintf(stderr, "Couldn't get devices %s\n", errbuf);
  183. // }else{
  184. // devsp = alldevsp;
  185. // while( devsp != NULL ){
  186. // fprintf(stdout, "\tDevice name %s [%s]\n", devsp->name, devsp->description );
  187. // p_addr = devsp->addresses;
  188. // while( p_addr != NULL ){
  189. // printf("\t localnet = %s, netmask = %s\n",
  190. // _inet_ntop(p_addr->addr, str1, sizeof(str1)),
  191. // _inet_ntop(p_addr->netmask, str2, sizeof(str2)));
  192. // p_addr=p_addr->next;
  193. // }
  194. // devsp=devsp->next;
  195. // printf("\n");
  196. // }
  197. // pcap_freealldevs(alldevsp);
  198. // }
  199.  
  200. /* Open the session in promiscuous mode */
  201. pcap_t* handle = pcap_open_live(device, SNAP_LEN, 1, 2000, errbuf);
  202.  
  203. if (handle == NULL) {
  204. fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
  205. }
  206.  
  207. // printf("Link header = %s\n", pcap_datalink_val_to_name( pcap_datalink(handle)));
  208. if( pcap_set_datalink(handle,DLT_EN10MB) == -1 ){
  209. printf("pcap_set_datalink error!");
  210. }
  211. /* Compile and apply the filter */
  212. if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
  213. fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
  214. }
  215. if (pcap_setfilter(handle, &fp) == -1) {
  216. fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
  217. }
  218. struct winsize ts;
  219. ioctl(0, TIOCGWINSZ, &ts);
  220. cols = ts.ws_col;
  221. lines = ts.ws_row;
  222.  
  223. return handle;
  224. }
  225.  
  226. void print_data(){
  227. system("clear");
  228. printf(" Listening on: %s\n", dev);
  229. printf("\n\tTCP packets: %i\t\t\t bytes: %i\n", tcp, tcp_sum_len);
  230. printf("\n\tUDP packets: %i\t\t\t bytes: %i\n", udp, udp_sum_len);
  231. printf("\n\tICMP packets: %i\t\t\t bytes: %i\n", icmp, icmp_sum_len);
  232. printf("\n\tIPv4 packets: %i\t\t IPv6 packets: %i\n", ip4, ip6);
  233.  
  234. // printf("\n\t\t\t\tTCP\t\tUDP\t\tICMP\n");
  235.  
  236. // printf("\n\t\t\t\t%i\t\t%i\t\t%i\n", tcp, udp, icmp);
  237. }
  238.  
  239. int main(int argc, char *argv[])
  240. {
  241. // pcap_t *handle = malloc(sizeof(pcap_t)); /* Session handle */
  242.  
  243. struct pcap_pkthdr header; /* The header that pcap gives us */
  244. const u_char *buff; /* The actual packet */
  245. //u_char *buff; /* The actual packet */
  246. char buf[100];
  247. char filter_exp[1024] = ""; /* The filter expression */
  248.  
  249. int n;
  250. int datalink=0;
  251.  
  252. if( argc == 3)
  253. strncpy(filter_exp, argv[2], 2048);
  254.  
  255. if ( (argc != 2) && (argc != 3) ){
  256. fprintf(stderr, "usage: %s <Interface name> '<filter>'\n", argv[0]);
  257. return 1;
  258. }
  259.  
  260. pcap_t *handle = setup(argv[1], filter_exp);
  261.  
  262. int i=0, j=0;
  263. for(;;){
  264. j++;
  265. buff = pcap_next(handle, &header);
  266. if(buff == NULL)
  267. continue;
  268.  
  269. datalink = pcap_datalink(handle);
  270.  
  271. i += analyse(buff, header);
  272. print_data();
  273. }
  274.  
  275. printf("Sniffed %d packets\n",j);
  276. /* And close the session */
  277. pcap_close(handle);
  278. return(0);
  279. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!