/*! * spy.c * * I just wanna feel like I'm still living. * - Eden "Rock & R

1. /*!
2. * spy.c
3. *
4. * I just wanna feel like I'm still living.
5. * - Eden "Rock & Roll"
6. */
7. #include <stdio.h>
8. #include <string.h>
9. #include <stdlib.h>
10. #include "spy.h"
11.  
12. //
13. // StartSpy():
14. // Acquires a list of devices to listen on. On success,
15. // attempts to bind to the interface corresponding with
16. // the appropriate address.
17. //
18. int StartSpy(
19. void
20. ) {
21. pcap_if_t * device_list = NULL;
22. pcap_if_t * device = NULL;
23. pcap_t * device_handle = NULL;
24. char device_error[PCAP_ERRBUF_SIZE] = { 0 };
25.  
26. if (
27. pcap_findalldevs(&device_list, (char *)&device_error) == -1
28. ) return 0;
29.  
30. for (
31. device = device_list ; device != NULL ; device = device->next
32. ) {
33. pcap_addr_t * address = NULL;
34. #if defined(DEBUG)
35. printf(__FILE__ " : device %s\n", device->name);
36. #endif
37. };
38.  
39. if ( device_list != NULL )
40. device = NULL; pcap_freealldevs(device_list);
41.  
42. if ( ( device_handle = pcap_open_live(
43. "ens33", 65536, PCAP_OPENFLAG_PROMISCUOUS, -1, (char *)&device_error
44. ) ) == NULL ) {
45. printf(__FILE__ " : failed to open live device\n");
46. return 0;
47. };
48.  
49. /*if ( pcap_datalink(device_handle) != DLT_EN10MB ) {
50. printf(__FILE__ " : cannot capture datalink packets\n");
51. return 0;
52. };*/
53.  
54. if ( pcap_loop(device_handle, -1, InterceptSpy, NULL) == -1 )
55. printf(__FILE__ " : error parsing incoming data from the interface\n");
56. return 1;
57. };
58.  
59. //
60. // InterceptSpy():
61. // Intercepts any incoming packets received, and parses
62. // each incoming headers for marker bytes to determine
63. // if its a valid trigger, or if its an benign packet.
64. //
65. void InterceptSpy(
66. unsigned char * user, const struct pcap_pkthdr *hdr,
67. const unsigned char * bytes
68. ) {
69. struct ether_header *eth = (struct ether_header *)bytes;
70. struct iphdr *ip = (struct iphdr *)(bytes + sizeof(*eth));
71. switch( ip->protocol ) {
72. case PCAP_PROTOCOL_TCP:
73. printf(__FILE__ " : TCP Packet Length %i\n", hdr->len);
74. break;
75. case PCAP_PROTOCOL_UDP: {
76. printf(__FILE__ " : UDP Packet Length %i\n", hdr->len);
77. return;
78. };
79. case PCAP_PROTOCOL_ICMP: {
80. printf(__FILE__ " : ICMP Packet Length %i\n", hdr->len);
81. return;
82. };
83. default:
84. return;
85. };
86.  
87. struct in_addr *addr = (struct in_addr *)malloc(
88. sizeof(*addr));
89.  
90. memcpy((void *)addr, &ip->daddr, sizeof((*addr)));
91. printf(__FILE__ " : Destination address %s\n", inet_ntoa(*addr));
92.  
93. memcpy((void *)addr, &ip->saddr, sizeof((*addr)));
94. printf(__FILE__ " : Source address %s\n", inet_ntoa(*addr));
95.  
96. struct tcphdr *tcp = \
97. (struct tcphdr *)(bytes + sizeof(*eth) + sizeof(*ip));
98. unsigned short prt = 0;
99.  
100. prt = ntohs(tcp->th_dport);
101. printf(__FILE__ " : Desination Port %hu\n", prt);
102. prt = ntohs(tcp->th_sport);
103. printf(__FILE__ " : Source Port %hu\n", prt);
104. };