Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // #include <Python.h>
- #include <pcap.h>
- #include <pcap/pcap.h>
- #include <stdio.h>
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <arpa/inet.h>
- #include <netpacket/packet.h>
- #include <net/ethernet.h> /* the L2 protocols */
- #include <net/if.h>
- #include <netdb.h>
- #include <strings.h>
- #include <stdio.h>
- #include <string.h>
- #include <stdlib.h>
- #include <netinet/in.h> /* sockaddr_in{} and other Internet defns */
- #include <netinet/udp.h>
- #include <netinet/ip.h>
- #include <ctype.h>
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <arpa/inet.h>
- #include <sys/ioctl.h>
- #define SNAP_LEN 100
- char *dev; /* The device to sniff on */
- int tcp=0;
- int udp=0;
- int icmp=0;
- int ip=0;
- int unknown=0;
- int sctp=0;
- int cols = 80;
- int lines = 24;
- const char *_inet_ntop( struct sockaddr *pcliaddr, char *str, int len)
- {
- struct sockaddr_in6* cliaddr;
- struct sockaddr_in* cliaddrv4;
- if(pcliaddr == NULL)
- return NULL;
- if( pcliaddr->sa_family == AF_INET6 ){
- cliaddr = (struct sockaddr_in6*) pcliaddr;
- return inet_ntop(AF_INET6, (struct sockaddr *) &cliaddr->sin6_addr, str, len);
- }
- else{
- cliaddrv4 = (struct sockaddr_in*) pcliaddr;
- return inet_ntop(AF_INET, (struct sockaddr *) &cliaddrv4->sin_addr, str, len);
- }
- }
- int analyse(const u_char* buff, struct pcap_pkthdr header)
- {
- // u_char out[2048];
- // char buf[100];
- int n = header.len;
- struct ethhdr *hdr;
- struct ip *ipv4hdr;
- struct udphdr *uhdr;
- hdr = (struct ethhdr *)buff;
- ipv4hdr = (struct ip *)(buff+sizeof(struct ethhdr));
- // uhdr = (struct udphdr *)(buff+sizeof(struct ethhdr)+sizeof(struct ip));
- // printf("SRC MAC addr = %02x:%02x:%02x:%02x:%02x:%02x\n",
- // (int) hdr->h_source[0], (int) hdr->h_source[1], (int) hdr->h_source[2],
- // (int) hdr->h_source[3], (int) hdr->h_source[4],(int) hdr->h_source[5] );
- // printf("DST MAC addr = %02x:%02x:%02x:%02x:%02x:%02x\n",
- // (int) hdr->h_dest[0], (int) hdr->h_dest[1], (int) hdr->h_dest[2],
- // (int) hdr->h_dest[3], (int) hdr->h_dest[4],(int) hdr->h_dest[5] );
- // printf("Proto = 0x%04x\n", ntohs( hdr->h_proto));
- int type = ntohs(hdr->h_proto);
- // int method;
- if( type == ETHERTYPE_IPV6 || type == ETHERTYPE_IP ) {
- // if(type == ETHERTYPE_IPV6)
- // method = AF_INET6;
- // else
- // method = AF_INET;
- // inet_ntop( method, &ipv4hdr->ip_src, buf, 100);
- // printf("IP src addr = %s\n", buf);
- // inet_ntop( method, &ipv4hdr->ip_dst, buf, 100);
- // printf("IP dst addr = %s\n", buf);
- switch(ipv4hdr->ip_p) {
- case IPPROTO_TCP:
- tcp++;
- break;
- case IPPROTO_UDP:
- udp++;
- break;
- case IPPROTO_ICMP:
- icmp++;
- break;
- case IPPROTO_IP:
- ip++;
- break;
- case IPPROTO_SCTP:
- sctp++;
- break;
- default:
- unknown++;
- break;
- }
- // //char *out=buff+sizeof(struct ethhdr)+sizeof(struct ip)+sizeof(struct udphdr);
- // memcpy(out,buff+sizeof(struct ethhdr)+sizeof(struct ip)+sizeof(struct udphdr),
- // (n-sizeof(struct ethhdr)+sizeof(struct ip)+sizeof(struct udphdr)) );
- // int k=0;
- // printf("DATA = ");
- // for(k=0; k< (n-sizeof(struct ethhdr)+sizeof(struct ip)+sizeof(struct udphdr)); k++){
- // if((isprint(out[k])))
- // printf("%c",out[k] );
- // else
- // printf("-");
- // }
- // printf("\n");
- // fflush(stdout);
- // return 1;
- // }
- // else
- // printf("IP PROTO = %d", ipv4hdr->ip_p );
- }
- // printf("\n");
- // fflush(stdout);
- return n;
- }
- pcap_t* setup(char* device, char* filter_exp)
- {
- char errbuf[PCAP_ERRBUF_SIZE]; /* Error string */
- struct bpf_program fp; /* The compiled filter */
- bpf_u_int32 mask; /* Our netmask */
- bpf_u_int32 net; /* Our IP */
- char str1[INET6_ADDRSTRLEN], str2[INET6_ADDRSTRLEN];
- pcap_if_t *alldevsp=NULL, *devsp=NULL;
- pcap_addr_t *p_addr;
- /* Define the device */
- dev = pcap_lookupdev(errbuf);
- if (dev == NULL) {
- fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
- }
- /* Find the properties for the default device */
- if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
- fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf);
- net = 0;
- mask = 0;
- }
- printf("localnet = %s, netmask = %s\n",
- inet_ntop(AF_INET, &net, str1, sizeof(str1)),
- inet_ntop(AF_INET, &mask, str2, sizeof(str2)));
- /*Find all devices*/
- printf("Other devices to be used are: \n");
- if( pcap_findalldevs( &alldevsp, errbuf) == -1 ) {
- fprintf(stderr, "Couldn't get devices %s\n", errbuf);
- }else{
- devsp = alldevsp;
- while( devsp != NULL ){
- fprintf(stdout, "\tDevice name %s [%s]\n", devsp->name, devsp->description );
- p_addr = devsp->addresses;
- while( p_addr != NULL ){
- printf("\t localnet = %s, netmask = %s\n",
- _inet_ntop(p_addr->addr, str1, sizeof(str1)),
- _inet_ntop(p_addr->netmask, str2, sizeof(str2)));
- p_addr=p_addr->next;
- }
- devsp=devsp->next;
- printf("\n");
- }
- pcap_freealldevs(alldevsp);
- }
- /* Open the session in promiscuous mode */
- pcap_t* handle = pcap_open_live(device, SNAP_LEN, 1, 2000, errbuf);
- if (handle == NULL) {
- fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
- }
- printf("Link header = %s\n", pcap_datalink_val_to_name( pcap_datalink(handle)));
- if( pcap_set_datalink(handle,DLT_EN10MB) == -1 ){
- printf("pcap_set_datalink error!");
- }
- /* Compile and apply the filter */
- if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
- fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
- }
- if (pcap_setfilter(handle, &fp) == -1) {
- fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
- }
- struct winsize ts;
- ioctl(0, TIOCGWINSZ, &ts);
- cols = ts.ws_col;
- lines = ts.ws_row;
- return handle;
- }
- void print_data(){
- system("clear");
- printf(" Listening on: %s\n", dev);
- printf("\n\t\t\t\t\t\tTCP: %i\n", tcp);
- printf("\n\t\t\t\t\t\tUDP: %i\n", udp);
- printf("\n\t\t\t\t\t\tICMP: %i\n", icmp);
- // printf("\n\t\t\t\tTCP\t\tUDP\t\tICMP\n");
- // printf("\n\t\t\t\t%i\t\t%i\t\t%i\n", tcp, udp, icmp);
- }
- int main(int argc, char *argv[])
- {
- // pcap_t *handle = malloc(sizeof(pcap_t)); /* Session handle */
- struct pcap_pkthdr header; /* The header that pcap gives us */
- const u_char *buff; /* The actual packet */
- //u_char *buff; /* The actual packet */
- char buf[100];
- char filter_exp[1024] = ""; /* The filter expression */
- int n;
- int datalink=0;
- if( argc == 3)
- strncpy(filter_exp, argv[2], 2048);
- if ( (argc != 2) && (argc != 3) ){
- fprintf(stderr, "usage: %s <Interface name> '<filter>'\n", argv[0]);
- return 1;
- }
- pcap_t *handle = setup(argv[1], filter_exp);
- int i=0, j=0;
- for(;;){
- j++;
- buff = pcap_next(handle, &header);
- if(buff == NULL)
- continue;
- datalink = pcap_datalink(handle);
- i += analyse(buff, header);
- print_data();
- }
- printf("Sniffed %d packets\n",j);
- /* And close the session */
- pcap_close(handle);
- return(0);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement