-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsniffer.c
276 lines (225 loc) · 9.5 KB
/
sniffer.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <linux/if_ether.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>
#include <netinet/igmp.h>
// Process packet
void process_packet(unsigned char *, int);
// Print a packet into a file
void print_ip_header(unsigned char *, int);
void print_icmp_packet(unsigned char *, int);
void print_igmp_packet(unsigned char *, int);
void print_tcp_packet(unsigned char *, int);
void print_udp_packet(unsigned char *, int);
void print_other_packet(unsigned char *, int);
void print_data(unsigned char *, int);
// Display a packet in console
void display_packet(unsigned char *, int);
static size_t packet_count = 1;
struct sockaddr_in source, dest;
FILE *logfile;
int main(int argc, char const *argv[])
{
int sockfd, data_received;
struct sockaddr saddr;
socklen_t addrlen = sizeof(saddr);
logfile = fopen("log.txt", "w");
if (logfile == NULL)
perror("File");
unsigned char *buffer = (unsigned char *)malloc(65536);
// Socket creation
if ((sockfd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0)
{
perror("[!] Socket error");
exit(EXIT_FAILURE);
}
printf("[*] Packet sniffer started...\n");
while (1)
{
data_received = recvfrom(sockfd, buffer, 65536, 0, &saddr, &addrlen);
if (data_received < 0)
{
perror("[!] Recevfrom error");
exit(EXIT_FAILURE);
}
display_packet(buffer, 65536);
process_packet(buffer, 65536);
}
close(sockfd);
free(buffer);
return 0;
}
void process_packet(unsigned char *buffer, int size)
{
struct iphdr *iph = (struct iphdr *)(buffer + sizeof(struct ethhdr));
struct ethhdr *ethh = (struct ethhdr *)(buffer);
switch (iph->protocol)
{
case 1:
print_icmp_packet(buffer, size);
break;
case 2:
print_igmp_packet(buffer, size);
break;
case 6:
print_tcp_packet(buffer, size);
break;
case 17:
print_udp_packet(buffer, size);
break;
default:
print_other_packet(buffer, size);
break;
}
}
void display_packet(unsigned char *buffer, int size)
{
struct iphdr *iph = (struct iphdr *)(buffer + sizeof(struct ethhdr));
// Source address
memset(&source, 0, sizeof(source));
source.sin_addr.s_addr = iph->saddr;
// Destination address
memset(&dest, 0, sizeof(dest));
dest.sin_addr.s_addr = iph->daddr;
// Check protocol (TCP, UDP, ICMP, IGMP)
if (iph->protocol == 6)
{
// GREEN
printf("\033[32m%ld\t%s\t%s\t\t%s\t\tTCP\n", packet_count++, __TIME__, inet_ntoa(source.sin_addr), inet_ntoa(dest.sin_addr));
}
else if (iph->protocol == 17)
{
// YELLOW
printf("\033[33m%ld\t%s\t%s\t\t%s\t\tUDP\n", packet_count++, __TIME__, inet_ntoa(source.sin_addr), inet_ntoa(dest.sin_addr));
}
else if (iph->protocol == 1)
{
// RED
printf("\033[31m%ld\t%s\t%s\t\t%s\t\tICMP\n", packet_count++, __TIME__, inet_ntoa(source.sin_addr), inet_ntoa(dest.sin_addr));
}
else if (iph->protocol == 2)
{
// PURPLE
printf("\033[35m%ld\t%s\t%s\t\t%s\t\tIGMP\n", packet_count++, __TIME__, inet_ntoa(source.sin_addr), inet_ntoa(dest.sin_addr));
}
else
{
// CYAN
printf("\033[36m%ld\t%s\t%s\t\t%s\t\tOTHER\n", packet_count++, __TIME__, inet_ntoa(source.sin_addr), inet_ntoa(dest.sin_addr));
}
}
void print_ip_header(unsigned char *buffer, int size)
{
// logfile = fopen("log.txt", "a");
unsigned short iphdrlen;
struct iphdr *iph = (struct iphdr *)(buffer + sizeof(struct ethhdr)); // Skip ethernet header
iphdrlen = iph->ihl * 4; // IP header length
memset(&source, 0, sizeof(source));
source.sin_addr.s_addr = iph->saddr;
memset(&dest, 0, sizeof(dest));
dest.sin_addr.s_addr = iph->daddr;
fprintf(logfile, " TIME : %s\n", __TIME__);
fprintf(logfile, "IP HEADER\n");
fprintf(logfile, " |-IP Version :%d\n", (unsigned int)iph->version);
fprintf(logfile, " |-IP Header Length :%d DWORDS or %d Bytes\n", (unsigned int)iph->ihl, (unsigned int)(iph->ihl * 4));
fprintf(logfile, " |-Type of Service :%d\n", (unsigned int)iph->tos);
fprintf(logfile, " |-IP Total Length :%d Bytes(size of packet)\n", ntohs(iph->tot_len));
fprintf(logfile, " |-Identification :%d\n", ntohs(iph->id));
fprintf(logfile, " |-TTL :%d\n", (unsigned int)iph->ttl);
fprintf(logfile, " |-Protocol :%d\n", (unsigned int)iph->protocol);
fprintf(logfile, " |-Checksum :%d\n", ntohs(iph->check));
fprintf(logfile, " |-Source IP :%s\n", inet_ntoa(source.sin_addr));
fprintf(logfile, " |-Destination IP :%s\n", inet_ntoa(dest.sin_addr));
}
void print_icmp_packet(unsigned char *buffer, int size)
{
unsigned short iphdrlen;
struct iphdr *iph = (struct iphdr *)(buffer + sizeof(struct ethhdr));
iphdrlen = iph->ihl * 4;
struct icmphdr *icmph = (struct icmphdr *)(buffer + iphdrlen + sizeof(struct ethhdr));
fprintf(logfile, "\n");
fprintf(logfile, "****************************** ICMP HEADER ******************************\n");
print_ip_header(buffer, size);
fprintf(logfile, "ICMP HEADER\n");
fprintf(logfile, " |-Type :%d\n", ntohs(icmph->type));
fprintf(logfile, " |-Code :%d\n", ntohs(icmph->code));
fprintf(logfile, " |-Checksum :%d\n", ntohs(icmph->checksum));
fprintf(logfile, "\n");
fprintf(logfile, "\n########################################################################");
}
void print_igmp_packet(unsigned char *buffer, int size)
{
unsigned short iphdrlen;
struct iphdr *iph = (struct iphdr *)(buffer + sizeof(struct ethhdr));
iphdrlen = iph->ihl * 4;
struct igmphdr *igmph = (struct igmphdr *)(buffer + iphdrlen + sizeof(struct ethhdr));
fprintf(logfile, "\n");
fprintf(logfile, "****************************** IGMP HEADER ******************************\n");
print_ip_header(buffer, size);
fprintf(logfile, "\n");
fprintf(logfile, "IGMP HEADER\n");
// fprintf(logfile, " |- %d\n", igmph->type);
fprintf(logfile, "\n########################################################################");
}
void print_tcp_packet(unsigned char *buffer, int size)
{
unsigned short iphdrlen;
struct iphdr *iph = (struct iphdr *)(buffer + sizeof(struct ethhdr)); // Skip Ethernet header
iphdrlen = iph->ihl * 4; // IP header length
struct tcphdr *tcph = (struct tcphdr *)(buffer + iphdrlen + sizeof(struct ethhdr));
fprintf(logfile, "\n");
fprintf(logfile, "****************************** TCP HEADER ******************************\n");
print_ip_header(buffer, size);
fprintf(logfile, "\n");
fprintf(logfile, "TCP HEADER\n");
fprintf(logfile, " |-Source port :%d\n", ntohs(tcph->source));
fprintf(logfile, " |-Destination port :%d\n", ntohs(tcph->dest));
fprintf(logfile, " |-Sequence Number :%u\n", ntohl(tcph->seq));
fprintf(logfile, " |-Acknowledge Number :%u\n", ntohl(tcph->ack_seq));
fprintf(logfile, " |-Header Length :%d DWORDS or %d BYTES\n", (unsigned int)tcph->doff, (unsigned int)(tcph->doff * 4));
fprintf(logfile, " |-Urgent flag :%d\n", (unsigned int)tcph->urg);
fprintf(logfile, " |-Acknowledgement flag :%d\n", (unsigned int)tcph->ack);
fprintf(logfile, " |-Push flag :%d\n", (unsigned int)tcph->psh);
fprintf(logfile, " |-Reset flag :%d\n", (unsigned int)tcph->rst);
fprintf(logfile, " |-Synchronise flag :%d\n", tcph->syn);
fprintf(logfile, " |-Window :%d\n", ntohs(tcph->window));
fprintf(logfile, " |-Checksum :%d\n", ntohs(tcph->check));
fprintf(logfile, " |-Urgent pointer :%d\n", tcph->urg_ptr);
fprintf(logfile, "\n");
fprintf(logfile, "\n########################################################################");
}
void print_udp_packet(unsigned char *buffer, int size)
{
unsigned short iphdrlen;
struct iphdr *iph = (struct iphdr *)(buffer + sizeof(struct ethhdr));
iphdrlen = iph->ihl * 4;
struct udphdr *udph = (struct udphdr *)(buffer + iphdrlen + sizeof(struct ethhdr));
fprintf(logfile, "\n");
fprintf(logfile, "****************************** UDP HEADER ******************************\n");
print_ip_header(buffer, size);
fprintf(logfile, "UDP HEADER\n");
fprintf(logfile, " |-Source port :%d\n", ntohs(udph->source));
fprintf(logfile, " |-Destination port :%d\n", ntohs(udph->dest));
fprintf(logfile, " |-UDP Length :%d\n", ntohs(udph->len));
fprintf(logfile, " |-UDP Checksum :%d\n", ntohs(udph->check));
fprintf(logfile, "\n");
}
void print_other_packet(unsigned char *buffer, int size)
{
unsigned short iphdrlen;
struct iphdr *iph = (struct iphdr *)(buffer + sizeof(struct ethhdr));
iphdrlen = iph->ihl * 4;
fprintf(logfile, "****************************** OTHER HEADER ******************************\n");
print_ip_header(buffer, size);
fprintf(logfile, "OTHER HEADER\n");
}
void print_data(unsigned char *buffer, int size)
{
}