1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294
| #include <stdio.h>
#include <stdlib.h>
#include <winsock2.h>
#pragma comment(lib,"wpcap.lib")
#pragma comment(lib,"ws2_32.lib")
#define HAVE_REMOTE
#define WPCAP
#define PACKET_SIZE 65536
#include <pcap.h> // must be writing after the defines
/*
* Structures
*/
struct ethhdr // Ethernet header
{
unsigned char h_dest[6]; // Destination host address
unsigned char h_source[6]; // Source host address
unsigned short h_proto; // Packet type ID field (IP, ARP ...)
};
struct iphdr // structure IP Header
{
//Pour processeur de type little-endian
unsigned char ihl:4; // IP header length
unsigned char version:4;
unsigned char tos; // Type of service
unsigned short tot_len; // Total length
unsigned short id; // Identification
unsigned short frag_off; // Fragment Offset + Flags
unsigned char ttl; // Time to life
unsigned char protocol;
unsigned short check; // Checksum
unsigned int saddr; // Source address
unsigned int daddr; // Destination address
};
struct tcphdr // structure TCP Header
{
//Pour processeur de type little-endian
unsigned short source; // port source
unsigned short dest; // port de destination
unsigned int seq; // Sequence number
unsigned int ack_seq; // acknowledge sequence
unsigned short res1:4, // Reserved 1 : 4 bits
doff:4, // Data Offset
fin:1, // Flag FINISH
syn:1, // Flag SYNCHRONIZE
rst:1, // Flag RESET
psh:1, // Flag PUSH
ack:1, // Flag ACKNOLEDGE
urg:1, // Flag URGENT
res2:2; // Reserved 2 : 2 bits (res1 + res2 = 6 bits reserved)
unsigned short window;
unsigned short check; // checksum
unsigned short urg_ptr; // urgent
};
/*
* Functions
*/
void print_eth_header(struct ethhdr * eth){
fprintf(stdout,"-------------------[ETH HEADER]-----------\r\n");
fprintf(stdout,"| %.2X:%.2X:%.2X:%.2X:%.2X:%.2X -> ",eth->h_source[0],eth->h_source[1], eth->h_source[2],eth->h_source[3],eth->h_source[4],eth->h_source[5]);
fprintf(stdout,"%.2X:%.2X:%.2X:%.2X:%.2X:%.2X |\r\n",eth->h_dest[0],eth->h_dest[1], eth->h_dest[2],eth->h_dest[3],eth->h_dest[4],eth->h_dest[5]);
fprintf(stdout,"------------------------------------------\r\n");
fprintf(stdout,"Protocol: 0x%.4X\r\n", htons(eth->h_proto));
}
void print_ip_header(struct iphdr * ip){
unsigned char * src = (unsigned char *)&(ip->saddr);
unsigned char * dest = (unsigned char *)&(ip->daddr);
fprintf(stdout,"[ IP : %d.%d.%d.%d -> ",src[0],src[1],src[2],src[3]);
fprintf(stdout,"%d.%d.%d.%d ]\r\n",dest[0],dest[1],dest[2],dest[3]);
fprintf(stdout,"--------------------[IP HEADER]----------------------\r\n");
fprintf(stdout,"| IP header length : %d * 32 bits = %d bytes |\r\n",ip->ihl, ip->ihl * 4);
fprintf(stdout,"| IP version : %.5d | ",ip->version);
fprintf(stdout,"Type of service : %.5d |\r\n",ip->tos);
fprintf(stdout,"| Total length : %.5d | ",htons(ip->tot_len));
fprintf(stdout,"Identification : %.5d |\r\n",htons(ip->id));
fprintf(stdout,"| Time to live : %.5d | ",ip->ttl);
fprintf(stdout,"Protocol : %.5d |\r\n",ip->protocol);
fprintf(stdout,"| Checksum : %.5d |\r\n",ip->check);
fprintf(stdout,"-----------------------------------------------------\r\n");
}
void print_tcp_header(struct tcphdr * tcp){
fprintf(stdout,"[ Port : %.5d -> %.5d ]\n", ntohs(tcp->source), ntohs(tcp->dest) );
fprintf(stdout,"--------------------[TCP HEADER]---------------------\r\n");
fprintf(stdout,"| TCP Header length : %d * 32 bits = %d bytes |\r\n",tcp->doff, tcp->doff * 4);
fprintf(stdout,"| URG (URGENT) = %d | ",tcp->urg);
fprintf(stdout,"ACK (ACKNOWLEDGE) = %d |\r\n",tcp->ack);
fprintf(stdout,"| PSH (PUSH) = %d | ",tcp->psh);
fprintf(stdout,"RST (RESET) = %d |\r\n",tcp->rst);
fprintf(stdout,"| SYN (SYNCHRONIZE) = %d | ",tcp->syn);
fprintf(stdout,"FIN (FINISH) = %d |\r\n",tcp->fin);
fprintf(stdout,"-----------------------------------------------------\r\n");
}
void print_data(unsigned char * data, unsigned int size){
int j = 0, k = 0;
for( j = 0; j < size; j++)
{
if( k == 16)
{
j -= 16;
fprintf(stdout," ");
for(k = 0 ; k < 16 ; k++, j++)
{
if(data[j] < 127 && data[j] > 31)
fprintf(stdout, "%c", data[j]);
else
fprintf(stdout, ".");
}
j--;
k = 0;
fprintf(stdout,"\r\n");
}
else
{
fprintf(stdout,"%.2x ",data[j]);
k++;
}
}
j -= k;
while(k!=0)
{
if(data[j] < 127 && data[j] > 31)
fprintf(stdout, "%c", data[j]);
else
fprintf(stdout, ".");
k--;
j++;
}
fprintf(stdout,"\r\n");
}
void print_packet(const u_char * packetData){
struct iphdr * ip;
struct tcphdr * tcp;
ip = (struct iphdr *)(packetData+sizeof(struct ethhdr));
print_ip_header(ip);
switch(ip->protocol){
case 1 : printf("Internet Control Message Protocol (ICMP)\r\n");
break;
case 6 : printf("Transmission Control Protocol (TCP)\r\n");
tcp = (struct tcphdr *)(packetData+sizeof(struct ethhdr)+sizeof(struct iphdr));
print_tcp_header(tcp);
/* Data */
unsigned char * data = (unsigned char *)(packetData+sizeof(struct ethhdr)+sizeof(struct iphdr)+sizeof(struct tcphdr));
print_data(data, htons(ip->tot_len)-(ip->ihl * 4)-(tcp->doff * 4));
break;
case 17 : printf("User Datagram Protocol (UDP)\r\n");
break;
default : printf("Unknow\r\n");
break;
}
}
int main(void){
// Interfaces
pcap_if_t * alldevs;
pcap_if_t * d;
int ifNum;
int i=0;
pcap_t * captureHandle;
// Packet
struct pcap_pkthdr* packetHeader;
const u_char * packetData;
struct ethhdr * eth;
int res;
char errbuf[PCAP_ERRBUF_SIZE];
/* Retrieve the device list from the local machine */
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs_ex: %s\r\n", errbuf);
return EXIT_FAILURE;
}
/* Print the list */
for(d= alldevs; d != NULL; d= d->next)
{
printf("%d.\r\nName:\r\n\t%s\r\n", ++i, d->name);
if (d->description)
printf("Descriptions:\r\n\t%s\r\n\r\n", d->description);
else
printf(" (No description available)\r\n");
}
if (i == 0)
{
printf("\r\nNo interfaces found! Make sure WinPcap is installed.\r\n");
return EXIT_FAILURE;
}else{
printf("Enter the interface number (1-%d):",i);
scanf("%d", &ifNum);
}
if(ifNum < 1 || ifNum > i)
{
printf("\nInterface number out of range.\r\n");
/* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
/* Jump to the selected adapter */
for(d=alldevs, i=0; i< ifNum-1 ;d=d->next, i++);
captureHandle = pcap_open(d->name, PACKET_SIZE, 0, 1000, NULL, errbuf);
if( captureHandle == NULL){
fprintf(stderr, "pcap_open(): %s\r\n", errbuf);
pcap_freealldevs(alldevs);
return EXIT_FAILURE;
}
/* We don't need any more the device list. Free it */
pcap_freealldevs(alldevs);
/* start the capture */
while( (res = pcap_next_ex(captureHandle, &packetHeader, &packetData)) >= 0){
if(res == 0)
/* Timeout elapsed */
continue;
printf("\r\n\r\nPacket length: %d\r\n", packetHeader->len);
printf("Received at ..... %s\r\n",ctime((const time_t*)&packetHeader->ts.tv_sec));
eth = (struct ethhdr *) packetData;
print_eth_header(eth);
// Analyse ethernet type
switch(htons(eth->h_proto)){
case 0x0800 : fprintf(stdout,"Internet Protocol, Version 4 (IPv4)\r\n");
print_packet(packetData);
break;
case 0x0806 : fprintf(stdout,"Address Resolution Protocol (ARP)\r\n");
break;
case 0x8035 : fprintf(stdout,"Reverse Address Resolution Protocol (RARP)\r\n");
break;
case 0x809B : fprintf(stdout,"AppleTalk (Ethertalk)\r\n");
break;
case 0x80F3 : fprintf(stdout,"AppleTalk Address Resolution Protocol (AARP)\r\n");
break;
case 0x8100 : fprintf(stdout,"IEEE 802.1Q-tagged frame\r\n");
break;
case 0x8137 : fprintf(stdout,"Novell IPX (alt)\r\n");
break;
case 0x8138 : fprintf(stdout,"Novell\r\n");
break;
case 0x86DD : fprintf(stdout,"Internet Protocol, Version 6 (IPv6)\r\n");
print_packet(packetData);
break;
case 0x8847 : fprintf(stdout,"MPLS unicast\r\n");
break;
case 0x8848 : fprintf(stdout,"MPLS multicast\r\n");
break;
case 0x8863 : fprintf(stdout,"PPPoE Discovery Stage\r\n");
break;
case 0x8864 : fprintf(stdout,"PPPoE Session Stage\r\n");
break;
case 0x88A2 : fprintf(stdout,"ATA over Ethernet\r\n");
break;
default : fprintf(stdout,"Unknow packet\r\n");
break;
}
}
if(res == -1){
printf("Error reading the packets: %s\r\n", pcap_geterr(captureHandle));
return EXIT_FAILURE;
}
pcap_close(captureHandle);
return EXIT_SUCCESS;
} |
Partager