Bonjour, voici un exemple de sniffer pour les protocoles IP, TCP
Je voudrais savoir si quelqu'un pourrait m'aider pour les protocoles UDP, ARP et Ethernet
Merci d'avance



Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
#include <stdio.h>
#include <stdlib.h>
 
#include <winsock2.h>
 
#pragma comment(lib,"wpcap.lib")
#pragma comment(lib,"ws2_32.lib")
 
#define HAVE_REMOTE
#define WPCAP
#define PACKET_SIZE 65536
 
#include <pcap.h> // must be writing after the defines
 
 
/*
 * Structures
 */
struct ethhdr // Ethernet header
{
 unsigned char   h_dest[6];       // Destination host address
 unsigned char   h_source[6];     // Source host address
 unsigned short  h_proto;         // Packet type ID field (IP, ARP ...)
};
 
struct iphdr // structure IP Header
{
  //Pour processeur de type little-endian
  unsigned char  ihl:4;    // IP header length
  unsigned char  version:4;
 
  unsigned char  tos;      // Type of service
  unsigned short tot_len;  // Total length
  unsigned short id;       // Identification
  unsigned short frag_off; // Fragment Offset + Flags
  unsigned char  ttl;      // Time to life
  unsigned char  protocol;
  unsigned short check;    // Checksum
  unsigned int   saddr;    // Source address
  unsigned int   daddr;    // Destination address
};
 
struct tcphdr // structure TCP Header
{
  //Pour processeur de type little-endian
  unsigned short source;  // port source
  unsigned short dest;    // port de destination
  unsigned int   seq;     // Sequence number
  unsigned int   ack_seq; // acknowledge sequence
 
  unsigned short res1:4,  // Reserved 1 : 4 bits
                 doff:4,  // Data Offset
                 fin:1,   // Flag FINISH
                 syn:1,   // Flag SYNCHRONIZE
                 rst:1,   // Flag RESET
                 psh:1,   // Flag PUSH
                 ack:1,   // Flag ACKNOLEDGE
                 urg:1,   // Flag URGENT
                 res2:2;  // Reserved 2 : 2 bits (res1 + res2 = 6 bits reserved)
 
 unsigned short window;
 unsigned short check;   // checksum
 unsigned short urg_ptr; // urgent
};
 
/*
 * Functions
 */
 
void print_eth_header(struct ethhdr * eth){
    fprintf(stdout,"-------------------[ETH HEADER]-----------\r\n");
    fprintf(stdout,"| %.2X:%.2X:%.2X:%.2X:%.2X:%.2X -> ",eth->h_source[0],eth->h_source[1], eth->h_source[2],eth->h_source[3],eth->h_source[4],eth->h_source[5]);
    fprintf(stdout,"%.2X:%.2X:%.2X:%.2X:%.2X:%.2X |\r\n",eth->h_dest[0],eth->h_dest[1], eth->h_dest[2],eth->h_dest[3],eth->h_dest[4],eth->h_dest[5]);
    fprintf(stdout,"------------------------------------------\r\n");
    fprintf(stdout,"Protocol: 0x%.4X\r\n", htons(eth->h_proto));
}
 
void print_ip_header(struct iphdr * ip){
 
 unsigned char * src = (unsigned char *)&(ip->saddr);
 unsigned char * dest = (unsigned char *)&(ip->daddr);
 
 fprintf(stdout,"[ IP : %d.%d.%d.%d -> ",src[0],src[1],src[2],src[3]);
 fprintf(stdout,"%d.%d.%d.%d ]\r\n",dest[0],dest[1],dest[2],dest[3]);
 fprintf(stdout,"--------------------[IP HEADER]----------------------\r\n");
 fprintf(stdout,"| IP header length    : %d * 32 bits = %d bytes      |\r\n",ip->ihl, ip->ihl * 4);
 fprintf(stdout,"| IP version      : %.5d | ",ip->version);
 fprintf(stdout,"Type of service : %.5d |\r\n",ip->tos);
 fprintf(stdout,"| Total length    : %.5d | ",htons(ip->tot_len));
 fprintf(stdout,"Identification  : %.5d |\r\n",htons(ip->id));
 fprintf(stdout,"| Time to live    : %.5d | ",ip->ttl);
 fprintf(stdout,"Protocol        : %.5d |\r\n",ip->protocol);
 fprintf(stdout,"| Checksum            : %.5d                       |\r\n",ip->check);
 fprintf(stdout,"-----------------------------------------------------\r\n");
}
 
void print_tcp_header(struct tcphdr * tcp){
 fprintf(stdout,"[ Port : %.5d -> %.5d ]\n", ntohs(tcp->source), ntohs(tcp->dest) );
 fprintf(stdout,"--------------------[TCP HEADER]---------------------\r\n");
 fprintf(stdout,"| TCP Header length   : %d * 32 bits = %d bytes      |\r\n",tcp->doff, tcp->doff * 4);
 fprintf(stdout,"| URG (URGENT)      = %d | ",tcp->urg);
 fprintf(stdout,"ACK (ACKNOWLEDGE) = %d     |\r\n",tcp->ack);
 fprintf(stdout,"| PSH (PUSH)        = %d | ",tcp->psh);
 fprintf(stdout,"RST (RESET)       = %d     |\r\n",tcp->rst);
 fprintf(stdout,"| SYN (SYNCHRONIZE) = %d | ",tcp->syn);
 fprintf(stdout,"FIN (FINISH)      = %d     |\r\n",tcp->fin);
 fprintf(stdout,"-----------------------------------------------------\r\n");
}
 
void print_data(unsigned char * data, unsigned int size){
 int j = 0, k = 0;
 
 for( j = 0; j < size; j++)
 {
  if( k == 16)
  {
   j -= 16;
   fprintf(stdout," ");
   for(k = 0 ; k < 16 ; k++, j++)
   {
    if(data[j] < 127 && data[j] > 31)
     fprintf(stdout, "%c", data[j]);
    else
     fprintf(stdout, ".");
   }
   j--;
   k = 0;
   fprintf(stdout,"\r\n");
  }
  else
  {
   fprintf(stdout,"%.2x ",data[j]);
   k++;
  }
 }
 j -= k;
 while(k!=0)
 {
  if(data[j] < 127 && data[j] > 31)
   fprintf(stdout, "%c", data[j]);
  else
   fprintf(stdout, ".");
  k--;
  j++;
 }
 fprintf(stdout,"\r\n");
}
 
void print_packet(const u_char * packetData){
    struct iphdr  *     ip;
    struct tcphdr *     tcp;
 
    ip = (struct iphdr *)(packetData+sizeof(struct ethhdr));
    print_ip_header(ip);
    switch(ip->protocol){
        case 1 : printf("Internet Control Message Protocol (ICMP)\r\n");
            break;
        case 6 : printf("Transmission Control Protocol (TCP)\r\n");
            tcp = (struct tcphdr *)(packetData+sizeof(struct ethhdr)+sizeof(struct iphdr));
            print_tcp_header(tcp);
            /* Data */
            unsigned char * data = (unsigned char *)(packetData+sizeof(struct ethhdr)+sizeof(struct iphdr)+sizeof(struct tcphdr));
            print_data(data, htons(ip->tot_len)-(ip->ihl * 4)-(tcp->doff * 4));
            break;
        case 17 : printf("User Datagram Protocol (UDP)\r\n");
            break;
        default : printf("Unknow\r\n");
            break;
    }
}
 
int main(void){
    // Interfaces
    pcap_if_t * alldevs;
    pcap_if_t * d;
    int ifNum;
    int i=0;
 
    pcap_t    * captureHandle;
 
    // Packet
    struct pcap_pkthdr* packetHeader;
    const  u_char *     packetData;
    struct ethhdr *     eth;
 
 
 int res;
 
    char errbuf[PCAP_ERRBUF_SIZE];
 
    /* Retrieve the device list from the local machine */
    if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
    {
        fprintf(stderr,"Error in pcap_findalldevs_ex: %s\r\n", errbuf);
        return EXIT_FAILURE;
    }
 
    /* Print the list */
    for(d= alldevs; d != NULL; d= d->next)
    {
        printf("%d.\r\nName:\r\n\t%s\r\n", ++i, d->name);
        if (d->description)
            printf("Descriptions:\r\n\t%s\r\n\r\n", d->description);
        else
            printf(" (No description available)\r\n");
    }
 
    if (i == 0)
    {
        printf("\r\nNo interfaces found! Make sure WinPcap is installed.\r\n");
        return EXIT_FAILURE;
    }else{
        printf("Enter the interface number (1-%d):",i);
        scanf("%d", &ifNum);
    }
 
    if(ifNum < 1 || ifNum > i)
    {
        printf("\nInterface number out of range.\r\n");
        /* Free the device list */
        pcap_freealldevs(alldevs);
        return -1;
    }
 
    /* Jump to the selected adapter */
    for(d=alldevs, i=0; i< ifNum-1 ;d=d->next, i++);
 
    captureHandle = pcap_open(d->name, PACKET_SIZE, 0, 1000, NULL, errbuf);
 
    if( captureHandle == NULL){
        fprintf(stderr, "pcap_open(): %s\r\n", errbuf);
        pcap_freealldevs(alldevs);
        return EXIT_FAILURE;
    }
 
    /* We don't need any more the device list. Free it */
    pcap_freealldevs(alldevs);
 
    /* start the capture */
    while( (res = pcap_next_ex(captureHandle, &packetHeader, &packetData)) >= 0){
        if(res == 0)
        /* Timeout elapsed */
            continue;
        printf("\r\n\r\nPacket length: %d\r\n", packetHeader->len);
        printf("Received at ..... %s\r\n",ctime((const time_t*)&packetHeader->ts.tv_sec));
 
        eth = (struct ethhdr *) packetData;
        print_eth_header(eth);
 
        // Analyse ethernet type
        switch(htons(eth->h_proto)){
            case 0x0800 :   fprintf(stdout,"Internet Protocol, Version 4 (IPv4)\r\n");
                            print_packet(packetData);
                            break;
            case 0x0806 :   fprintf(stdout,"Address Resolution Protocol (ARP)\r\n");
                            break;
            case 0x8035 :   fprintf(stdout,"Reverse Address Resolution Protocol (RARP)\r\n");
                            break;
            case 0x809B :   fprintf(stdout,"AppleTalk (Ethertalk)\r\n");
                            break;
            case 0x80F3 :   fprintf(stdout,"AppleTalk Address Resolution Protocol (AARP)\r\n");
                            break;
            case 0x8100 :   fprintf(stdout,"IEEE 802.1Q-tagged frame\r\n");
                            break;
            case 0x8137 :   fprintf(stdout,"Novell IPX (alt)\r\n");
                            break;
            case 0x8138 :   fprintf(stdout,"Novell\r\n");
                            break;
            case 0x86DD :   fprintf(stdout,"Internet Protocol, Version 6 (IPv6)\r\n");
                            print_packet(packetData);
                            break;
            case 0x8847 :   fprintf(stdout,"MPLS unicast\r\n");
                            break;
            case 0x8848 :   fprintf(stdout,"MPLS multicast\r\n");
                            break;
            case 0x8863 :   fprintf(stdout,"PPPoE Discovery Stage\r\n");
                            break;
            case 0x8864 :   fprintf(stdout,"PPPoE Session Stage\r\n");
                            break;
            case 0x88A2 :   fprintf(stdout,"ATA over Ethernet\r\n");
                            break;
            default     :  fprintf(stdout,"Unknow packet\r\n");
                            break;
        }
    }
 
    if(res == -1){
        printf("Error reading the packets: %s\r\n", pcap_geterr(captureHandle));
        return EXIT_FAILURE;
    }
 
    pcap_close(captureHandle);
    return EXIT_SUCCESS;
}
Adnmaster666