Exemple #1
0
int main(int argc, char **argv) {
    char errbuf[PCAP_ERRBUF_SIZE];
    struct pcap_pkthdr *pkthdr;
    const u_char *pkt_data;

    Options options;

    parse_args(argc, argv, &options);

    if(options.list_devices) {
        show_devices();
        exit(0);
    }

    // Create Handles for in and out
    pcap_t *in_handle = pcap_create(argv[1], errbuf);
    pcap_t *out_handle = pcap_create(argv[1], errbuf);

    if(!in_handle | !out_handle )
        exit_error(errbuf, -1);
    
    int result = 0;

    // Set timeout
    result = pcap_set_timeout(in_handle, 1); // Header size up to window size
    result = pcap_set_timeout(out_handle, 1); // Header size up to window size
    handle_pcap_errors(in_handle, result, "set_timeout");
    handle_pcap_errors(out_handle, result, "set_timeout");



    // Activate!
    result = pcap_activate(out_handle);
    result = pcap_activate(in_handle);
    handle_pcap_errors(out_handle, result, "pcap_activate");
    handle_pcap_errors(in_handle, result, "pcap_activate");
    // Set Filter
    filter_on_port(out_handle, "src port ", options.port_str);
    filter_on_port(in_handle, "dst port ", options.port_str);


    // Count packet lenghts on port
    int out_byte_count = 0;
    int in_byte_count = 0;

    for(int i = 0; i < 100; i++) {
        pcap_next_ex(out_handle, &pkthdr, &pkt_data);
        out_byte_count += pkthdr->len;

        pcap_next_ex(in_handle, &pkthdr, &pkt_data);
        in_byte_count += pkthdr->len;
    }

    printf("In Bytes: %d\n", in_byte_count);
    printf("Out Bytes: %d\n", out_byte_count);

    return 0;
}
Exemple #2
0
/* Initializes pcap capture settings and returns a pcap handle on success, NULL on error */
pcap_t *capture_init(char *capture_source) {
    pcap_t *handle = NULL;
    char errbuf[PCAP_ERRBUF_SIZE] = {0};

#ifdef __APPLE__
    // must disassociate from any current AP.  This is the only way.
    pid_t pid = fork();
    if (!pid) {
        char* argv[] = {"/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport", "-z", NULL};
        execve("/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport", argv, NULL);
    }
    int status;
    waitpid(pid, &status, 0);


    handle = pcap_create(capture_source, errbuf);
    if (handle) {
        pcap_set_snaplen(handle, BUFSIZ);
        pcap_set_timeout(handle, 50);
        pcap_set_rfmon(handle, 1);
        pcap_set_promisc(handle, 1);
        int status = pcap_activate(handle);
        if (status)
            cprintf(CRITICAL, "pcap_activate status %d\n", status);
    }
#else
    handle = pcap_open_live(capture_source, BUFSIZ, 1, 0, errbuf);
#endif
    if (!handle) {
        handle = pcap_open_offline(capture_source, errbuf);
    }

    return handle;
}
Exemple #3
0
static int PcapTryReopen(PcapThreadVars *ptv)
{
    int pcap_activate_r;

    ptv->pcap_state = PCAP_STATE_DOWN;
    pcap_activate_r = pcap_activate(ptv->pcap_handle);
    if (pcap_activate_r != 0) {
        return pcap_activate_r;
    }
    /* set bpf filter if we have one */
    if (ptv->bpf_filter != NULL) {
        if(pcap_compile(ptv->pcap_handle,&ptv->filter,(char *)ptv->bpf_filter,1,0) < 0) {
            SCLogError(SC_ERR_BPF,"bpf compilation error %s",pcap_geterr(ptv->pcap_handle));
            return -1;
        }

        if(pcap_setfilter(ptv->pcap_handle,&ptv->filter) < 0) {
            SCLogError(SC_ERR_BPF,"could not set bpf filter %s",pcap_geterr(ptv->pcap_handle));
            return -1;
        }
    }

    SCLogInfo("Recovering interface listening");
    ptv->pcap_state = PCAP_STATE_UP;
    return 0;
}
Exemple #4
0
static bool check_promisc(const char *dev) {
    char junk[PCAP_ERRBUF_SIZE];
    int err;
    pcap_t *handle;

    handle = pcap_create(dev, junk);
    if(!handle)
        goto fail;

    err = pcap_set_promisc(handle, 1);
    if(err)
        /* Should never error: pcap_set_promisc() only errors if handle is active. */
        die(0, "DEBUG: Reached unreachable condition at %s:%lu\n", __FILE__, __LINE__);

    err = pcap_activate(handle);
    if(err && err != PCAP_WARNING)
        goto fail;

    pcap_close(handle);
    return true;

fail:
    pcap_close(handle);
    return false;
}
Exemple #5
0
Sniffer::Sniffer(const string& device, 
                 promisc_type promisc,
                 const string& filter,
                 bool rfmon) {
    SnifferConfiguration configuration;
    configuration.set_promisc_mode(promisc == PROMISC);
    configuration.set_filter(filter);
    configuration.set_rfmon(rfmon);

    char error[PCAP_ERRBUF_SIZE];
    pcap_t* phandle = pcap_create(TINS_PREFIX_INTERFACE(device).c_str(), error);
    if (!phandle) {
        throw runtime_error(error);
    }
    set_pcap_handle(phandle);

    // Set the netmask if we are able to find it.
    bpf_u_int32 ip, if_mask;
    if (pcap_lookupnet(TINS_PREFIX_INTERFACE(device).c_str(), &ip, &if_mask, error) == 0) {
        set_if_mask(if_mask);
    }

    // Configure the sniffer's attributes prior to activation.
    configuration.configure_sniffer_pre_activation(*this);

    // Finally, activate the pcap. In case of error throw runtime_error
    if (pcap_activate(get_pcap_handle()) < 0) {
        throw pcap_error(pcap_geterr(get_pcap_handle()));
    }

    // Configure the sniffer's attributes after activation.
    configuration.configure_sniffer_post_activation(*this);
}
Exemple #6
0
static pcap_t* open_pcap_dev(const char* ifname, int frameSize, char* errbuf)
{
	pcap_t* handle = pcap_create(ifname, errbuf);
	if (handle) {
		int err;
		err = pcap_set_snaplen(handle, frameSize);
		if (err) AVB_LOGF_WARNING("Cannot set snap len %d", err);

		err = pcap_set_promisc(handle, 1);
		if (err) AVB_LOGF_WARNING("Cannot set promisc %d", err);

		err = pcap_set_immediate_mode(handle, 1);
		if (err) AVB_LOGF_WARNING("Cannot set immediate mode %d", err);

		// we need timeout (here 100ms) otherwise we could block for ever
		err = pcap_set_timeout(handle, 100);
		if (err) AVB_LOGF_WARNING("Cannot set timeout %d", err);

		err = pcap_set_tstamp_precision(handle, PCAP_TSTAMP_PRECISION_NANO);
		if (err) AVB_LOGF_WARNING("Cannot set tstamp nano precision %d", err);

		err = pcap_set_tstamp_type(handle, PCAP_TSTAMP_ADAPTER_UNSYNCED);
		if (err) AVB_LOGF_WARNING("Cannot set tstamp adapter unsynced %d", err);

		err = pcap_activate(handle);
		if (err) AVB_LOGF_WARNING("Cannot activate pcap %d", err);
	}
	return handle;
}
Exemple #7
0
static void print_datalinks(const char *dev) {
    int *linktypes;
    int err, i, nlinktypes;
    char errbuf[PCAP_ERRBUF_SIZE];
    pcap_t *handle;

    handle = pcap_create(dev, errbuf);
    if(!handle)
        return;

    err = pcap_activate(handle);
    if(err)
        return;

    nlinktypes = pcap_list_datalinks(handle, &linktypes);
    if(nlinktypes > 0)
        printf("     Linktypes:%s", options.verbose > 1 ? "\n" : " ");
    if(options.verbose > 1)
        for(i = 0; i < nlinktypes; ++i)
            printf("       %-20s %s\n"
                   , pcap_datalink_val_to_name(linktypes[i])
                   , pcap_datalink_val_to_description(linktypes[i]));
    else
        for(i = 0; i < nlinktypes; ++i)
            printf("%s%s", pcap_datalink_val_to_name(linktypes[i])
                   , i + 1 > nlinktypes ? ", " : "\n");

    pcap_free_datalinks(linktypes);
    pcap_close(handle);
}
Exemple #8
0
void capture(char *dev) {
  pcap_t *pcap;
  char errbuf[PCAP_ERRBUF_SIZE];
  struct pcap_pkthdr header;	/* The header that pcap gives us */
  const u_char *packet;		/* The actual packet */

  if(NULL == dev) {
    dev = pcap_lookupdev(errbuf);
    if (dev == NULL) {
      fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
      exit(1);
    }
  }

  pcap = pcap_create(dev, errbuf);
  pcap_set_rfmon(pcap, 1);
  pcap_set_promisc(pcap, 1);
  pcap_set_buffer_size(pcap, 1 * 1024 * 1024);
  pcap_set_timeout(pcap, 1);
  pcap_set_snaplen(pcap, 16384);
  pcap_activate(pcap);    
  if(DLT_IEEE802_11_RADIO == pcap_datalink(pcap)) {
    pcap_loop(pcap, 0, got_packet, 0);
  } else {
    fprintf(stderr, "Could not initialize a IEEE802_11_RADIO packet capture for interface %s\n", dev);
  }
}
Exemple #9
0
pcap_t *
pcap_open_live_extended(const char *source, int snaplen, int promisc, int to_ms, int rfmon, char *errbuf)
{
    pcap_t *p;
    int status;
    
    p = pcap_create(source, errbuf);
    if (p == NULL)
        return (NULL);
    status = pcap_set_snaplen(p, snaplen);
    if (status < 0)
        goto fail;
    status = pcap_set_promisc(p, promisc);
    if (status < 0)
        goto fail;
    status = pcap_set_timeout(p, to_ms);
    if (status < 0)
        goto fail;
    if(pcap_can_set_rfmon(p) == 1) {
        status = pcap_set_rfmon(p, rfmon);
        if (status < 0)
            goto fail;
    }
    status = pcap_activate(p);
    if (status < 0)
        goto fail;
    return (p);
    
fail:
    snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, pcap_geterr(p));
    pcap_close(p);
    return (NULL);
}
Exemple #10
0
/*
 * Class:     disy_jnipcap_Pcap
 * Method:    activate
 * Signature: (J)I
 */
JNIEXPORT jint JNICALL
Java_disy_jnipcap_Pcap_activate (JNIEnv *env, jclass jcls, jlong jptr)
{
	pcap_t *p = (pcap_t *) jptr;
	if (p == NULL) return -1;
	return (jint) pcap_activate (p);
}
Exemple #11
0
int
main(void)
{
	char ebuf[PCAP_ERRBUF_SIZE];
	pcap_t *pd;
	int status = 0;

	pd = pcap_open_live("lo0", 65535, 0, 1000, ebuf);
	if (pd == NULL) {
		pd = pcap_open_live("lo", 65535, 0, 1000, ebuf);
		if (pd == NULL) {
			error("Neither lo0 nor lo could be opened: %s",
			    ebuf);
			return 2;
		}
	}
	status = pcap_activate(pd);
	if (status != PCAP_ERROR_ACTIVATED) {
		if (status == 0)
			error("pcap_activate() of opened pcap_t succeeded");
		else if (status == PCAP_ERROR)
			error("pcap_activate() of opened pcap_t failed with %s, not PCAP_ERROR_ACTIVATED",
			    pcap_geterr(pd));
		else
			error("pcap_activate() of opened pcap_t failed with %s, not PCAP_ERROR_ACTIVATED",
			    pcap_statustostr(status));
	}
	return 0;
}
Exemple #12
0
static int
tc_pcap_open(pcap_t **pd, char *device, int snap_len, int buf_size)
{
    int    status;
    char   ebuf[PCAP_ERRBUF_SIZE]; 

    *ebuf = '\0';

    *pd = pcap_create(device, ebuf);
    if (*pd == NULL) {
        tc_log_info(LOG_ERR, 0, "pcap create error:%s", ebuf);
        return TC_ERROR;
    }

    status = pcap_set_snaplen(*pd, snap_len);
    if (status != 0) {
        tc_log_info(LOG_ERR, 0, "pcap_set_snaplen error:%s",
                pcap_statustostr(status));
        return TC_ERROR;
    }

    status = pcap_set_promisc(*pd, 0);
    if (status != 0) {
        tc_log_info(LOG_ERR, 0, "pcap_set_promisc error:%s",
                pcap_statustostr(status));
        return TC_ERROR;
    }

    status = pcap_set_timeout(*pd, 1000);
    if (status != 0) {
        tc_log_info(LOG_ERR, 0, "pcap_set_timeout error:%s",
                pcap_statustostr(status));
        return TC_ERROR;
    }

    status = pcap_set_buffer_size(*pd, buf_size);
    if (status != 0) {
        tc_log_info(LOG_ERR, 0, "pcap_set_buffer_size error:%s",
                pcap_statustostr(status));
        return TC_ERROR;
    }

    tc_log_info(LOG_NOTICE, 0, "pcap_set_buffer_size:%d", buf_size);

    status = pcap_activate(*pd);
    if (status < 0) {
        tc_log_info(LOG_ERR, 0, "pcap_activate error:%s",
                pcap_statustostr(status));
        return TC_ERROR;

    } else if (status > 0) {
        tc_log_info(LOG_WARN, 0, "pcap activate warn:%s", 
                pcap_statustostr(status));
    }

    return TC_OK;
}
Exemple #13
0
int myPcapCatchAndAnaly() {
    int status=0;
    int header_type;
    char errbuf[PCAP_ERRBUF_SIZE];
    /* openwrt && linux */
    char *dev=(char *)"wlan0";
    /* mac os */
    //test
    // char* dev=(char *)"en0";
    handle=pcap_create(dev,errbuf); //为抓取器打开一个句柄

    if (handle == NULL)  {
        fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
        return 0;
    }

    // 由于在该路由器测试时,发现在该openwrt系统上不支持libpcap设置monitor模式,在激活的时候会产生错误
    // 将采用手动设置并检测网卡是否为monitor模式

    // if(pcap_can_set_rfmon(handle)) {
    //      //查看是否能设置为监控模式
    //     printf("Device %s can be opened in monitor mode\n",dev);
    // }
    // else {
    //     printf("Device %s can't be opened in monitor mode!!!\n",dev);
    // }

    // 若是mac os系统,则可以支持
    // test
    if(pcap_set_rfmon(handle,1)!=0) {
        fprintf(stderr, "Device %s couldn't be opened in monitor mode\n", dev);
        return 0;
    } else {
        printf("Device %s has been opened in monitor mode\n", dev);
    }

    pcap_set_promisc(handle,0);   //不设置混杂模式
    pcap_set_snaplen(handle,65535);   //设置最大捕获包的长度
    status=pcap_activate(handle);   //激活

    if(status!=0) {
        pcap_perror(handle,(char*)"pcap error: ");
        return 0;
    }

    header_type=pcap_datalink(handle);  //返回链路层的类型
    if(header_type!=DLT_IEEE802_11_RADIO) {
        printf("Error: incorrect header type - %d\n",header_type);
        return 0;
    }

    int id = 0;
    pcap_loop(handle, -1, getPacket, (u_char*)&id);

    return 1;
}
Exemple #14
0
void pcap_main_loop(const char* dev) {
    char errbuf[PCAP_ERRBUF_SIZE];
    /* open device for reading in promiscuous mode */
    int promisc = 1;

    bpf_u_int32 maskp; /* subnet mask */
    bpf_u_int32 netp;  /* ip */ 

    logger<< log4cpp::Priority::INFO<<"Start listening on "<<dev;

    /* Get the network address and mask */
    pcap_lookupnet(dev, &netp, &maskp, errbuf);

    descr = pcap_create(dev, errbuf);

    if (descr == NULL) {
        logger<< log4cpp::Priority::ERROR<<"pcap_create was failed with error: "<<errbuf;
        exit(0);
    }

    // Setting up 1MB buffer
    int set_buffer_size_res = pcap_set_buffer_size(descr, pcap_buffer_size_mbytes * 1024 * 1024);
    if (set_buffer_size_res != 0 ) {
        if (set_buffer_size_res == PCAP_ERROR_ACTIVATED) {
            logger<< log4cpp::Priority::ERROR<<"Can't set buffer size because pcap already activated\n";
            exit(1);
        } else {
            logger<< log4cpp::Priority::ERROR<<"Can't set buffer size due to error: "<<set_buffer_size_res;
            exit(1);
        }   
    } 

    if (pcap_set_promisc(descr, promisc) != 0) {
        logger<< log4cpp::Priority::ERROR<<"Can't activate promisc mode for interface: "<<dev;
        exit(1);
    }

    if (pcap_activate(descr) != 0) {
        logger<< log4cpp::Priority::ERROR<<"Call pcap_activate was failed: "<<pcap_geterr(descr);
        exit(1);
    }

    // man pcap-linktype
    int link_layer_header_type = pcap_datalink(descr);

    if (link_layer_header_type == DLT_EN10MB) {
        DATA_SHIFT_VALUE = 14;
    } else if (link_layer_header_type == DLT_LINUX_SLL) {
        DATA_SHIFT_VALUE = 16;
    } else {
        logger<< log4cpp::Priority::INFO<<"We did not support link type:"<<link_layer_header_type;
        exit(0);
    }
   
    pcap_loop(descr, -1, (pcap_handler)parse_packet, NULL);
}
Exemple #15
0
NAPCapHandle *
na_pcap_open (const char *iface,
              GError     **error)
{
  char errbuf[PCAP_ERRBUF_SIZE];

  pcap_t *pcap_handle = pcap_create (iface, errbuf);

  if (pcap_handle == NULL)
    {
      g_set_error (error,
                   NA_PCAP_ERROR,
                   NA_PCAP_ERROR_OPEN,
                   "pcap failed to create handle for iface: %s", errbuf);
      return NULL;
    }

  pcap_set_snaplen (pcap_handle, PCAP_SNAPLEN);
  pcap_set_timeout (pcap_handle, 100);

  if (pcap_activate (pcap_handle) != 0)
    {
      g_set_error (error,
                   NA_PCAP_ERROR,
                   NA_PCAP_ERROR_OPEN,
                   "pcap failed to activate handle for iface");
      return NULL;
    }

  NAPCapHandle *handle = g_new0 (NAPCapHandle, 1);

  handle->pcap_handle = pcap_handle;
  handle->iface = iface;
  handle->linktype = pcap_datalink (pcap_handle);

  switch (handle->linktype)
    {
    case (DLT_EN10MB):
      g_debug ("Ethernet link detected");
      break;
    case (DLT_PPP):
      g_debug ("PPP link detected");
      break;
    case (DLT_LINUX_SLL):
      g_debug ("Linux Cooked Socket link detected");
      break;
    default:
      g_debug ("No PPP or Ethernet link: %d", handle->linktype);
      break;
    }

  return handle;
}
Exemple #16
0
void CaptureData(std::string captureFolder, std::string interface)
{
	LOG(DEBUG, "Starting data capture. Storing results in folder:" + captureFolder, "");

	boost::filesystem::path create = captureFolder;

	try
	{
		boost::filesystem::create_directory(create);
	}
	catch(boost::filesystem::filesystem_error const& e)
	{
		LOG(DEBUG, ("Problem creating directory " + captureFolder), ("Problem creating directory " + captureFolder + ": " + e.what()));
	}

    // Write out the state of the haystack at capture
    if(IsHaystackUp())
    {
    	LOG(DEBUG, "Haystack appears up. Recording current state.", "");
    	string haystackFile = captureFolder + "/haystackIps.txt";
        haystackAddresses = Config::GetHaystackAddresses(Config::Inst()->GetPathHome() + "/" + Config::Inst()->GetPathConfigHoneydHS());
        haystackDhcpAddresses = Config::GetHoneydIpAddresses(Config::Inst()->GetIpListPath());

        LOG(DEBUG, "Writing haystack IPs to file " + haystackFile, "");
        ofstream haystackIpStream(haystackFile);
        for(uint i = 0; i < haystackDhcpAddresses.size(); i++)
        {
        	LOG(DEBUG, "Found haystack DHCP IP " + haystackDhcpAddresses.at(i).ip, "");
            haystackIpStream << haystackDhcpAddresses.at(i).ip << endl;
        }
        for(uint i = 0; i < haystackAddresses.size(); i++)
        {
        	LOG(DEBUG, "Found haystack static IP " + haystackAddresses.at(i).ip, "");
            haystackIpStream << haystackAddresses.at(i).ip << endl;
        }

        haystackIpStream.close();
    }

    // Prepare for packet capture
	string trainingCapFile = captureFolder + "/capture.pcap";

    InterfacePacketCapture *capture = new InterfacePacketCapture(interface);
    capture->Init();
    capture->SetPacketCb(SavePacket);

    pcap_t *handle = capture->GetPcapHandle();
    pcap_activate(handle);
    pcapDumpStream = pcap_dump_open(handle, trainingCapFile.c_str());

    capture->StartCaptureBlocking();
 }
Exemple #17
0
int main(int argc, char **argv)
{
	rawsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
	if (rawsock == -1) {
		perror("socket");
		exit(0);
	}

	pcap_t *pcap = pcap_open_live(argv[1], 1500, 1, 1000, NULL);
	pcap_activate(pcap);
	pcap_loop(pcap, -1, my_callback, NULL);
	return 0;
}
Exemple #18
0
CAMLprim value
stub_pcap_activate (value p_p)
{
	pcap_t *p;

	p = (pcap_t *) p_p;

	if (pcap_activate (p)) {
		raise_error (pcap_geterr (p));
	}

	return Val_unit;
}
Exemple #19
0
pcap_t *
pcap_open_live(const char *source, int snaplen, int promisc, int to_ms,
    char *errbuf)
{
	pcap_t *p;
	int status;

	p = pcap_create(source, errbuf);
	if (p == NULL)
		return (NULL);
	status = pcap_set_snaplen(p, snaplen);
	if (status < 0)
		goto fail;
	status = pcap_set_promisc(p, promisc);
	if (status < 0)
		goto fail;
	status = pcap_set_timeout(p, to_ms);
	if (status < 0)
		goto fail;
	/*
	 * Mark this as opened with pcap_open_live(), so that, for
	 * example, we show the full list of DLT_ values, rather
	 * than just the ones that are compatible with capturing
	 * when not in monitor mode.  That allows existing applications
	 * to work the way they used to work, but allows new applications
	 * that know about the new open API to, for example, find out the
	 * DLT_ values that they can select without changing whether
	 * the adapter is in monitor mode or not.
	 */
	p->oldstyle = 1;
	status = pcap_activate(p);
	if (status < 0)
		goto fail;
	return (p);
fail:
	if (status == PCAP_ERROR)
		snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
		    p->errbuf);
	else if (status == PCAP_ERROR_NO_SUCH_DEVICE ||
	    status == PCAP_ERROR_PERM_DENIED ||
	    status == PCAP_ERROR_PROMISC_PERM_DENIED)
		snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source,
		    pcap_statustostr(status), p->errbuf);
	else
		snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
		    pcap_statustostr(status));
	pcap_close(p);
	return (NULL);
}
Exemple #20
0
bool NetworkInterface::Init()
{
  if(!m_pHandler) {
    std::cerr << "Handler wasn't created!" << std::endl;
    return false;
  }
  if(pcap_activate(m_pHandler) < 0) {
    std::cerr << "Unable to activate pcap handler on " << m_sInterface <<
                 " interface! Details: " << pcap_geterr(m_pHandler) <<
                 std::endl;
    pcap_close(m_pHandler);
    m_pHandler = NULL;
    return false;
  }
  return true;
}
Exemple #21
0
    static int
epcap_open(EPCAP_STATE *ep)
{
    char errbuf[PCAP_ERRBUF_SIZE];

    if (ep->file) {
        PCAP_ERRBUF(ep->p = pcap_open_offline(ep->file, errbuf));
    } else {
        if (ep->dev == NULL)
            PCAP_ERRBUF(ep->dev = pcap_lookupdev(errbuf));

#ifdef HAVE_PCAP_CREATE
        PCAP_ERRBUF(ep->p = pcap_create(ep->dev, errbuf));
        (void)pcap_set_snaplen(ep->p, ep->snaplen);
        (void)pcap_set_promisc(ep->p, ep->opt & EPCAP_OPT_PROMISC);
        (void)pcap_set_timeout(ep->p, ep->timeout);
        if (ep->bufsz > 0)
            (void)pcap_set_buffer_size(ep->p, ep->bufsz);
        switch (pcap_activate(ep->p)) {
            case 0:
                break;
            case PCAP_WARNING:
            case PCAP_ERROR:
            case PCAP_WARNING_PROMISC_NOTSUP:
            case PCAP_ERROR_NO_SUCH_DEVICE:
            case PCAP_ERROR_PERM_DENIED:
                pcap_perror(ep->p, "pcap_activate: ");
                exit(EXIT_FAILURE);
            default:
                exit(EXIT_FAILURE);
        }
#else
        PCAP_ERRBUF(ep->p = pcap_open_live(ep->dev, ep->snaplen,
                    ep->opt & EPCAP_OPT_PROMISC, ep->timeout, errbuf));
#endif

        /* monitor mode */
#ifdef PCAP_ERROR_RFMON_NOTSUP
        if (pcap_can_set_rfmon(ep->p) == 1)
            (void)pcap_set_rfmon(ep->p, ep->opt & EPCAP_OPT_RFMON);
#endif
    }

    ep->datalink = pcap_datalink(ep->p);

    return 0;
}
Exemple #22
0
static pcap_t* _kqtime_newPCap(const char* source, const char* filter_expression,
        pcap_direction_t pcapdir, int snaplen) {
	char errbuf[PCAP_ERRBUF_SIZE];
	struct bpf_program filter;

	const char* pcap_source = source ? source : NULL;
	pcap_t* handle = pcap_create(pcap_source, errbuf);
	if(!handle) {
		log("kqtime: error obtaining pcap handle: %s\n", errbuf);
		return NULL;
	}

	if(pcap_set_snaplen(handle, 65536) != 0) {
		log("kqtime: error setting pcap snaplen %d\n", snaplen);
		pcap_close(handle);
		return NULL;
	}

	if(pcap_activate(handle) != 0) {
		log("kqtime: error activating capture device: %s\n", pcap_geterr(handle));
		pcap_close(handle);
		return NULL;
	}

	if(pcap_setdirection(handle, pcapdir) != 0) {
		log("kqtime: error setting capture direction: %s\n", pcap_geterr(handle));
		pcap_close(handle);
		return NULL;
	}

	const char* pcap_filter_expression = filter_expression ? filter_expression : "tcp and not port ssh";
	if(pcap_compile(handle, &filter, pcap_filter_expression,
			0, PCAP_NETMASK_UNKNOWN) != 0) {
		log("kqtime: error compiling filter: %s\n", pcap_geterr(handle));
		pcap_close(handle);
		return NULL;
	}

	if(pcap_setfilter(handle, &filter) < 0) {
		log("kqtime: error setting filter: %s\n", pcap_geterr(handle));
		pcap_freecode(&filter);
		pcap_close(handle);
		return NULL;
	}

	return handle;
}
Exemple #23
0
static void
tcpeek_init_pcap(void) {
	char *ifname, errmsg[PCAP_ERRBUF_SIZE], expression[] = "tcp or icmp";
	struct bpf_program bpf;

	if(strisempty(g.option.ifname)) {
		ifname = pcap_lookupdev(errmsg);
		if(!ifname) {
			error_abort("%s", errmsg);
		}
		strncpy(g.option.ifname, ifname, sizeof(g.option.ifname) - 1);
	}
    g.pcap.pcap = pcap_create(g.option.ifname, errmsg);
	if(!g.pcap.pcap) {
		error_abort("%s", errmsg);
	}
    if(pcap_set_buffer_size(g.pcap.pcap, g.option.buffer * 1024 * 1024) != 0) {
        error_abort("%s", "can not set buffer size");
    }
    if(pcap_set_snaplen(g.pcap.pcap, DEFAULT_PCAP_SNAPLEN) != 0) {
        error_abort("%s", "can not set snaplen");
    }
    if(pcap_set_promisc(g.pcap.pcap, g.option.promisc) != 0) {
        error_abort("%s", "can not set promiscuous mode");
    }
    if(pcap_set_timeout(g.pcap.pcap, 1) != 0) {
        error_abort("%s", "can not set timeout");
    }
    if(pcap_activate(g.pcap.pcap) != 0) {
        error_abort("%s", pcap_geterr(g.pcap.pcap));
    }
	if(pcap_compile(g.pcap.pcap, &bpf, expression, 0, 0) == -1) {
		error_abort("%s '%s'", pcap_geterr(g.pcap.pcap), expression);
	}
	if(pcap_setfilter(g.pcap.pcap, &bpf) == -1){
		error_abort("%s", pcap_geterr(g.pcap.pcap));
	}
	pcap_freecode(&bpf);
	g.pcap.snapshot = pcap_snapshot(g.pcap.pcap);
	g.pcap.datalink = pcap_datalink(g.pcap.pcap);
	if(g.pcap.datalink != DLT_EN10MB && g.pcap.datalink != DLT_LINUX_SLL) {
		error_abort("not support datalink %s (%s)",
			pcap_datalink_val_to_name(g.pcap.datalink),
			pcap_datalink_val_to_description(g.pcap.datalink)
		);
	}
}
Exemple #24
0
static pcap_t *open_pcap(const char *iface, bpf_u_int32 *net, bpf_u_int32 *mask)
{
	pcap_t *pcap = NULL;
	char errbuf[PCAP_ERRBUF_SIZE];
	char ipv4str[16], filter[128];
	struct bpf_program bpf;

	if (pcap_lookupnet(iface, net, mask, errbuf) != 0) {
		fprintf(stderr, "pcap_lookupnet(): %s\n", errbuf);
		goto fail;
	}
	if (inet_ntop(AF_INET, (const void *)net, ipv4str, sizeof ipv4str) == NULL) {
		perror("inet_ntop()");
		goto fail;
	}
//	snprintf(filter, sizeof filter, "ip dst %s and (tcp[tcpflags] & (tcp-syn | tcp-ack)) = (tcp-syn | tcp-ack)", ipv4str);
	snprintf(filter, sizeof filter, "(tcp[tcpflags] & (tcp-syn | tcp-ack)) = (tcp-syn | tcp-ack)");
	pcap = pcap_create(iface, errbuf);
	if (pcap == NULL) {
		fprintf(stderr, "pcap_create(): %s\n", errbuf);
		goto fail;
	}
	(void)pcap_setdirection(pcap, PCAP_D_IN);
	if (pcap_set_buffer_size(pcap, 131072) != 0) {
		pcap_perror(pcap, "pcap_set_buffer_size()");
		goto fail;
	}
	if (pcap_activate(pcap) != 0) {
		pcap_perror(pcap, "pcap_activate()");
		goto fail;
	}
	if (pcap_compile(pcap, &bpf, filter, 1, PCAP_NETMASK_UNKNOWN) != 0) {
		pcap_perror(pcap, "pcap_compile()");
		goto fail;
	}
	if (pcap_setfilter(pcap, &bpf) != 0) {
		pcap_perror(pcap, "pcap_setfilter()");
		goto fail;
	}
	pcap_freecode(&bpf);
	return pcap;
fail:
	if (pcap != NULL)
		pcap_close(pcap);
	return NULL;
}
Exemple #25
0
pcap_t *
reader_libpcap_open_live(const char *source, int snaplen, int promisc, int to_ms, char *errbuf)
{
    pcap_t *p;
    int status;

    p = pcap_create(source, errbuf);
    if (p == NULL)
        return (NULL);
    status = pcap_set_snaplen(p, snaplen);
    if (status < 0)
        goto fail;
    status = pcap_set_promisc(p, promisc);
    if (status < 0)
        goto fail;
    status = pcap_set_timeout(p, to_ms);
    if (status < 0)
        goto fail;
    status = pcap_set_buffer_size(p, config.pcapBufferSize);
    if (status < 0)
        goto fail;
    status = pcap_activate(p);
    if (status < 0)
        goto fail;
    status = pcap_setnonblock(p, TRUE, errbuf);
    if (status < 0) {
        pcap_close(p);
        return (NULL);
    }

    return (p);
fail:
    if (status == PCAP_ERROR)
        snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
            pcap_geterr(p));
    else if (status == PCAP_ERROR_NO_SUCH_DEVICE ||
        status == PCAP_ERROR_PERM_DENIED)
        snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source,
            pcap_statustostr(status), pcap_geterr(p));
    else
        snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
            pcap_statustostr(status));
    pcap_close(p);
    return (NULL);
}
Exemple #26
0
static PyObject *ppcap_activate(ppcap *self)
{
    int retval;

    if (!ppcap_isset_handle(self->handle)) {
        PyErr_SetString(PyExc_Ppcap, "pcap handle is not created");
        return NULL;
    }
    retval = pcap_activate(self->handle);
    switch(retval) {
        case PCAP_WARNING_TSTAMP_TYPE_NOTSUP:
            fprintf(stderr, "timestamp not supported by the capture source\n");
        break;
        case PCAP_WARNING_PROMISC_NOTSUP:
        case PCAP_WARNING:
            fprintf(stderr, "%s\n", pcap_geterr(self->handle));
        break;
        case PCAP_ERROR_ACTIVATED:
            PyErr_SetString(PyExc_Ppcap, "handle has already been activated");
            return NULL;
        break;
        case PCAP_ERROR_PROMISC_PERM_DENIED:
            PyErr_SetString(PyExc_Ppcap, "process has not permission to put the"
                            " capture device into promisc mode");
            return NULL;
        break;
        case PCAP_ERROR_RFMON_NOTSUP:
            PyErr_SetString(PyExc_Ppcap, "capture source does not support monitor mode");
            return NULL;
        break;
        case PCAP_ERROR_IFACE_NOT_UP:
            PyErr_SetString(PyExc_Ppcap, "capture source is not up");
            return NULL;
        break;
        case PCAP_ERROR_NO_SUCH_DEVICE:
        case PCAP_ERROR_PERM_DENIED:
        case PCAP_ERROR:
            PyErr_Format(PyExc_Ppcap, "%s", pcap_geterr(self->handle));
            return NULL;
        break;
    }
    Py_RETURN_NONE;
}
Exemple #27
0
static bool check_capture(char *errbuf, const char *dev) {
    int err;
    pcap_t *handle;

    handle = pcap_create(dev, errbuf);
    if(!handle)
        goto fail;

    err = pcap_activate(handle);
    if(err)
        strncpy(errbuf, pcap_geterr(handle), PCAP_ERRBUF_SIZE);
    if(err && err != PCAP_WARNING)
        goto fail;

    pcap_close(handle);
    return true;

fail:
    pcap_close(handle);
    return false;
}
Exemple #28
0
//------------------------------------------------------------------------------
static pcap_t* startPcap(void)
{
    pcap_t* pPcapInst = NULL;
    char    errorMessage[PCAP_ERRBUF_SIZE];

    // Create a pcap live capture handle
    pPcapInst = pcap_create(edrvInstance_l.initParam.pDevName, errorMessage);
    if (pPcapInst == NULL)
    {
        DEBUG_LVL_ERROR_TRACE("%s() Error!! Can't open pcap: %s\n", __func__, errorMessage);
    }

    // Set snapshot length for a not-yet-activated capture handle
    if (pcap_set_snaplen(pPcapInst, 65535) < 0)
    {
        DEBUG_LVL_ERROR_TRACE("%s() couldn't set PCAP snap length\n", __func__);
    }

    // Set promiscuous mode for a not-yet-activated capture handle
    if (pcap_set_promisc(pPcapInst, 1) < 0)
    {
        DEBUG_LVL_ERROR_TRACE("%s() couldn't set PCAP promiscuous mode\n", __func__);
    }

// Pcap immediate mode only supported by libpcap >=1.5.0
#ifdef PCAP_ERROR_TSTAMP_PRECISION_NOTSUP
    // Set immediate mode for a not-yet-activated capture handle
    if (pcap_set_immediate_mode(pPcapInst, 1) < 0)
    {
        DEBUG_LVL_ERROR_TRACE("%s() couldn't set PCAP immediate mode\n", __func__);
    }
#endif

    // Activate the pcap capture handle with the previous parameters
    if (pcap_activate(pPcapInst) < 0)
    {
        DEBUG_LVL_ERROR_TRACE("%s() couldn't activate PCAP\n", __func__);
    }
    return pPcapInst;
}
Exemple #29
0
int capture_live(const char *filter) {
    int err;
    char errbuf[PCAP_ERRBUF_SIZE];
    pcap_t *handle;
    char *dev = options.dev ? match_dev_regex_or_die(options.dev) : "all";

    plog(1, "Capturing on device: %s", dev);

    handle = pcap_create(dev, errbuf);
    prep_pcap_handle(handle);

    err = pcap_activate(handle);
    if(err == PCAP_WARNING)
        plog(0, "pcap_activate(): %s", pcap_geterr(handle));
    else if(err == PCAP_WARNING_PROMISC_NOTSUP || err == PCAP_WARNING_TSTAMP_TYPE_NOTSUP)
        plog(0, "pcap_activate(): %s", pcap_geterr(handle));
    else if(err)
        die(0, "pcap_activate(): %s", pcap_geterr(handle));

    pcap_close(handle);
    return 0;
}
Exemple #30
0
bool PcapActivity::openLive()
{
    Poco::Buffer<char> errBuff(PCAP_ERRBUF_SIZE);
    _pcap = pcap_create(_device.c_str(), errBuff.begin());
    if (_pcap == nullptr) {
        _logger.warning("Couldn't open device %s: %s", _device, std::string(errBuff.begin()));
        return false;
    }
    int status = pcap_set_snaplen(_pcap, 1500);
    if (status < 0) {
        _logger.warning("Can't set pcap snaplen: %s", std::string(pcap_strerror(status)));
    }
    status = pcap_set_promisc(_pcap, 1);
    if (status < 0) {
        _logger.warning("Can't set pcap promiscuous mode: %s", std::string(pcap_strerror(status)));
    }
    status = pcap_set_timeout(_pcap, 2500);
    if (status < 0) {
        _logger.warning("Can't set pcap timeout: %s", std::string(pcap_strerror(status)));
    }
#ifdef POCO_OS_FAMILY_UNIX
    status = pcap_set_buffer_size(_pcap, 2097152); //2MB
#else
    status = pcap_setbuff(_pcap, 2097152); //2MB
#endif
    if (status < 0) {
        _logger.warning("Can't set pcap buffer size: %s", std::string(pcap_strerror(status)));
    }
    status = pcap_activate(_pcap);
    if (status < 0) {

        _logger.warning("Couldn't activate device %s: %s", _device, std::string(pcap_strerror(status)));
        return false;
    }
    return true;
}