int main(int argc, char *argv[]) { char *dev, errbuf[PCAP_ERRBUF_SIZE]; pcap_t *handle; print_app_banner(); check_requirements(); init_pcap(); return(0); }
/* print help text */ void print_app_usage(char *name) { print_app_banner(); printf("usage:\n %s <interface> [options]\n\n", name); printf("interface:\n"); printf(" -i interface1 Capture packets from interface1.\n\n"); printf("options:\n"); printf(" -I interface2 Forward packets to interface2.\n"); printf(" -d ip address Destination ip address of forwarded packets.\n"); printf(" -n number Number of packets to capture.\n"); printf(" -h Hide packet headers.\n"); printf(" -p Hide payload.\n"); printf(" -c Capture packets only.\n"); printf(" -f 'filter' Tcpdump packet filter expression.\n\n"); printf("example:\n"); printf(" sudo packetforward -i en1 -I tap0 -d 5.124.100.100 -f 'udp port 6112 and dst host 255.255.255.255'\n\n'"); return; }
int main(int argc, char **argv) { char *dev = NULL; /* capture device name */ char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */ pcap_t *handle; /* packet capture handle */ char filter_exp[] = "ip"; /* filter expression [3] */ struct bpf_program fp; /* compiled filter program (expression) */ bpf_u_int32 mask; /* subnet mask */ bpf_u_int32 net; /* ip */ int num_packets = 10; /* number of packets to capture */ print_app_banner(); /* check for capture device name on command-line */ if (argc == 2) { dev = argv[1]; } else if (argc > 2) { fprintf(stderr, "error: unrecognized command-line options\n\n"); print_app_usage(); exit(EXIT_FAILURE); } else { /* find a capture device if not specified on command-line */ dev = pcap_lookupdev(errbuf); if (dev == NULL) { fprintf(stderr, "Couldn't find default device: %s\n", errbuf); exit(EXIT_FAILURE); } } /* get network number and mask associated with capture device */ if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf); net = 0; mask = 0; } /* print capture info */ printf("Device: %s\n", dev); printf("Number of packets: %d\n", num_packets); printf("Filter expression: %s\n", filter_exp); /* open capture device */ handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf); if (handle == NULL) { fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf); exit(EXIT_FAILURE); } /* make sure we're capturing on an Ethernet device [2] */ if (pcap_datalink(handle) != DLT_EN10MB) { fprintf(stderr, "%s is not an Ethernet\n", dev); exit(EXIT_FAILURE); } /* compile the filter expression */ if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) { fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } /* apply the compiled filter */ if (pcap_setfilter(handle, &fp) == -1) { fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } /* now we can set our callback function */ pcap_loop(handle, num_packets, got_packet, NULL); /* cleanup */ pcap_freecode(&fp); pcap_close(handle); printf("\nCapture complete.\n"); return 0; }
int main(int argc, char **argv) { char *dev = NULL; /* capture device name */ int dev_is_file = 0; /* capture from a file, not from the network */ char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */ pcap_t *handle; /* packet capture handle */ /* filter expression [3]: port 5222, TLS Handshake, ClientHello/ServerHello */ char *filter_exp = filter_https; struct bpf_program fp; /* compiled filter program (expression) */ bpf_u_int32 mask; /* subnet mask */ bpf_u_int32 net; /* ip */ /* Make sure pipe sees new packets unbuffered. */ setvbuf(stdout, (char *)NULL, _IOLBF, 0); print_app_banner(); /* check for capture device name on command-line */ if (argc == 2) { dev = argv[1]; } else if (argc == 3) { dev = argv[1]; if (strcmp(argv[2], "https") == 0) filter_exp = filter_https; else if (strcmp(argv[2], "xmpp") == 0) filter_exp = filter_xmpp; else filter_exp = argv[2]; } else if (argc > 3) { fprintf(stderr, "error: unrecognized command-line options\n\n"); print_app_usage(); exit(EXIT_FAILURE); } else { /* find a capture device if not specified on command-line */ dev = pcap_lookupdev(errbuf); if (dev == NULL) { fprintf(stderr, "Couldn't find default device: %s\n", errbuf); exit(EXIT_FAILURE); } } /* try to open capture "device" as a file, if it fails */ /* get network number and mask associated with capture device */ if (access(dev, R_OK) != -1) { dev_is_file = 1; } else if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf); net = 0; mask = 0; } /* print capture info */ printf("Source: %s\n", dev); printf("Filter expression: %s\n", filter_exp); printf("\n"); #ifdef LOG_COUNTER printf("Counter\t"); #endif #ifdef LOG_ADDRESSES printf("Source\t\tDestination\t"); #endif #ifdef LOG_PORTS printf("SrcPort\tDstPort\t"); #endif printf("Packet content\n"); /* open capture device */ if (dev_is_file) handle = pcap_open_offline(dev, errbuf); else handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf); if (handle == NULL) { fprintf(stderr, "Couldn't open source %s: %s\n", dev, errbuf); exit(EXIT_FAILURE); } /* make sure we're capturing on an Ethernet device [2] */ if (pcap_datalink(handle) != DLT_EN10MB) { fprintf(stderr, "%s is not an Ethernet\n", dev); exit(EXIT_FAILURE); } /* compile the filter expression */ if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) { fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } /* apply the compiled filter */ if (pcap_setfilter(handle, &fp) == -1) { fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } /* now we can set our callback function */ pcap_loop(handle, -1, got_packet, NULL); /* cleanup */ pcap_freecode(&fp); pcap_close(handle); printf("\nCapture complete.\n"); return 0; }
void main() { (void) signal(SIGINT, termination_handler); print_app_banner(); // ADDED mrd015 !!!!! // trying to put code from fins_ethernet.sh here. This should allow mkfifo to be called w/o building coreutils for android? printf("\n\nAttempting to make " FINS_TMP_ROOT "\n"); if(system("mkdir " FINS_TMP_ROOT) != 0){ printf(FINS_TMP_ROOT " already exists! Cleaning...\n"); // if cannot create directory, assume it contains files and try to delete them if(system("cd " FINS_TMP_ROOT ";rm *") != 0){ printf("Cannot remove files in " FINS_TMP_ROOT "!\n"); }else { printf(FINS_TMP_ROOT " was cleaned successfully.\n\n"); } } if(mkfifo(INCOME_PIPE, 0777) != 0){ PRINT_DEBUG("Failed to mkfifo(INCOME_PIPE, 0777)"); exit(1); } if(mkfifo(INJECT_PIPE, 0777) != 0){ PRINT_DEBUG("Failed to mkfifo(INJECT_PIPE, 0777)"); exit(1); } //^^^^^END^^^^^ !!!!! fflush(stdout); pid_t pID; char device[20]; //strcpy(device, "lo"); //original !!!!! strcpy(device, "eth0"); //changed to this !!!!! //strcpy(device, "eth1"); //changed to this !!!!! //strcpy(device, "wlan0"); /** Time to split into two processes * 1. the child Process is for capturing (incoming) * 2. the parent process is for injecting frames (outgoing) */ pID = fork(); if (pID == 0) // child -- Capture process { // Code only executed by child process PRINT_DEBUG("child started to capture \n"); //sleep(2); capture_init(device); } else if (pID < 0) // failed to fork { PRINT_DEBUG ("Failed to Fork \n"); exit(1); } else // parent { // Code only executed by parent process /** inject handler is supposed to be initialized earlier to make sure that forwarding * feature is able to work even if the parent process did not start injecting yet * we fix this by sleeping the capturing process for a while. To give the injection * process a lead */ PRINT_DEBUG("parent started to Inject \n"); inject_init(device); // while (1); } /** if (inject_handle != NULL); pcap_close(inject_handle); if (capture_handle != NULL); pcap_close(capture_handle); */ // return; }
int main(int argc, char **argv) { char *dev = NULL; /* capture device name */ char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */ pcap_t *handle; /* packet capture handle */ //TODO filters on tcp instead of ip char filter_exp[] = "tcp"; /* filter expression [3] */ struct bpf_program fp; /* compiled filter program (expression) */ bpf_u_int32 mask; /* subnet mask */ bpf_u_int32 net; /* ip */ int num_packets = -1; /* number of packets to capture */ clear(); print_app_banner(); /* check for capture device name on command-line */ if (argc == 6) { dev = argv[1]; g_src_address = argv[2]; g_dest_address = argv[3]; num_packets = atoi(argv[4]); g_filename = argv[5]; } else { fprintf(stderr, "error: unrecognized command-line options\n\n"); print_app_usage(); exit(EXIT_FAILURE); } FILE *file; file = fopen(g_filename, "w+"); //open for reading and writing (overwrite existing file) fclose(file); /* get network number and mask associated with capture device */ if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf); net = 0; mask = 0; } /* print capture info */ printf("Device: %s\n", dev); printf("Number of packets: %d\n", num_packets); printf("Filter expression: %s\n", filter_exp); printf("Source address is %s and Destination address is %s\n", g_src_address, g_dest_address); printf("RTT data will be stored in %s\n", g_filename); /* open capture device */ //TODO iv'e disabled promiscuous mode handle = pcap_open_live(dev, SNAP_LEN, 0, 1000, errbuf); if (handle == NULL) { fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf); exit(EXIT_FAILURE); } /* make sure we're capturing on an Ethernet device [2] */ if (pcap_datalink(handle) != DLT_EN10MB) { fprintf(stderr, "%s is not an Ethernet\n", dev); exit(EXIT_FAILURE); } /* compile the filter expression */ if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) { fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } /* apply the compiled filter */ if (pcap_setfilter(handle, &fp) == -1) { fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } pcap_loop(handle, num_packets, got_packet, NULL); /* cleanup */ pcap_freecode(&fp); pcap_close(handle); printf("\nCapture complete.\n"); return 0; }
int main(int argc, char **argv) { char *dev = NULL; /* 捕获设备的名称 | capture device name */ char errbuf[PCAP_ERRBUF_SIZE]; /* 错误的缓冲区 | error buffer */ pcap_t *handle; /* 数据包捕获句柄 | packet capture handle */ char filter_exp[] = "tcp"; /* 过滤表达示 | filter expression [3] */ struct bpf_program fp; /* 编译过滤表达示 | compiled filter program (expression) */ bpf_u_int32 mask; /* 子网掩码 | subnet mask */ bpf_u_int32 net; /* IP 地址 | ip */ int num_packets = 10; /* 捕获的数据包数量 | number of packets to capture */ /* 显示程序版本信息 */ print_app_banner(); /* 检查来自命令行参数需要捕获设备的名称 check for capture device name on command-line */ if (argc == 2) { dev = argv[1]; } else if (argc > 2) { fprintf(stderr, "error: unrecognized command-line options\n\n"); print_app_usage(); exit(EXIT_FAILURE); } else { /* 如果命令行参数没有指定, 则自动找到一个设备 find a capture device if not specified on command-line */ dev = pcap_lookupdev(errbuf); if (dev == NULL) { fprintf(stderr, "Couldn't find default device: %s\n", errbuf); exit(EXIT_FAILURE); } } /* 获得捕获设备的网络号和掩码 get network number and mask associated with capture device */ if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf); net = 0; mask = 0; } /* 显示捕获设备信息 print capture info */ printf("Device: %s\n", dev); printf("Number of packets: %d\n", num_packets); printf("Filter expression: %s\n", filter_exp); /* 打开捕获设备 @1 捕获的设备 @2 每次捕获数据的最大长度 @3 1 启用混杂模式 @4 捕获时间, 单位ms @5 错误缓冲区 open capture device */ handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf); if (handle == NULL) { fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf); exit(EXIT_FAILURE); } /* pcap_datalink(); 返回数据链路层类型,例如DLT_EN10MB; 确保我们对以太网设备捕获 make sure we're capturing on an Ethernet device [2] */ if (pcap_datalink(handle) != DLT_EN10MB) { fprintf(stderr, "%s is not an Ethernet\n", dev); exit(EXIT_FAILURE); } /* 编译过滤表达式 compile the filter expression */ if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) { fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } /* 应用过滤规则 apply the compiled filter */ if (pcap_setfilter(handle, &fp) == -1) { fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } /* 设置回高函数并开始捕获包 now we can set our callback function */ pcap_loop(handle, num_packets, got_packet, NULL); /* cleanup */ pcap_freecode(&fp); pcap_close(handle); printf("\nCapture complete.\n"); return 0; }
void *packet_capture(void *device) { printf("\n capture thread \n"); pcap_t *handle; /* packet capture handle */ /* we need to filter frames based on the sender mac address !! * if the sender mac address is our then, we dont sniff this frame ! * while we sniff any frame that is originated by someone else * We can not depends on the sender IP address because this means we will * still sniff outgoing packets generated by other network protocols * such as ARP or IPv6 */ char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */ unsigned char dev_macAddress[17]; char *filter_exp; unsigned char *dev; filter_exp= (char *)malloc (100); strcat(filter_exp,"ether src not "); //char filter_exp[] = "ether src 00:1e:2a:52:ec:9c"; /* filter expression [3] */ struct bpf_program fp; /* compiled filter program (expression) */ bpf_u_int32 mask; /* subnet mask */ bpf_u_int32 net; /* ip */ int num_packets = 20; /* number of packets to capture */ int data_linkValue; print_app_banner(); dev =(unsigned char *)device; /* Build the filter expression based on the mac address of the passed * device name */ getDevice_MACAddress(dev_macAddress,dev); strcat(filter_exp,dev_macAddress); //strcat(filter_exp," and not arp"); strcpy(filter_exp,"not arp"); /* get network number and mask associated with capture device */ if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf); net = 0; mask = 0; } /* print capture info */ printf("Device: %s\n", dev); printf("Number of packets: %d\n", num_packets); printf("Filter expression: %s\n", filter_exp); /* open capture device */ handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf); if (handle == NULL) { fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf); exit(EXIT_FAILURE); } /* make sure we're capturing on an Ethernet device [2] */ data_linkValue = pcap_datalink(handle); if (data_linkValue != DLT_EN10MB) { fprintf(stderr, "%s is not an Ethernet\n", dev); exit(EXIT_FAILURE); } printf("Datalink layer Description: %s \n",pcap_datalink_val_to_description(data_linkValue)); /* compile the filter expression */ if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) { fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } /* apply the compiled filter */ if (pcap_setfilter(handle, &fp) == -1) { fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } /* now we can set our callback function */ pcap_loop(handle, 20, got_packet, NULL); /* cleanup */ pcap_freecode(&fp); pcap_close(handle); return NULL; }