result_type trace() {
// ICMPs that aren't sent from us.
SnifferConfiguration config;
config.set_snap_len(500);
config.set_promisc_mode(false);
config.set_filter(
"ip proto \\icmp and not src host " + iface.addresses().ip_addr.to_string());
Sniffer sniffer(iface.name(), config);
PacketSender sender;
// Create our handler
auto handler = std::bind(
&Traceroute::sniff_callback,
this,
std::placeholders::_1
);
// We're running
running = true;
// Start the sniff thread
std::thread sniff_thread(
&Sniffer::sniff_loop<decltype(handler)>,
&sniffer,
handler,
0
);
send_packets(sender);
sniff_thread.join();
// Clear our results and return what we've found
return std::move(results);
}
result_type trace() {
SnifferConfiguration config;
config.set_promisc_mode(false);
// ICMPs that aren't sent from us.
config.set_filter(
"ip proto \\icmp and not src host " + iface.addresses().ip_addr.to_string());
Sniffer sniffer(iface.name(), config);
PacketSender sender;
// Create our handler
auto handler = bind(
&Traceroute::sniff_callback,
this,
std::placeholders::_1
);
// We're running
running = true;
// Start the sniff thread
thread sniff_thread(
[&]() {
sniffer.sniff_loop(handler);
}
);
send_packets(sender);
sniff_thread.join();
// If the final hop responded, add its address at the appropriate ttl
if (lowest_dest_ttl != numeric_limits<int>::max()) {
results[lowest_dest_ttl] = addr;
}
// Clear our results and return what we've found
return move(results);
}
void receive_probe_requests(NetworkInterface iface) {
SnifferConfiguration config;
config.set_rfmon(true);
config.set_filter("type mgt subtype probe-req || type data subtype null");
Sniffer sniffer(iface.name(), config);
while(true) process(sniffer.next_packet());
}
void scan(int argc, char *argv[]) {
IPv4Address ip(argv[1]);
// Resolve the interface which will be our gateway
NetworkInterface iface(ip);
cout << "Sniffing on interface: " << iface.name() << endl;
// 300 bytes are enough to receive SYNs and RSTs.
SnifferConfiguration config;
config.set_snap_len(300);
Sniffer sniffer(iface.name(), config);
sniffer_data data(&sniffer, argv[1]);
pthread_t thread;
// Launch our sniff thread.
pthread_create(&thread, 0, thread_proc, &data);
// Consume arguments
argv += 2;
argc -= 2;
// Start sending SYNs to port.
send_syns(iface, ip, vector<string>(argv, argv + (argc)));
// Wait for our sniffer.
void *dummy;
pthread_join(thread, &dummy);
}
int main(int argc, char* argv[]) {
if (argc != 2) {
cout << "Usage: " << argv[0] << " <interface>" << endl;
return 1;
}
try {
// Construct the sniffer configuration object
SnifferConfiguration config;
// Only capture TCP traffic sent from/to port 80
config.set_filter("tcp port 80");
// Construct the sniffer we'll use
Sniffer sniffer(argv[1], config);
cout << "Starting capture on interface " << argv[1] << endl;
// Now construct the stream follower
StreamFollower follower;
// We just need to specify the callback to be executed when a new
// stream is captured. In this stream, you should define which callbacks
// will be executed whenever new data is sent on that stream
// (see on_new_connection)
follower.new_stream_callback(&on_new_connection);
// Now start capturing. Every time there's a new packet, call
// follower.process_packet
sniffer.sniff_loop([&](Packet& packet) {
follower.process_packet(packet);
return true;
});
}
catch (exception& ex) {
cerr << "Error: " << ex.what() << endl;
return 1;
}
}
Sniffer::Sniffer(const string& device, const SnifferConfiguration& configuration) {
char error[PCAP_ERRBUF_SIZE];
pcap_t* phandle = pcap_create(TINS_PREFIX_INTERFACE(device).c_str(), error);
if (!phandle) {
throw runtime_error(error);
}
set_pcap_handle(phandle);
// Set the netmask if we are able to find it.
bpf_u_int32 ip, if_mask;
if (pcap_lookupnet(TINS_PREFIX_INTERFACE(device).c_str(), &ip, &if_mask, error) == 0) {
set_if_mask(if_mask);
}
// Configure the sniffer's attributes prior to activation.
configuration.configure_sniffer_pre_activation(*this);
// Finally, activate the pcap. In case of error throw runtime_error
if (pcap_activate(get_pcap_handle()) < 0) {
throw pcap_error(pcap_geterr(get_pcap_handle()));
}
// Configure the sniffer's attributes after activation.
configuration.configure_sniffer_post_activation(*this);
}
int main(int argc, char* argv[]) {
string iface;
if (argc == 2) {
// Use the provided interface
iface = argv[1];
}
else {
// Use the default interface
iface = NetworkInterface::default_interface().name();
}
try {
SnifferConfiguration config;
config.set_promisc_mode(true);
config.set_filter("udp and port 53");
Sniffer sniffer(iface, config);
dns_monitor monitor;
thread thread(
[&]() {
monitor.run(sniffer);
}
);
while (true) {
auto info = monitor.stats().get_information();
cout << "\rAverage " << info.average.count()
<< "ms. Worst: " << info.worst.count() << "ms. Count: "
<< info.count << " ";
cout.flush();
sleep_for(seconds(1));
}
}
catch (exception& ex) {
cout << "[-] Error: " << ex.what() << endl;
}
}
void BeaconSniffer::run(const std::string& iface) {
SnifferConfiguration config;
config.set_promisc_mode(true);
config.set_filter("type mgt subtype beacon");
config.set_rfmon(true);
Sniffer sniffer(iface, config);
sniffer.sniff_loop(make_sniffer_handler(this, &BeaconSniffer::callback));
}
PDU& PacketSenderGeneric::send_recv(PDU& spdu, SharedSender& shared_sender, const NetworkInterface& iface, bool promisc, double* rdelay, double* edelay)
{
//wait for previous packet to receive response (TODO: not ideal, plan future change)
while (sent_pdu) {
std::this_thread::sleep_for(std::chrono::milliseconds(1000));
}
sent_pdu = spdu.clone();
//start sniff task
SnifferConfiguration config;
config.set_promisc_mode(promisc);
config.set_snap_len(65535);
config.set_timeout(10);
//Critical section
SHARED_SNIFFER_MUTEX.lock();
Sniffer sniffer{ iface.name(), config };
SHARED_SNIFFER_MUTEX.unlock();
bool compute_delay = true;
if (!rdelay)
compute_delay = false;
std::future<void> fresp(std::async(std::launch::async, &PacketSenderGeneric::sniff_task, this, &sniffer, compute_delay));
//send packet
std::clock_t effective_sent_time = std::clock();
std::cout << "Registering packet to send !" << std::endl;
shared_sender.register_packet(sent_pdu, NetworkInterface(iface));
//std::cout << "waiting for max " << timeout << "..." << std::endl;
std::future_status status = fresp.wait_for(std::chrono::seconds(timeout));
//raise exception in case of timeout
if (status == std::future_status::timeout)
{
sniffer.stop_sniff();
sent_pdu = NULL;
throw timeout_elapsed();
}
else if (status == std::future_status::deferred)
std::cout << "DEBUG: packet sniffing deffered... shouldn't happen";
//Treat response packet
if (edelay)
*edelay = ((std::clock() - effective_sent_time) / (double)CLOCKS_PER_SEC) * 1000;
if (rdelay) {
*rdelay = response_delay;
}
PDU& response(*this->response_pdu);
//Clean
sent_pdu = NULL;
response_delay = NULL;
//response_pdu = NULL;
return response;
}
int main() {
SnifferConfiguration config;
Sniffer("wlan0", config).sniff_loop(callback);
//config.set_filter("ip.addr == 192.168.5.20");
config.set_promisc_mode(true);
//config.set_snap_len(400);
// config.set_filter("ip.addr == 192.168.5.20");
//config.set_filter("port=3128");
}
void InfoWriter::process() {
SnifferConfiguration config;
config.set_promisc_mode(true);
try {
config.set_filter(filter.toLower().toStdString());
sniffer = new Sniffer(NetworkInterface::default_interface().name(),config);
sniffer->sniff_loop(std::tr1::bind(&InfoWriter::callback, this, std::placeholders::_1));
} catch (std::exception e) {
emit error(QString::fromStdString(e.what()));
}
}
int main(int argc, char *argv[]) {
if(argc != 2) {
std::cout << "Usage: " << *argv << " <DEVICE>\n";
return 1;
}
// Only sniff beacons
SnifferConfiguration config;
config.set_snap_len(2000);
config.set_promisc_mode(true);
config.set_filter("wlan type mgt subtype beacon");
Sniffer sniffer(argv[1], config);
sniffer.sniff_loop(handler);
}
FileSniffer::FileSniffer(const string& file_name, const string& filter) {
SnifferConfiguration config;
config.set_filter(filter);
char error[PCAP_ERRBUF_SIZE];
pcap_t* phandle = pcap_open_offline(file_name.c_str(), error);
if (!phandle) {
throw pcap_error(error);
}
set_pcap_handle(phandle);
// Configure the sniffer
config.configure_sniffer_pre_activation(*this);
}
Sniffer::Sniffer(const string& device,
unsigned max_packet_size,
bool promisc,
const string& filter,
bool rfmon) {
SnifferConfiguration configuration;
configuration.set_snap_len(max_packet_size);
configuration.set_promisc_mode(promisc);
configuration.set_filter(filter);
configuration.set_rfmon(rfmon);
char error[PCAP_ERRBUF_SIZE];
pcap_t* phandle = pcap_create(TINS_PREFIX_INTERFACE(device).c_str(), error);
if (!phandle) {
throw runtime_error(error);
}
set_pcap_handle(phandle);
// Set the netmask if we are able to find it.
bpf_u_int32 ip, if_mask;
if (pcap_lookupnet(TINS_PREFIX_INTERFACE(device).c_str(), &ip, &if_mask, error) == 0) {
set_if_mask(if_mask);
}
// Configure the sniffer's attributes prior to activation.
configuration.configure_sniffer_pre_activation(*this);
// Finally, activate the pcap. In case of error throw runtime_error
if (pcap_activate(get_pcap_handle()) < 0) {
throw pcap_error(pcap_geterr(get_pcap_handle()));
}
// Configure the sniffer's attributes after activation.
configuration.configure_sniffer_post_activation(*this);
}
int main(int argc, char *argv[])
{
if(argc != 2) {
std::cout << "Usage: " << *argv << " <interface>\n";
return 1;
}
arp_monitor monitor;
// Sniffer configuration
SnifferConfiguration config;
config.set_promisc_mode(true);
config.set_filter("arp");
// Sniff on the provided interface in promiscuous mode
Sniffer sniffer(argv[1], config);
// Only capture arp packets
monitor.run(sniffer);
}
FileSniffer::FileSniffer(const string &file_name, const SnifferConfiguration& configuration) {
char error[PCAP_ERRBUF_SIZE];
pcap_t *phandle = pcap_open_offline(file_name.c_str(), error);
if(!phandle) {
throw std::runtime_error(error);
}
set_pcap_handle(phandle);
// Configure the sniffer
configuration.configure_sniffer_pre_activation(*this);
}
int main(int argc, char* argv[]) {
if(argc != 2) {
cout << "Usage: " <<* argv << " <interface>" << endl;
return 1;
}
arp_monitor monitor;
// Sniffer configuration
SnifferConfiguration config;
config.set_promisc_mode(true);
config.set_filter("arp");
try {
// Sniff on the provided interface in promiscuous mode
Sniffer sniffer(argv[1], config);
// Only capture arp packets
monitor.run(sniffer);
}
catch (std::exception& ex) {
std::cerr << "Error: " << ex.what() << std::endl;
}
}
int main(int argc, char *argv[])
{
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i = 0;
char errbuf[PCAP_ERRBUF_SIZE];
/* Retrieve the device list */
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
fprintf(stderr, "Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
/* Print the list */
for (d = alldevs; d; d = d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if (i == 0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return -1;
}
printf("Enter the interface number (1-%d):", i);
scanf_s("%d", &inum);
if (inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
/* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
/* Jump to the selected adapter */
for (d = alldevs, i = 0; i< inum - 1; d = d->next, i++);
arp_monitor monitor;
// Sniffer configuration
SnifferConfiguration config;
config.set_promisc_mode(true);
config.set_filter("arp");
try {
// Sniff on the provided interface in promiscuous mode
std::string str_interface = std::string(d->name);
std::string str_begin = "\\Device\\NPF_";
// kill \Device\NPF_
if (str_interface.find_first_of(str_begin) != std::string::npos){
str_interface = &str_interface[0] + str_begin.length();
}
Sniffer sniffer(str_interface, config);
// Only capture arp packets
monitor.run(sniffer);
}
catch (std::exception& ex) {
std::cerr << "Error: " << ex.what() << std::endl;
}
system("pause");
}
