예제 #1
0
파일: sniffer.cpp 프로젝트: jedahan/libtins
pcap_t *
pcap_open_live_extended(const char *source, int snaplen, int promisc, int to_ms, int rfmon, char *errbuf)
{
    pcap_t *p;
    int status;
    
    p = pcap_create(source, errbuf);
    if (p == NULL)
        return (NULL);
    status = pcap_set_snaplen(p, snaplen);
    if (status < 0)
        goto fail;
    status = pcap_set_promisc(p, promisc);
    if (status < 0)
        goto fail;
    status = pcap_set_timeout(p, to_ms);
    if (status < 0)
        goto fail;
    if(pcap_can_set_rfmon(p) == 1) {
        status = pcap_set_rfmon(p, rfmon);
        if (status < 0)
            goto fail;
    }
    status = pcap_activate(p);
    if (status < 0)
        goto fail;
    return (p);
    
fail:
    snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, pcap_geterr(p));
    pcap_close(p);
    return (NULL);
}
예제 #2
0
파일: jnipcap.c 프로젝트: 72Zn/jnipcap
/*
 * Class:     disy_jnipcap_Pcap
 * Method:    canSetRfmon
 * Signature: (J)I
 */
JNIEXPORT jint JNICALL
Java_disy_jnipcap_Pcap_canSetRfmon (JNIEnv *env, jclass jcls, jlong jptr)
{
	pcap_t *p = (pcap_t *) jptr;
	if (p == NULL) return -1;
	return (jint) pcap_can_set_rfmon (p);
}
예제 #3
0
void Sniffer::set_rfmon(bool rfmon_enabled) {
    #ifndef _WIN32
    if (pcap_can_set_rfmon(get_pcap_handle()) == 1) {
        if (pcap_set_rfmon(get_pcap_handle(), rfmon_enabled)) {
            throw pcap_error(pcap_geterr(get_pcap_handle()));
        }
    }
    #endif
}
예제 #4
0
파일: epcap.c 프로젝트: kostyushkin/epcap
    static int
epcap_open(EPCAP_STATE *ep)
{
    char errbuf[PCAP_ERRBUF_SIZE];

    if (ep->file) {
        PCAP_ERRBUF(ep->p = pcap_open_offline(ep->file, errbuf));
    } else {
        if (ep->dev == NULL)
            PCAP_ERRBUF(ep->dev = pcap_lookupdev(errbuf));

#ifdef HAVE_PCAP_CREATE
        PCAP_ERRBUF(ep->p = pcap_create(ep->dev, errbuf));
        (void)pcap_set_snaplen(ep->p, ep->snaplen);
        (void)pcap_set_promisc(ep->p, ep->opt & EPCAP_OPT_PROMISC);
        (void)pcap_set_timeout(ep->p, ep->timeout);
        if (ep->bufsz > 0)
            (void)pcap_set_buffer_size(ep->p, ep->bufsz);
        switch (pcap_activate(ep->p)) {
            case 0:
                break;
            case PCAP_WARNING:
            case PCAP_ERROR:
            case PCAP_WARNING_PROMISC_NOTSUP:
            case PCAP_ERROR_NO_SUCH_DEVICE:
            case PCAP_ERROR_PERM_DENIED:
                pcap_perror(ep->p, "pcap_activate: ");
                exit(EXIT_FAILURE);
            default:
                exit(EXIT_FAILURE);
        }
#else
        PCAP_ERRBUF(ep->p = pcap_open_live(ep->dev, ep->snaplen,
                    ep->opt & EPCAP_OPT_PROMISC, ep->timeout, errbuf));
#endif

        /* monitor mode */
#ifdef PCAP_ERROR_RFMON_NOTSUP
        if (pcap_can_set_rfmon(ep->p) == 1)
            (void)pcap_set_rfmon(ep->p, ep->opt & EPCAP_OPT_RFMON);
#endif
    }

    ep->datalink = pcap_datalink(ep->p);

    return 0;
}
예제 #5
0
static bool check_rfmon(const char *dev) {
    char junk[PCAP_ERRBUF_SIZE];
    pcap_t *handle;

    handle = pcap_create(dev, junk);
    if(!handle)
        goto fail;

    if(pcap_can_set_rfmon(handle) != 1)
        goto fail;

    pcap_close(handle);
    return true;

fail:
    pcap_close(handle);
    return false;
}
예제 #6
0
파일: epcap.c 프로젝트: alexgpg/epcap
int
epcap_open(EPCAP_STATE *ep)
{
    char errbuf[PCAP_ERRBUF_SIZE];

    if (ep->file) {
        PCAP_ERRBUF(ep->p = pcap_open_offline(ep->file, errbuf));
    } else {
        if (ep->dev == NULL)
            PCAP_ERRBUF(ep->dev = pcap_lookupdev(errbuf));

        PCAP_ERRBUF(ep->p = pcap_open_live(ep->dev, ep->snaplen, ep->promisc, ep->timeout, errbuf));

        /* monitor mode */
        if (pcap_can_set_rfmon(ep->p) == 1)
            (void)pcap_set_rfmon(ep->p, ep->rfmon);
    }

    return (0);
}
예제 #7
0
파일: pcapp.hpp 프로젝트: jshrake/pcapp
inline bool can_set_monitor_mode(pcap_t *source) {
  const auto result = pcap_can_set_rfmon(source);
  switch (result) {
    case 0:
      return false;
    case 1:
      return true;
    case PCAP_ERROR_NO_SUCH_DEVICE:
      throw error{"Capture source does not exist\n" + error_string(source)};
    case PCAP_ERROR_PERM_DENIED:
      throw error{
          "Insufficient permissions to check whether monitor mode "
          "could be supported\n" +
          error_string(source)};
    case PCAP_ERROR_ACTIVATED:
      throw already_activated_error{source};
    case PCAP_ERROR:
      throw error{"pcap_can_set_rfmon error\n" + error_string(source)};
    default:
      throw error{"pcap_can_set_rfmon unknown error\n" + error_string(source)};
  }
}
예제 #8
0
int
main (int argc, char *argv[])
{
	char *iface;
	pcap_t *pcap_res;
	int exitno, isrfmon;
	char errbuf[PCAP_ERRBUF_SIZE];

	exitno = EXIT_SUCCESS;
	pcap_res = NULL;

	if ( argc < 2 ){
		fprintf (stdout, "Usage: %s <INTERFACE>\n\nCheck if an INTERFACE supports a monitor mode (rfmon).\n", argv[0]);
		exitno = 2;
		goto cleanup;
	}

	iface = argv[1];

	pcap_res = pcap_create (iface, errbuf);

	if ( pcap_res == NULL ){
		fprintf (stderr, "%s: cannot open interface for a packet capture: %s\n", argv[0], errbuf);
		exitno = 2;
		goto cleanup;
	}

	isrfmon = pcap_can_set_rfmon (pcap_res);

	if ( isrfmon == 0 ){
		fprintf (stderr, "not supported\n");
		exitno = 1;
		goto cleanup;
	} else if ( isrfmon == 1 ){
		// Attempt to activate a packet capture	
		// ...
	} else {
		fprintf (stderr, "%s: cannot obtain information about rfmon support: %s\n", argv[0], pcap_geterr (pcap_res));
		exitno = 2;
		goto cleanup;
	}

	isrfmon = pcap_set_rfmon (pcap_res, 1);

	if ( isrfmon != 0 ){
		fprintf (stderr, "%s: cannot set an interface to monitor mode: %s\n", argv[0], pcap_geterr (pcap_res));
		exitno = 2;
		goto cleanup;
	}

	isrfmon = pcap_activate (pcap_res);

	if ( isrfmon == PCAP_ERROR_RFMON_NOTSUP ){
		fprintf (stderr, "not supported\n");
		exitno = 1;
	} else if ( isrfmon == 0 ){
		fprintf (stderr, "supported\n");
		exitno = 0;
	} else {
		fprintf (stderr, "%s: cannot activate a packet capture: %s\n", argv[0], pcap_geterr (pcap_res));
		exitno = 2;
	}

cleanup:
	if ( pcap_res != NULL )
		pcap_close (pcap_res);

	return exitno;
}
예제 #9
0
void capture_init(char *interface)
{

	char device[20];
	//char device[]="wlan0";
	strcpy(device,interface);
	char errbuf[PCAP_ERRBUF_SIZE];		/* error buffer */
	unsigned char dev_macAddress[17];
	char *filter_exp;
	unsigned char *dev;
	filter_exp= (char *)malloc (200);
	int check_monitor_mode;
//	strcat(filter_exp,"ether src ");

	//char filter_exp[] = "ether src 00:1e:2a:52:ec:9c";		/* filter expression [3] */
	struct bpf_program fp;			/* compiled filter program (expression) */
	bpf_u_int32 mask;				/* subnet mask */
	bpf_u_int32 net;				/* ip */
//	int num_packets = 1000;			/* number of packets to capture */
	int num_packets = 0;			/* INFINITY */
	int data_linkValue;
	//print_app_banner();

	dev =(unsigned char *)device;



/*
	if (mkfifo(INCOME_PIPE, 0777) !=0 )
		{
			PRINT_DEBUG("MKFIFO Failed \n");
			exit(EXIT_FAILURE);
		}
*/

	/* has to run without return check to work as blocking call */
	/** It blocks until the other communication side opens the pipe */

	income_pipe_fd = open(INCOME_PIPE, O_WRONLY);

	if (income_pipe_fd == -1) {
		 PRINT_DEBUG("Income Pipe failure \n");
	    exit(EXIT_FAILURE);
		 }


		/* Build the filter expression based on the mac address of the passed
	 * device name
	 */
	//getDevice_MACAddress(dev_macAddress,dev);
	//strcat(filter_exp,dev_macAddress);
	//strcat(filter_exp," not arp and not tcp");
	//strcat(filter_exp," and udp and");
	strcat(filter_exp,"dst host 127.0.0.1");

	/* get network number and mask associated with capture device */
	if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
		fprintf(stderr, "Couldn't get netmask for device %s: %s\n",
		    dev, errbuf);
		net = 0;
		mask = 0;
	}

	/* print capture info */
	printf("Device: %s\n", dev);
	printf("Number of packets: %d\n", num_packets);
	printf("Filter expression: %s\n", filter_exp);

	/* open capture device */
	capture_handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf);
	if (capture_handle == NULL) {
		fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
		exit(EXIT_FAILURE);
	}

	/* make sure we're capturing on an Ethernet device [2] */
	data_linkValue = pcap_datalink(capture_handle);
	if (data_linkValue != DLT_EN10MB) {
		fprintf(stderr, "%s is not an Ethernet\n", dev);
		exit(EXIT_FAILURE);
	}
	printf("Datalink layer Description: %s \n",pcap_datalink_val_to_description(data_linkValue));

	/* compile the filter expression */

	if (pcap_compile(capture_handle, &fp, filter_exp, 0, net) == -1) {
		fprintf(stderr, "Couldn't parse filter %s: %s\n",
		    filter_exp, pcap_geterr(capture_handle));
		exit(EXIT_FAILURE);
	}

	/* apply the compiled filter */
	if (pcap_setfilter(capture_handle, &fp) == -1) {
		fprintf(stderr, "Couldn't install filter %s: %s\n",
		    filter_exp, pcap_geterr(capture_handle));
		exit(EXIT_FAILURE);
	}

	check_monitor_mode = pcap_can_set_rfmon(capture_handle);
	if (check_monitor_mode )
		{PRINT_DEBUG("\n Monitor mode can be set\n");
		}
	else if  (check_monitor_mode ==0 )
	{
		PRINT_DEBUG("\n Monitor mode could not be set\n");
	}
	else PRINT_DEBUG("\n check_monior_mode value is %d \n",check_monitor_mode);
	/* now we can set our callback function */
		pcap_loop(capture_handle, num_packets, got_packet,(u_char *) NULL);

	/* cleanup */
	pcap_freecode(&fp);
	free(filter_exp);

} // end of capture_init
예제 #10
0
    static ERL_NIF_TERM
nif_pcap_open_live(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[])
{
    ErlNifBinary device = {0};
    int snaplen = 0;
    int promisc = 0;
    int to_ms = 0;
    int buffer_size = 0;
    int rfmon = 0;
    char errbuf[PCAP_ERRBUF_SIZE] = {0};

    EWPCAP_STATE *ep = NULL;
    ERL_NIF_TERM res = {0};
    ERL_NIF_TERM ref = {0};


    if (!enif_inspect_iolist_as_binary(env, argv[0], &device))
        return enif_make_badarg(env);

    if (!enif_get_int(env, argv[1], &snaplen))
        return enif_make_badarg(env);

    if (!enif_get_int(env, argv[2], &promisc))
        return enif_make_badarg(env);

    if (!enif_get_int(env, argv[3], &to_ms))
        return enif_make_badarg(env);

    if (!enif_get_int(env, argv[4], &buffer_size))
        return enif_make_badarg(env);

    if (!enif_get_int(env, argv[5], &rfmon))
        return enif_make_badarg(env);

    /* NULL terminate the device name */
    if (device.size > 0) {
        if (!enif_realloc_binary(&device, device.size+1))
            return enif_make_tuple2(env, atom_error, atom_enomem);

        device.data[device.size-1] = '\0';
    }

    ep = enif_alloc_resource(EWPCAP_RESOURCE, sizeof(EWPCAP_STATE));

    if (ep == NULL)
        return enif_make_tuple2(env, atom_error, atom_enomem);

    /* "any" is a Linux only virtual dev */
    ep->p = pcap_create((device.size == 0 ? "any" : (char *)device.data),
            errbuf);

    if (ep->p == NULL)
        return enif_make_tuple2(env,
                atom_error,
                enif_make_string(env, errbuf, ERL_NIF_LATIN1));

    /* Set the snaplen */
    (void)pcap_set_snaplen(ep->p, snaplen);

    /* Set promiscuous mode */
    (void)pcap_set_promisc(ep->p, promisc);

    /* Set timeout */
    (void)pcap_set_timeout(ep->p, to_ms);

    /* Set buffer size */
    if (buffer_size > 0)
        (void)pcap_set_buffer_size(ep->p, buffer_size);

    /* Set monitor mode */
    if (pcap_can_set_rfmon(ep->p) == 1)
        (void)pcap_set_rfmon(ep->p, rfmon);

    /* Return failure on error and warnings */
    if (pcap_activate(ep->p) != 0) {
        pcap_close(ep->p);
        return enif_make_tuple2(env,
                atom_error,
                enif_make_string(env, pcap_geterr(ep->p), ERL_NIF_LATIN1));
    }

    ep->datalink = pcap_datalink(ep->p);
    (void)enif_self(env, &ep->pid);

    ep->term_env = enif_alloc_env();
    if (ep->term_env == NULL) {
        pcap_close(ep->p);
        return enif_make_tuple2(env, atom_error, atom_enomem);
    }

    ep->ref = enif_make_ref(ep->term_env);
    ref = enif_make_copy(env, ep->ref);

    res = enif_make_resource(env, ep);
    enif_release_resource(ep);

    return enif_make_tuple2(env,
            atom_ok,
            enif_make_tuple3(env,
                atom_ewpcap_resource,
                ref,
                res));
}
예제 #11
0
int main(int argc, char **argv)
{
    /* default values for command line arguments (see also static variables) */
    const char *if_name = PCAPPRINT_DEF_IFNAME;
    int snaplen = PCAPPRINT_DEF_SNAPLEN;
    const char *dlt_name = PCAPPRINT_DEF_DLTNAME;
    int num_pkts = -1;
    const char *pcap_filename = NULL;
    const char *bpf_expr = NULL;
    int rfmon = 0;

    /* process command line options */
    const char *usage = "usage: pcap-print [options]\n";

    int c;
    while ((c = getopt(argc, argv, ":1234ab:c:dfhi:mNqr:s:tVy:")) != -1) {
        switch (c) {
        case '1':
        case '2':
        case '3':
        case '4':
            enabled_layers[c-'0'-1]++;
            break;
        case 'a':
            /* arbitrary "big" number */
            enabled_layers[0] = 100;
            enabled_layers[1] = 100;
            enabled_layers[2] = 100;
            enabled_layers[3] = 100;
            break;
        case 'b':
            bpf_expr = optarg;
            break;
        case 'c':
            num_pkts = atoi(optarg);
            break;
        case 'd':
            tsfmt = TS_CTIME;
            break;
        case 'f':
            print_fcs = 1;
            break;
        case 'h':
            printf(usage);
            printf(
                "    -1  print data-link header (e.g. Ethernet)\n"
                "    -2  print network header (e.g. IP)\n"
                "    -3  print transport header (e.g. TCP)\n"
                "    -4  print application header (e.g. HTTP)\n"
                "    -a  print ALL headers, with maximum verbosity\n"
                "    -b  specify a BPF filter\n"
                "    -c  print only first N packets\n"
                "    -d  print absolute timestamp in date format\n"
                "    -f  print FCS for MAC headers\n"
                "    -h  print usage information and quit\n"
                "    -i  network interface on which to capture packets"
                " (default: %s)\n"
                "    -m  set rfmon mode on interface\n"
                "    -N  number packets as they are printed\n"
                "    -q  suppress printing of packet-parsing errors\n"
                "    -r  read from pcap file instead of live capture\n"
                "    -s  capture size in bytes (default: %d)\n"
                "    -t  print absolute timestamp\n"
                "    -V  print pcap version and quit\n"
                "    -y  datalink type for capturing interface (default: %s)\n",
                PCAPPRINT_DEF_IFNAME, PCAPPRINT_DEF_SNAPLEN, PCAPPRINT_DEF_DLTNAME);
            exit(0);
            break;
        case 'i':
            if_name = optarg;
            break;
        case 'm':
            rfmon = 1;
            break;
        case 'N':
            use_numbering = 1;
            break;
        case 'q':
            quiet = 1;
            break;
        case 'r':
            pcap_filename = optarg;
            break;
        case 's':
            snaplen = (int)strtol(optarg, (char **)NULL, 10);
            break;
        case 't':
            tsfmt = TS_ABS;
            break;
        case 'V':
            printf("%s\n", pcap_lib_version());
            exit(0);
            break;
        case 'y':
            dlt_name = optarg;
            break;
        case ':':
            errx(1, "option -%c requires an operand", optopt);
            break;
        case '?':
            errx(1, "unrecognized option: -%c", optopt);
            break;
        default:
            /* unhandled option indicates programming error */
            assert(0);
        }
    }

    /* if no layers we specified, use defaults (hard-coded) */
    if (! (enabled_layers[0] || enabled_layers[1] || enabled_layers[2] ||
            enabled_layers[3])) {
        enabled_layers[1] = 1;
        enabled_layers[2] = 1;
    }

    /* create pcap handle (either from file or from live capture) */
    char ebuf[PCAP_ERRBUF_SIZE];
    *ebuf = '\0';

    /* used only if a BPF program (filter) is specified */
    bpf_u_int32 netnum = 0, netmask = 0;

    if (pcap_filename != NULL) {
        /* "capture" from file */
        if (strcmp(if_name, PCAPPRINT_DEF_IFNAME) != 0)
            warnx("warning: -i option ignored when -f option is present");

        if (snaplen != PCAPPRINT_DEF_SNAPLEN)
            warnx("warning: -s option ignored when -f option is present");

        if (strcmp(dlt_name, PCAPPRINT_DEF_DLTNAME) != 0)
            warnx("warning: -y option ignored when -f option is present");

        pcap_h = pcap_open_offline(pcap_filename, ebuf);
        if (pcap_h == NULL)
            errx(1, "pcap_open_offline: %s", ebuf);
        else if (*ebuf)
            warnx("pcap_open_offline: %s", ebuf);

        /* read dlt from file */
        dlt = pcap_datalink(pcap_h);
    } else {
        /* live capture */
        dlt = pcap_datalink_name_to_val(dlt_name);
        if (dlt < 0)
            err(1, "invalid data link type %s", dlt_name);

        pcap_h = pcap_create(if_name, ebuf);
        if (pcap_h == NULL)
            errx(1, "pcap_create: %s", ebuf);

        if (pcap_set_snaplen(pcap_h, snaplen) != 0)
            errx(1, "pcap_set_snaplen: %s", pcap_geterr(pcap_h));

        if (pcap_set_promisc(pcap_h, 1) != 0)
            errx(1, "pcap_set_promisc: %s", pcap_geterr(pcap_h));

        if (rfmon) {
            if (pcap_can_set_rfmon(pcap_h) == 0)
                errx(1, "cannot set rfmon mode on device %s", if_name);

            if (pcap_set_rfmon(pcap_h, 1) != 0)
                errx(1, "pcap_set_rfmon: %s", pcap_geterr(pcap_h));
        }

        if (pcap_set_buffer_size(pcap_h, PCAPPRINT_BPF_BUFSIZE) != 0)
            errx(1, "pcap_set_buffer_size: %s", pcap_geterr(pcap_h));

        if (pcap_set_timeout(pcap_h, PCAPPRINT_READ_TIMEOUT) != 0)
            errx(1, "pcap_set_timeout: %s", pcap_geterr(pcap_h));

        if (pcap_lookupnet(if_name, &netnum, &netmask, ebuf) == -1)
            errx(1, "pcap_lookupnet: %s", ebuf);

        if (pcap_activate(pcap_h) != 0)
            errx(1, "pcap_activate: %s", pcap_geterr(pcap_h));

        /*
         * the following calls must be done AFTER pcap_activate():
         * pcap_setfilter
         * pcap_setdirection
         * pcap_set_datalink
         * pcap_getnonblock
         * pcap_setnonblock
         * pcap_stats
         * all reads/writes
         */

        if (pcap_set_datalink(pcap_h, dlt) == -1)
            errx(1, "pcap_set_datalink: %s", pcap_geterr(pcap_h));

        int r, yes = 1;
        int pcap_fd = pcap_get_selectable_fd(pcap_h);
        if ((r = ioctl(pcap_fd, BIOCIMMEDIATE, &yes)) == -1)
            err(1, "BIOCIMMEDIATE");
        else if (r != 0)
            warnx("BIOCIMMEDIATE returned %d", r);

        /* set up signal handlers */
        if (signal(SIGINT, SIG_IGN) != SIG_IGN)
            signal(SIGINT, signal_handler);
        if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
            signal(SIGTERM, signal_handler);
    }

    /* apply BPF filter (if one was specified) */
    if (bpf_expr != NULL) {
        struct bpf_program bpf;
        if (pcap_compile(pcap_h, &bpf, bpf_expr, 1 /*optimize*/, netmask) == -1)
            errx(1, "pcap_compile: %s", pcap_geterr(pcap_h));

        if (pcap_setfilter(pcap_h, &bpf) == -1)
            errx(1, "pcap_setfilter: %s", pcap_geterr(pcap_h));
    }

    /* start reading packets */
    if (pcap_loop(pcap_h, num_pkts, handle_packet, NULL) == -1)
        errx(1, "pcap_loop: %s", pcap_geterr(pcap_h));

    if (pcap_filename == NULL) { /* if live capture.. */
        printf("%u packets captured\n", pkt_count);
        struct pcap_stat stats;
        if (pcap_stats(pcap_h, &stats) != 0) {
            warnx("pcap_stats: %s", pcap_geterr(pcap_h));
        } else {
            printf("%u packets received by filter\n"
                "%u packets dropped by kernel\n", stats.ps_recv, stats.ps_drop);
        }
    }

    pcap_close(pcap_h);
    return 0;
}