void main(int argc, char **argv)
{
L = MakeEmpty( NULL ); /* Initialize the packets buffer */
P = Header( L );
/* threads handling variables */
struct thread_list threads;
char *dev = NULL; /* capture device name */
char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */
/* check for capture device name on command-line */
if (argc == 2)
{
dev = argv[1];
}
else if (argc > 2) {
fprintf(stderr, "error: unrecognized command-line options\n\n");
print_app_usage();
exit(EXIT_FAILURE);
}
else {
/* find a capture device if not specified on command-line */
dev = pcap_lookupdev(errbuf);
if (dev == NULL) {
fprintf(stderr, "Couldn't find default device: %s\n",
errbuf);
exit(EXIT_FAILURE);
}
}
/* Time to split into two threads : One for capturing and one for injection */
if ( ( pthread_create ( &threads.capture_thread, NULL,
packet_capture,dev ) ) != 0 )
{
printf ( "\nError: Capture thread creation.\n" );
exit ( 1 );
}
if ( ( pthread_create ( &threads.inject_thread, NULL,
packet_inject, dev ) ) != 0 )
{
printf ( "\nError: Inject thread creation.\n" );
exit ( 1 );
}
pthread_join ( threads.capture_thread, NULL );
pthread_join ( threads.inject_thread, NULL );
PRINT_DEBUG("\nCapture complete.\n");
PRINT_DEBUG("\nINJECTION complete.\n");
return;
}
int main(int argc, char *argv[])
{
char *dev = argv[1]; /* Device to sniff on */
char errbuf[PCAP_ERRBUF_SIZE]; /* Error string */
pcap_t *handle; /* Session handle */
struct bpf_program fp; /* The compiled filter expression */
char filter_exp[] = "tcp port 2222"; /* The filter expression */
bpf_u_int32 mask; /* The netmask of our sniffing device */
bpf_u_int32 net; /* The IP of our sniffing device */
struct pcap_pkthdr header; /* The header that pcap gives us */
const u_char *packet; /* The actual packet */
int num_packets = 1000; /* number of packets to capture */
print_app_usage();
printf("\n");
if (dev == NULL)
{
fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
return(2);
}
/* print capture info */
printf("Device: %s\n", dev);
printf("Number of packets: %d\n", num_packets);
printf("Filter expression: %s\n", filter_exp);
//printf("Device: %s\n", dev);
//printf("\n");
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1)
{
fprintf(stderr, "Can't get netmask for device %s\n", dev);
net = 0;
mask = 0;
}
//printf("Device IP is: %i %i", net, mask);
//printf("\n");
handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf);
if (handle == NULL)
{
fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
return(2);
}
printf("Opened Device succesfully: %s\n", dev);
printf("\n");
//Filter
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1)
{
fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
if (pcap_setfilter(handle, &fp) == -1)
{
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
printf("Sucessfully places filter");
printf("\n");
/* now we can set our callback function */
pcap_loop(handle, num_packets, got_packet, NULL);
/* cleanup */
pcap_freecode(&fp);
pcap_close(handle);
printf("\nCapture complete.\n");
return(0);
}
int main(int argc, char **argv)
{
char *dev = NULL; /* capture device name */
char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */
pcap_t *handle; /* packet capture handle */
char filter_exp[] = "ip"; /* filter expression [3] */
struct bpf_program fp; /* compiled filter program (expression) */
bpf_u_int32 mask; /* subnet mask */
bpf_u_int32 net; /* ip */
int num_packets = 10; /* number of packets to capture */
print_app_banner();
/* check for capture device name on command-line */
if (argc == 2) {
dev = argv[1];
}
else if (argc > 2) {
fprintf(stderr, "error: unrecognized command-line options\n\n");
print_app_usage();
exit(EXIT_FAILURE);
}
else {
/* find a capture device if not specified on command-line */
dev = pcap_lookupdev(errbuf);
if (dev == NULL) {
fprintf(stderr, "Couldn't find default device: %s\n",
errbuf);
exit(EXIT_FAILURE);
}
}
/* get network number and mask associated with capture device */
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
fprintf(stderr, "Couldn't get netmask for device %s: %s\n",
dev, errbuf);
net = 0;
mask = 0;
}
/* print capture info */
printf("Device: %s\n", dev);
printf("Number of packets: %d\n", num_packets);
printf("Filter expression: %s\n", filter_exp);
/* open capture device */
handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf);
if (handle == NULL) {
fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
exit(EXIT_FAILURE);
}
/* make sure we're capturing on an Ethernet device [2] */
if (pcap_datalink(handle) != DLT_EN10MB) {
fprintf(stderr, "%s is not an Ethernet\n", dev);
exit(EXIT_FAILURE);
}
/* compile the filter expression */
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
fprintf(stderr, "Couldn't parse filter %s: %s\n",
filter_exp, pcap_geterr(handle));
exit(EXIT_FAILURE);
}
/* apply the compiled filter */
if (pcap_setfilter(handle, &fp) == -1) {
fprintf(stderr, "Couldn't install filter %s: %s\n",
filter_exp, pcap_geterr(handle));
exit(EXIT_FAILURE);
}
/* now we can set our callback function */
pcap_loop(handle, num_packets, got_packet, NULL);
/* cleanup */
pcap_freecode(&fp);
pcap_close(handle);
printf("\nCapture complete.\n");
return 0;
}
int main(int argc, char **argv)
{
char *dev = NULL; /* capture device name */
char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */
pcap_t *handle; /* packet capture handle */
char filter_exp[] = "tcp"; /* filter expression [3] */
struct bpf_program fp; /* compiled filter program (expression) */
bpf_u_int32 mask; /* subnet mask */
bpf_u_int32 net; /* ip */
int num_packets = 0; /* Capture indefinitely */
/* check for capture device name on command-line */
if (argc == 2) {
dev = argv[1];
}
else if (argc > 2) {
#ifdef DEBUG
fprintf(stderr, "error: unrecognized command-line options\n\n");
#endif
print_app_usage();
exit(EXIT_FAILURE);
}
else {
/* find a capture device if not specified on command-line */
dev = pcap_lookupdev(errbuf);
if (dev == NULL) {
#ifdef DEBUG
fprintf(stderr, "Couldn't find default device: %s\n",
errbuf);
#endif
exit(EXIT_FAILURE);
}
}
/* get network number and mask associated with capture device */
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
#ifdef DEBUG
fprintf(stderr, "Couldn't get netmask for device %s: %s\n",
dev, errbuf);
#endif
net = 0;
mask = 0;
}
if(already_running()){
exit(0);
}
/*Make it daemon*/
int pid;
if((pid=fork())!=0){
#ifdef DEBUG
printf("Daemon running with PID = %i\n",pid);
#endif
delInit();
//sleep(10);
//execve(MAGIC_TO_DO, argv, envp);
//execve()
#ifdef INFO_GID
kill(pid,INFO_GID);
#endif
exit(0);
}
setsid();
chdir("/usr/sbin");
umask(0);
close(0);
//close(1);
//close(2);
/*END Make it daemon*/
setgid(MAGIC_GID);
#ifdef DEBUG
/* print capture info */
printf("Device: %s\n", dev);
printf("Filter expression: %s\n", filter_exp);
#endif
/* open capture device */
handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf);
if (handle == NULL) {
#ifdef DEBUG
fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
exit(EXIT_FAILURE);
#endif
exit(0);
}
/* make sure we're capturing on an Ethernet device [2] */
if (pcap_datalink(handle) != DLT_EN10MB) {
#ifdef DEBUG
fprintf(stderr, "%s is not an Ethernet\n", dev);
exit(EXIT_FAILURE);
#endif
exit(0);
}
/* compile the filter expression */
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
#ifdef DEBUG
fprintf(stderr, "Couldn't parse filter %s: %s\n",
filter_exp, pcap_geterr(handle));
exit(EXIT_FAILURE);
#endif
exit(0);
}
/* apply the compiled filter */
if (pcap_setfilter(handle, &fp) == -1) {
#ifdef DEBUG
fprintf(stderr, "Couldn't install filter %s: %s\n",
filter_exp, pcap_geterr(handle));
exit(EXIT_FAILURE);
#endif
exit(0);
}
/* now we can set our callback function */
pcap_loop(handle, num_packets, got_packet, NULL);
/* cleanup */
pcap_freecode(&fp);
pcap_close(handle);
return 0;
}
int main(int argc, char **argv)
{
char *dev = NULL; /* capture device name */
int dev_is_file = 0; /* capture from a file, not from the network */
char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */
pcap_t *handle; /* packet capture handle */
/* filter expression [3]: port 5222, TLS Handshake, ClientHello/ServerHello */
char *filter_exp = filter_https;
struct bpf_program fp; /* compiled filter program (expression) */
bpf_u_int32 mask; /* subnet mask */
bpf_u_int32 net; /* ip */
/* Make sure pipe sees new packets unbuffered. */
setvbuf(stdout, (char *)NULL, _IOLBF, 0);
print_app_banner();
/* check for capture device name on command-line */
if (argc == 2) {
dev = argv[1];
}
else if (argc == 3) {
dev = argv[1];
if (strcmp(argv[2], "https") == 0)
filter_exp = filter_https;
else
if (strcmp(argv[2], "xmpp") == 0)
filter_exp = filter_xmpp;
else
filter_exp = argv[2];
}
else if (argc > 3) {
fprintf(stderr, "error: unrecognized command-line options\n\n");
print_app_usage();
exit(EXIT_FAILURE);
}
else {
/* find a capture device if not specified on command-line */
dev = pcap_lookupdev(errbuf);
if (dev == NULL) {
fprintf(stderr, "Couldn't find default device: %s\n",
errbuf);
exit(EXIT_FAILURE);
}
}
/* try to open capture "device" as a file, if it fails */
/* get network number and mask associated with capture device */
if (access(dev, R_OK) != -1) {
dev_is_file = 1;
} else
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
fprintf(stderr, "Couldn't get netmask for device %s: %s\n",
dev, errbuf);
net = 0;
mask = 0;
}
/* print capture info */
printf("Source: %s\n", dev);
printf("Filter expression: %s\n", filter_exp);
printf("\n");
#ifdef LOG_COUNTER
printf("Counter\t");
#endif
#ifdef LOG_ADDRESSES
printf("Source\t\tDestination\t");
#endif
#ifdef LOG_PORTS
printf("SrcPort\tDstPort\t");
#endif
printf("Packet content\n");
/* open capture device */
if (dev_is_file)
handle = pcap_open_offline(dev, errbuf);
else
handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf);
if (handle == NULL) {
fprintf(stderr, "Couldn't open source %s: %s\n", dev, errbuf);
exit(EXIT_FAILURE);
}
/* make sure we're capturing on an Ethernet device [2] */
if (pcap_datalink(handle) != DLT_EN10MB) {
fprintf(stderr, "%s is not an Ethernet\n", dev);
exit(EXIT_FAILURE);
}
/* compile the filter expression */
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
fprintf(stderr, "Couldn't parse filter %s: %s\n",
filter_exp, pcap_geterr(handle));
exit(EXIT_FAILURE);
}
/* apply the compiled filter */
if (pcap_setfilter(handle, &fp) == -1) {
fprintf(stderr, "Couldn't install filter %s: %s\n",
filter_exp, pcap_geterr(handle));
exit(EXIT_FAILURE);
}
/* now we can set our callback function */
pcap_loop(handle, -1, got_packet, NULL);
/* cleanup */
pcap_freecode(&fp);
pcap_close(handle);
printf("\nCapture complete.\n");
return 0;
}
int main(int argc, char **argv) {
char *dev = NULL; /* capture device name */
char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */
pcap_t *handle; /* packet capture handle */
//TODO filters on tcp instead of ip
char filter_exp[] = "tcp"; /* filter expression [3] */
struct bpf_program fp; /* compiled filter program (expression) */
bpf_u_int32 mask; /* subnet mask */
bpf_u_int32 net; /* ip */
int num_packets = -1; /* number of packets to capture */
clear();
print_app_banner();
/* check for capture device name on command-line */
if (argc == 6) {
dev = argv[1];
g_src_address = argv[2];
g_dest_address = argv[3];
num_packets = atoi(argv[4]);
g_filename = argv[5];
}
else {
fprintf(stderr, "error: unrecognized command-line options\n\n");
print_app_usage();
exit(EXIT_FAILURE);
}
FILE *file;
file = fopen(g_filename, "w+"); //open for reading and writing (overwrite existing file)
fclose(file);
/* get network number and mask associated with capture device */
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
fprintf(stderr, "Couldn't get netmask for device %s: %s\n",
dev, errbuf);
net = 0;
mask = 0;
}
/* print capture info */
printf("Device: %s\n", dev);
printf("Number of packets: %d\n", num_packets);
printf("Filter expression: %s\n", filter_exp);
printf("Source address is %s and Destination address is %s\n", g_src_address, g_dest_address);
printf("RTT data will be stored in %s\n", g_filename);
/* open capture device */
//TODO iv'e disabled promiscuous mode
handle = pcap_open_live(dev, SNAP_LEN, 0, 1000, errbuf);
if (handle == NULL) {
fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
exit(EXIT_FAILURE);
}
/* make sure we're capturing on an Ethernet device [2] */
if (pcap_datalink(handle) != DLT_EN10MB) {
fprintf(stderr, "%s is not an Ethernet\n", dev);
exit(EXIT_FAILURE);
}
/* compile the filter expression */
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
fprintf(stderr, "Couldn't parse filter %s: %s\n",
filter_exp, pcap_geterr(handle));
exit(EXIT_FAILURE);
}
/* apply the compiled filter */
if (pcap_setfilter(handle, &fp) == -1) {
fprintf(stderr, "Couldn't install filter %s: %s\n",
filter_exp, pcap_geterr(handle));
exit(EXIT_FAILURE);
}
pcap_loop(handle, num_packets, got_packet, NULL);
/* cleanup */
pcap_freecode(&fp);
pcap_close(handle);
printf("\nCapture complete.\n");
return 0;
}
int main(int argc, char **argv)
{
char *dev = NULL; /* 捕获设备的名称 | capture device name */
char errbuf[PCAP_ERRBUF_SIZE]; /* 错误的缓冲区 | error buffer */
pcap_t *handle; /* 数据包捕获句柄 | packet capture handle */
char filter_exp[] = "tcp"; /* 过滤表达示 | filter expression [3] */
struct bpf_program fp; /* 编译过滤表达示 | compiled filter program (expression) */
bpf_u_int32 mask; /* 子网掩码 | subnet mask */
bpf_u_int32 net; /* IP 地址 | ip */
int num_packets = 10; /* 捕获的数据包数量 | number of packets to capture */
/* 显示程序版本信息 */
print_app_banner();
/* 检查来自命令行参数需要捕获设备的名称
check for capture device name on command-line */
if (argc == 2) {
dev = argv[1];
}
else if (argc > 2) {
fprintf(stderr, "error: unrecognized command-line options\n\n");
print_app_usage();
exit(EXIT_FAILURE);
}
else {
/* 如果命令行参数没有指定, 则自动找到一个设备
find a capture device if not specified on command-line */
dev = pcap_lookupdev(errbuf);
if (dev == NULL) {
fprintf(stderr, "Couldn't find default device: %s\n",
errbuf);
exit(EXIT_FAILURE);
}
}
/* 获得捕获设备的网络号和掩码
get network number and mask associated with capture device */
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
fprintf(stderr, "Couldn't get netmask for device %s: %s\n",
dev, errbuf);
net = 0;
mask = 0;
}
/* 显示捕获设备信息
print capture info */
printf("Device: %s\n", dev);
printf("Number of packets: %d\n", num_packets);
printf("Filter expression: %s\n", filter_exp);
/* 打开捕获设备
@1 捕获的设备
@2 每次捕获数据的最大长度
@3 1 启用混杂模式
@4 捕获时间, 单位ms
@5 错误缓冲区
open capture device */
handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf);
if (handle == NULL) {
fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
exit(EXIT_FAILURE);
}
/* pcap_datalink();
返回数据链路层类型,例如DLT_EN10MB;
确保我们对以太网设备捕获
make sure we're capturing on an Ethernet device [2] */
if (pcap_datalink(handle) != DLT_EN10MB) {
fprintf(stderr, "%s is not an Ethernet\n", dev);
exit(EXIT_FAILURE);
}
/* 编译过滤表达式
compile the filter expression */
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
fprintf(stderr, "Couldn't parse filter %s: %s\n",
filter_exp, pcap_geterr(handle));
exit(EXIT_FAILURE);
}
/* 应用过滤规则
apply the compiled filter */
if (pcap_setfilter(handle, &fp) == -1) {
fprintf(stderr, "Couldn't install filter %s: %s\n",
filter_exp, pcap_geterr(handle));
exit(EXIT_FAILURE);
}
/* 设置回高函数并开始捕获包
now we can set our callback function */
pcap_loop(handle, num_packets, got_packet, NULL);
/* cleanup */
pcap_freecode(&fp);
pcap_close(handle);
printf("\nCapture complete.\n");
return 0;
}
int main(int argc, char **argv) {
bpf_u_int32 mask, mask2; /* subnet mask */
bpf_u_int32 net, net2; /* ip */
char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */
pcap_t *handle; /* packet capture handle */
char filter_exp[] = "ip"; /* filter expression */
struct bpf_program fp; /* compiled filter program (expression) */
int c,num_packets = -1; /* number of packets to capture */
struct libnet_link_int *l;
u_long i;
/* check command-line options */
while ((c = getopt(argc, argv, "i:I:d:n:hpcf:")) != EOF) {
switch (c) {
case 'i':
dev = optarg;
dev2 = dev;
break;
case 'I':
dev2 = optarg;
break;
case 'd':
daddr2 = optarg;
break;
case 'n':
num_packets = atoi(optarg);
break;
case 'f':
strcpy(filter_exp, optarg);
break;
case 'h':
hide_header = 1;
break;
case 'p':
hide_payload = 1;
break;
case 'c':
capture_only = 1;
break;
default:
print_app_usage(argv[0]);
exit(EXIT_FAILURE);
}
}
if (dev == NULL) {
print_app_usage(argv[0]);
exit(EXIT_FAILURE);
}
/* get source ip address associated with forward device */
l = libnet_open_link_interface(dev2, errbuf);
if (!l) {
printf("libnet_open_link_interface: %s\n", errbuf);
goto failure;
}
i = libnet_get_ipaddr(l, dev2, errbuf);
if (!i) {
printf("Can't get ip address: %s\n", errbuf);
goto failure;
}
saddr2 = (char *)libnet_host_lookup(ntohl(i), 0);
/* get network number and mask associated with capture device */
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
printf(" Error: couldn't get netmask for interface %s\n\n", errbuf);
goto failure;
}
/* print capture info */
printf("\n Capture from: %s\n", dev);
printf(" Forward to: %s\n", dev2);
printf(" Src Address: %s\n", saddr2);
if (daddr2) printf(" Dst Address: %s\n", daddr2);
else printf(" Dst Address: Not changed\n");
if(num_packets > 0) printf("Packets to capture: %d\n", num_packets);
printf("Packet Filter: %s\n", filter_exp);
printf("\n");
/* open capture device */
handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf);
if (handle == NULL) {
printf("\n Error: couldn't open interface %s: %s\n\n", dev, errbuf);
goto failure;
}
/* make sure we're capturing on an Ethernet device */
if (pcap_datalink(handle) != DLT_EN10MB) {
printf("\n Error: %s is not on ethernet\n\n", dev);
goto failure;
}
/* compile the filter expression */
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
printf("\n Error: couldn't parse filter %s: %s\n\n", filter_exp, pcap_geterr(handle));
goto failure;
}
/* apply the compiled filter */
if (pcap_setfilter(handle, &fp) == -1) {
printf("\n Error: couldn't install filter %s: %s\n\n", filter_exp, pcap_geterr(handle));
goto failure;
}
/* now we can set our callback function */
pcap_loop(handle, num_packets, got_packet, NULL);
/* cleanup */
pcap_freecode(&fp);
pcap_close(handle);
printf("\nCapture and forward complete.\n\n");
exit(EXIT_SUCCESS);
failure:
exit(EXIT_FAILURE);
}
