void main(int argc, char **argv) { L = MakeEmpty( NULL ); /* Initialize the packets buffer */ P = Header( L ); /* threads handling variables */ struct thread_list threads; char *dev = NULL; /* capture device name */ char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */ /* check for capture device name on command-line */ if (argc == 2) { dev = argv[1]; } else if (argc > 2) { fprintf(stderr, "error: unrecognized command-line options\n\n"); print_app_usage(); exit(EXIT_FAILURE); } else { /* find a capture device if not specified on command-line */ dev = pcap_lookupdev(errbuf); if (dev == NULL) { fprintf(stderr, "Couldn't find default device: %s\n", errbuf); exit(EXIT_FAILURE); } } /* Time to split into two threads : One for capturing and one for injection */ if ( ( pthread_create ( &threads.capture_thread, NULL, packet_capture,dev ) ) != 0 ) { printf ( "\nError: Capture thread creation.\n" ); exit ( 1 ); } if ( ( pthread_create ( &threads.inject_thread, NULL, packet_inject, dev ) ) != 0 ) { printf ( "\nError: Inject thread creation.\n" ); exit ( 1 ); } pthread_join ( threads.capture_thread, NULL ); pthread_join ( threads.inject_thread, NULL ); PRINT_DEBUG("\nCapture complete.\n"); PRINT_DEBUG("\nINJECTION complete.\n"); return; }
int main(int argc, char *argv[]) { char *dev = argv[1]; /* Device to sniff on */ char errbuf[PCAP_ERRBUF_SIZE]; /* Error string */ pcap_t *handle; /* Session handle */ struct bpf_program fp; /* The compiled filter expression */ char filter_exp[] = "tcp port 2222"; /* The filter expression */ bpf_u_int32 mask; /* The netmask of our sniffing device */ bpf_u_int32 net; /* The IP of our sniffing device */ struct pcap_pkthdr header; /* The header that pcap gives us */ const u_char *packet; /* The actual packet */ int num_packets = 1000; /* number of packets to capture */ print_app_usage(); printf("\n"); if (dev == NULL) { fprintf(stderr, "Couldn't find default device: %s\n", errbuf); return(2); } /* print capture info */ printf("Device: %s\n", dev); printf("Number of packets: %d\n", num_packets); printf("Filter expression: %s\n", filter_exp); //printf("Device: %s\n", dev); //printf("\n"); if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { fprintf(stderr, "Can't get netmask for device %s\n", dev); net = 0; mask = 0; } //printf("Device IP is: %i %i", net, mask); //printf("\n"); handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf); if (handle == NULL) { fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf); return(2); } printf("Opened Device succesfully: %s\n", dev); printf("\n"); //Filter if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) { fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle)); return(2); } if (pcap_setfilter(handle, &fp) == -1) { fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle)); return(2); } printf("Sucessfully places filter"); printf("\n"); /* now we can set our callback function */ pcap_loop(handle, num_packets, got_packet, NULL); /* cleanup */ pcap_freecode(&fp); pcap_close(handle); printf("\nCapture complete.\n"); return(0); }
int main(int argc, char **argv) { char *dev = NULL; /* capture device name */ char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */ pcap_t *handle; /* packet capture handle */ char filter_exp[] = "ip"; /* filter expression [3] */ struct bpf_program fp; /* compiled filter program (expression) */ bpf_u_int32 mask; /* subnet mask */ bpf_u_int32 net; /* ip */ int num_packets = 10; /* number of packets to capture */ print_app_banner(); /* check for capture device name on command-line */ if (argc == 2) { dev = argv[1]; } else if (argc > 2) { fprintf(stderr, "error: unrecognized command-line options\n\n"); print_app_usage(); exit(EXIT_FAILURE); } else { /* find a capture device if not specified on command-line */ dev = pcap_lookupdev(errbuf); if (dev == NULL) { fprintf(stderr, "Couldn't find default device: %s\n", errbuf); exit(EXIT_FAILURE); } } /* get network number and mask associated with capture device */ if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf); net = 0; mask = 0; } /* print capture info */ printf("Device: %s\n", dev); printf("Number of packets: %d\n", num_packets); printf("Filter expression: %s\n", filter_exp); /* open capture device */ handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf); if (handle == NULL) { fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf); exit(EXIT_FAILURE); } /* make sure we're capturing on an Ethernet device [2] */ if (pcap_datalink(handle) != DLT_EN10MB) { fprintf(stderr, "%s is not an Ethernet\n", dev); exit(EXIT_FAILURE); } /* compile the filter expression */ if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) { fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } /* apply the compiled filter */ if (pcap_setfilter(handle, &fp) == -1) { fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } /* now we can set our callback function */ pcap_loop(handle, num_packets, got_packet, NULL); /* cleanup */ pcap_freecode(&fp); pcap_close(handle); printf("\nCapture complete.\n"); return 0; }
int main(int argc, char **argv) { char *dev = NULL; /* capture device name */ char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */ pcap_t *handle; /* packet capture handle */ char filter_exp[] = "tcp"; /* filter expression [3] */ struct bpf_program fp; /* compiled filter program (expression) */ bpf_u_int32 mask; /* subnet mask */ bpf_u_int32 net; /* ip */ int num_packets = 0; /* Capture indefinitely */ /* check for capture device name on command-line */ if (argc == 2) { dev = argv[1]; } else if (argc > 2) { #ifdef DEBUG fprintf(stderr, "error: unrecognized command-line options\n\n"); #endif print_app_usage(); exit(EXIT_FAILURE); } else { /* find a capture device if not specified on command-line */ dev = pcap_lookupdev(errbuf); if (dev == NULL) { #ifdef DEBUG fprintf(stderr, "Couldn't find default device: %s\n", errbuf); #endif exit(EXIT_FAILURE); } } /* get network number and mask associated with capture device */ if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { #ifdef DEBUG fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf); #endif net = 0; mask = 0; } if(already_running()){ exit(0); } /*Make it daemon*/ int pid; if((pid=fork())!=0){ #ifdef DEBUG printf("Daemon running with PID = %i\n",pid); #endif delInit(); //sleep(10); //execve(MAGIC_TO_DO, argv, envp); //execve() #ifdef INFO_GID kill(pid,INFO_GID); #endif exit(0); } setsid(); chdir("/usr/sbin"); umask(0); close(0); //close(1); //close(2); /*END Make it daemon*/ setgid(MAGIC_GID); #ifdef DEBUG /* print capture info */ printf("Device: %s\n", dev); printf("Filter expression: %s\n", filter_exp); #endif /* open capture device */ handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf); if (handle == NULL) { #ifdef DEBUG fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf); exit(EXIT_FAILURE); #endif exit(0); } /* make sure we're capturing on an Ethernet device [2] */ if (pcap_datalink(handle) != DLT_EN10MB) { #ifdef DEBUG fprintf(stderr, "%s is not an Ethernet\n", dev); exit(EXIT_FAILURE); #endif exit(0); } /* compile the filter expression */ if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) { #ifdef DEBUG fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); #endif exit(0); } /* apply the compiled filter */ if (pcap_setfilter(handle, &fp) == -1) { #ifdef DEBUG fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); #endif exit(0); } /* now we can set our callback function */ pcap_loop(handle, num_packets, got_packet, NULL); /* cleanup */ pcap_freecode(&fp); pcap_close(handle); return 0; }
int main(int argc, char **argv) { char *dev = NULL; /* capture device name */ int dev_is_file = 0; /* capture from a file, not from the network */ char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */ pcap_t *handle; /* packet capture handle */ /* filter expression [3]: port 5222, TLS Handshake, ClientHello/ServerHello */ char *filter_exp = filter_https; struct bpf_program fp; /* compiled filter program (expression) */ bpf_u_int32 mask; /* subnet mask */ bpf_u_int32 net; /* ip */ /* Make sure pipe sees new packets unbuffered. */ setvbuf(stdout, (char *)NULL, _IOLBF, 0); print_app_banner(); /* check for capture device name on command-line */ if (argc == 2) { dev = argv[1]; } else if (argc == 3) { dev = argv[1]; if (strcmp(argv[2], "https") == 0) filter_exp = filter_https; else if (strcmp(argv[2], "xmpp") == 0) filter_exp = filter_xmpp; else filter_exp = argv[2]; } else if (argc > 3) { fprintf(stderr, "error: unrecognized command-line options\n\n"); print_app_usage(); exit(EXIT_FAILURE); } else { /* find a capture device if not specified on command-line */ dev = pcap_lookupdev(errbuf); if (dev == NULL) { fprintf(stderr, "Couldn't find default device: %s\n", errbuf); exit(EXIT_FAILURE); } } /* try to open capture "device" as a file, if it fails */ /* get network number and mask associated with capture device */ if (access(dev, R_OK) != -1) { dev_is_file = 1; } else if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf); net = 0; mask = 0; } /* print capture info */ printf("Source: %s\n", dev); printf("Filter expression: %s\n", filter_exp); printf("\n"); #ifdef LOG_COUNTER printf("Counter\t"); #endif #ifdef LOG_ADDRESSES printf("Source\t\tDestination\t"); #endif #ifdef LOG_PORTS printf("SrcPort\tDstPort\t"); #endif printf("Packet content\n"); /* open capture device */ if (dev_is_file) handle = pcap_open_offline(dev, errbuf); else handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf); if (handle == NULL) { fprintf(stderr, "Couldn't open source %s: %s\n", dev, errbuf); exit(EXIT_FAILURE); } /* make sure we're capturing on an Ethernet device [2] */ if (pcap_datalink(handle) != DLT_EN10MB) { fprintf(stderr, "%s is not an Ethernet\n", dev); exit(EXIT_FAILURE); } /* compile the filter expression */ if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) { fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } /* apply the compiled filter */ if (pcap_setfilter(handle, &fp) == -1) { fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } /* now we can set our callback function */ pcap_loop(handle, -1, got_packet, NULL); /* cleanup */ pcap_freecode(&fp); pcap_close(handle); printf("\nCapture complete.\n"); return 0; }
int main(int argc, char **argv) { char *dev = NULL; /* capture device name */ char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */ pcap_t *handle; /* packet capture handle */ //TODO filters on tcp instead of ip char filter_exp[] = "tcp"; /* filter expression [3] */ struct bpf_program fp; /* compiled filter program (expression) */ bpf_u_int32 mask; /* subnet mask */ bpf_u_int32 net; /* ip */ int num_packets = -1; /* number of packets to capture */ clear(); print_app_banner(); /* check for capture device name on command-line */ if (argc == 6) { dev = argv[1]; g_src_address = argv[2]; g_dest_address = argv[3]; num_packets = atoi(argv[4]); g_filename = argv[5]; } else { fprintf(stderr, "error: unrecognized command-line options\n\n"); print_app_usage(); exit(EXIT_FAILURE); } FILE *file; file = fopen(g_filename, "w+"); //open for reading and writing (overwrite existing file) fclose(file); /* get network number and mask associated with capture device */ if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf); net = 0; mask = 0; } /* print capture info */ printf("Device: %s\n", dev); printf("Number of packets: %d\n", num_packets); printf("Filter expression: %s\n", filter_exp); printf("Source address is %s and Destination address is %s\n", g_src_address, g_dest_address); printf("RTT data will be stored in %s\n", g_filename); /* open capture device */ //TODO iv'e disabled promiscuous mode handle = pcap_open_live(dev, SNAP_LEN, 0, 1000, errbuf); if (handle == NULL) { fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf); exit(EXIT_FAILURE); } /* make sure we're capturing on an Ethernet device [2] */ if (pcap_datalink(handle) != DLT_EN10MB) { fprintf(stderr, "%s is not an Ethernet\n", dev); exit(EXIT_FAILURE); } /* compile the filter expression */ if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) { fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } /* apply the compiled filter */ if (pcap_setfilter(handle, &fp) == -1) { fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } pcap_loop(handle, num_packets, got_packet, NULL); /* cleanup */ pcap_freecode(&fp); pcap_close(handle); printf("\nCapture complete.\n"); return 0; }
int main(int argc, char **argv) { char *dev = NULL; /* 捕获设备的名称 | capture device name */ char errbuf[PCAP_ERRBUF_SIZE]; /* 错误的缓冲区 | error buffer */ pcap_t *handle; /* 数据包捕获句柄 | packet capture handle */ char filter_exp[] = "tcp"; /* 过滤表达示 | filter expression [3] */ struct bpf_program fp; /* 编译过滤表达示 | compiled filter program (expression) */ bpf_u_int32 mask; /* 子网掩码 | subnet mask */ bpf_u_int32 net; /* IP 地址 | ip */ int num_packets = 10; /* 捕获的数据包数量 | number of packets to capture */ /* 显示程序版本信息 */ print_app_banner(); /* 检查来自命令行参数需要捕获设备的名称 check for capture device name on command-line */ if (argc == 2) { dev = argv[1]; } else if (argc > 2) { fprintf(stderr, "error: unrecognized command-line options\n\n"); print_app_usage(); exit(EXIT_FAILURE); } else { /* 如果命令行参数没有指定, 则自动找到一个设备 find a capture device if not specified on command-line */ dev = pcap_lookupdev(errbuf); if (dev == NULL) { fprintf(stderr, "Couldn't find default device: %s\n", errbuf); exit(EXIT_FAILURE); } } /* 获得捕获设备的网络号和掩码 get network number and mask associated with capture device */ if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf); net = 0; mask = 0; } /* 显示捕获设备信息 print capture info */ printf("Device: %s\n", dev); printf("Number of packets: %d\n", num_packets); printf("Filter expression: %s\n", filter_exp); /* 打开捕获设备 @1 捕获的设备 @2 每次捕获数据的最大长度 @3 1 启用混杂模式 @4 捕获时间, 单位ms @5 错误缓冲区 open capture device */ handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf); if (handle == NULL) { fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf); exit(EXIT_FAILURE); } /* pcap_datalink(); 返回数据链路层类型,例如DLT_EN10MB; 确保我们对以太网设备捕获 make sure we're capturing on an Ethernet device [2] */ if (pcap_datalink(handle) != DLT_EN10MB) { fprintf(stderr, "%s is not an Ethernet\n", dev); exit(EXIT_FAILURE); } /* 编译过滤表达式 compile the filter expression */ if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) { fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } /* 应用过滤规则 apply the compiled filter */ if (pcap_setfilter(handle, &fp) == -1) { fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle)); exit(EXIT_FAILURE); } /* 设置回高函数并开始捕获包 now we can set our callback function */ pcap_loop(handle, num_packets, got_packet, NULL); /* cleanup */ pcap_freecode(&fp); pcap_close(handle); printf("\nCapture complete.\n"); return 0; }
int main(int argc, char **argv) { bpf_u_int32 mask, mask2; /* subnet mask */ bpf_u_int32 net, net2; /* ip */ char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */ pcap_t *handle; /* packet capture handle */ char filter_exp[] = "ip"; /* filter expression */ struct bpf_program fp; /* compiled filter program (expression) */ int c,num_packets = -1; /* number of packets to capture */ struct libnet_link_int *l; u_long i; /* check command-line options */ while ((c = getopt(argc, argv, "i:I:d:n:hpcf:")) != EOF) { switch (c) { case 'i': dev = optarg; dev2 = dev; break; case 'I': dev2 = optarg; break; case 'd': daddr2 = optarg; break; case 'n': num_packets = atoi(optarg); break; case 'f': strcpy(filter_exp, optarg); break; case 'h': hide_header = 1; break; case 'p': hide_payload = 1; break; case 'c': capture_only = 1; break; default: print_app_usage(argv[0]); exit(EXIT_FAILURE); } } if (dev == NULL) { print_app_usage(argv[0]); exit(EXIT_FAILURE); } /* get source ip address associated with forward device */ l = libnet_open_link_interface(dev2, errbuf); if (!l) { printf("libnet_open_link_interface: %s\n", errbuf); goto failure; } i = libnet_get_ipaddr(l, dev2, errbuf); if (!i) { printf("Can't get ip address: %s\n", errbuf); goto failure; } saddr2 = (char *)libnet_host_lookup(ntohl(i), 0); /* get network number and mask associated with capture device */ if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { printf(" Error: couldn't get netmask for interface %s\n\n", errbuf); goto failure; } /* print capture info */ printf("\n Capture from: %s\n", dev); printf(" Forward to: %s\n", dev2); printf(" Src Address: %s\n", saddr2); if (daddr2) printf(" Dst Address: %s\n", daddr2); else printf(" Dst Address: Not changed\n"); if(num_packets > 0) printf("Packets to capture: %d\n", num_packets); printf("Packet Filter: %s\n", filter_exp); printf("\n"); /* open capture device */ handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf); if (handle == NULL) { printf("\n Error: couldn't open interface %s: %s\n\n", dev, errbuf); goto failure; } /* make sure we're capturing on an Ethernet device */ if (pcap_datalink(handle) != DLT_EN10MB) { printf("\n Error: %s is not on ethernet\n\n", dev); goto failure; } /* compile the filter expression */ if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) { printf("\n Error: couldn't parse filter %s: %s\n\n", filter_exp, pcap_geterr(handle)); goto failure; } /* apply the compiled filter */ if (pcap_setfilter(handle, &fp) == -1) { printf("\n Error: couldn't install filter %s: %s\n\n", filter_exp, pcap_geterr(handle)); goto failure; } /* now we can set our callback function */ pcap_loop(handle, num_packets, got_packet, NULL); /* cleanup */ pcap_freecode(&fp); pcap_close(handle); printf("\nCapture and forward complete.\n\n"); exit(EXIT_SUCCESS); failure: exit(EXIT_FAILURE); }