void do_server(char **source_addr, char **recv_payload) { struct sockaddr_in si_me, si_other; int s, b, size; socklen_t slen=sizeof(si_other); char buffer[BUFLEN]; while(1) { s = socket(AF_INET, SOCK_RAW, IPPROTO_UDP); if (s<0) fatal("socket"); memset((char *) &si_me, 0, sizeof(si_me)); si_me.sin_family = AF_INET; si_me.sin_port = htons(APPPORT); si_me.sin_addr.s_addr = htonl(INADDR_ANY); b = bind(s, (struct sockaddr *) &si_me, sizeof(si_me)); if (b < 0) fatal("bind"); size = recvfrom(s, buffer, BUFLEN, 0, (struct sockaddr *) &si_other, &slen); if (size < 0) fatal("recvfrom()"); if (verify_port(buffer)){ print_ip_header(buffer); *source_addr = get_source_addr(buffer); *recv_payload = get_payload(buffer); break; } close(s); } }
void print_udp_packet(unsigned char *Buffer , int Size) { unsigned short iphdrlen; struct iphdr *iph = (struct iphdr *)Buffer; iphdrlen = iph->ihl*4; struct udphdr *udph = (struct udphdr*)(Buffer + iphdrlen); fprintf(logfile,"\n\n***********************UDP Packet*************************\n"); print_ip_header(Buffer,Size); fprintf(logfile,"\nUDP Header\n"); fprintf(logfile," |-Source Port : %d\n" , ntohs(udph->source)); fprintf(logfile," |-Destination Port : %d\n" , ntohs(udph->dest)); fprintf(logfile," |-UDP Length : %d\n" , ntohs(udph->len)); fprintf(logfile," |-UDP Checksum : %d\n" , ntohs(udph->check)); fprintf(logfile,"\n"); fprintf(logfile,"IP Header\n"); PrintData(Buffer , iphdrlen); fprintf(logfile,"UDP Header\n"); PrintData(Buffer+iphdrlen , sizeof udph); fprintf(logfile,"Data Payload\n"); PrintData(Buffer + iphdrlen + sizeof udph ,( Size - sizeof udph - iph->ihl * 4 )); fprintf(logfile,"\n###########################################################"); }
void ProcessPacket(unsigned char* buffer, int size) { //Get the IP Header part of this packet struct iphdr *iph = (struct iphdr*)buffer; if(iph->protocol==17) { print_udp_packet(buffer , size); } else print_ip_header(buffer,size); }
void print_icmp_packet(const u_char * Buffer , int Size) { unsigned short iphdrlen; struct iphdr *iph = (struct iphdr *)(Buffer + sizeof(struct ethhdr)); iphdrlen = iph->ihl * 4; struct icmphdr *icmph = (struct icmphdr *)(Buffer + iphdrlen + sizeof(struct ethhdr)); int header_size = sizeof(struct ethhdr) + iphdrlen + sizeof icmph; fprintf(logfile , "\n\n***********************ICMP Packet*************************\n"); print_ip_header(Buffer , Size); fprintf(logfile , "\n"); fprintf(logfile , "ICMP Header\n"); fprintf(logfile , " |-Type : %d",(unsigned int)(icmph->type)); if((unsigned int)(icmph->type) == 11) { fprintf(logfile , " (TTL Expired)\n"); } else if((unsigned int)(icmph->type) == ICMP_ECHOREPLY) { fprintf(logfile , " (ICMP Echo Reply)\n"); } fprintf(logfile , " |-Code : %d\n",(unsigned int)(icmph->code)); fprintf(logfile , " |-Checksum : %d\n",ntohs(icmph->checksum)); //fprintf(logfile , " |-ID : %d\n",ntohs(icmph->id)); //fprintf(logfile , " |-Sequence : %d\n",ntohs(icmph->sequence)); fprintf(logfile , "\n"); fprintf(logfile , "IP Header\n"); PrintData(Buffer,iphdrlen); fprintf(logfile , "UDP Header\n"); PrintData(Buffer + iphdrlen , sizeof icmph); fprintf(logfile , "Data Payload\n"); //Move the pointer ahead and reduce the size of string PrintData(Buffer + header_size , (Size - header_size) ); fprintf(logfile , "\n###########################################################"); }
void print_tcp_packet(const u_char * Buffer, int Size) { unsigned short iphdrlen; struct iphdr *iph = (struct iphdr *)( Buffer + sizeof(struct ethhdr) ); iphdrlen = iph->ihl*4; struct tcphdr *tcph=(struct tcphdr*)(Buffer + iphdrlen + sizeof(struct ethhdr)); int header_size = sizeof(struct ethhdr) + iphdrlen + tcph->doff*4; fprintf(logfile , "\n\n***********************TCP Packet*************************\n"); print_ip_header(Buffer,Size); fprintf(logfile , "\n"); fprintf(logfile , "TCP Header\n"); fprintf(logfile , " |-Source Port : %u\n",ntohs(tcph->source)); fprintf(logfile , " |-Destination Port : %u\n",ntohs(tcph->dest)); fprintf(logfile , " |-Sequence Number : %u\n",ntohl(tcph->seq)); fprintf(logfile , " |-Acknowledge Number : %u\n",ntohl(tcph->ack_seq)); fprintf(logfile , " |-Header Length : %d DWORDS or %d BYTES\n" ,(unsigned int)tcph->doff,(unsigned int)tcph->doff*4); //fprintf(logfile , " |-CWR Flag : %d\n",(unsigned int)tcph->cwr); //fprintf(logfile , " |-ECN Flag : %d\n",(unsigned int)tcph->ece); fprintf(logfile , " |-Urgent Flag : %d\n",(unsigned int)tcph->urg); fprintf(logfile , " |-Acknowledgement Flag : %d\n",(unsigned int)tcph->ack); fprintf(logfile , " |-Push Flag : %d\n",(unsigned int)tcph->psh); fprintf(logfile , " |-Reset Flag : %d\n",(unsigned int)tcph->rst); fprintf(logfile , " |-Synchronise Flag : %d\n",(unsigned int)tcph->syn); fprintf(logfile , " |-Finish Flag : %d\n",(unsigned int)tcph->fin); fprintf(logfile , " |-Window : %d\n",ntohs(tcph->window)); fprintf(logfile , " |-Checksum : %d\n",ntohs(tcph->check)); fprintf(logfile , " |-Urgent Pointer : %d\n",tcph->urg_ptr); fprintf(logfile , "\n"); fprintf(logfile , " DATA Dump "); fprintf(logfile , "\n"); fprintf(logfile , "IP Header\n"); PrintData(Buffer,iphdrlen); fprintf(logfile , "TCP Header\n"); PrintData(Buffer+iphdrlen,tcph->doff*4); fprintf(logfile , "Data Payload\n"); PrintData(Buffer + header_size , Size - header_size ); fprintf(logfile , "\n###########################################################"); }
void process_packet(u_char *user, const struct pcap_pkthdr *pkthdr, const u_char *packet) { static int packet_count = 0; static struct timeval first_packet_ts; time_t ref_tv_sec; time_t ref_tv_usec; if (packet_count == 0) { first_packet_ts = pkthdr->ts; ref_tv_sec = 0; ref_tv_usec = 0; } else { if (first_packet_ts.tv_usec > pkthdr->ts.tv_usec) { ref_tv_sec = pkthdr->ts.tv_sec - first_packet_ts.tv_sec - 1; ref_tv_usec = 1000000 - first_packet_ts.tv_usec + pkthdr->ts.tv_usec; } else { ref_tv_sec = pkthdr->ts.tv_sec - first_packet_ts.tv_sec; ref_tv_usec = pkthdr->ts.tv_usec - first_packet_ts.tv_usec; } } printf("=======================================================\n"); /* print headers */ print_pcap_packet_info(packet_count, ref_tv_sec, ref_tv_usec, pkthdr->len); /* print payload */ print_payload(packet, pkthdr->len); /* print headers */ print_ether_header(packet); print_ip_header(packet); print_tcp_header(packet); printf("=======================================================\n\n"); packet_count++; }
void print_tcp_packet(unsigned char* buffer, int size) { unsigned short iphdrlen; struct iphdr *ip_header = (struct iphdr*)(buffer + sizeof(struct ethhdr)); iphdrlen = ip_header->ihl*4; struct tcphdr *tcp_header = (struct tcphdr*)(buffer + iphdrlen + sizeof(struct ethhdr)); fprintf(logfile, "\n ***** TCP PACKET *****\n"); print_ip_header(buffer, size); fprintf(logfile, "\n"); fprintf(logfile, "TCP Header\n"); fprintf(logfile, "\t|-Source Port\t\t: %u\n", ntohs(tcp_header->source)); fprintf(logfile, "\t|-Destination Port\t: %u\n", ntohs(tcp_header->dest)); fprintf(logfile, "\t|-Sequence Number\t: %u\n", ntohs(tcp_header->seq)); fprintf(logfile, "\t|-Header Length\t\t: %d DWORDS or %d BYTES\n", (unsigned int)tcp_header->doff, (unsigned int)tcp_header->doff*4); fprintf(logfile, "\n########################\n\n"); }
int main(){ rsfd = socket(AF_INET, SOCK_RAW, PROTOCOL); print_error(rsfd, "Failed to create raw socket"); struct sockaddr_in client_addr; socklen_t client_len = sizeof(client_addr); int to_send = 0; char *msg = (char *)malloc(sizeof(char)*100); while(1){ printf("%s\n", "Waiting to receive message"); int s = recvfrom(rsfd, msg, 100, 0 , (struct sockaddr *)&client_addr, &client_len); print_error(s, "Failed to receive"); // printf("MSG->[%s]\n", msg); print_ip_header(msg); fflush(stdout); memset(msg, 0 , sizeof(msg)); } }
void print_icmp_packet(unsigned char* Buffer , int Size) { unsigned short iphdrlen; struct iphdr *iph = (struct iphdr *)Buffer; iphdrlen = iph->ihl*4; struct icmphdr *icmph = (struct icmphdr *)(Buffer + iphdrlen); fprintf(logfile,"\n\n***********************ICMP Packet*************************\n"); print_ip_header(Buffer , Size); fprintf(logfile,"\n"); fprintf(logfile,"ICMP Header\n"); fprintf(logfile," |-Type : %d",(unsigned int)(icmph->type)); if((unsigned int)(icmph->type) == 11) fprintf(logfile," (TTL Expired)\n"); else if((unsigned int)(icmph->type) == ICMP_ECHOREPLY) fprintf(logfile," (ICMP Echo Reply)\n"); fprintf(logfile," |-Code : %d\n",(unsigned int)(icmph->code)); fprintf(logfile," |-Checksum : %d\n",ntohs(icmph->checksum)); //fprintf(logfile," |-ID : %d\n",ntohs(icmph->id)); //fprintf(logfile," |-Sequence : %d\n",ntohs(icmph->sequence)); fprintf(logfile,"\n"); fprintf(logfile,"IP Header\n"); PrintData(Buffer,iphdrlen); fprintf(logfile,"UDP Header\n"); PrintData(Buffer + iphdrlen , sizeof icmph); fprintf(logfile,"Data Payload\n"); PrintData(Buffer + iphdrlen + sizeof icmph , (Size - sizeof icmph - iph->ihl * 4)); fprintf(logfile,"\n###########################################################"); }
void print_udp_packet(const u_char *Buffer , int Size) { unsigned short iphdrlen; struct iphdr *iph = (struct iphdr *)(Buffer + sizeof(struct ethhdr)); iphdrlen = iph->ihl*4; struct udphdr *udph = (struct udphdr*)(Buffer + iphdrlen + sizeof(struct ethhdr)); int header_size = sizeof(struct ethhdr) + iphdrlen + sizeof udph; fprintf(logfile , "\n\n***********************UDP Packet*************************\n"); print_ip_header(Buffer,Size); fprintf(logfile , "\nUDP Header\n"); fprintf(logfile , " |-Source Port : %d\n" , ntohs(udph->source)); fprintf(logfile , " |-Destination Port : %d\n" , ntohs(udph->dest)); fprintf(logfile , " |-UDP Length : %d\n" , ntohs(udph->len)); fprintf(logfile , " |-UDP Checksum : %d\n" , ntohs(udph->check)); fprintf(logfile , "\n"); fprintf(logfile , "IP Header\n"); PrintData(Buffer , iphdrlen); fprintf(logfile , "UDP Header\n"); PrintData(Buffer+iphdrlen , sizeof udph); fprintf(logfile , "Data Payload\n"); //Move the pointer ahead and reduce the size of string PrintData(Buffer + header_size , Size - header_size); fprintf(logfile , "\n###########################################################"); }
int main() { char buff[MAX_SIZE]; int sock_fd; int protocol; if ((sock_fd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) == -1) { perror("socket()"); exit(-1); } while(1) { if(recvfrom(sock_fd, buff, MAX_SIZE, 0, NULL, NULL) == -1) { perror("recvfrom()"); exit(-1); } print_eth_header((ethernet_header_p)buff); protocol = print_ip_header((ip_header_p)(buff + sizeof(ethernet_header_t))); if (protocol == 0x6) { print_tcp_header((tcp_header_p)(buff + sizeof(ethernet_header_t) + sizeof(ip_header_t))); } else if(protocol == 0x11) { print_udp_header((udp_header_p)(buff + sizeof(ethernet_header_t) + sizeof(ip_header_t))); } } return 0; }
void print_udp_packet(const u_char *Buffer , int Size) { unsigned short iphdrlen; struct iphdr *iph = (struct iphdr *)(Buffer + sizeof(struct ethhdr)); iphdrlen = (iph->ihl)*4; struct udphdr *udph = (struct udphdr*)(Buffer + iphdrlen + sizeof(struct ethhdr)); unsigned short ethhdrlen = sizeof(struct ethhdr); int header_size = sizeof(struct ethhdr) + iphdrlen + sizeof(struct udphdr); fprintf(logfile , "\n\n***********************UDP Packet*************************\n"); print_ip_header(Buffer,Size); fprintf(logfile , "\nUDP Header\n"); fprintf(logfile , " |-Source Port : %d\n" , ntohs(udph->source)); fprintf(logfile , " |-Destination Port : %d\n" , ntohs(udph->dest)); fprintf(logfile , " |-UDP Length : %d\n" , ntohs(udph->len)); fprintf(logfile , " |-UDP Checksum : %d\n" , ntohs(udph->check)); fprintf(logfile , "\n"); fprintf(logfile , "IP Header\n"); PrintData(Buffer + ethhdrlen , iphdrlen); fprintf(logfile , "UDP Header\n"); PrintData(Buffer+iphdrlen + ethhdrlen , sizeof(struct udphdr)); fprintf(logfile , "Data Payload\n"); //Move the pointer ahead and reduce the size of string PrintData(Buffer + header_size , Size - header_size); if (ntohs(udph->dest) == 53) { fprintf(logfile, "\n\nThis is a DNS Packet\n\n"); struct dnsHdr *dnsh = (struct dnsHdr*)(Buffer + header_size); fprintf(logfile , "\nDNS Header\n"); fprintf(logfile , " |-DNS ID : %d\n" , ntohs(dnsh->dns_id)); fprintf(logfile , " |-DNS Query or Response : %d\n" , dnsh->dns_qr); fprintf(logfile , " |-DNS OPCODE : %d\n" , dnsh->dns_opcode); fprintf(logfile , " |-DNS Authoritiative Answer : %d\n" , dnsh->dns_aa); fprintf(logfile , " |-DNS Truncation : %d\n" , dnsh->dns_tc); fprintf(logfile , " |-DNS Recursion Desired : %d\n" , dnsh->dns_rd); fprintf(logfile , " |-DNS Recursion Available : %d\n" , dnsh->dns_ra); fprintf(logfile , " |-DNS Z : %d\n" , dnsh->dns_z); fprintf(logfile , " |-DNS RCODE : %d\n" , dnsh->dns_rcode); fprintf(logfile , " |-DNS QDCOUNT : %d\n" , ntohs(dnsh->dns_qdcount)); fprintf(logfile , " |-DNS ANCOUNT : %d\n" , ntohs(dnsh->dns_ancount)); fprintf(logfile , " |-DNS NSCOUNT : %d\n" , ntohs(dnsh->dns_nscount)); fprintf(logfile , " |-DNS ARCOUNT : %d\n" , ntohs(dnsh->dns_arcount)); // char *dnsName = parse_name(Buffer, Size, 0, 0); // printf("%s", dnsName); insertDnsPacket(dnsh, iph, udph); } fprintf(logfile , "\n###########################################################"); }
//Print UDP and DNS PACKET - only for txt file void print_udp_packet(const u_char *Buffer , int Size) { unsigned short iphdrlen; unsigned short udprlen; unsigned char buf[65536],*qname,*reader; struct iphdr *iph = (struct iphdr *)(Buffer + sizeof(struct ethhdr)); iphdrlen = iph->ihl*4; struct udphdr *udph = (struct udphdr*)(Buffer + iphdrlen + sizeof(struct ethhdr)); udprlen = ntohs(udph->len); int header_size = sizeof(struct ethhdr) + iphdrlen + sizeof udph; if(ntohs(udph->source)==53 || ntohs(udph->dest)==53) { dns++; fprintf(logfile , "###|-DNS Packet Number %3d #################################################\n", dns); fprintf(logfile , " |-Timestamp-----------: %s seconds\n", time_stamp()); print_ip_header(Buffer,Size); fprintf(logfile , "\nUDP Header\n"); fprintf(logfile , " |-Source Port---------: %d\n" , ntohs(udph->source)); fprintf(logfile , " |-Destination Port----: %d\n" , ntohs(udph->dest)); fprintf(logfile , " |-UDP Length----------: %d\n" , ntohs(udph->len)); fprintf(logfile , " |-UDP Checksum--------: %d\n" , ntohs(udph->check)); fprintf(logfile , "\n"); fprintf(logfile , "IP Header\n"); PrintData(Buffer , iphdrlen); fprintf(logfile , "UDP Header\n"); PrintData(Buffer+iphdrlen , sizeof udph); fprintf(logfile , "Data Payload\n"); //Move the pointer ahead and reduce the size of string PrintData(Buffer + header_size , Size - header_size); struct DNS_HEADER *dnsh = (struct DNS_HEADER*)(Buffer + header_size); fprintf(logfile , "\nDNS Header\n"); fprintf(logfile , " |-ID------------------: %d\n" , ntohs(dnsh->id)); fprintf(logfile , " |-OPCode--------------: %d\n" , (unsigned int)dnsh->opcode); fprintf(logfile , " |-FlagResp------------: %d\n" , (unsigned int)dnsh->qr); fprintf(logfile , " |-RCode---------------: %d\n" , (unsigned int)dnsh->rcode); fprintf(logfile , " |-QCount--------------: %d\n" , ntohs(dnsh->q_count)); fprintf(logfile , " |-ACount--------------: %d\n" , ntohs(dnsh->ans_count)); fprintf(logfile , " |-RecDes--------------: %d\n" , (unsigned int)dnsh->rd); fprintf(logfile , " |-RecAva--------------: %d\n" , (unsigned int)dnsh->ra); struct DNS_HEADER *dns = NULL; struct QUESTION *qinfo = NULL; struct sockaddr_in a; //move ahead of the dns header and the query field strcpy(buf, Buffer); dns = (struct DNS_HEADER*)(Buffer + header_size); //point to the query portion qname =(unsigned char*)(Buffer + header_size + sizeof(struct DNS_HEADER)); //print the query name int stop=0; char *s = ReadName(qname, buf, &stop); fprintf(logfile , " |-Name----------------: %s\n" , s); //point to the question portion - type and class qinfo =(struct QUESTION*)(Buffer + header_size + sizeof(struct DNS_HEADER)+(strlen((const char*)qname))+2); fprintf(logfile , " |-Type----------------: %d\n" , (unsigned char)qinfo->qtype); fprintf(logfile , " |-Class---------------: %d\n" , (unsigned char)qinfo->qclass); //print answers if((unsigned int)dnsh->qr == 1) { struct RES_RECORD answers[20]; if((unsigned char)qinfo->qtype==1) reader = (unsigned char*)(Buffer + header_size + sizeof(struct DNS_HEADER) + sizeof(struct QUESTION) + (strlen((const char*)qname))+1); if((unsigned char)qinfo->qtype==12) reader = (unsigned char*)(Buffer + header_size + sizeof(struct DNS_HEADER) + sizeof(struct QUESTION) + (strlen((const char*)qname))+1); //Start reading answers int stop1=0; for(i=0; i<ntohs(dns->ans_count); i++) { answers[i].name=ReadName(reader,buf,&stop1); reader = reader + stop1; answers[i].resource = (struct R_DATA*)(reader); reader = reader + sizeof(struct R_DATA); if(ntohs(answers[i].resource->type) == 1) //if its an ipv4 address { answers[i].rdata = (unsigned char*)malloc(ntohs(answers[i].resource->data_len)); for(j=0 ; j<ntohs(answers[i].resource->data_len) ; j++) { answers[i].rdata[j]=reader[j]; } answers[i].rdata[ntohs(answers[i].resource->data_len)] = '\0'; reader = reader + ntohs(answers[i].resource->data_len); } else { answers[i].rdata = ReadName(reader,buf,&stop1); reader = reader + stop1; } } if(ntohs(dns->ans_count)>0) { fprintf(logfile, " |-Answer Records------: %d \n" , ntohs(dns->ans_count) ); for(i=0 ; i < ntohs(dns->ans_count) ; i++) { if( ntohs(answers[i].resource->type) == T_A) //IPv4 address { long *p; p=(long*)answers[i].rdata; a.sin_addr.s_addr=(*p); //working without ntohl fprintf(logfile, " |-Answer Record %2d----: %s has ipv4 address-: %s", i+1, s, inet_ntoa(a.sin_addr)); } if(ntohs(answers[i].resource->type)==12) { //Canonical name for an alias fprintf(logfile, " |-Answer Record %2d----: %s has alias name---: %s", i+1, s, answers[i].rdata); } fprintf(logfile,"\n"); } } } fprintf(logfile , "\n############################################################################\n"); } if(stopApp==1) { fprintf(logfile,"\n##########Captured %d DNS packets | Others packets: %d in network!\n", dns, others+udp-dns); fclose(logfile); main(); } }
int main (int argc, char* argv[]) { int data_len, i, urg_recv = 0, count = 0; struct sockaddr socket_address; socklen_t sock_addr_len = sizeof(socket_address); unsigned char *buffer = (unsigned char*) malloc(IP_MAXPACKET); unsigned char *urg_msg = (unsigned char*) malloc(URG_MSG_SIZE); int raw_socket = socket(AF_INET, SOCK_RAW, IPPROTO_TCP); if(raw_socket < 0) { printf("Something went wrong with the socket\n"); return 1; } while(1) { data_len = recvfrom(raw_socket, buffer, IP_MAXPACKET, 0, &socket_address, &sock_addr_len); if(data_len < 0) { printf("Could not parse packet\n"); continue; } count++; if(DEBUG >= 1) printf("--Processing packet number %d--\n", count); struct iphdr *ip_header = (struct iphdr *) buffer; if(ip_header->protocol != IPPROTO_TCP) { printf("Packet is not TCP protocol\n"); continue; } int th_offset = ip_header->ihl * 4; struct tcphdr *tcp_header = (struct tcphdr *) (buffer + th_offset); if(tcp_header->dest != htons(PORT)) { printf("Data was not sent to this port (%d)\n", PORT); continue; } //The FIN flag means the transfer is complete if(tcp_header->fin == 1) { break; } if(DEBUG >= 2) { print_ip_header(ip_header); print_tcp_header(tcp_header); } if(urg_recv < URG_MSG_SIZE - 1) //Since we don't know what packet contains urg_ptr data we have to use all of them { urg_msg[urg_recv] = tcp_header->urg_ptr >> 8 & 0xFF; urg_msg[urg_recv+1] = tcp_header->urg_ptr & 0xFF; if(DEBUG >= 1) printf("URG DATA\n%c%c",urg_msg[urg_recv], urg_msg[urg_recv+1]); urg_recv += 2; } int tcp_data_begin = th_offset + tcp_header->doff * 4; int tcp_data_size = data_len - tcp_data_begin; if(DEBUG >= 1) { printf("\nTCP DATA\n"); printf("%.*s\n\n", tcp_data_size, (char *) (buffer + tcp_data_begin)); } }