/************ * initSniffer() ***********/ int initSniffer( const char *device ) { int sd; sd = socket (PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); if (sd < 0) { printf ("socket err: %s"); exit (1); } setPromisc( device, sd, ON ); //ponemos el interface de red en modo cachondo :) return sd; }
int main(int argc,char **argv) { if(argc!=2) { perror("please echo like this: ./mypack eth0\n"); exit(1); } int sock; struct sockaddr_ll rcvaddr; char buf[6666]; struct ifreq ifr; int len; sock=rawSocket(); setPromisc(argv[1],&sock); len=sizeof(struct sockaddr); memset(buf,0,sizeof(buf)); FILE *fi; fi=fopen("/tmp/a.cap","ab+"); if(fi == NULL) { printf("open /tmp/a.cap failed!!\n"); } //char head[] = "0xD4C3B2A1020004000000000000000000FFFF000001000000"; //fprintf(fi,"D4C3B2A1020004000000000000000000FFFF000001000000"); //this is ascii,so wrong!!! /*******pcap header*******/ struct pcap_file_header *fh; struct pcap_file_header p_f_h; p_f_h.magic = 0xA1B2C3D4; p_f_h.version_major = 0x0002; p_f_h.version_minor = 0x0004; p_f_h.thiszone = 0x00000000; p_f_h.sigfigs = 0x00000000; p_f_h.snaplen = 0x0000FFFF; p_f_h.linktype = 0X00000001; fh = &p_f_h; // memcpy(buf,fh,sizeof(p_f_h)); // fprintf(fi,"%s",buf); //buf is start in ethernet!!! so wrong!!! fwrite(fh,sizeof(p_f_h),1,fi); fclose(fi); while(1) { int rval; //the unit is byte!!! so multiple 256 rval=recvfrom(sock,buf,sizeof(buf),0,(struct sockaddr*)&rcvaddr,&len); if(rval>0) { // printf("Get %d bytes\n",rval); FILE *f; f=fopen("/tmp/a.cap","ab+"); if(f==NULL) { printf("open /tmp/a.cap failed!!!\n"); } /*************packet header*********/ #if 0 //this is manual write time code int time[2]={0x500E4204,0x0000D1EF}; int (*tim)[2]; tim=&time; fwrite(tim,8,1,f); #endif #if 1 // struct pcap_pkthdr *pCap; // int now_sec; // int time_change = 0; // int last_sec = 0; struct timeval tv; // struct timezone tz; //usually dont need tz gettimeofday(&tv,NULL); fwrite(&(tv.tv_sec),4,1,f); fwrite(&(tv.tv_usec),4,1,f); // printf("%x\n",tv.tv_usec); /* //may be wrong in data type,cant assignment printf("%d\n",tv.tv_sec); pCap->ts.tv_sec = tv.tv_sec; pCap->ts.tv_usec = tv.tv_usec; printf("%d\n",tv.tv_sec); printf("%d\n",tv.tv_usec); fwrite(pCap,8,1,f); */ #endif int b,c,d; int *bp; b = rval*256; //cause rval is the bytes of recvfrom() // printf("%x\n",b); /****switch the position*****/ if(b<0x00010000) { #if 0 c = (b>>16)&Mask; d = (b<<16)&(~Mask); b = c|d; #endif #if 1 c = (b&FTWO)>>8; d = (b&FONE)<<8; b = c|d; #endif } else {
/************ * endSniffer() ***********/ void endSniffer( const char *device, int sd ) { setPromisc( device, sd, OFF ); //quitamos el interface de red en modo cachondo :) close( sd ); }