Sniffer::Sniffer(const string& device,
promisc_type promisc,
const string& filter,
bool rfmon) {
SnifferConfiguration configuration;
configuration.set_promisc_mode(promisc == PROMISC);
configuration.set_filter(filter);
configuration.set_rfmon(rfmon);
char error[PCAP_ERRBUF_SIZE];
pcap_t* phandle = pcap_create(TINS_PREFIX_INTERFACE(device).c_str(), error);
if (!phandle) {
throw runtime_error(error);
}
set_pcap_handle(phandle);
// Set the netmask if we are able to find it.
bpf_u_int32 ip, if_mask;
if (pcap_lookupnet(TINS_PREFIX_INTERFACE(device).c_str(), &ip, &if_mask, error) == 0) {
set_if_mask(if_mask);
}
// Configure the sniffer's attributes prior to activation.
configuration.configure_sniffer_pre_activation(*this);
// Finally, activate the pcap. In case of error throw runtime_error
if (pcap_activate(get_pcap_handle()) < 0) {
throw pcap_error(pcap_geterr(get_pcap_handle()));
}
// Configure the sniffer's attributes after activation.
configuration.configure_sniffer_post_activation(*this);
}
void Sniffer::set_rfmon(bool rfmon_enabled) {
#ifndef _WIN32
if (pcap_can_set_rfmon(get_pcap_handle()) == 1) {
if (pcap_set_rfmon(get_pcap_handle(), rfmon_enabled)) {
throw pcap_error(pcap_geterr(get_pcap_handle()));
}
}
#endif
}
void Sniffer::set_immediate_mode(bool enabled) {
// As of libpcap version 1.5.0 this function exists. Before, it was
// technically always immediate mode since capture used TPACKET_V1/2
// which doesn't do packet buffering.
#ifdef HAVE_PCAP_IMMEDIATE_MODE
if (pcap_set_immediate_mode(get_pcap_handle(), enabled)) {
throw pcap_error(pcap_geterr(get_pcap_handle()));
}
#endif // HAVE_PCAP_IMMEDIATE_MODE
}
int
main(int argc, char* argv[])
{
char *device; /* Device name to capture on. */
char errbuf[PCAP_ERRBUF_SIZE]; /* Error buffer */
pcap_t *handle; /* Packet capture handle */
int loop_return;
init(argc, argv);
device = pcap_lookupdev(errbuf);
if (device == NULL)
{
fprintf(stderr, "Could not find default device: %s\n", errbuf);
exit(EXIT_FAILURE);
}
handle = get_pcap_handle(device, errbuf);
if (handle == NULL)
{
fprintf(stderr, "Could not open device %s: %s\n", device, errbuf);
exit(EXIT_FAILURE);
}
if (pcap_datalink(handle) != DLT_EN10MB)
{
fprintf(stderr, "%s is not an Ethernet device.\n", device);
exit(EXIT_FAILURE);
}
printf("Capturing packets......\n");
loop_return = pcap_loop(handle, config.packets, handle_packet, NULL);
DEBUG(printf("Packet capture complete\n"));
if (loop_return == -1)
{
printf("An error occurred when capturing %s\n", pcap_geterr(handle));
}
cleanup();
go_interactive();
pcap_close(handle);
return 0;
}
void Sniffer::set_promisc_mode(bool promisc_enabled) {
if (pcap_set_promisc(get_pcap_handle(), promisc_enabled)) {
throw pcap_error(pcap_geterr(get_pcap_handle()));
}
}
void Sniffer::set_buffer_size(unsigned buffer_size) {
if (pcap_set_buffer_size(get_pcap_handle(), buffer_size)) {
throw pcap_error(pcap_geterr(get_pcap_handle()));
}
}
void Sniffer::set_snap_len(unsigned snap_len) {
if (pcap_set_snaplen(get_pcap_handle(), snap_len)) {
throw pcap_error(pcap_geterr(get_pcap_handle()));
}
}