threadhead
03-04-2003, 12:11 PM
hey there i am interesting in sniffers.
i searched the web for simple, very simple, sniffers in C:
//---[ tcpsniff.c ]-------------------------[ http://harmony.haxors.com ]-----
//
// this is just a *simple* tcp 'sniffer'. just ment for quick and dirty
// testing for some other apps and knocked up in a few free moments. will
// loop forever printing the headers in each tcp/ip packet read, nothing
// more nothing less.
//
//---[ harmony :: temple of the screaming interrupt ]--[ nomelody@gmx.net ]---
//--headers-------------------------------------------------------------------
#include <netinet/in.h>
#include <errno.h>
#include <netdb.h>
#include <stdio.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#include <sys/types.h>
#include <unistd.h>
//--globals------------------------------------------------------------------
int sock_raw;
struct Packet {
struct iphdr ip;
struct tcphdr tcp;
unsigned char data [65535];
} packet;
//--entry point--------------------------------------------------------------
int main(){
int saddr_size;
struct sockaddr_in saddr;
struct in_addr in;
printf("[starting]...\n");
sock_raw = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
if(sock_raw < 0){
printf("socket error\n");
return -1;
}
while(1){
saddr_size = sizeof(saddr);
if(recvfrom(sock_raw, &packet, sizeof(packet), 0, &saddr, &saddr_size) < 0){
printf("recvfrom error, failed to get packet\n");
return -1;
}
printf("--[IP Header]----\n");
printf("version : %d\t",packet.ip.version);
printf("ihl : %d\t",packet.ip.ihl);
printf("tos : %d\t",packet.ip.tos);
printf("tot length : %d\n",packet.ip.tot_len);
printf("id : %d\t",ntohs(packet.ip.id));
printf("frag_off : %d\t",packet.ip.frag_off);
printf("ttl : %d\t",packet.ip.ttl);
printf("protocol : %d\n",packet.ip.protocol);
printf("check : %d\t",packet.ip.check);
in.s_addr = packet.ip.saddr;
printf("saddr : %s\t",inet_ntoa(in));
in.s_addr = packet.ip.daddr;
printf("daddr : %s\n",inet_ntoa(in));
printf("--[TCP Header]----\n");
printf("source port : %d\t",ntohs(packet.tcp.source));
printf("dest port : %d\n",ntohs(packet.tcp.dest));
printf("sequence : %d\t",ntohl(packet.tcp.seq));
printf("ack num : %d\n",ntohl(packet.tcp.ack_seq));
printf("res1 : %d\t",ntohs(packet.tcp.res1));
printf("doff : %d\t",ntohs(packet.tcp.doff));
printf("fin: %d\t",packet.tcp.fin);
printf("syn: %d\t",packet.tcp.syn);
printf("rst: %d\t",packet.tcp.rst);
printf("psh: %d\t",packet.tcp.psh);
printf("ack: %d\t",packet.tcp.ack);
printf("urg: %d\n\n",packet.tcp.urg);
printf("res2 : %d\t",packet.tcp.res2);
printf("window : %d\t",ntohs(packet.tcp.window));
printf("check : %d\t",packet.tcp.check);
printf("urt_ptr : %d\n\n\n",packet.tcp.urg_ptr);
}
close(sock_raw);
printf("[finishing]...\n");
return 0;
}
when i run that on my linux box there is see all that stuff like tcp sequence
numbers and so forth.
but how can i display the data included in the packet?
thanks
i searched the web for simple, very simple, sniffers in C:
//---[ tcpsniff.c ]-------------------------[ http://harmony.haxors.com ]-----
//
// this is just a *simple* tcp 'sniffer'. just ment for quick and dirty
// testing for some other apps and knocked up in a few free moments. will
// loop forever printing the headers in each tcp/ip packet read, nothing
// more nothing less.
//
//---[ harmony :: temple of the screaming interrupt ]--[ nomelody@gmx.net ]---
//--headers-------------------------------------------------------------------
#include <netinet/in.h>
#include <errno.h>
#include <netdb.h>
#include <stdio.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#include <sys/types.h>
#include <unistd.h>
//--globals------------------------------------------------------------------
int sock_raw;
struct Packet {
struct iphdr ip;
struct tcphdr tcp;
unsigned char data [65535];
} packet;
//--entry point--------------------------------------------------------------
int main(){
int saddr_size;
struct sockaddr_in saddr;
struct in_addr in;
printf("[starting]...\n");
sock_raw = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
if(sock_raw < 0){
printf("socket error\n");
return -1;
}
while(1){
saddr_size = sizeof(saddr);
if(recvfrom(sock_raw, &packet, sizeof(packet), 0, &saddr, &saddr_size) < 0){
printf("recvfrom error, failed to get packet\n");
return -1;
}
printf("--[IP Header]----\n");
printf("version : %d\t",packet.ip.version);
printf("ihl : %d\t",packet.ip.ihl);
printf("tos : %d\t",packet.ip.tos);
printf("tot length : %d\n",packet.ip.tot_len);
printf("id : %d\t",ntohs(packet.ip.id));
printf("frag_off : %d\t",packet.ip.frag_off);
printf("ttl : %d\t",packet.ip.ttl);
printf("protocol : %d\n",packet.ip.protocol);
printf("check : %d\t",packet.ip.check);
in.s_addr = packet.ip.saddr;
printf("saddr : %s\t",inet_ntoa(in));
in.s_addr = packet.ip.daddr;
printf("daddr : %s\n",inet_ntoa(in));
printf("--[TCP Header]----\n");
printf("source port : %d\t",ntohs(packet.tcp.source));
printf("dest port : %d\n",ntohs(packet.tcp.dest));
printf("sequence : %d\t",ntohl(packet.tcp.seq));
printf("ack num : %d\n",ntohl(packet.tcp.ack_seq));
printf("res1 : %d\t",ntohs(packet.tcp.res1));
printf("doff : %d\t",ntohs(packet.tcp.doff));
printf("fin: %d\t",packet.tcp.fin);
printf("syn: %d\t",packet.tcp.syn);
printf("rst: %d\t",packet.tcp.rst);
printf("psh: %d\t",packet.tcp.psh);
printf("ack: %d\t",packet.tcp.ack);
printf("urg: %d\n\n",packet.tcp.urg);
printf("res2 : %d\t",packet.tcp.res2);
printf("window : %d\t",ntohs(packet.tcp.window));
printf("check : %d\t",packet.tcp.check);
printf("urt_ptr : %d\n\n\n",packet.tcp.urg_ptr);
}
close(sock_raw);
printf("[finishing]...\n");
return 0;
}
when i run that on my linux box there is see all that stuff like tcp sequence
numbers and so forth.
but how can i display the data included in the packet?
thanks