Search

'Interpreting the packets'에 해당되는 글 1건

  1. 2016.03.07 Winpcap Test 07

Winpcap Test 07

Programming/C,CPP,CS 2016. 3. 7. 10:05 Posted by TanSanC
336x280(권장), 300x250(권장), 250x250, 200x200 크기의 광고 코드만 넣을 수 있습니다.

Interpreting the packets



 

/*

* Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy)

* Copyright (c) 2005 - 2006 CACE Technologies, Davis (California)

* All rights reserved.

*

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

* are met:

*

* 1. Redistributions of source code must retain the above copyright

* notice, this list of conditions and the following disclaimer.

* 2. Redistributions in binary form must reproduce the above copyright

* notice, this list of conditions and the following disclaimer in the

* documentation and/or other materials provided with the distribution.

* 3. Neither the name of the Politecnico di Torino, CACE Technologies 

* nor the names of its contributors may be used to endorse or promote 

* products derived from this software without specific prior written 

* permission.

*

* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

*

*/


#include <stdio.h>


#include "pcap.h"


#ifndef WIN32

#include <sys/socket.h>

#include <netinet/in.h>

#else

#include <winsock.h>

#endif


// Winpcap Test 07

/* 4 bytes IP address */

typedef struct ip_address{

    u_char byte1;

    u_char byte2;

    u_char byte3;

    u_char byte4;

}ip_address;


/* IPv4 header */

typedef struct ip_header{

    u_char  ver_ihl;        // Version (4 bits) + Internet header length (4 bits)

    u_char  tos;            // Type of service 

    u_short tlen;           // Total length 

    u_short identification; // Identification

    u_short flags_fo;       // Flags (3 bits) + Fragment offset (13 bits)

    u_char  ttl;            // Time to live

    u_char  proto;          // Protocol

    u_short crc;            // Header checksum

    ip_address  saddr;      // Source address

    ip_address  daddr;      // Destination address

    u_int   op_pad;         // Option + Padding

}ip_header;


/* UDP header*/

typedef struct udp_header{

    u_short sport;          // Source port

    u_short dport;          // Destination port

    u_short len;            // Datagram length

    u_short crc;            // Checksum

}udp_header;



// Function prototypes

void ifprint(pcap_if_t *d);

char *iptos(u_long in);

char* ip6tos(struct sockaddr *sockaddr, char *address, int addrlen);

void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data);



int main()

{

pcap_if_t *alldevs;

pcap_if_t *d;

char errbuf[PCAP_ERRBUF_SIZE+1];

char source[PCAP_ERRBUF_SIZE+1] = {'0'};

int inum;

int i = 0;

// Winpcap Test 05

struct pcap_pkthdr *header;

int res;

struct tm ltime;

char timestr[16];

const u_char *pkt_data;

time_t local_tv_sec;

// Winpcap Test 07

u_int netmask;

char packet_filter[] = "ip and udp";

struct bpf_program fcode;



pcap_t *adhandle;



if (pcap_findalldevs_ex(source, NULL, &alldevs, errbuf) == -1)

{

fprintf(stderr,"Error in pcap_findalldevs: %s\n",errbuf);

exit(1);

}


/* Scan the list printing every entry */

for(d=alldevs;d;d=d->next)

{

ifprint(d);

i++;

}


printf("Enter the interface number (1-%d):",i);

scanf_s("%d", &inum);



if(inum < 1 || inum > i)

{

printf("\nInterface number out of range.\n");

/* Free the device list */

pcap_freealldevs(alldevs);

return -1;

}


/* Jump to the selected adapter */

for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);





/* Open the device */

if ( (adhandle= pcap_open(d->name,          // name of the device

65536,            // portion of the packet to capture

// 65536 guarantees that the whole packet will be captured on all the link layers

PCAP_OPENFLAG_PROMISCUOUS,    // promiscuous mode

1000,             // read timeout

NULL,             // authentication on the remote machine

errbuf            // error buffer

) ) == NULL)

{

fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);

/* Free the device list */

pcap_freealldevs(alldevs);

return -1;

}


// Winpcap Test 07

    /* Check the link layer. We support only Ethernet for simplicity. */

    if(pcap_datalink(adhandle) != DLT_EN10MB)

    {

        fprintf(stderr,"\nThis program works only on Ethernet networks.\n");

        /* Free the device list */

        pcap_freealldevs(alldevs);

        return -1;

    }

    

    if(d->addresses != NULL)

        /* Retrieve the mask of the first address of the interface */

        netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;

    else

        /* If the interface is without addresses we suppose to be in a C class network */

        netmask=0xffffff; 



    //compile the filter

    if (pcap_compile(adhandle, &fcode, packet_filter, 1, netmask) <0 )

    {

        fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n");

        /* Free the device list */

        pcap_freealldevs(alldevs);

        return -1;

    }

    

    //set the filter

    if (pcap_setfilter(adhandle, &fcode)<0)

    {

        fprintf(stderr,"\nError setting the filter.\n");

        /* Free the device list */

        pcap_freealldevs(alldevs);

        return -1;

    }

    

    printf("\nlistening on %s...\n", d->description);

    

    /* At this point, we don't need any more the device list. Free it */

    pcap_freealldevs(alldevs);

    

    /* start the capture */

    pcap_loop(adhandle, 0, packet_handler, NULL);


return 0;

}




/* Print all the available information on the given interface */

void ifprint(pcap_if_t *d)

{

pcap_addr_t *a;

char ip6str[128];


/* Name */

printf("\tName: %s\n",d->name);


/* Description */

if (d->description)

printf("\tDescription: %s\n",d->description);


/* Loopback Address*/

printf("\tLoopback: %s\n",(d->flags & PCAP_IF_LOOPBACK)?"yes":"no");


/* IP addresses */

for(a=d->addresses;a;a=a->next) {

if(a->addr->sa_family != AF_INET)

continue;


printf("\tAddress Family Name: AF_INET\n");

if (a->addr)

printf("\tAddress: %s\n",iptos(((struct sockaddr_in *)a->addr)->sin_addr.s_addr));

if (a->netmask)

printf("\tNetmask: %s\n",iptos(((struct sockaddr_in *)a->netmask)->sin_addr.s_addr));

if (a->broadaddr)

printf("\tBroadcast Address: %s\n",iptos(((struct sockaddr_in *)a->broadaddr)->sin_addr.s_addr));

if (a->dstaddr)

printf("\tDestination Address: %s\n",iptos(((struct sockaddr_in *)a->dstaddr)->sin_addr.s_addr));

}

printf("\n");

}




/* From tcptraceroute, convert a numeric IP address to a string */

#define IPTOSBUFFERS    12

char *iptos(u_long in)

{

static char output[IPTOSBUFFERS][3*4+3+1];

static short which;

u_char *p;


p = (u_char *)&in;

which = (which + 1 == IPTOSBUFFERS ? 0 : which + 1);

_snprintf_s(output[which], sizeof(output[which]), sizeof(output[which]),"%d.%d.%d.%d", p[0], p[1], p[2], p[3]);

return output[which];

}


char* ip6tos(struct sockaddr *sockaddr, char *address, int addrlen)

{

socklen_t sockaddrlen;


#ifdef WIN32

sockaddrlen = sizeof(struct sockaddr_in6);

#else

sockaddrlen = sizeof(struct sockaddr_storage);

#endif



if(getnameinfo(sockaddr, 

sockaddrlen, 

address, 

addrlen, 

NULL, 

0, 

NI_NUMERICHOST) != 0) address = NULL;


return address;

}


/* Callback function invoked by libpcap for every incoming packet */

void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)

{

struct tm ltime;

char timestr[16];

time_t local_tv_sec;

// Winpcap Test 07

    ip_header *ih;

    udp_header *uh;

    u_int ip_len;

    u_short sport,dport;


/*

* unused variables

*/

(VOID)(param);

(VOID)(pkt_data);


/* convert the timestamp to readable format */

local_tv_sec = header->ts.tv_sec;

localtime_s(&ltime, &local_tv_sec);

strftime( timestr, sizeof timestr, "%H:%M:%S", &ltime);


printf("%s,%.6d len:%d\n", timestr, header->ts.tv_usec, header->len);

    /* retireve the position of the ip header */

    ih = (ip_header *) (pkt_data +

        14); //length of ethernet header


    /* retireve the position of the udp header */

    ip_len = (ih->ver_ihl & 0xf) * 4;

    uh = (udp_header *) ((u_char*)ih + ip_len);


    /* convert from network byte order to host byte order */

    sport = ntohs( uh->sport );

    dport = ntohs( uh->dport );


    /* print ip addresses and udp ports */

    printf("%d.%d.%d.%d.%d -> %d.%d.%d.%d.%d\n",

        ih->saddr.byte1,

        ih->saddr.byte2,

        ih->saddr.byte3,

        ih->saddr.byte4,

        sport,

        ih->daddr.byte1,

        ih->daddr.byte2,

        ih->daddr.byte3,

        ih->daddr.byte4,

        dport);


}


저작자표시 변경금지

'Programming > C,CPP,CS' 카테고리의 다른 글

Winpcap Sniffing Link  (0) 2016.03.07
Winpcap Test 08  (0) 2016.03.07
Winpcap Test 06  (0) 2016.03.07
Winpcap Test 05  (0) 2016.03.07
Winpcap Test 04  (0) 2016.03.07
 

티스토리툴바