Comments on: C Packet Sniffer Code with Libpcap and Linux Sockets (BSD) http://www.binarytides.com/blog/c-packet-sniffer-code-with-libpcap-and-linux-sockets-bsd/ Socket Programming , Game Programming , PHP , Mysql , Ubuntu etc. Thu, 09 Feb 2012 14:29:53 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Binary Tides http://www.binarytides.com/blog/c-packet-sniffer-code-with-libpcap-and-linux-sockets-bsd/comment-page-1/#comment-30548 Binary Tides Wed, 07 Dec 2011 15:15:03 +0000 http://www.binarytides.com/blog/?p=49#comment-30548 code has been updated and now uses devname in pcap_open_live function code has been updated and now uses devname in pcap_open_live function

]]> By: Binary Tides http://www.binarytides.com/blog/c-packet-sniffer-code-with-libpcap-and-linux-sockets-bsd/comment-page-1/#comment-30547 Binary Tides Wed, 07 Dec 2011 15:13:43 +0000 http://www.binarytides.com/blog/?p=49#comment-30547 missing header files have been included and code updated. missing header files have been included and code updated.

]]> By: Sreeram Vasudevan http://www.binarytides.com/blog/c-packet-sniffer-code-with-libpcap-and-linux-sockets-bsd/comment-page-1/#comment-28523 Sreeram Vasudevan Thu, 22 Sep 2011 18:16:17 +0000 http://www.binarytides.com/blog/?p=49#comment-28523 Hi All, I need to sniff a network packet and change the destination address to the malicious website address for the DNS queries by the victim. This needs to be done using pcap library. could anyone please help me out with how can I get the IP packet structure using pcap ? Thanks ! Hi All,
I need to sniff a network packet and change the destination address to the malicious website address for the DNS queries by the victim. This needs to be done using pcap library. could anyone please help me out with how can I get the IP packet structure using pcap ?

Thanks !

]]> By: can u help me to correct the error in printing ip address it is printing in reverse ex:1.1.168.192 http://www.binarytides.com/blog/c-packet-sniffer-code-with-libpcap-and-linux-sockets-bsd/comment-page-1/#comment-22119 can u help me to correct the error in printing ip address it is printing in reverse ex:1.1.168.192 Thu, 09 Jun 2011 10:08:52 +0000 http://www.binarytides.com/blog/?p=49#comment-22119 help me to correct my mistake in printing ip address (it is printing in reverse like 1.1.168.192) i am working in Linux env help me to correct my mistake in printing ip address (it is printing in reverse like 1.1.168.192) i am working in Linux env

]]> By: Sysqa http://www.binarytides.com/blog/c-packet-sniffer-code-with-libpcap-and-linux-sockets-bsd/comment-page-1/#comment-19281 Sysqa Tue, 03 May 2011 11:43:07 +0000 http://www.binarytides.com/blog/?p=49#comment-19281 I made some mistake is PrintData... Code: void PrintData (unsigned char *data, int Size) { int i, j; for(i = 0 ; i < Size ; i++) { if( i != 0 && i % 16 == 0) //if one line of hex printing is complete... { fprintf(logfile, " "); for(j = i - 16 ; j < i ; j++) { if(data[j] >= 32 && data[j] <= 128) { fprintf(logfile, "%c", (unsigned char)data[j]); //if its a number or alphabet } else { fprintf(logfile, "."); //otherwise print a dot } } fprintf(logfile, "\n"); } if(i % 16 == 0) { fprintf(logfile," "); } fprintf(logfile, " %02X", (unsigned int)data[i]); if(i == Size - 1) //print the last spaces { for(j = 0; j < 15 - i % 16; j++) { fprintf(logfile," "); //extra spaces } fprintf(logfile," "); for(j = i - i % 16; j <= i; j++) { if(data[j] >= 32 && data[j] <= 128) { fprintf(logfile, "%c", (unsigned char)data[j]); } else { fprintf(logfile, "."); } } fprintf(logfile, "\n"); } } } I made some mistake is PrintData…

Code:
void PrintData (unsigned char *data, int Size)
{
int i, j;
for(i = 0 ; i < Size ; i++)
{
if( i != 0 && i % 16 == 0) //if one line of hex printing is complete…
{
fprintf(logfile, ” “);
for(j = i – 16 ; j < i ; j++)
{
if(data[j] >= 32 && data[j] <= 128)
{
fprintf(logfile, “%c”, (unsigned char)data[j]); //if its a number or alphabet
}
else
{
fprintf(logfile, “.”); //otherwise print a dot
}
}
fprintf(logfile, “\n”);
}

if(i % 16 == 0)
{
fprintf(logfile,” “);
}
fprintf(logfile, ” %02X”, (unsigned int)data[i]);

if(i == Size – 1) //print the last spaces
{
for(j = 0; j < 15 – i % 16; j++)
{
fprintf(logfile,” “); //extra spaces
}
fprintf(logfile,” “);
for(j = i – i % 16; j <= i; j++)
{
if(data[j] >= 32 && data[j] <= 128)
{
fprintf(logfile, “%c”, (unsigned char)data[j]);
}
else
{
fprintf(logfile, “.”);
}
}
fprintf(logfile, “\n”);
}
}
}

]]> By: Sysqa http://www.binarytides.com/blog/c-packet-sniffer-code-with-libpcap-and-linux-sockets-bsd/comment-page-1/#comment-19277 Sysqa Tue, 03 May 2011 10:52:33 +0000 http://www.binarytides.com/blog/?p=49#comment-19277 The other thing. If you ask the user choose a device, why didn't you type devname in the pcap_open_live function. Code: //Ask user which device to sniff printf("Enter the number of the device you want to sniff : "); scanf("%d" , &n); //devname = *(devs + count - 1); devname = *(devs + n); printf("devname: %s\n",devname); //Open the device for sniffing printf("Opening device for sniffing ... \n"); //handle = pcap_open_live("eth0" , 65536 , 1 , 0 , errbuf); handle = pcap_open_live(devname , 65536 , 1 , 0 , errbuf); The other thing.
If you ask the user choose a device, why didn’t you type devname in the pcap_open_live function.

Code:
//Ask user which device to sniff
printf(“Enter the number of the device you want to sniff : “);
scanf(“%d” , &n);
//devname = *(devs + count – 1);
devname = *(devs + n);
printf(“devname: %s\n”,devname);
//Open the device for sniffing
printf(“Opening device for sniffing … \n”);
//handle = pcap_open_live(“eth0″ , 65536 , 1 , 0 , errbuf);
handle = pcap_open_live(devname , 65536 , 1 , 0 , errbuf);

]]> By: Sysqa http://www.binarytides.com/blog/c-packet-sniffer-code-with-libpcap-and-linux-sockets-bsd/comment-page-1/#comment-19268 Sysqa Tue, 03 May 2011 09:32:48 +0000 http://www.binarytides.com/blog/?p=49#comment-19268 The missing includes pcap.h stdio.h string.h //need to memset net/ethernet.h netinet/in.h //need inet_ntoa arpa/inet.h //need inet_ntoa netinet/ip_icmp.h //Provides declarations for icmp header netinet/udp.h //Provides declarations for udp header netinet/tcp.h //Provides declarations for tcp header netinet/ip.h //Provides declarations for ip header The missing includes
pcap.h
stdio.h
string.h //need to memset
net/ethernet.h
netinet/in.h //need inet_ntoa
arpa/inet.h //need inet_ntoa
netinet/ip_icmp.h //Provides declarations for icmp header
netinet/udp.h //Provides declarations for udp header
netinet/tcp.h //Provides declarations for tcp header
netinet/ip.h //Provides declarations for ip header

]]> By: Sysqa http://www.binarytides.com/blog/c-packet-sniffer-code-with-libpcap-and-linux-sockets-bsd/comment-page-1/#comment-19267 Sysqa Tue, 03 May 2011 09:26:57 +0000 http://www.binarytides.com/blog/?p=49#comment-19267 I revised some warning and mistake! Code: /* Packet sniffer using libpcap library */ #include #include #include //need to memset #include #include //need inet_ntoa #include //need inet_ntoa #include //Provides declarations for icmp header #include //Provides declarations for udp header #include //Provides declarations for tcp header #include //Provides declarations for ip header void process_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet); void process_ip_packet(unsigned char* , int); void print_ip_header(unsigned char* , int); //void print_tcp_header(unsigned char* buffer , int size); void print_tcp_packet(unsigned char* buffer , int size); //void print_udp_header(unsigned char* , int); void print_udp_packet(unsigned char* , int); void print_icmp_packet(unsigned char* , int); void PrintData (unsigned char* , int); FILE *logfile; struct sockaddr_in source,dest; /*struct sockaddr_in { short sin_family; // must be AF_INET u_short sin_port; struct in_addr sin_addr; char sin_zero[8]; // Not used, must be zero };*/ int main() { //pcap_if_t alldevsp[100] , *device; pcap_if_t *alldevsp, *device; pcap_t *handle; //Handle of the device that shall be sniffed char errbuf[100] , *devname , **devs; int count = 1 , n; //First get the list of available devices printf("Finding available devices ... \n"); if(pcap_findalldevs(&alldevsp, errbuf)) { printf("Error finding devices : %s\n" , errbuf); //exit(1); } printf("Done\n"); //Print the available devices printf("\nAvailable Devices are :\n"); device = alldevsp; while(device != NULL) { *(devs + count) = device->name; printf("%d. %s - %s\n", count++ , device->name , device->description); device = device->next; } //Ask user which device to sniff printf("Enter the number of the device you want to sniff : "); scanf("%d" , &n); devname = *(devs + count - 1); //Open the device for sniffing printf("Opening device for sniffing ... \n"); handle = pcap_open_live("eth0" , 65536 , 1 , 0 , errbuf); if (handle == NULL) { fprintf(stderr, "Couldn't open device eth0 : %s\n" , errbuf); //exit(1); } printf("Done\n"); logfile=fopen("log.txt","w"); if(logfile==NULL) { printf("Unable to create file.\n"); } //Put the device in sniff loop pcap_loop(handle , -1 , process_packet , NULL); return 0; } void process_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) { int size = header->len; struct ether_header *ethh; ethh = (struct ether_header *)packet; //Print the ethernet header in the log file if(ntohs(ethh->ether_type) == ETHERTYPE_IP) { //process_ip_packet(packet + sizeof *ethh , size - sizeof ethh); process_ip_packet((unsigned char*)(packet + sizeof *ethh), size - sizeof ethh); printf("%d\n" , sizeof *ethh); fflush(stdout); } //return 0; } void process_ip_packet(unsigned char* buffer, int size) { //Get the IP Header part of this packet struct iphdr *iph = (struct iphdr*)buffer; switch (iph->protocol) //Check the Protocol and do accordingly... { case 1: //ICMP Protocol print_icmp_packet(buffer , size); break; case 2: //IGMP Protocol break; case 6: //TCP Protocol print_tcp_packet(buffer , size); break; case 17: //UDP Protocol print_udp_packet(buffer , size); break; default: //Some Other Protocol like ARP etc. break; } } void print_ip_header(unsigned char* Buffer, int Size) { unsigned short iphdrlen; struct iphdr *iph = (struct iphdr *)Buffer; iphdrlen =iph->ihl*4; memset(&source, 0, sizeof(source)); //memset(&(source.sin_zero), 0, 8); //other solution source.sin_addr.s_addr = iph->saddr; memset(&dest, 0, sizeof(dest)); //memset(&(dest.sin_zero), 0, 8); //other solution dest.sin_addr.s_addr = iph->daddr; fprintf(logfile,"\n"); fprintf(logfile,"IP Header\n"); fprintf(logfile," |-IP Version : %d\n",(unsigned int)iph->version); fprintf(logfile," |-IP Header Length : %d DWORDS or %d Bytes\n",(unsigned int)iph->ihl,((unsigned int)(iph->ihl))*4); fprintf(logfile," |-Type Of Service : %d\n",(unsigned int)iph->tos); fprintf(logfile," |-IP Total Length : %d Bytes(Size of Packet)\n",ntohs(iph->tot_len)); fprintf(logfile," |-Identification : %d\n",ntohs(iph->id)); //fprintf(logfile," |-Reserved ZERO Field : %d\n",(unsigned int)iphdr->ip_reserved_zero); //fprintf(logfile," |-Dont Fragment Field : %d\n",(unsigned int)iphdr->ip_dont_fragment); //fprintf(logfile," |-More Fragment Field : %d\n",(unsigned int)iphdr->ip_more_fragment); fprintf(logfile," |-TTL : %d\n",(unsigned int)iph->ttl); fprintf(logfile," |-Protocol : %d\n",(unsigned int)iph->protocol); fprintf(logfile," |-Checksum : %d\n",ntohs(iph->check)); fprintf(logfile," |-Source IP : %s\n",inet_ntoa(source.sin_addr)); fprintf(logfile," |-Destination IP : %s\n",inet_ntoa(dest.sin_addr)); } void print_tcp_packet(unsigned char* Buffer, int Size) { unsigned short iphdrlen; struct iphdr *iph = (struct iphdr *)Buffer; iphdrlen = iph->ihl*4; struct tcphdr *tcph=(struct tcphdr*)(Buffer + iphdrlen); fprintf(logfile,"\n\n***********************TCP Packet*************************\n"); print_ip_header(Buffer,Size); fprintf(logfile,"\n"); fprintf(logfile,"TCP Header\n"); fprintf(logfile," |-Source Port : %u\n",ntohs(tcph->source)); fprintf(logfile," |-Destination Port : %u\n",ntohs(tcph->dest)); fprintf(logfile," |-Sequence Number : %u\n",ntohl(tcph->seq)); fprintf(logfile," |-Acknowledge Number : %u\n",ntohl(tcph->ack_seq)); fprintf(logfile," |-Header Length : %d DWORDS or %d BYTES\n" ,(unsigned int)tcph->doff,(unsigned int)tcph->doff*4); //fprintf(logfile," |-CWR Flag : %d\n",(unsigned int)tcph->cwr); //fprintf(logfile," |-ECN Flag : %d\n",(unsigned int)tcph->ece); fprintf(logfile," |-Urgent Flag : %d\n",(unsigned int)tcph->urg); fprintf(logfile," |-Acknowledgement Flag : %d\n",(unsigned int)tcph->ack); fprintf(logfile," |-Push Flag : %d\n",(unsigned int)tcph->psh); fprintf(logfile," |-Reset Flag : %d\n",(unsigned int)tcph->rst); fprintf(logfile," |-Synchronise Flag : %d\n",(unsigned int)tcph->syn); fprintf(logfile," |-Finish Flag : %d\n",(unsigned int)tcph->fin); fprintf(logfile," |-Window : %d\n",ntohs(tcph->window)); fprintf(logfile," |-Checksum : %d\n",ntohs(tcph->check)); fprintf(logfile," |-Urgent Pointer : %d\n",tcph->urg_ptr); fprintf(logfile,"\n"); fprintf(logfile," DATA Dump "); fprintf(logfile,"\n"); fprintf(logfile,"IP Header\n"); PrintData(Buffer,iphdrlen); fprintf(logfile,"TCP Header\n"); PrintData(Buffer+iphdrlen,tcph->doff*4); fprintf(logfile,"Data Payload\n"); PrintData(Buffer + iphdrlen + tcph->doff*4 , (Size - tcph->doff*4-iph->ihl*4) ); fprintf(logfile,"\n###########################################################"); } void print_udp_packet(unsigned char *Buffer , int Size) { unsigned short iphdrlen; struct iphdr *iph = (struct iphdr *)Buffer; iphdrlen = iph->ihl*4; struct udphdr *udph = (struct udphdr*)(Buffer + iphdrlen); fprintf(logfile,"\n\n***********************UDP Packet*************************\n"); print_ip_header(Buffer,Size); fprintf(logfile,"\nUDP Header\n"); fprintf(logfile," |-Source Port : %d\n" , ntohs(udph->source)); fprintf(logfile," |-Destination Port : %d\n" , ntohs(udph->dest)); fprintf(logfile," |-UDP Length : %d\n" , ntohs(udph->len)); fprintf(logfile," |-UDP Checksum : %d\n" , ntohs(udph->check)); fprintf(logfile,"\n"); fprintf(logfile,"IP Header\n"); PrintData(Buffer , iphdrlen); fprintf(logfile,"UDP Header\n"); PrintData(Buffer+iphdrlen , sizeof udph); fprintf(logfile,"Data Payload\n"); PrintData(Buffer + iphdrlen + sizeof udph ,( Size - sizeof udph - iph->ihl * 4 )); fprintf(logfile,"\n###########################################################"); } void print_icmp_packet(unsigned char* Buffer , int Size) { unsigned short iphdrlen; struct iphdr *iph = (struct iphdr *)Buffer; iphdrlen = iph->ihl*4; struct icmphdr *icmph = (struct icmphdr *)(Buffer + iphdrlen); fprintf(logfile,"\n\n***********************ICMP Packet*************************\n"); print_ip_header(Buffer , Size); fprintf(logfile,"\n"); fprintf(logfile,"ICMP Header\n"); fprintf(logfile," |-Type : %d",(unsigned int)(icmph->type)); if((unsigned int)(icmph->type) == 11) { fprintf(logfile," (TTL Expired)\n"); } else if((unsigned int)(icmph->type) == ICMP_ECHOREPLY) { fprintf(logfile," (ICMP Echo Reply)\n"); } else { fprintf(logfile,"\n"); } fprintf(logfile," |-Code : %d\n",(unsigned int)(icmph->code)); fprintf(logfile," |-Checksum : %d\n",ntohs(icmph->checksum)); //fprintf(logfile," |-ID : %d\n",ntohs(icmph->id)); //fprintf(logfile," |-Sequence : %d\n",ntohs(icmph->sequence)); fprintf(logfile,"\n"); fprintf(logfile,"IP Header\n"); PrintData(Buffer,iphdrlen); fprintf(logfile,"UDP Header\n"); PrintData(Buffer + iphdrlen , sizeof icmph); fprintf(logfile,"Data Payload\n"); PrintData(Buffer + iphdrlen + sizeof icmph , (Size - sizeof icmph - iph->ihl * 4)); fprintf(logfile,"\n###########################################################"); } void PrintData (unsigned char* data , int Size) { int i,j; for(i=0 ; i < Size ; i++) { if( i!=0 && i%16==0) //if one line of hex printing is complete... { fprintf(logfile," "); for(j=i-16 ; j<i>=32 && data[j]<=128) { fprintf(logfile,"%c",(unsigned char)data[j]); //if its a number or alphabet } else { fprintf(logfile,"."); //otherwise print a dot } } fprintf(logfile,"\n"); } if(i%16==0) fprintf(logfile," "); { fprintf(logfile," %02X",(unsigned int)data[i]); } if( i==Size-1) //print the last spaces { for(j=0;j<15-i%16;j++) fprintf(logfile," "); //extra spaces { fprintf(logfile," "); } for(j=i-i%16 ; j=32 && data[j]<=128) { fprintf(logfile,"%c",(unsigned char)data[j]); } else { fprintf(logfile,"."); } } fprintf(logfile,"\n"); } } } I revised some warning and mistake!

Code:
/*
Packet sniffer using libpcap library
*/
#include
#include
#include //need to memset
#include
#include //need inet_ntoa
#include //need inet_ntoa
#include //Provides declarations for icmp header
#include //Provides declarations for udp header
#include //Provides declarations for tcp header
#include //Provides declarations for ip header

void process_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet);
void process_ip_packet(unsigned char* , int);
void print_ip_header(unsigned char* , int);
//void print_tcp_header(unsigned char* buffer , int size);
void print_tcp_packet(unsigned char* buffer , int size);
//void print_udp_header(unsigned char* , int);
void print_udp_packet(unsigned char* , int);
void print_icmp_packet(unsigned char* , int);
void PrintData (unsigned char* , int);

FILE *logfile;
struct sockaddr_in source,dest;

/*struct sockaddr_in
{
short sin_family; // must be AF_INET
u_short sin_port;
struct in_addr sin_addr;
char sin_zero[8]; // Not used, must be zero
};*/

int main()
{
//pcap_if_t alldevsp[100] , *device;
pcap_if_t *alldevsp, *device;
pcap_t *handle; //Handle of the device that shall be sniffed

char errbuf[100] , *devname , **devs;
int count = 1 , n;
//First get the list of available devices
printf(“Finding available devices … \n”);
if(pcap_findalldevs(&alldevsp, errbuf))
{
printf(“Error finding devices : %s\n” , errbuf);
//exit(1);
}
printf(“Done\n”);
//Print the available devices
printf(“\nAvailable Devices are :\n”);
device = alldevsp;
while(device != NULL)
{
*(devs + count) = device->name;
printf(“%d. %s – %s\n”, count++ , device->name , device->description);
device = device->next;
}
//Ask user which device to sniff
printf(“Enter the number of the device you want to sniff : “);
scanf(“%d” , &n);
devname = *(devs + count – 1);
//Open the device for sniffing
printf(“Opening device for sniffing … \n”);
handle = pcap_open_live(“eth0″ , 65536 , 1 , 0 , errbuf);
if (handle == NULL)
{
fprintf(stderr, “Couldn’t open device eth0 : %s\n” , errbuf);
//exit(1);
}
printf(“Done\n”);

logfile=fopen(“log.txt”,”w”);
if(logfile==NULL)
{
printf(“Unable to create file.\n”);
}

//Put the device in sniff loop
pcap_loop(handle , -1 , process_packet , NULL);
return 0;
}

void process_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
int size = header->len;
struct ether_header *ethh;
ethh = (struct ether_header *)packet;
//Print the ethernet header in the log file

if(ntohs(ethh->ether_type) == ETHERTYPE_IP)
{
//process_ip_packet(packet + sizeof *ethh , size – sizeof ethh);
process_ip_packet((unsigned char*)(packet + sizeof *ethh), size – sizeof ethh);
printf(“%d\n” , sizeof *ethh);
fflush(stdout);
}
//return 0;
}

void process_ip_packet(unsigned char* buffer, int size)
{
//Get the IP Header part of this packet
struct iphdr *iph = (struct iphdr*)buffer;
switch (iph->protocol) //Check the Protocol and do accordingly…
{
case 1: //ICMP Protocol
print_icmp_packet(buffer , size);
break;
case 2: //IGMP Protocol
break;
case 6: //TCP Protocol
print_tcp_packet(buffer , size);
break;
case 17: //UDP Protocol
print_udp_packet(buffer , size);
break;
default: //Some Other Protocol like ARP etc.
break;
}
}

void print_ip_header(unsigned char* Buffer, int Size)
{
unsigned short iphdrlen;

struct iphdr *iph = (struct iphdr *)Buffer;
iphdrlen =iph->ihl*4;

memset(&source, 0, sizeof(source));
//memset(&(source.sin_zero), 0, 8); //other solution
source.sin_addr.s_addr = iph->saddr;

memset(&dest, 0, sizeof(dest));
//memset(&(dest.sin_zero), 0, 8); //other solution
dest.sin_addr.s_addr = iph->daddr;

fprintf(logfile,”\n”);
fprintf(logfile,”IP Header\n”);
fprintf(logfile,” |-IP Version : %d\n”,(unsigned int)iph->version);
fprintf(logfile,” |-IP Header Length : %d DWORDS or %d Bytes\n”,(unsigned int)iph->ihl,((unsigned int)(iph->ihl))*4);
fprintf(logfile,” |-Type Of Service : %d\n”,(unsigned int)iph->tos);
fprintf(logfile,” |-IP Total Length : %d Bytes(Size of Packet)\n”,ntohs(iph->tot_len));
fprintf(logfile,” |-Identification : %d\n”,ntohs(iph->id));
//fprintf(logfile,” |-Reserved ZERO Field : %d\n”,(unsigned int)iphdr->ip_reserved_zero);
//fprintf(logfile,” |-Dont Fragment Field : %d\n”,(unsigned int)iphdr->ip_dont_fragment);
//fprintf(logfile,” |-More Fragment Field : %d\n”,(unsigned int)iphdr->ip_more_fragment);
fprintf(logfile,” |-TTL : %d\n”,(unsigned int)iph->ttl);
fprintf(logfile,” |-Protocol : %d\n”,(unsigned int)iph->protocol);
fprintf(logfile,” |-Checksum : %d\n”,ntohs(iph->check));
fprintf(logfile,” |-Source IP : %s\n”,inet_ntoa(source.sin_addr));
fprintf(logfile,” |-Destination IP : %s\n”,inet_ntoa(dest.sin_addr));
}

void print_tcp_packet(unsigned char* Buffer, int Size)
{
unsigned short iphdrlen;

struct iphdr *iph = (struct iphdr *)Buffer;
iphdrlen = iph->ihl*4;

struct tcphdr *tcph=(struct tcphdr*)(Buffer + iphdrlen);

fprintf(logfile,”\n\n***********************TCP Packet*************************\n”);

print_ip_header(Buffer,Size);

fprintf(logfile,”\n”);
fprintf(logfile,”TCP Header\n”);
fprintf(logfile,” |-Source Port : %u\n”,ntohs(tcph->source));
fprintf(logfile,” |-Destination Port : %u\n”,ntohs(tcph->dest));
fprintf(logfile,” |-Sequence Number : %u\n”,ntohl(tcph->seq));
fprintf(logfile,” |-Acknowledge Number : %u\n”,ntohl(tcph->ack_seq));
fprintf(logfile,” |-Header Length : %d DWORDS or %d BYTES\n” ,(unsigned int)tcph->doff,(unsigned int)tcph->doff*4);
//fprintf(logfile,” |-CWR Flag : %d\n”,(unsigned int)tcph->cwr);
//fprintf(logfile,” |-ECN Flag : %d\n”,(unsigned int)tcph->ece);
fprintf(logfile,” |-Urgent Flag : %d\n”,(unsigned int)tcph->urg);
fprintf(logfile,” |-Acknowledgement Flag : %d\n”,(unsigned int)tcph->ack);
fprintf(logfile,” |-Push Flag : %d\n”,(unsigned int)tcph->psh);
fprintf(logfile,” |-Reset Flag : %d\n”,(unsigned int)tcph->rst);
fprintf(logfile,” |-Synchronise Flag : %d\n”,(unsigned int)tcph->syn);
fprintf(logfile,” |-Finish Flag : %d\n”,(unsigned int)tcph->fin);
fprintf(logfile,” |-Window : %d\n”,ntohs(tcph->window));
fprintf(logfile,” |-Checksum : %d\n”,ntohs(tcph->check));
fprintf(logfile,” |-Urgent Pointer : %d\n”,tcph->urg_ptr);
fprintf(logfile,”\n”);
fprintf(logfile,” DATA Dump “);
fprintf(logfile,”\n”);

fprintf(logfile,”IP Header\n”);
PrintData(Buffer,iphdrlen);

fprintf(logfile,”TCP Header\n”);
PrintData(Buffer+iphdrlen,tcph->doff*4);

fprintf(logfile,”Data Payload\n”);
PrintData(Buffer + iphdrlen + tcph->doff*4 , (Size – tcph->doff*4-iph->ihl*4) );

fprintf(logfile,”\n###########################################################”);
}

void print_udp_packet(unsigned char *Buffer , int Size)
{
unsigned short iphdrlen;

struct iphdr *iph = (struct iphdr *)Buffer;
iphdrlen = iph->ihl*4;

struct udphdr *udph = (struct udphdr*)(Buffer + iphdrlen);

fprintf(logfile,”\n\n***********************UDP Packet*************************\n”);

print_ip_header(Buffer,Size);

fprintf(logfile,”\nUDP Header\n”);
fprintf(logfile,” |-Source Port : %d\n” , ntohs(udph->source));
fprintf(logfile,” |-Destination Port : %d\n” , ntohs(udph->dest));
fprintf(logfile,” |-UDP Length : %d\n” , ntohs(udph->len));
fprintf(logfile,” |-UDP Checksum : %d\n” , ntohs(udph->check));

fprintf(logfile,”\n”);
fprintf(logfile,”IP Header\n”);
PrintData(Buffer , iphdrlen);

fprintf(logfile,”UDP Header\n”);
PrintData(Buffer+iphdrlen , sizeof udph);

fprintf(logfile,”Data Payload\n”);
PrintData(Buffer + iphdrlen + sizeof udph ,( Size – sizeof udph – iph->ihl * 4 ));

fprintf(logfile,”\n###########################################################”);
}

void print_icmp_packet(unsigned char* Buffer , int Size)
{
unsigned short iphdrlen;

struct iphdr *iph = (struct iphdr *)Buffer;
iphdrlen = iph->ihl*4;

struct icmphdr *icmph = (struct icmphdr *)(Buffer + iphdrlen);

fprintf(logfile,”\n\n***********************ICMP Packet*************************\n”);

print_ip_header(Buffer , Size);

fprintf(logfile,”\n”);

fprintf(logfile,”ICMP Header\n”);
fprintf(logfile,” |-Type : %d”,(unsigned int)(icmph->type));

if((unsigned int)(icmph->type) == 11)
{
fprintf(logfile,” (TTL Expired)\n”);
}
else if((unsigned int)(icmph->type) == ICMP_ECHOREPLY)
{
fprintf(logfile,” (ICMP Echo Reply)\n”);
}
else
{
fprintf(logfile,”\n”);
}
fprintf(logfile,” |-Code : %d\n”,(unsigned int)(icmph->code));
fprintf(logfile,” |-Checksum : %d\n”,ntohs(icmph->checksum));
//fprintf(logfile,” |-ID : %d\n”,ntohs(icmph->id));
//fprintf(logfile,” |-Sequence : %d\n”,ntohs(icmph->sequence));
fprintf(logfile,”\n”);

fprintf(logfile,”IP Header\n”);
PrintData(Buffer,iphdrlen);

fprintf(logfile,”UDP Header\n”);
PrintData(Buffer + iphdrlen , sizeof icmph);

fprintf(logfile,”Data Payload\n”);
PrintData(Buffer + iphdrlen + sizeof icmph , (Size – sizeof icmph – iph->ihl * 4));

fprintf(logfile,”\n###########################################################”);
}

void PrintData (unsigned char* data , int Size)
{
int i,j;
for(i=0 ; i < Size ; i++)
{
if( i!=0 && i%16==0) //if one line of hex printing is complete…
{
fprintf(logfile," ");
for(j=i-16 ; j=32 && data[j]<=128)
{
fprintf(logfile,"%c",(unsigned char)data[j]); //if its a number or alphabet
}
else
{
fprintf(logfile,"."); //otherwise print a dot
}
}
fprintf(logfile,"\n");
}

if(i%16==0) fprintf(logfile," ");
{
fprintf(logfile," %02X",(unsigned int)data[i]);
}

if( i==Size-1) //print the last spaces
{
for(j=0;j<15-i%16;j++) fprintf(logfile," "); //extra spaces
{
fprintf(logfile," ");
}
for(j=i-i%16 ; j=32 && data[j]<=128)
{
fprintf(logfile,"%c",(unsigned char)data[j]);
}
else
{
fprintf(logfile,".");
}
}
fprintf(logfile,"\n");
}
}
}

]]> By: Tanmai - Coco D http://www.binarytides.com/blog/c-packet-sniffer-code-with-libpcap-and-linux-sockets-bsd/comment-page-1/#comment-141 Tanmai - Coco D Thu, 28 May 2009 07:09:53 +0000 http://www.binarytides.com/blog/?p=49#comment-141 Thanks a lot. I've just started out with libpcap, so this serves as a good intro. Thanks a lot. I’ve just started out with libpcap, so this serves as a good intro.

]]>