====== Netzwerkabhören mit LibPcap ======
Code größtenteils von diesem Tutorial abgeschrieben: [[http://www.tcpdump.org/pcap.html]]. Hinzu kommt, dass einige Codepassagen nicht problemlos mit meiner Version von libpcap (1.5.X) funktionieren. Ich sollte probieren eine aktuellere Version der Bibliothek zu verwenden.
#include
#include
#include
#include
#include
#include
#include
/* Ethernet addresses are 6 bytes */
#define ETHER_ADDR_LEN 6
#define SIZE_ETHERNET 14
/* Ethernet header */
struct sniff_ethernet {
u_char ether_dhost[ETHER_ADDR_LEN]; /* Destination host address */
u_char ether_shost[ETHER_ADDR_LEN]; /* Source host address */
u_short ether_type; /* IP? ARP? RARP? etc */
};
/* IP header */
struct sniff_ip {
u_char ip_vhl; /* version << 4 | header length >> 2 */
u_char ip_tos; /* type of service */
u_short ip_len; /* total length */
u_short ip_id; /* identification */
u_short ip_off; /* fragment offset field */
#define IP_RF 0x8000 /* reserved fragment flag */
#define IP_DF 0x4000 /* dont fragment flag */
#define IP_MF 0x2000 /* more fragments flag */
#define IP_OFFMASK 0x1fff /* mask for fragmenting bits */
u_char ip_ttl; /* time to live */
u_char ip_p; /* protocol */
u_short ip_sum; /* checksum */
struct in_addr ip_src,ip_dst; /* source and dest address */
};
#define IP_HL(ip) (((ip)->ip_vhl) & 0x0f)
#define IP_V(ip) (((ip)->ip_vhl) >> 4)
/* TCP header */
typedef u_int tcp_seq;
struct sniff_tcp {
u_short th_sport; /* source port */
u_short th_dport; /* destination port */
tcp_seq th_seq; /* sequence number */
tcp_seq th_ack; /* acknowledgement number */
u_char th_offx2; /* data offset, rsvd */
#define TH_OFF(th) (((th)->th_offx2 & 0xf0) >> 4)
u_char th_flags;
#define TH_FIN 0x01
#define TH_SYN 0x02
#define TH_RST 0x04
#define TH_PUSH 0x08
#define TH_ACK 0x10
#define TH_URG 0x20
#define TH_ECE 0x40
#define TH_CWR 0x80
#define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)
u_short th_win; /* window */
u_short th_sum; /* checksum */
u_short th_urp; /* urgent pointer */
};
void got_packet ( u_char* usr, const struct pcap_pkthdr *h, const u_char *packet )
{
const struct sniff_ethernet *ethernet; /* The ethernet header */
const struct sniff_ip *ip; /* The IP header */
const struct sniff_tcp *tcp; /* The TCP header */
const char *payload; /* Packet payload */
u_int size_ip;
u_int size_tcp;
/*ethernet = (struct sniff_ethernet*)(packet);
ip = (struct sniff_ip*)(packet + SIZE_ETHERNET);
size_ip = IP_HL(ip)*4;
if (size_ip < 20) {
printf(" * Invalid IP header length: %u bytes\n", size_ip);
return;
}
tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip);
size_tcp = TH_OFF(tcp)*4;
if (size_tcp < 20) {
printf(" * Invalid TCP header length: %u bytes\n", size_tcp);
return;
}
payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_tcp);*/
printf ("Got Packet of size: %d\n\n %s \n", h->len, packet);
}
void list_devices ()
{
pcap_if_t * alldev;
pcap_if_t * dev;
char* errbuf[PCAP_ERRBUF_SIZE];
pcap_findalldevs(&alldev, errbuf);
if (alldev==NULL)
return;
dev = alldev;
while (dev != NULL)
{
printf ("DEVICE: %s", dev->name);
/*switch (dev->flags)
{
case PCAP_IF_LOOPBACK:
printf ("(LOOPBACK)");
break;
case PCAP_IF_UP:
printf ("(UP)");
break;
case PCAP_IF_RUNNING:
printf ("(RUNNING)");
break;
}*/
if (dev->description != NULL)
printf ("\n >> %s", dev->description);
printf ("\n\n");
dev = dev->next;
}
pcap_freealldevs(alldev);
}
int main ( int argc, char* argv[] )
{
char *dev, errbuf[PCAP_ERRBUF_SIZE];
if (argc<2 || strcmp (argv[1], "-h") == 0 )
{
list_devices ();
}
//const u_char* packet;
//struct pcap_pkthdr header;
//struct bpf_program fp; /* The compiled filter */
//char filter_exp[] = "port 23"; /* The filter expression */
//bpf_u_int32 mask; /* Our netmask */
//bpf_u_int32 net; /* Our IP */
pcap_t *handle;
dev = "wlan0";
handle = pcap_open_live ( dev, BUFSIZ, 1, 1000, errbuf );
if (handle==NULL)
{
printf ("Could not open device %s : %s\n", dev, errbuf );
return (2);
}
if (pcap_datalink(handle) != DLT_EN10MB) {
fprintf(stderr, "Device %s doesn't provide Ethernet headers - not supported\n", dev);
return(2);
}
/* Find the properties for the device */
/*if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf);
net = 0;
mask = 0;
}*/
/* Compile and apply the filter */
/*if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
if (pcap_setfilter(handle, &fp) == -1) {
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}*/
//packet = pcap_next(handle, &header);
pcap_loop(handle, 10, got_packet, NULL);
/* Print its length */
printf("STOP\n");
/* And close the session */
pcap_close(handle);
return(0);
}
all:
gcc main.c -lpcap -pedantic -Wall -g