Created
July 29, 2016 17:10
-
-
Save schrodyn/7b525b3f2bde93382d3b3c24cc65a358 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#include <errno.h> | |
#include <pcap.h> | |
#include <arpa/inet.h> | |
#define SIZE_ETHERNET 14 | |
/* Callback function. */ | |
void got_packet(u_char *args, const struct pcap_pkthdr *header, const | |
u_char *packet); | |
/* IP header */ | |
struct sniff_ip { | |
u_char ip_vhl; /* version << 4 | header length >> 2 */ | |
u_char ip_tos; /* type of service */ | |
u_short ip_len; /* total length */ | |
u_short ip_id; /* identification */ | |
u_short ip_off; /* fragment offset field */ | |
#define IP_RF 0x8000 /* reserved fragment flag */ | |
#define IP_DF 0x4000 /* dont fragment flag */ | |
#define IP_MF 0x2000 /* more fragments flag */ | |
#define IP_OFFMASK 0x1fff /* mask for fragmenting bits */ | |
u_char ip_ttl; /* time to live */ | |
u_char ip_p; /* protocol */ | |
u_short ip_sum; /* checksum */ | |
struct in_addr ip_src,ip_dst; /* source and dest address */ | |
}; | |
#define IP_HL(ip) (((ip)->ip_vhl) & 0x0f) | |
#define IP_V(ip) (((ip)->ip_vhl) >> 4) | |
/* UDP protocol header. */ | |
struct sniff_udp { | |
u_short uh_sport; /* source port */ | |
u_short uh_dport; /* destination port */ | |
u_short uh_ulen; /* udp length */ | |
u_short uh_sum; /* udp checksum */ | |
}; | |
int main(int argc, char *argv[]) | |
{ | |
pcap_t *hdl_offline; /* PCAP session handle */ | |
char *fname = "UDP.pcap"; | |
char errbuf[PCAP_ERRBUF_SIZE]; /* Error string */ | |
struct bpf_program fp; | |
char filter_exp[] = "port 22000"; | |
bpf_u_int32 net; | |
bpf_u_int32 mask; | |
struct pcap_pkthdr header; /* The header pcap returns */ | |
const u_char *packet; /* The actual packet */ | |
// Open a PCAP session handle | |
hdl_offline = pcap_open_offline(fname, errbuf); | |
if( hdl_offline == NULL ){ | |
fprintf(stderr,"Couldn't open file %s: %s\n", fname, errbuf); | |
return(2); | |
} | |
// Compile the filter | |
if( pcap_compile(hdl_offline, &fp, filter_exp, 0, net) == -1) { | |
fprintf(stderr, "Couldn't compile filter %s: %s\n", filter_exp, | |
pcap_geterr(hdl_offline)); | |
return(2); | |
} | |
// Install the filter into the session | |
if( pcap_setfilter(hdl_offline, &fp) == -1 ){ | |
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp,\ | |
pcap_geterr(hdl_offline)); | |
return(2); | |
} | |
// Grab a packet | |
//packet = pcap_next(hdl_offline, &header); | |
pcap_loop(hdl_offline, -1, got_packet, NULL); | |
return(0); | |
} | |
/* | |
* Callback function. | |
* | |
*/ | |
void got_packet(u_char *args, const struct pcap_pkthdr *header, const | |
u_char *packet){ | |
int i; | |
static int count = 1; /* packet counter */ | |
const u_char *ch; | |
/* declare pointers to packet headers */ | |
const struct sniff_ethernet *ethernet; /* The ethernet header [1]*/ | |
const struct sniff_ip *ip; /* The IP header */ | |
const struct sniff_udp *udp; /* The UDP header */ | |
const char *payload; /* Packet payload */ | |
int size_ip; | |
int size_udp; | |
int size_payload; | |
//printf("\nPacket number %d:\n", count); | |
count++; | |
/* define ethernet header */ | |
ethernet = (struct sniff_ethernet*)(packet); | |
/* define/compute ip header offset */ | |
ip = (struct sniff_ip*)(packet + SIZE_ETHERNET); | |
size_ip = IP_HL(ip)*4; | |
if (size_ip < 20) { | |
printf(" * Invalid IP header length: %u bytes\n", size_ip); | |
return; | |
} | |
/* define/compute udp header offset */ | |
udp = (struct sniff_udp*)(packet + SIZE_ETHERNET + size_ip); | |
size_udp = ntohs(udp->uh_ulen); | |
/* define/compute udp payload (daragram) offset */ | |
payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + 8); | |
/* compute udp payload (datagram) size */ | |
size_payload = ntohs(ip->ip_len) - (size_ip + 8); | |
/* | |
* Print payload data; it might be binary, so don't just | |
* treat it as a string. | |
*/ | |
if (size_payload > 0) { | |
//printf(" Payload (%d bytes):\n", size_payload); | |
/* ascii (if printable) */ | |
ch = payload; | |
for(i = 0; i < size_payload; i++) { | |
if (isprint(*ch)) | |
printf("%c", *ch); | |
ch++; | |
} | |
printf("\n"); | |
} | |
} | |
/* EOF */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment