1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185

#define HAVE_REMOTE

#include "pcap.h"
#include <windows.h>

#define ETHER_ADDR_LEN 6
struct ethernet_header {
	u_char  ether_dhost[ETHER_ADDR_LEN];	// destination host address
	u_char  ether_shost[ETHER_ADDR_LEN];	// source host address
	u_short ether_type;						// IP? ARP? RARP? etc
};

// 6 byte MAC Address 
typedef struct mac_address { 
	u_char byte1; 
	u_char byte2; 
	u_char byte3; 
	u_char byte4; 
	u_char byte5; 
	u_char byte6; 
}mac_address; 

// 4 bytes IP address 
typedef struct ip_address{ 
	u_char byte1; 
	u_char byte2; 
	u_char byte3; 
	u_char byte4; 
}ip_address; 


// 20 bytes IP Header 
typedef struct ip_header{ 
	u_char ver_ihl;							// Version (4 bits) + Internet header length (4 bits) 
	u_char tos;								// Type of service 
	u_short tlen;							// Total length 
	u_short identification;					// Identification 
	u_short flags_fo;						// Flags (3 bits) + Fragment offset (13 bits) 
	u_char ttl;								// Time to live 
	u_char proto;							// Protocol 
	u_short crc;							// Header checksum 
	ip_address saddr;						// Source address 
	ip_address daddr;						// Destination address 
	//u_int op_pad;							// Option + Padding -- NOT NEEDED! 
}ip_header; 

//"Simple" struct for TCP
typedef struct tcp_header { 
 u_short sport;								// Source port 
 u_short dport;								// Destination port 
 u_int seqnum;								// Sequence Number 
 u_int acknum;								// Acknowledgement number 
 u_char th_off;								// Header length 
 u_char flags;								// packet flags 
 u_short win;								// Window size 
 u_short crc;								// Header Checksum 
 u_short urgptr;							// Urgent pointer...still don't know what this is...

}tcp_header;

/* prototype of the packet handler */
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data);

int main()
{
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i=0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
char packet_filter[] = "tcp port 6112";
u_int netmask;
struct bpf_program fcode;

	
	/* Retrieve the device list on the local machine */
	if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
	{
		fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
		exit(1);
	}
	
	/* Print the list */
	for(d=alldevs; d; d=d->next)
	{
		printf("%d. %s", ++i, d->name);
		if (d->description)
			printf(" (%s)\n", d->description);
		else
			printf(" (No description available)\n");
	}
	
	if(i==0)
	{
		printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
		return -1;
	}
	
	printf("Enter the interface number (1-%d):",i);
	scanf("%d", &inum);
	
	if(inum < 1 || inum > i)
	{
		printf("\nInterface number out of range.\n");
		/* Free the device list */
		pcap_freealldevs(alldevs);
		return -1;
	}
	
	/* Jump to the selected adapter */
	for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
	
	/* Open the device */
	if ( (adhandle= pcap_open(d->name,		  // name of the device
							  65536,			// portion of the packet to capture
												// 65536 guarantees that the whole packet will be captured on all the link layers
							  PCAP_OPENFLAG_PROMISCUOUS,	// promiscuous mode
							  1000,			 // read timeout
							  NULL,			 // authentication on the remote machine
							  errbuf			// error buffer
							  ) ) == NULL)
	{
		fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
		/* Free the device list */
		pcap_freealldevs(alldevs);
		return -1;
	}
	
if(d->addresses != NULL)
		/* Retrieve the mask of the first address of the interface */
		netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;
	else
		/* If the interface is without addresses we suppose to be in a C class network */
		netmask=0xffffff; 


	//compile the filter
	if (pcap_compile(adhandle, &fcode, packet_filter, 1, netmask) <0 )
	{
		fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n");
		/* Free the device list */
		pcap_freealldevs(alldevs);
		return -1;
	}
	
	//set the filter
	if (pcap_setfilter(adhandle, &fcode)<0)
	{
		fprintf(stderr,"\nError setting the filter.\n");
		/* Free the device list */
		pcap_freealldevs(alldevs);
		return -1;
	}

	printf("\nlistening on %s...\n", d->description);
	
	/* At this point, we don't need any more the device list. Free it */
	pcap_freealldevs(alldevs);
	
	/* start the capture */
	pcap_loop(adhandle, 0, packet_handler, NULL);
	
	return 0;
}

/* Callback function invoked by libpcap for every incoming packet */
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
	 const struct ethernet_header *ethernet;
	 const struct ip_header *ip;
	 const struct tcp_header *tcp;
	 const struct udp_header *udp;
	 //u_char *payload = NULL;
	 u_int payload_size = header->len -(sizeof(struct ethernet_header) + sizeof(struct ip_header) + sizeof(struct tcp_header));
	 BYTE *payload = new BYTE[payload_size];

	  // Define data position
	 ethernet = (struct ethernet_header *)(pkt_data);
	 ip = (struct ip_header*)(pkt_data + sizeof(struct ethernet_header));		 
	 tcp = (struct tcp_header*)(pkt_data + sizeof(struct ethernet_header) + sizeof(struct ip_header));
	 payload = (u_char *)(pkt_data + sizeof(struct ethernet_header) + sizeof(struct ip_header) + sizeof(struct tcp_header));
	 
	 printf("TCP:%d > %d = %x\n", ntohs(tcp->sport), ntohs(tcp->dport), payload);
}