Pastie now auto-senses if line-wrap is a bad or good idea. Feedback?
## mark a section (Learn more)
#define HAVE_REMOTE #include "pcap.h" #include <windows.h> #define ETHER_ADDR_LEN 6 struct ethernet_header { u_char ether_dhost[ETHER_ADDR_LEN]; // destination host address u_char ether_shost[ETHER_ADDR_LEN]; // source host address u_short ether_type; // IP? ARP? RARP? etc }; // 6 byte MAC Address typedef struct mac_address { u_char byte1; u_char byte2; u_char byte3; u_char byte4; u_char byte5; u_char byte6; }mac_address; // 4 bytes IP address typedef struct ip_address{ u_char byte1; u_char byte2; u_char byte3; u_char byte4; }ip_address; // 20 bytes IP Header typedef struct ip_header{ u_char ver_ihl; // Version (4 bits) + Internet header length (4 bits) u_char tos; // Type of service u_short tlen; // Total length u_short identification; // Identification u_short flags_fo; // Flags (3 bits) + Fragment offset (13 bits) u_char ttl; // Time to live u_char proto; // Protocol u_short crc; // Header checksum ip_address saddr; // Source address ip_address daddr; // Destination address //u_int op_pad; // Option + Padding -- NOT NEEDED! }ip_header; //"Simple" struct for TCP typedef struct tcp_header { u_short sport; // Source port u_short dport; // Destination port u_int seqnum; // Sequence Number u_int acknum; // Acknowledgement number u_char th_off; // Header length u_char flags; // packet flags u_short win; // Window size u_short crc; // Header Checksum u_short urgptr; // Urgent pointer...still don't know what this is... }tcp_header; /* prototype of the packet handler */ void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data); int main() { pcap_if_t *alldevs; pcap_if_t *d; int inum; int i=0; pcap_t *adhandle; char errbuf[PCAP_ERRBUF_SIZE]; char packet_filter[] = "tcp port 6112"; u_int netmask; struct bpf_program fcode; /* Retrieve the device list on the local machine */ if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1) { fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf); exit(1); } /* Print the list */ for(d=alldevs; d; d=d->next) { printf("%d. %s", ++i, d->name); if (d->description) printf(" (%s)\n", d->description); else printf(" (No description available)\n"); } if(i==0) { printf("\nNo interfaces found! Make sure WinPcap is installed.\n"); return -1; } printf("Enter the interface number (1-%d):",i); scanf("%d", &inum); if(inum < 1 || inum > i) { printf("\nInterface number out of range.\n"); /* Free the device list */ pcap_freealldevs(alldevs); return -1; } /* Jump to the selected adapter */ for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++); /* Open the device */ if ( (adhandle= pcap_open(d->name, // name of the device 65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode 1000, // read timeout NULL, // authentication on the remote machine errbuf // error buffer ) ) == NULL) { fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name); /* Free the device list */ pcap_freealldevs(alldevs); return -1; } if(d->addresses != NULL) /* Retrieve the mask of the first address of the interface */ netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr; else /* If the interface is without addresses we suppose to be in a C class network */ netmask=0xffffff; //compile the filter if (pcap_compile(adhandle, &fcode, packet_filter, 1, netmask) <0 ) { fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n"); /* Free the device list */ pcap_freealldevs(alldevs); return -1; } //set the filter if (pcap_setfilter(adhandle, &fcode)<0) { fprintf(stderr,"\nError setting the filter.\n"); /* Free the device list */ pcap_freealldevs(alldevs); return -1; } printf("\nlistening on %s...\n", d->description); /* At this point, we don't need any more the device list. Free it */ pcap_freealldevs(alldevs); /* start the capture */ pcap_loop(adhandle, 0, packet_handler, NULL); return 0; } /* Callback function invoked by libpcap for every incoming packet */ void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data) { const struct ethernet_header *ethernet; const struct ip_header *ip; const struct tcp_header *tcp; const struct udp_header *udp; //u_char *payload = NULL; u_int payload_size = header->len -(sizeof(struct ethernet_header) + sizeof(struct ip_header) + sizeof(struct tcp_header)); BYTE *payload = new BYTE[payload_size]; // Define data position ethernet = (struct ethernet_header *)(pkt_data); ip = (struct ip_header*)(pkt_data + sizeof(struct ethernet_header)); tcp = (struct tcp_header*)(pkt_data + sizeof(struct ethernet_header) + sizeof(struct ip_header)); payload = (u_char *)(pkt_data + sizeof(struct ethernet_header) + sizeof(struct ip_header) + sizeof(struct tcp_header)); printf("TCP:%d > %d = %x\n", ntohs(tcp->sport), ntohs(tcp->dport), payload); }
This paste will be private.
From the Design Piracy series on my blog:
Pastie << self Blog