Sujet Précédent Sujet Suivant

SNIFFER AIDE!!!

adnmaster666 Messages postés 1 Date d'inscription mercredi 14 mars 2007 Statut Membre Dernière intervention 14 mars 2007 - 14 mars 2007 à 14:34
cs_rt15 Messages postés 3874 Date d'inscription mardi 8 mars 2005 Statut Modérateur Dernière intervention 7 novembre 2014 - 15 mars 2007 à 19:08
Bonjour voici le code pour réaliser un sniffer mais le prob c'est qu'il ne fournit que l'IP, et le TCP, il me faudrait aussi l'UDP, l'ARM et l'éthernet est-ce que quelqu'un pourrait m'aider merci d'avance
Voici le code que je possède déjà :

#include <stdio.h>
#include <stdlib.h>


#include <winsock2.h>


#pragma comment(lib,"wpcap.lib")
#pragma comment(lib,"ws2_32.lib")


#define HAVE_REMOTE
#define WPCAP
#define PACKET_SIZE 65536


#include // must be writing after the defines




/*
 * Structures
 */
struct ethhdr // Ethernet header
{
 unsigned char   h_dest[6];       // Destination host address
 unsigned char   h_source[6];     // Source host address
 unsigned short  h_proto;         // Packet type ID field (IP, ARP ...)
};


struct iphdr // structure IP Header
{
  //Pour processeur de type little-endian
  unsigned char  ihl:4;    // IP header length
  unsigned char  version:4;


  unsigned char  tos;      // Type of service
  unsigned short tot_len;  // Total length
  unsigned short id;       // Identification
  unsigned short frag_off; // Fragment Offset + Flags
  unsigned char  ttl;      // Time to life
  unsigned char  protocol;
  unsigned short check;    // Checksum
  unsigned int   saddr;    // Source address
  unsigned int   daddr;    // Destination address
};


struct tcphdr // structure TCP Header
{
  //Pour processeur de type little-endian
  unsigned short source;  // port source
  unsigned short dest;    // port de destination
  unsigned int   seq;     // Sequence number
  unsigned int   ack_seq; // acknowledge sequence


  unsigned short res1:4,  // Reserved 1 : 4 bits
                 doff:4,  // Data Offset
                 fin:1,   // Flag FINISH
                 syn:1,   // Flag SYNCHRONIZE
                 rst:1,   // Flag RESET
                 psh:1,   // Flag PUSH
                 ack:1,   // Flag ACKNOLEDGE
                 urg:1,   // Flag URGENT
                 res2:2;  // Reserved 2 : 2 bits (res1 + res2 = 6 bits reserved)


 unsigned short window;
 unsigned short check;   // checksum
 unsigned short urg_ptr; // urgent
};


/*
 * Functions
 */


void print_eth_header(struct ethhdr * eth){
    fprintf(stdout,"-------------------[ETH HEADER]-----------\r\n");
    fprintf(stdout,"| %.2X:%.2X:%.2X:%.2X:%.2X:%.2X -> ",eth->h_source[0],eth->h_source[1], eth->h_source[2],eth->h_source[3],eth->h_source[4],eth->h_source[5]);
    fprintf(stdout,"%.2X:%.2X:%.2X:%.2X:%.2X:%.2X |\r\n",eth->h_dest[0],eth->h_dest[1], eth->h_dest[2],eth->h_dest[3],eth->h_dest[4],eth->h_dest[5]);
    fprintf(stdout,"------------------------------------------\r\n");
    fprintf(stdout,"Protocol: 0x%.4X\r\n", htons(eth->h_proto));
}


void print_ip_header(struct iphdr * ip){


 unsigned char * src = (unsigned char *)&(ip->saddr);
 unsigned char * dest = (unsigned char *)&(ip->daddr);


 fprintf(stdout,"[ IP : %d.%d.%d.%d -> ",src[0],src[1],src[2],src[3]);
 fprintf(stdout,"%d.%d.%d.%d ]\r\n",dest[0],dest[1],dest[2],dest[3]);
 fprintf(stdout,"--------------------[IP HEADER]----------------------\r\n");
 fprintf(stdout,"| IP header length    : %d * 32 bits = %d bytes      |\r\n",ip->ihl, ip->ihl * 4);
 fprintf(stdout,"| IP version      : %.5d | ",ip->version);
 fprintf(stdout,"Type of service : %.5d |\r\n",ip->tos);
 fprintf(stdout,"| Total length    : %.5d | ",htons(ip->tot_len));
 fprintf(stdout,"Identification  : %.5d |\r\n",htons(ip->id));
 fprintf(stdout,"| Time to live    : %.5d | ",ip->ttl);
 fprintf(stdout,"Protocol        : %.5d |\r\n",ip->protocol);
 fprintf(stdout,"| Checksum            : %.5d                       |\r\n",ip->check);
 fprintf(stdout,"-----------------------------------------------------\r\n");
}


void print_tcp_header(struct tcphdr * tcp){
 fprintf(stdout,"[ Port : %.5d -> %.5d ]\n", ntohs(tcp->source), ntohs(tcp->dest) );
 fprintf(stdout,"--------------------[TCP HEADER]---------------------\r\n");
 fprintf(stdout,"| TCP Header length   : %d * 32 bits = %d bytes      |\r\n",tcp->doff, tcp->doff * 4);
 fprintf(stdout,"| URG (URGENT)      = %d | ",tcp->urg);
 fprintf(stdout,"ACK (ACKNOWLEDGE) = %d     |\r\n",tcp->ack);
 fprintf(stdout,"| PSH (PUSH)        = %d | ",tcp->psh);
 fprintf(stdout,"RST (RESET)       = %d     |\r\n",tcp->rst);
 fprintf(stdout,"| SYN (SYNCHRONIZE) = %d | ",tcp->syn);
 fprintf(stdout,"FIN (FINISH)      = %d     |\r\n",tcp->fin);
 fprintf(stdout,"-----------------------------------------------------\r\n");
}


void print_data(unsigned char * data, unsigned int size){ int j 0, k 0;


 for( j = 0; j < size; j++)
 {
  if( k == 16)
  {
   j -= 16;
   fprintf(stdout," ");
   for(k = 0 ; k < 16 ; k++, j++)
   {
    if(data[j] < 127 && data[j] > 31)
     fprintf(stdout, "%c", data[j]);
    else
     fprintf(stdout, ".");
   }
   j--;
   k = 0;
   fprintf(stdout,"\r\n");
  }
  else
  {
   fprintf(stdout,"%.2x ",data[j]);
   k++;
  }
 }
 j -= k;
 while(k!=0)
 {
  if(data[j] < 127 && data[j] > 31)
   fprintf(stdout, "%c", data[j]);
  else
   fprintf(stdout, ".");
  k--;
  j++;
 }
 fprintf(stdout,"\r\n");
}


void print_packet(const u_char * packetData){
    struct iphdr  *     ip;
    struct tcphdr *     tcp;


    ip = (struct iphdr *)(packetData+sizeof(struct ethhdr));
    print_ip_header(ip);
    switch(ip->protocol){
        case 1 : printf("Internet Control Message Protocol (ICMP)\r\n");
            break;
        case 6 : printf("Transmission Control Protocol (TCP)\r\n");
            tcp = (struct tcphdr *)(packetData+sizeof(struct ethhdr)+sizeof(struct iphdr));
            print_tcp_header(tcp);
            /* Data */
            unsigned char * data = (unsigned char *)(packetData+sizeof(struct ethhdr)+sizeof(struct iphdr)+sizeof(struct tcphdr));
            print_data(data, htons(ip->tot_len)-(ip->ihl * 4)-(tcp->doff * 4));
            break;
        case 17 : printf("User Datagram Protocol (UDP)\r\n");
            break;
        default : printf("Unknow\r\n");
            break;
    }
}


int main(void){
    // Interfaces
    pcap_if_t * alldevs;
    pcap_if_t * d;
    int ifNum;
    int i=0;


    pcap_t    * captureHandle;


    // Packet
    struct pcap_pkthdr* packetHeader;
    const  u_char *     packetData;
    struct ethhdr *     eth;




 int res;


    char errbuf[PCAP_ERRBUF_SIZE];


    /* Retrieve the device list from the local machine */
    if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
    {
        fprintf(stderr,"Error in pcap_findalldevs_ex: %s\r\n", errbuf);
        return EXIT_FAILURE;
    }


    /* Print the list */
    for(d= alldevs; d != NULL; d= d->next)
    {
        printf("%d.\r\nName:\r\n\t%s\r\n", ++i, d->name);
        if (d->description)
            printf("Descriptions:\r\n\t%s\r\n\r\n", d->description);
        else
            printf(" (No description available)\r\n");
    }


    if (i == 0)
    {
        printf("\r\nNo interfaces found! Make sure WinPcap is installed.\r\n");
        return EXIT_FAILURE;
    }else{
        printf("Enter the interface number (1-%d):",i);
        scanf("%d", &ifNum);
    }


    if(ifNum < 1 || ifNum > i)
    {
        printf("\nInterface number out of range.\r\n");
        /* Free the device list */
        pcap_freealldevs(alldevs);
        return -1;
    }


    /* Jump to the selected adapter */
    for(d=alldevs, i=0; i< ifNum-1 ;d=d->next, i++);


    captureHandle = pcap_open(d->name, PACKET_SIZE, 0, 1000, NULL, errbuf);


    if( captureHandle == NULL){
        fprintf(stderr, "pcap_open(): %s\r\n", errbuf);
        pcap_freealldevs(alldevs);
        return EXIT_FAILURE;
    }


    /* We don't need any more the device list. Free it */
    pcap_freealldevs(alldevs);


    /* start the capture */
    while( (res = pcap_next_ex(captureHandle, &packetHeader, &packetData)) >= 0){
        if(res == 0)
        /* Timeout elapsed */
            continue;
        printf("\r\n\r\nPacket length: %d\r\n", packetHeader->len);
        printf("Received at ..... %s\r\n",ctime((const time_t*)&packetHeader->ts.tv_sec));


        eth = (struct ethhdr *) packetData;
        print_eth_header(eth);


        // Analyse ethernet type
        switch(htons(eth->h_proto)){
            case 0x0800 :   fprintf(stdout,"Internet Protocol, Version 4 (IPv4)\r\n");
                            print_packet(packetData);
                            break;
            case 0x0806 :   fprintf(stdout,"Address Resolution Protocol (ARP)\r\n");
                            break;
            case 0x8035 :   fprintf(stdout,"Reverse Address Resolution Protocol (RARP)\r\n");
                            break;
            case 0x809B :   fprintf(stdout,"AppleTalk (Ethertalk)\r\n");
                            break;
            case 0x80F3 :   fprintf(stdout,"AppleTalk Address Resolution Protocol (AARP)\r\n");
                            break;
            case 0x8100 :   fprintf(stdout,"IEEE 802.1Q-tagged frame\r\n");
                            break;
            case 0x8137 :   fprintf(stdout,"Novell IPX (alt)\r\n");
                            break;
            case 0x8138 :   fprintf(stdout,"Novell\r\n");
                            break;
            case 0x86DD :   fprintf(stdout,"Internet Protocol, Version 6 (IPv6)\r\n");
                            print_packet(packetData);
                            break;
            case 0x8847 :   fprintf(stdout,"MPLS unicast\r\n");
                            break;
            case 0x8848 :   fprintf(stdout,"MPLS multicast\r\n");
                            break;
            case 0x8863 :   fprintf(stdout,"PPPoE Discovery Stage\r\n");
                            break;
            case 0x8864 :   fprintf(stdout,"PPPoE Session Stage\r\n");
                            break;
            case 0x88A2 :   fprintf(stdout,"ATA over Ethernet\r\n");
                            break;
            default     :  fprintf(stdout,"Unknow packet\r\n");
                            break;
        }
    }


    if(res == -1){
        printf("Error reading the packets: %s\r\n", pcap_geterr(captureHandle));
        return EXIT_FAILURE;
    }


    pcap_close(captureHandle);
    return EXIT_SUCCESS;
}


Adnmaster666

1 réponse

Réponse 1 / 1
cs_rt15 Messages postés 3874 Date d'inscription mardi 8 mars 2005 Statut Modérateur Dernière intervention 7 novembre 2014 13
15 mars 2007 à 19:08
Salut,


C'est vrai qu'il existe certainement des sources qui te faciliteraient le travail...


Mais WinPCAP à l'air de bien faire son boulot : c'est juste que le code
di-dessus n'affiche la description que des quelques protocoles les plus
courants -> Tu peux donc le complèter en te basant sur la doc de ces
protocoles.
0

Discussions similaires

MSN, Sniffer, SPY que faire, comment faire ?
cs_Ninja Scroll -
superccboss -

9 réponses
Sniffer page web - Comment lister toutes les urls lors du chargement d'une page
cs_fabiano13 -
NHenry -

8 réponses
Aide Sniffer Wifi
cs_cadavor -
omnia -

5 réponses
Sniffer port serie
cs_centaury -
bartonf0nk -

9 réponses
Surveillance réseau
jecmac -
ghuysmans99 -

6 réponses
Rejoignez-nous