Download Network Sniffer in c
#include <pcap.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <arpa/inet.h>
#include <netinet/if_ether.h>
#include <net/ethernet.h>
#include <netinet/ether.h>
char *dev; //device name
//sizes
int size_ethernet = sizeof(struct ether_header);
int size_ip = sizeof(struct ip);
int size_tcp = sizeof(struct tcphdr);
int size_icmp=sizeof(struct icmphdr);
int size_udp=sizeof(struct udphdr);
/* function to print payload data */
void call_payload(const u_char *payload, int len)
{
int paylen = len;
int linew = 16; /* number of bytes per line */
int linel,i,n;
int offset = 0;
const u_char *ch;
//printf("len=%d",len);
if (len <= 0)
return;
if (len <= linew)
{
ch = payload;
for(i = 0; i < len; i++)
{
printf("%c ", *ch);
ch++;
if (i == 7)
printf(" ");
}
if (len < 8)
printf(" ");
if (len < 16)
{
n = 16 - len;
for (i = 0; i<n; i++)
{
printf(" ");
}
}
printf(" ");
for(i = 0; i<len; i++)
{
if (isprint(*ch))
printf("%c", *ch);
else
printf(".");
ch++;
}
printf("\n");
return;
}
for ( ; ; )
{
linel = linew % paylen;
ch = payload;
for(i = 0; i<len; i++)
{
printf("%02x ", *ch);
ch++;
if (i == 7)
printf(" ");
}
if (len<8)
printf(" ");
if (len<16)
{
n = 16 - len;
for (i = 0; i<n; i++)
{
printf(" ");
}
}
printf(" ");
/*for(i = 0; i < len; i++)
{
if (isprint(*ch))
printf("%c", *ch);
else
printf(".");
ch++;
}*/
printf("\n");
return;
}
paylen = paylen - linel;
ch = ch + linel;
offset = offset + linew;
if (paylen<=linew)
{
ch = payload;
for(i = 0; i<len; i++)
{
printf("%02x ", *ch);
ch++;
if (i == 7)
printf(" ");
}
if (len < 8)
printf(" ");
if (len < 16)
{
n = 16 - len;
for (i = 0; i<n; i++)
{
printf(" ");
}
}
printf(" ");
for(i = 0; i < len; i++)
{
if (isprint(*ch))
printf("%c", *ch);
else
printf(".");
ch++;
}
printf("\n");
return;
}
return;
}
void handle_Tcp(const u_char * packet)
{
struct tcphdr * tcp;
const char *payload;
tcp=(struct tcphdr*)(packet+size_ethernet);
printf("\n\t***************************************************************************\n");
printf("\n\tProtocol: TCP\n");
/*printf("\n\tSrc Port TCP %d:",ntohs(tcp->source));
printf("\n\tDst Port TCP %d",ntohs(tcp->dest));*/
payload=(char *)tcp+size_tcp;
call_payload(payload,98-(size_ip+size_tcp));
}
void handle_Udp(const u_char * packet)
{/*
struct udphdr * udphdr;
const char *payload;
udphdr=(struct udphdr*)(packet+size_ethernet);
printf("\n\t***************************************************************************\n");
printf("\n\tProtocol: UDP\n");
payload=(char *)udphdr+size_udp;
call_payload(payload,98-(size_ip+size_udp)););*/
}
void handle_Icmp(const u_char * packet)
{/*
struct icmphdr * icmphdr;
const char *payload;
icmphdr=(struct icmphdr*)(packet+size_ethernet);
printf("\n\t***************************************************************************\n");
printf("\n\tProtocol: ICMP\n");
payload=(char *)icmphdr+size_icmp;
call_payload(payload,30);*/
}
void handleIP( const u_char * packet)
{
struct ip *ip;
ip = (struct ip*)(packet + size_ethernet);
printf("\n\t***************************************************************************\n");
printf("\tfrom %s\t",inet_ntoa(ip->ip_src));
printf("\tTO %s\t",inet_ntoa(ip->ip_dst));
printf("\tttl %d \t\n",(ip->ip_ttl));
printf("\tProtocol %d\t",(ip->ip_p));
printf("\t\tChecksum %d\t",(ip->ip_sum));
printf("\tTOS %d \t\n",(ip-> ip_tos));
printf("\ttotal length %d \t",(ip-> ip_len));
printf("\tIdentification %d \t",(ip->ip_id));
printf("Fragment Offset %d \n",(ip->ip_off));
printf("\tVersion %d\t\n",(ip->ip_v));
/* to find the protocol type */
if (ip->ip_p == IPPROTO_TCP)
{
handle_Tcp(packet);
}
else
if (ip->ip_p == IPPROTO_UDP)
{
handle_Udp(packet);
}
else
if (ip->ip_p == IPPROTO_ICMP)
{
handle_Icmp(packet);
}
else
if (ip->ip_p == IPPROTO_IP)
{
printf("\n\tProtocol: IP\n");
}
else
printf("\n\tProtocol: unknown\n");
}
void Process_Packet(u_char * a, const struct pcap_pkthdr *pk_header, const u_char * packet)
{
static int Count=1;
printf("\n\t----------------------------------------------------------------------------\n");
printf("\n\tPacket %d:\n\t",Count++ );
struct ether_header *ethHeader;
ethHeader = (struct ether_header *) packet;
printf("\n\tTo MacAddress\t%s",ether_ntoa((struct ether_addr*)ethHeader->ether_dhost)); /* destination eth addr */
printf("\n\tFrom MacAddress\t%s",ether_ntoa((struct ether_addr*)ethHeader->ether_shost)); /* source ether addr */
printf("\n\tEthernet Type\t");
if(ntohs (ethHeader->ether_type)==ETHERTYPE_IP)
{
printf("IP"); /*IP*/
handleIP(packet);
}
else if(ntohs (ethHeader->ether_type)==ETHERTYPE_ARP)
{
printf("ARP"); /*ARP*/
}
else if(ntohs (ethHeader->ether_type)==ETHERTYPE_REVARP)
{
printf("RARP"); /*RARP*/
}
else if(ntohs (ethHeader->ether_type)==ETHERTYPE_REVARP)
{
printf("Xero PUP"); /*PUP*/
}
}
int main(int argc,char **argv)
{
/*
Declarations
*/
char errbuf[PCAP_ERRBUF_SIZE]; //256 defined in pcap.h
pcap_t* pd;
int snaplen=200; //len of packet to capture
const u_char *packet; //packet
bpf_u_int32 maskp; //mask
bpf_u_int32 netp; //net address
char localnet[INET_ADDRSTRLEN],umask[INET_ADDRSTRLEN];
struct pcap_pkthdr hdr;
u_char* args = NULL; // dont know why??????
if(argc != 2) // to take number of packets to sniff
{
printf("\tUsage: %s numpackets \n",argv[0]);
return 0;
}
if(dev==NULL) //ethernet or wlan card get the device name to dev
{
if((dev=pcap_lookupdev(errbuf))==NULL)
{
perror("Device Lookup :");
}
}
if(dev == NULL)
{
printf("%s\n",errbuf); exit(1);
}
else
{
printf("\tThe Device Found is :%s\n",dev); // the device found is
}
if((pd=pcap_open_live(dev,snaplen,0,500,errbuf))==NULL) //200bytes of capture ,0 promiscous,500 time out pd ??????
perror("Error Open live ");
if(pcap_lookupnet(dev,&netp,&maskp,errbuf)<0) //net is network address , maskp is the umask value
perror("Error lookup:");
printf("\tlocal net %s and umask %s \n",inet_ntop(AF_INET,&netp,localnet,sizeof(localnet)),inet_ntop (AF_INET,&maskp,umask,sizeof(umask)));
if(packet == NULL)
{
printf("Didn't grab packet\n");
exit(1);
}
printf("\nGrabbed packet of length: %d\n",hdr.len);
printf("Ethernet address length: %d\n",ETHER_HDR_LEN);
/* loop function*/
pcap_loop(pd,atoi(argv[1]),Process_Packet,args); //calls my_callback()its a pcap_handler for arv[1] (no of packets captured ) times
printf("\n\t----------------------------------------------------------------------------\n");
}