|
Home > Archive > Unix Programming > April 2006 > My simple tcp sniffer sniffs only incoming packts and not outgoing packets. Why ???
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
My simple tcp sniffer sniffs only incoming packts and not outgoing packets. Why ???
|
|
| The Dark Free Soul 2006-04-27, 7:55 am |
| Hi everybody.
I'm trying to write a simple as possible tcp sniffer in C. It seems to
work, it goes in promiscuous mode and sniffs packets but it sniffs ONLY
incoming packets. I can't really figure out why it won't show me
outgoing packets. Probably i'm missing something, but I don't know
what.
Can you help me?
Many thanks in advance.
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netpacket/packet.h>
#include <net/ethernet.h>
#include <net/if.h>
#include <sys/ioctl.h>
#define PKT_LEN 8192
int main(int argc, char **argv) {
struct iphdr *sip;
struct tcphdr *stcp;
int ssd, ifid;
char *sbuffer;
char *sdata;
char *ifname = argv[1];
sbuffer = (char *) malloc(PKT_LEN);
memset(sbuffer, 0, PKT_LEN);
ssd = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if (ssd < 0)
perror("Error socket()");
struct ifreq ifr;
strncpy(ifr.ifr_name, ifname, strnlen(argv[1])+1);
ioctl(ssd, SIOCGIFFLAGS, &ifr);
ifr.ifr_flags |= IFF_PROMISC;
ioctl (ssd, SIOCSIFFLAGS, &ifr);
while(read(ssd, sbuffer, 8192) > 0) {
sip = (struct iphdr *) sbuffer;
stcp = (struct tcphdr *) (sbuffer+ sip->ihl*4);
printf("Sniffer started. Listening for traffic...\n");
printf("Source address: %s\n", inet_ntoa(sip->saddr));
printf("Destination address: %s\n", inet_ntoa(sip->daddr));
printf("Source port: %d\n", ntohs(stcp->source));
printf("Destination port: %d\n", ntohs(stcp->dest));
printf("Flag FIN: %d\n", stcp->fin);
printf("Flag SYN: %d\n", stcp->syn);
printf("Flag RST: %d\n", stcp->rst);
printf("Flag PSH: %d\n", stcp->psh);
printf("Flag ACK: %d\n", stcp->ack);
printf("Flag URG: %d\n", stcp->urg);
sdata =(sbuffer + (sip->ihl*4) + (stcp->doff*4));
printf("Data:\n%s\n", sdata);
printf("\t\t---\t\t\n");
}
return 0;
}
| |
| The Dark Free Soul 2006-04-27, 7:55 am |
| syntax is:
../sniffer <network interface>
i.e.:
../sniffet eth0
| |
| Barry Margolin 2006-04-27, 7:55 am |
| In article <1145114847.133884.43090@v46g2000cwv.googlegroups.com>,
"The Dark Free Soul" <thedarkfreesoul@gmail.com> wrote:
> Hi everybody.
> I'm trying to write a simple as possible tcp sniffer in C. It seems to
> work, it goes in promiscuous mode and sniffs packets but it sniffs ONLY
> incoming packets. I can't really figure out why it won't show me
> outgoing packets. Probably i'm missing something, but I don't know
> what.
Because read() is used to read things that you receive, and you don't
receive your own outgoing packets.
If you want to write a sniffer, "man bpf".
> Can you help me?
> Many thanks in advance.
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <unistd.h>
> #include <string.h>
> #include <netdb.h>
> #include <sys/types.h>
> #include <sys/socket.h>
> #include <netinet/in.h>
> #include <netinet/ip.h>
> #include <netinet/tcp.h>
> #include <netpacket/packet.h>
> #include <net/ethernet.h>
>
> #include <net/if.h>
> #include <sys/ioctl.h>
> #define PKT_LEN 8192
>
> int main(int argc, char **argv) {
> struct iphdr *sip;
> struct tcphdr *stcp;
> int ssd, ifid;
> char *sbuffer;
> char *sdata;
> char *ifname = argv[1];
> sbuffer = (char *) malloc(PKT_LEN);
> memset(sbuffer, 0, PKT_LEN);
> ssd = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
> if (ssd < 0)
> perror("Error socket()");
>
> struct ifreq ifr;
> strncpy(ifr.ifr_name, ifname, strnlen(argv[1])+1);
> ioctl(ssd, SIOCGIFFLAGS, &ifr);
> ifr.ifr_flags |= IFF_PROMISC;
> ioctl (ssd, SIOCSIFFLAGS, &ifr);
>
> while(read(ssd, sbuffer, 8192) > 0) {
> sip = (struct iphdr *) sbuffer;
> stcp = (struct tcphdr *) (sbuffer+ sip->ihl*4);
> printf("Sniffer started. Listening for traffic...\n");
> printf("Source address: %s\n", inet_ntoa(sip->saddr));
> printf("Destination address: %s\n", inet_ntoa(sip->daddr));
>
> printf("Source port: %d\n", ntohs(stcp->source));
> printf("Destination port: %d\n", ntohs(stcp->dest));
> printf("Flag FIN: %d\n", stcp->fin);
> printf("Flag SYN: %d\n", stcp->syn);
> printf("Flag RST: %d\n", stcp->rst);
> printf("Flag PSH: %d\n", stcp->psh);
> printf("Flag ACK: %d\n", stcp->ack);
> printf("Flag URG: %d\n", stcp->urg);
> sdata =(sbuffer + (sip->ihl*4) + (stcp->doff*4));
> printf("Data:\n%s\n", sdata);
> printf("\t\t---\t\t\n");
> }
> return 0;
> }
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
| |
| Pankaj_CDAC-Noida 2006-04-27, 7:55 am |
| hi everybody,
i am pursuing B-tech (computer Science)in india.
i have to prepare a project in C/C++;can ahy body helps me in selection
of project.
mail me:pankaj.k.goyal@gmail.com
| |
| Mark Hobley 2006-04-27, 7:55 am |
| Pankaj_CDAC-Noida <Pankaj.K.Goyal@gmail.com> wrote:
>
> i have to prepare a project in C/C++
Yeah, I prefer to code in C. It produces more compact binaries, and is
available on most machines.
Maybe the college want you to code in C++ though, to show off your object
oriented skills.
You could develop a "Pancake Day" reminder tool. It is one of the projects in
my pending list.
http://markhobley.yi.org:8000/LinProjects
Regards,
Mark.
--
Mark Hobley
393 Quinton Road West
QUINTON
Birmingham
B32 1QE
Telephone: (0121) 247 1596
International: 0044 121 247 1596
Email: markhobley at hotpop dot donottypethisbit com
http://markhobley.yi.org/
|
|
|
|
|