Thread: Little sniffer

  1. #1
    Registered User
    Join Date
    Dec 2008
    Posts
    3

    Post Little sniffer

    Hi guys, I'm trying to learn a bit about sockets programming, so I made a little sniffer.
    Here is the code:

    Code:
    #include <netinet/in.h>
    #include <fcntl.h>
    #include <stdlib.h>
    #include <stdio.h>
    #include <netinet/ip.h>
    #include <netinet/ip_icmp.h>
    #include <netinet/tcp.h>
    
    // Creating socket and declaring struct of IP protocol
    
    int main(void) {
    int s;
    struct sockaddr_in dir = {AF_INET, 0, 0 };
    char buff[1024];
    int len = sizeof(dir);
    
    
    
    struct ip *ip1 = (struct ip* ) (buff+ sizeof (dir));
    
    
    
    //Not necesary, it tells that you must to be root
    
    if (geteuid() != 0) {
    printf("You have to be root!\n");
    exit(0);
    }
    
    
    //Error 
    
    if ((s = socket(AF_INET, SOCK_RAW, 6)) < 0){
    printf ("Error creating socket\n");
    exit (0);
    }
    
    // It starts to listen for packets
    
    printf("Waiting for packets...\n");
    
    while (1) {
    bzero(buff, 1024);
    
    //If it recieves a packet, the user will be informed
    
    while (recvfrom(s, buff, 1024, 0, (struct sockaddr_in*) &dir,
    &len) > 0){
    
    
    
    unsigned char *srcBytes = (unsigned char*)&ip1->ip_src;
    
    
    
    
    printf ("I got a packet!\t ip: &#37;s", inet_ntoa(ip1->ip_src));
    
    }
    }
    }
    So, I have a notification when a packet is recieved, but the IP I got is wrong. What can I do to get the real IP of every packet?

    Thanks
    Last edited by Makiz0rz; 12-09-2008 at 11:31 AM. Reason: comments

  2. #2
    Banned master5001's Avatar
    Join Date
    Aug 2001
    Location
    Visalia, CA, USA
    Posts
    3,685
    What do you mean by real IP?

  3. #3
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Eww...before I even look, do you know about network byte order with using inet addresses, integers, all those crazy socket functions, etc. I don't think I see those _nota things I should be seeing!

    I'm no expert.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  4. #4
    Registered User
    Join Date
    Dec 2008
    Posts
    3
    Yeah, I think that's my error. I tried with different orders, but I don't know a lot about that, I want to learn.

    For real IP I mean that, if you run the program, you will see some IPs. But those IPs aren't the real IPs, because I did it wrong.

    Thanks

  5. #5
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    You may also want to indent your code so that it's easy to understand what goes where.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  6. #6
    Registered User
    Join Date
    Dec 2005
    Location
    german border
    Posts
    72
    if you are interested in learning more about socket programming, especially raw sockets, www.securityfreak.net is a really excellent site for that stuff.

  7. #7
    Registered User
    Join Date
    Dec 2008
    Posts
    3
    @matsp: Oke, I wrote some comments in the code.
    @Calef13: Thanks for the link, I'll have a huge look there : D


    Well, someone could try to compile that and edit it? I would be very grateful.

    Thanks, guys.

  8. #8
    Registered User
    Join Date
    Dec 2005
    Location
    german border
    Posts
    72
    Sorry I got that link wrong, it's www.security-freak.net. My bad.

  9. #9
    Registered User
    Join Date
    Dec 2005
    Location
    german border
    Posts
    72
    Well I tried compiling and running it, but it wasn't happening. I got no packets at all. I know nothing about raw sockets, but I can't see how you can be reading from anything anyway, you read an ip from ip1, but that struct is never written to, only declared, so wouldn't you just get garbage? Regardless, here is a sniffer which dumps the hex code, so you can probably work from the below pages to get it to spit out an ip:

    http://www.security-freak.net/raw-sockets/sniffer.c
    http://www.security-freak.net/raw-so...sockets.html#2

    Code:
    #include <netinet/in.h>
    #include <fcntl.h>
    #include <stdlib.h>
    #include <stdio.h>
    #include <netinet/ip.h>
    #include <netinet/ip_icmp.h>
    #include <netinet/tcp.h>
    
    // Creating socket and declaring struct of IP protocol
    
    int main(void)
    {
        int s;
        struct sockaddr_in dir = {AF_INET, 0, 0 };
        char buff[1024];
        int len = sizeof(dir);
    
        struct ip *ip1 = (struct ip* ) (buff+ sizeof (dir));
    
    
    
        //Not necesary, it tells that you must to be root
    
        if (geteuid() != 0)
        {
            printf("You have to be root!\n");
            exit(0);
        }
    
        if ((s = socket(AF_INET, SOCK_RAW, 6)) < 0)
        {
            printf ("Error creating socket\n");
            exit (0);
        }
    
        // It starts to listen for packets
    
        printf("Waiting for packets...\n");
    
        while (1)
        {
            bzero(buff, 1024);
    
            //If it recieves a packet, the user will be informed
            while (recvfrom(s, buff, 1024, 0, (struct sockaddr_in*) &dir, &len) > 0)
            {
                unsigned char *srcBytes = (unsigned char*)&ip1->ip_src;
                printf ("I got a packet!\t ip: %s", inet_ntoa(ip1->ip_src));
            }
    
        }
    }

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. packet sniffer
    By l2u in forum Networking/Device Communication
    Replies: 6
    Last Post: 09-20-2007, 08:53 PM
  2. My packet sniffer
    By Mad_guy in forum A Brief History of Cprogramming.com
    Replies: 0
    Last Post: 04-14-2007, 11:56 PM
  3. sniffer over switcher network!!!
    By ove256 in forum Networking/Device Communication
    Replies: 2
    Last Post: 10-28-2005, 07:45 PM
  4. WinPcap Sniffer App Prob
    By GUI_XP in forum C++ Programming
    Replies: 3
    Last Post: 12-01-2002, 05:31 PM

Tags for this Thread