Code:
//////////////////////////////
#include "stdio.h"
#include "winsock2.h" //need winsock for inet_ntoa and ntohs methods
#include <string.h>
#define HAVE_REMOTE
#include "pcap.h" //Winpcap :)
#pragma comment(lib , "ws2_32.lib") //For winsock
#pragma comment(lib , "wpcap.lib") //For winpcap
//some packet processing functions
void ProcessPacket(u_char* , int );
void print_ethernet_header(u_char*);
void PrintIpHeader(u_char*, int);
void print_udp_packet(u_char*, int);
//Ethernet Header
typedef struct ethernet_header
{
UCHAR dest[6];//6byte
UCHAR source[6];//6byte
USHORT type;//2byte
} ETHER_HDR;
//Ip header (v4)
typedef struct ip_hdr
{// for BYTE_ORDER == __LITTLE_ENDIAN
unsigned char ip_header_len : 4; // 4-bit header length (in 32-bit words) normally=5 (Means 20 Bytes may be 24 also)
unsigned char ip_version : 4; // 4-bit IPv4 version
unsigned char ip_tos; // IP type of service
unsigned short ip_total_length; // Total length
unsigned short ip_id; // Unique identifier
unsigned short R_DF_MF_FragmentOffset;
unsigned char ip_ttl; // Time to live
unsigned char ip_protocol; // Protocol(TCP,UDP etc)
unsigned short ip_checksum; // IP checksum
unsigned char ipSource[4]; // Source address
unsigned char ipDestination[4]; // destination address
} IPV4_HDR;
//UDP header
typedef struct udp_hdr
{
unsigned short source_port; // Source port no.
unsigned short dest_port; // Dest. port no.
unsigned short udp_length; // Udp packet length
unsigned short udp_checksum; // Udp checksum (optional)
} UDP_HDR;
int tcp = 0, udp = 0, icmp = 0, others = 0, igmp = 0, total = 0, i, j;
ETHER_HDR *ethhdr;
IPV4_HDR *iphdr;
UDP_HDR *udpheader;
u_char *data;
int main()
{
unsigned int i;
unsigned int res;
unsigned int chosenNumber;
unsigned char errbuf[PCAP_ERRBUF_SIZE], buffer[100];
unsigned char *pkt_data;
time_t seconds;
struct tm tbreak;
pcap_if_t *alldevs, *d;
pcap_t *fp;
struct pcap_pkthdr *header;
/* The user didn't provide a packet source: Retrieve the local device list */
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
{
/* printf("Error in pcap_findalldevs_ex: %s\n", errbuf);*/
return -1;
}
i = 0;
/* Print the list */
for (d = alldevs; d; d = d->next)
{
++i;
/*printf("%d. %s\n ", ++i, d->name);
if (d->description)
{
printf(" (%s)\n", d->description);
}
else
{
printf(" (No description available)\n");
}*/
}
if (i == 0)
{
/*printf("No interfaces found! Exiting.\n");*/
return -1;
}
//printf("Enter the interface number you would like to sniff : ");
//scanf_s("%d", &chosenNumber);
chosenNumber = 1;
/* Jump to the selected adapter */
for (d = alldevs, i = 0; i < chosenNumber - 1; d = d->next, i++);
/* Open the device */
if ((fp = pcap_open(d->name,
100 /*snaplen*/,
PCAP_OPENFLAG_PROMISCUOUS /*flags*/,
20 /*read timeout*/,
NULL /* remote authentication */,
errbuf)
) == NULL)
{
return -1;
}
//read packets in a loop :)
while ((res = pcap_next_ex(fp, &header, &pkt_data)) >= 0)
{
if (res == 0)
{
// Timeout elapsed
continue;
}
seconds = header->ts.tv_sec;
localtime_s(&tbreak, &seconds);
strftime(buffer, 80, "%d-%b-%Y %I:%M:%S %p", &tbreak);
ProcessPacket(pkt_data, header->caplen);
}
if (res == -1)
{
return -1;
}
return 0;
}
void ProcessPacket(u_char* Buffer, int Size)
{
//Ethernet header
ethhdr = (ETHER_HDR *)Buffer;
++total;
//Ip packets
if (ntohs(ethhdr->type) == 0x0800)
{
//ip header
iphdr = (IPV4_HDR *)(Buffer + sizeof(ETHER_HDR));
switch (iphdr->ip_protocol) //Check the Protocol and do accordingly...
{
case 17: //UDP Protocol
udp++;
print_udp_packet(Buffer, Size);
break;
default: //Some Other Protocol
others++;
break;
}
}
}
/*
Print the Ethernet header
*/
void print_ethernet_header(u_char* buffer)
{
ETHER_HDR *eth = (ETHER_HDR *)buffer;
eth->type = ntohs(eth->type);
}
/*
Print the IP header for IP packets
*/
void PrintIpHeader(unsigned char* Buffer, int Size)
{
unsigned short swap_R_DF_MF_FOffset;
int iphdrlen = 0;
iphdr = (IPV4_HDR *)(Buffer + sizeof(ETHER_HDR));
iphdrlen = iphdr->ip_header_len * 4;
swap_R_DF_MF_FOffset = ntohs(iphdr->R_DF_MF_FragmentOffset);
//print Ethernet header
print_ethernet_header(Buffer);
iphdr->ip_total_length=ntohs(iphdr->ip_total_length);
iphdr->ip_id=ntohs(iphdr->ip_id);
iphdr->ip_checksum= ntohs(iphdr->ip_checksum);
//printf(" |-Reserved bit Flag : %d\n", (swap_R_DF_MF_FOffset & 0x8000) >> 15);//(swap_R_DF_MF_FOffset& 0x8000)>0 ? 1:0
//printf(" |-Dont Fragment Flag : %d\n", (swap_R_DF_MF_FOffset & 0x4000) >> 14);
//printf(" |-More Fragment Flag : %d\n", (swap_R_DF_MF_FOffset & 0x2000) > 13);
//printf(" |- Fragment Offset : %d\n", swap_R_DF_MF_FOffset & 0x1fff);
//printf(" |-TTL : %d\n", (unsigned int)iphdr->ip_ttl);
//printf(" |-Protocol : %d\n", (unsigned int)iphdr->ip_protocol);
}
/*
Print the UDP header for UDP packets
*/
void print_udp_packet(u_char *Buffer, int Size)
{
int iphdrlen = 0, data_size = 0;
iphdr = (IPV4_HDR *)(Buffer + sizeof(ETHER_HDR));
//print ip header
PrintIpHeader(Buffer, Size);
iphdrlen = iphdr->ip_header_len * 4;
udpheader = (UDP_HDR*)(Buffer + iphdrlen + sizeof(ETHER_HDR));
data = (Buffer + sizeof(ETHER_HDR)+iphdrlen + sizeof(UDP_HDR));
data_size = (Size - sizeof(ETHER_HDR)-iphdrlen - sizeof(UDP_HDR));
udpheader->source_port=ntohs(udpheader->source_port);
udpheader->dest_port= ntohs(udpheader->dest_port);
udpheader->udp_length= ntohs(udpheader->udp_length);
udpheader->udp_checksum=ntohs(udpheader->udp_checksum);
}