Solved

Packet sniffer gone wrong

Posted on 2007-04-09
1
348 Views
Last Modified: 2012-05-05
Im having some problems with this packet sniffer i wrote. It
will capture all packets fine but i also need it to send these
captured packets forwarded on to a client machine. this part of the
program is not working so well. Any help appreciated as i am at my
wits end.
Here is the code:

#include <stdio.h>
#include <sys/socket.h>
#include <resolv.h>
#include <arpa/inet.h>
#include <errno.h>
#include <sys/types.h>
#include <linux/if_ether.h>
#include < string.h>

int go = -1;
int x; /*global var for passing no of bytes recieved by sniffer*/

struct ipheader { /*Ip header structure*/

unsigned char headl:4, version:4;
unsigned char tos;
unsigned short int len;
unsigned short int id_seq;
unsigned short int offset;
unsigned char ttl;
unsigned char proto;
unsigned short int chksum;
unsigned int source;
unsigned int dest;

};

struct tcpheader {

unsigned short int srcport;
unsigned short int destport;
unsigned int seqnum;
unsigned int acknum;
unsigned char x2:4, offset:4;
unsigned char flags;
unsigned short int windowsize;
unsigned short int chksum;
unsigned short int urgentptr;

};

struct udpheader {
unsigned short int srcport;
unsigned short int destport;
unsigned short int len;
unsigned short int chksum;

};

int udpForward(char *buffer)
{
    int t;

    char data2[(x+1064)];

    struct ipheader *ip=(void*)buffer;
    int store = ip->id_seq;

    printf("\n%i\n", store);

    if (store!= go){    /*this guy checks to see if this packet was
forwarded already*/
    go = store;

    strcpy(data2, buffer); /*copies whole packet into data2*/
    printf("copy successful \n");
    /*Client initiated*/

    int ipsoc = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);

    /*Now for the standard stuff*/
    struct sockaddr_in raddrin;
    raddrin.sin_family = AF_INET;
    raddrin.sin_port = htons(3333);
    raddrin.sin_addr.s_addr = inet_addr(" 192.168.1.66");/*Ip address
of data analysis client*/

/* ssize_t sendto(int socket, const void *message, size_t length,
       int flags, const struct sockaddr *dest_addr, socklen_t
dest_len);*/

    t = sendto(ipsoc, data2, sizeof(data2), 0, (struct sockaddr
*)&raddrin, x);
    printf("t= %i\n", t);
    if (t > -1)
        printf("great success\n"); /*new packet sent*/

    }

    else{
        perror( "t" );
    printf("already sent\n");
    go = -1;}

}

void sniffnetwork()
{
int n, bytes_read,i;
char data[1024];
n = socket(AF_INET, SOCK_PACKET, htons(ETH_P_IP));

if ( n < 0 )
printf("Snooper socket error");

do{
    bytes_read = recvfrom(n, data, sizeof(data), 0, 0, 0);
    if ( bytes_read > 0 ){
        x = bytes_read;
        printf("captured data:\n");
        /*for (i=0; i<=bytes_read; i++){
            printf("%X", data[i]);

            }*/
        printf("\n");
        udpForward(data);

        }
}

while ( bytes_read > 0 );

}

int main()
{
    sniffnetwork();

return 0;

}

I think UDP is appropriate for forwarding on the packets as every
single one is not essential nor is the order.
0
Comment
Question by:howardshamsham
1 Comment
 
LVL 45

Accepted Solution

by:
Kdo earned 500 total points
ID: 18877723
Hi Howard,

Looking at the code it's hard to tell exactly where/how you intend to implement this so I'll make a couple of broad statements.  That might help to clear things up.  :)

-  A packet sniffer does not normally work at the application level.  Too many issues to name.
-  The sniffer is connectionless.  It needs to see all of the packets/
-  The sniffer doesn't care about protocol.  It should see the TCP and UDP packets.
-  UDP packets are usually "local".  The are not forwarded by the router.
-  Once the sniffer has examined a packet, it must be forwarded.  If the sniffer is working near the lower levels of the IP stack it simply places it on a queue for proper disposition.  If the sniffer is working near the higher (application) level it must pass the packet to be forwarded OR to the desired service on the local machine.  This is something that you should avoid.


Kent
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
SSL RA VPN 7 78
Cannot join to domain 16 80
Independent domain networks for setup 6 86
Cisco ASA5508-X vs Barracuda X200 2 32
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
The goal of this video is to provide viewers with basic examples to understand opening and writing to files in the C programming language.
The goal of this video is to provide viewers with basic examples to understand and use conditional statements in the C programming language.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now