?
Solved

Packet sniffer gone wrong

Posted on 2007-04-09
1
Medium Priority
?
367 Views
Last Modified: 2012-05-05
Im having some problems with this packet sniffer i wrote. It
will capture all packets fine but i also need it to send these
captured packets forwarded on to a client machine. this part of the
program is not working so well. Any help appreciated as i am at my
wits end.
Here is the code:

#include <stdio.h>
#include <sys/socket.h>
#include <resolv.h>
#include <arpa/inet.h>
#include <errno.h>
#include <sys/types.h>
#include <linux/if_ether.h>
#include < string.h>

int go = -1;
int x; /*global var for passing no of bytes recieved by sniffer*/

struct ipheader { /*Ip header structure*/

unsigned char headl:4, version:4;
unsigned char tos;
unsigned short int len;
unsigned short int id_seq;
unsigned short int offset;
unsigned char ttl;
unsigned char proto;
unsigned short int chksum;
unsigned int source;
unsigned int dest;

};

struct tcpheader {

unsigned short int srcport;
unsigned short int destport;
unsigned int seqnum;
unsigned int acknum;
unsigned char x2:4, offset:4;
unsigned char flags;
unsigned short int windowsize;
unsigned short int chksum;
unsigned short int urgentptr;

};

struct udpheader {
unsigned short int srcport;
unsigned short int destport;
unsigned short int len;
unsigned short int chksum;

};

int udpForward(char *buffer)
{
    int t;

    char data2[(x+1064)];

    struct ipheader *ip=(void*)buffer;
    int store = ip->id_seq;

    printf("\n%i\n", store);

    if (store!= go){    /*this guy checks to see if this packet was
forwarded already*/
    go = store;

    strcpy(data2, buffer); /*copies whole packet into data2*/
    printf("copy successful \n");
    /*Client initiated*/

    int ipsoc = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);

    /*Now for the standard stuff*/
    struct sockaddr_in raddrin;
    raddrin.sin_family = AF_INET;
    raddrin.sin_port = htons(3333);
    raddrin.sin_addr.s_addr = inet_addr(" 192.168.1.66");/*Ip address
of data analysis client*/

/* ssize_t sendto(int socket, const void *message, size_t length,
       int flags, const struct sockaddr *dest_addr, socklen_t
dest_len);*/

    t = sendto(ipsoc, data2, sizeof(data2), 0, (struct sockaddr
*)&raddrin, x);
    printf("t= %i\n", t);
    if (t > -1)
        printf("great success\n"); /*new packet sent*/

    }

    else{
        perror( "t" );
    printf("already sent\n");
    go = -1;}

}

void sniffnetwork()
{
int n, bytes_read,i;
char data[1024];
n = socket(AF_INET, SOCK_PACKET, htons(ETH_P_IP));

if ( n < 0 )
printf("Snooper socket error");

do{
    bytes_read = recvfrom(n, data, sizeof(data), 0, 0, 0);
    if ( bytes_read > 0 ){
        x = bytes_read;
        printf("captured data:\n");
        /*for (i=0; i<=bytes_read; i++){
            printf("%X", data[i]);

            }*/
        printf("\n");
        udpForward(data);

        }
}

while ( bytes_read > 0 );

}

int main()
{
    sniffnetwork();

return 0;

}

I think UDP is appropriate for forwarding on the packets as every
single one is not essential nor is the order.
0
Comment
Question by:howardshamsham
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 46

Accepted Solution

by:
Kent Olsen earned 1500 total points
ID: 18877723
Hi Howard,

Looking at the code it's hard to tell exactly where/how you intend to implement this so I'll make a couple of broad statements.  That might help to clear things up.  :)

-  A packet sniffer does not normally work at the application level.  Too many issues to name.
-  The sniffer is connectionless.  It needs to see all of the packets/
-  The sniffer doesn't care about protocol.  It should see the TCP and UDP packets.
-  UDP packets are usually "local".  The are not forwarded by the router.
-  Once the sniffer has examined a packet, it must be forwarded.  If the sniffer is working near the lower levels of the IP stack it simply places it on a queue for proper disposition.  If the sniffer is working near the higher (application) level it must pass the packet to be forwarded OR to the desired service on the local machine.  This is something that you should avoid.


Kent
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Make the most of your online learning experience.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question