?
Solved

Packet sniffer gone wrong

Posted on 2007-04-09
1
Medium Priority
?
378 Views
Last Modified: 2012-05-05
Im having some problems with this packet sniffer i wrote. It
will capture all packets fine but i also need it to send these
captured packets forwarded on to a client machine. this part of the
program is not working so well. Any help appreciated as i am at my
wits end.
Here is the code:

#include <stdio.h>
#include <sys/socket.h>
#include <resolv.h>
#include <arpa/inet.h>
#include <errno.h>
#include <sys/types.h>
#include <linux/if_ether.h>
#include < string.h>

int go = -1;
int x; /*global var for passing no of bytes recieved by sniffer*/

struct ipheader { /*Ip header structure*/

unsigned char headl:4, version:4;
unsigned char tos;
unsigned short int len;
unsigned short int id_seq;
unsigned short int offset;
unsigned char ttl;
unsigned char proto;
unsigned short int chksum;
unsigned int source;
unsigned int dest;

};

struct tcpheader {

unsigned short int srcport;
unsigned short int destport;
unsigned int seqnum;
unsigned int acknum;
unsigned char x2:4, offset:4;
unsigned char flags;
unsigned short int windowsize;
unsigned short int chksum;
unsigned short int urgentptr;

};

struct udpheader {
unsigned short int srcport;
unsigned short int destport;
unsigned short int len;
unsigned short int chksum;

};

int udpForward(char *buffer)
{
    int t;

    char data2[(x+1064)];

    struct ipheader *ip=(void*)buffer;
    int store = ip->id_seq;

    printf("\n%i\n", store);

    if (store!= go){    /*this guy checks to see if this packet was
forwarded already*/
    go = store;

    strcpy(data2, buffer); /*copies whole packet into data2*/
    printf("copy successful \n");
    /*Client initiated*/

    int ipsoc = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);

    /*Now for the standard stuff*/
    struct sockaddr_in raddrin;
    raddrin.sin_family = AF_INET;
    raddrin.sin_port = htons(3333);
    raddrin.sin_addr.s_addr = inet_addr(" 192.168.1.66");/*Ip address
of data analysis client*/

/* ssize_t sendto(int socket, const void *message, size_t length,
       int flags, const struct sockaddr *dest_addr, socklen_t
dest_len);*/

    t = sendto(ipsoc, data2, sizeof(data2), 0, (struct sockaddr
*)&raddrin, x);
    printf("t= %i\n", t);
    if (t > -1)
        printf("great success\n"); /*new packet sent*/

    }

    else{
        perror( "t" );
    printf("already sent\n");
    go = -1;}

}

void sniffnetwork()
{
int n, bytes_read,i;
char data[1024];
n = socket(AF_INET, SOCK_PACKET, htons(ETH_P_IP));

if ( n < 0 )
printf("Snooper socket error");

do{
    bytes_read = recvfrom(n, data, sizeof(data), 0, 0, 0);
    if ( bytes_read > 0 ){
        x = bytes_read;
        printf("captured data:\n");
        /*for (i=0; i<=bytes_read; i++){
            printf("%X", data[i]);

            }*/
        printf("\n");
        udpForward(data);

        }
}

while ( bytes_read > 0 );

}

int main()
{
    sniffnetwork();

return 0;

}

I think UDP is appropriate for forwarding on the packets as every
single one is not essential nor is the order.
0
Comment
Question by:howardshamsham
1 Comment
 
LVL 46

Accepted Solution

by:
Kent Olsen earned 1500 total points
ID: 18877723
Hi Howard,

Looking at the code it's hard to tell exactly where/how you intend to implement this so I'll make a couple of broad statements.  That might help to clear things up.  :)

-  A packet sniffer does not normally work at the application level.  Too many issues to name.
-  The sniffer is connectionless.  It needs to see all of the packets/
-  The sniffer doesn't care about protocol.  It should see the TCP and UDP packets.
-  UDP packets are usually "local".  The are not forwarded by the router.
-  Once the sniffer has examined a packet, it must be forwarded.  If the sniffer is working near the lower levels of the IP stack it simply places it on a queue for proper disposition.  If the sniffer is working near the higher (application) level it must pass the packet to be forwarded OR to the desired service on the local machine.  This is something that you should avoid.


Kent
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
The goal of this video is to provide viewers with basic examples to understand how to create, access, and change arrays in the C programming language.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question