Solved

Packet sniffer gone wrong

Posted on 2007-04-09
1
350 Views
Last Modified: 2012-05-05
Im having some problems with this packet sniffer i wrote. It
will capture all packets fine but i also need it to send these
captured packets forwarded on to a client machine. this part of the
program is not working so well. Any help appreciated as i am at my
wits end.
Here is the code:

#include <stdio.h>
#include <sys/socket.h>
#include <resolv.h>
#include <arpa/inet.h>
#include <errno.h>
#include <sys/types.h>
#include <linux/if_ether.h>
#include < string.h>

int go = -1;
int x; /*global var for passing no of bytes recieved by sniffer*/

struct ipheader { /*Ip header structure*/

unsigned char headl:4, version:4;
unsigned char tos;
unsigned short int len;
unsigned short int id_seq;
unsigned short int offset;
unsigned char ttl;
unsigned char proto;
unsigned short int chksum;
unsigned int source;
unsigned int dest;

};

struct tcpheader {

unsigned short int srcport;
unsigned short int destport;
unsigned int seqnum;
unsigned int acknum;
unsigned char x2:4, offset:4;
unsigned char flags;
unsigned short int windowsize;
unsigned short int chksum;
unsigned short int urgentptr;

};

struct udpheader {
unsigned short int srcport;
unsigned short int destport;
unsigned short int len;
unsigned short int chksum;

};

int udpForward(char *buffer)
{
    int t;

    char data2[(x+1064)];

    struct ipheader *ip=(void*)buffer;
    int store = ip->id_seq;

    printf("\n%i\n", store);

    if (store!= go){    /*this guy checks to see if this packet was
forwarded already*/
    go = store;

    strcpy(data2, buffer); /*copies whole packet into data2*/
    printf("copy successful \n");
    /*Client initiated*/

    int ipsoc = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);

    /*Now for the standard stuff*/
    struct sockaddr_in raddrin;
    raddrin.sin_family = AF_INET;
    raddrin.sin_port = htons(3333);
    raddrin.sin_addr.s_addr = inet_addr(" 192.168.1.66");/*Ip address
of data analysis client*/

/* ssize_t sendto(int socket, const void *message, size_t length,
       int flags, const struct sockaddr *dest_addr, socklen_t
dest_len);*/

    t = sendto(ipsoc, data2, sizeof(data2), 0, (struct sockaddr
*)&raddrin, x);
    printf("t= %i\n", t);
    if (t > -1)
        printf("great success\n"); /*new packet sent*/

    }

    else{
        perror( "t" );
    printf("already sent\n");
    go = -1;}

}

void sniffnetwork()
{
int n, bytes_read,i;
char data[1024];
n = socket(AF_INET, SOCK_PACKET, htons(ETH_P_IP));

if ( n < 0 )
printf("Snooper socket error");

do{
    bytes_read = recvfrom(n, data, sizeof(data), 0, 0, 0);
    if ( bytes_read > 0 ){
        x = bytes_read;
        printf("captured data:\n");
        /*for (i=0; i<=bytes_read; i++){
            printf("%X", data[i]);

            }*/
        printf("\n");
        udpForward(data);

        }
}

while ( bytes_read > 0 );

}

int main()
{
    sniffnetwork();

return 0;

}

I think UDP is appropriate for forwarding on the packets as every
single one is not essential nor is the order.
0
Comment
Question by:howardshamsham
1 Comment
 
LVL 45

Accepted Solution

by:
Kdo earned 500 total points
ID: 18877723
Hi Howard,

Looking at the code it's hard to tell exactly where/how you intend to implement this so I'll make a couple of broad statements.  That might help to clear things up.  :)

-  A packet sniffer does not normally work at the application level.  Too many issues to name.
-  The sniffer is connectionless.  It needs to see all of the packets/
-  The sniffer doesn't care about protocol.  It should see the TCP and UDP packets.
-  UDP packets are usually "local".  The are not forwarded by the router.
-  Once the sniffer has examined a packet, it must be forwarded.  If the sniffer is working near the lower levels of the IP stack it simply places it on a queue for proper disposition.  If the sniffer is working near the higher (application) level it must pass the packet to be forwarded OR to the desired service on the local machine.  This is something that you should avoid.


Kent
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Tracking Down IP in VMware 41 96
HSRP not working on N7K-c7018 3 43
Intel wireless adapter shuts down when logging off Windows 7 13 57
Martian Packets Unix 5 31
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
The goal of this video is to provide viewers with basic examples to understand and use pointers in the C programming language.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now