Перехват пакетов (sniffer example)
Ключевые слова: sniffer, example, (найти похожие документы)
_ RU.NETHACK (2:5077/15.22) _______________________________________ RU.NETHACK _
From : Vladislav Myasnyankin 2:5080/101.8 17 Dec 97 09:53:20
Subj : Перехват пакетов
________________________________________________________________________________
Hi, Denis!
Hиже текст программы, переводящей сетевую плату в promisc. mode,
в результате чего она начинает читать все пакеты, проходящие мимо
(и ей, и не ей). Сделана прога на основе програмки statnet, написанной
jeroenb@igwe.vub.ac.be. Оригинальная прога выдавала статистику, моя
печатает от кого и кому пакет и его тип. В функции handle_frame
переменная buf и есть полное содержимое пакета (с адресной частью и т.п.).
Так что бери напильник и полируй под свои нужды.
==== cut here ======
#include <stdio.h>
#include <unistd.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <linux/if_ether.h>
#include <strings.h>
#include <sys/ioctl.h>
#include <linux/if.h>
static char *target="FF-FF-FF-FF-FF-FF";
static char safe_sex[80];
void handle_frame(unsigned char buf[], int length, struct sockaddr *saddr);
main(int argc, char *argv[])
{
int sd;
struct ifreq ifr, oldifr;
char *device="eth0";
struct sockaddr saddr;
int sizeaddr;
unsigned char buf[1600];
int length;
pid_t child_proc;
if (argc != 1)
{
printf("%s\n",argv[1]);
target=argv[1];
}
/* OPEN SOCKET */
if ((sd = socket(AF_INET, SOCK_PACKET, htons(ETH_P_ALL))) < 0)
{
perror("Can't get socket: ");
exit(1);
}
/* SET PROMISC MODE ON ETHERNET CARD */
strcpy(oldifr.ifr_name, device);
if (ioctl(sd, SIOCGIFFLAGS, &oldifr) < 0)
{
close(sd);
perror("Can't get flags: ");
exit(2);
}
ifr = oldifr;
ifr.ifr_flags |= IFF_PROMISC;
if (ioctl(sd, SIOCSIFFLAGS, &ifr) < 0)
{
close(sd);
perror("Can't set flags: ");
exit(3);
}
/* END OF INITIALISATION */
child_proc=fork();
if (child_proc == 0) /* FORKED PART */
while (1)
{ /* Receive and handle frames */
sizeaddr = 1600;
length = recvfrom(sd, buf, 1600, 0, &saddr, &sizeaddr);
if (length == -1) continue;
handle_frame(buf, length, &saddr);
}
/* MAIN PART */
while (getchar() != 'q') {};
/* TERMINATE */
if (kill(child_proc,SIGTERM) < 0)
{
perror("Unable to kill child process: ");
}
if (ioctl(sd, SIOCSIFFLAGS, &oldifr) < 0)
{
close(sd);
perror("Can't set flags: ");
exit(4);
}
close(sd);
exit(0);
}
void
handle_frame(unsigned char buf[], int length, struct sockaddr *saddr)
{
char dest_addr[17];
char source_addr[17];
unsigned int type_len;
sprintf(source_addr,"%02X-%02X-%02X-%02X-%02X-%02X",buf[6],buf[7],buf[8],\
buf[9],buf[10],buf[11]);
sprintf(dest_addr,"%02X-%02X-%02X-%02X-%02X-%02X",buf[0],buf[1],buf[2],\
buf[3],buf[4],buf[5]);
type_len=buf[12]*256+buf[13];
if ((strcmp(dest_addr,target) == 0 ) | (strcmp(source_addr, target) == 0)\
| (strcmp(target,"FF-FF-FF-FF-FF-FF") == 0))
{
printf("%s -> %s: ",source_addr, dest_addr);
if (type_len < 0x05DD) /* 802.3 frame */
{
switch(buf[14])
{
case 0x00 : printf("Null LSAP\n"); break;
case 0x02 : printf("Individual LLC Sublayer Management Function\n");
break;
case 0x03 : printf("Group LLC Sublayer Management Function\n"); break;
case 0x04 : printf("IBM SNA Path Control (individual)\n"); break;
case 0x05 : printf("IBM SNA Path Control (group)\n"); break;
case 0x06 : printf("ARPANET Internet Protocol (IP)\n"); break;
case 0x0E : printf("PROWAY (IEC 955) Network Management and
Initialization\n"); break;
case 0x18 : printf("Texas Instruments\n"); break;
case 0x42 : printf("IEEE 802.1 Bridge Spanning Tree Protocol\n"); break;
case 0x4E : printf("EIA RS-511 Manufacturing Message Service\n"); break;
case 0x7E : printf("ISO 8208 (X.25 over IEEE 802.2. Type 2 LLC)\n");
break;
case 0x80 : printf("Xerox Network Systems (XNS)\n"); break;
case 0x86 : printf("Nestar\n"); break;
case 0x8E : printf("PROWAY (IEC 955) Active Station List Maintenance\n");
break;
case 0x98 : printf("ARPANET Address Resolution Protocol (ARP)\n"); break;
case 0xAA : printf("Sub-Network Access Protocol (SNAP)\n"); break;
case 0xBC : printf("Banyan VINES\n"); break;
case 0xE0 : printf("Novell NetWare\n"); break;
case 0xF0 : printf("IBM NetBIOS\n"); break;
case 0xF4 : printf("IBM LAN Management (individual)\n"); break;
case 0xF5 : printf("IBM LAN Management (group)\n"); break;
case 0xF8 : printf("IBM Remote Program Load (RPL)\n"); break;
case 0xFA : printf("Ungermann-Bass\n"); break;
case 0xFE : printf("ISO CLNS IS 8743\n"); break;
case 0xFF : printf("Global LSAP\n"); break;
default : printf("OTHER: %02Xh\n",buf[14]); break;
} /* case */
}
else /* Ethernet_II frame */
switch(type_len)
{
case 0x0600 : printf("Xerox XNS IDP\n"); break;
case 0x0800 : printf("DOD IP\n"); break;
case 0x0801 : printf("X.75 Internet\n"); break;
case 0x0802 : printf("NBS Internet\n"); break;
case 0x0803 : printf("ECMA Internet\n"); break;
case 0x0804 : printf("CHAOSnet\n"); break;
case 0x0805 : printf("X.25 Level 3\n"); break;
case 0x0806 : printf("ARP (for IP and for CHAOS)\n"); break;
case 0x6000 : printf("DEC Assigned proto\n"); break;
case 0x6001 : printf("DEC MOP Dump/Load Assistance\n"); break;
case 0x6002 : printf("DEC MOP Remote Console\n"); break;
case 0x6003 : printf("DEC DECnet Phase IV\n"); break;
case 0x6004 : printf("DEC LAT\n"); break;
case 0x6005 : printf("DEC DECnet Diagnostics\n"); break;
case 0x6006 : printf("DEC Customer use\n"); break;
case 0x6007 : printf("DEC Systems Comms Arch\n"); break;
case 0x6010 :
case 0x6011 :
case 0x6012 :
case 0x6013 :
case 0x6014 : printf("3Com Corporation\n"); break;
case 0x7000 :
case 0x7001 :
case 0x7002 : printf("Ungermann-Bass download\n"); break;
case 0x7030 : printf("Proteon\n"); break;
case 0x7034 : printf("Cabletron\n"); break;
case 0x8005 : printf("HP Probe\n"); break;
case 0x8035 : printf("Reverse ARP\n"); break;
case 0x8046 :
case 0x8047 : printf("AT&T\n"); break;
case 0x8088 :
case 0x8089 :
case 0x808A : printf("Xyplex\n"); break;
case 0x809B : printf("Kinetics Ethernet - AppleTalk over Ethernet\n");
break;
case 0x80C0 :
case 0x80C1 :
case 0x80C2 :
case 0x80C3 : printf("Digital Communications Associates\n"); break;
case 0x80D5 : printf("IBM SNA Services over Ethernet\n"); break;
case 0x80F2 : printf("Retix\n"); break;
case 0x80F3 : printf("AppleTalk ARP (Kinetics)\n"); break;
case 0x80F4 :
case 0x80F5 : printf("Kinetics\n"); break;
case 0x80F7 : printf("Apollo Computer\n"); break;
case 0x80FF :
case 0x8100 :
case 0x8101 :
case 0x8102 :
case 0x8103 : printf("Wellfleet Communications\n"); break;
case 0x8137 :
case 0x8138 : printf("Novell (IPX over DIX)\n"); break;
case 0x86DD : printf("IPv6 over bluebook\n"); break;
default : printf("OTHER: %04Xh\n",type_len); break;
} /* case */
} /* if */
}
==== end cut =======
2Denis&All: Все вопросы и комментарии только мылом.
_________________
With best regards, Vladislav
PGP key fingerprint 90 52 AB 1F 30 C7 10 83 AF 43 1D 9F 7A 10 36 6C
--- GEcho 1.02+
* Origin: Free Walking Wild Cat (2:5080/101.8)