A "Packet Sniffer" is an utility that sniffs without modifying the network's packets.
This code source can intercept TCP/IP packets.
IT contains two files : main.c and header.h
In header.h file we defined the structure of the tcp header and the ip header:
Header.h source code:
//IP header
typedef struct ip_hdr
{
unsigned char ip_header_len:4; // 4-bit header length (in 32-bit words) normally=5 (Means 20 Bytes may be 24 also)
unsigned char ip_version :4; // 4-bit IPv4 version
unsigned char ip_tos; // IP type of service
unsigned short ip_total_length; // Total length
unsigned short ip_id; // Unique identifier
unsigned char ip_frag_offset :5; // Fragment offset field
unsigned char ip_more_fragment :1;
unsigned char ip_dont_fragment :1;
unsigned char ip_reserved_zero :1;
unsigned char ip_frag_offset1; //fragment offset
unsigned char ip_ttl; // Time to live
unsigned char ip_protocol; // Protocol(TCP,UDP etc)
unsigned short ip_checksum; // IP checksum
unsigned int ip_srcaddr; // Source address
unsigned int ip_destaddr; // Source address
}IPV4_HDR;
// TCP header
typedef struct tcp_header
{
unsigned short source_port;
unsigned short dest_port;
unsigned int sequence;
unsigned int acknowledge;
unsigned char ns :1;
unsigned char reserved_part1:3;
unsigned char data_offset:4;
unsigned char fin :1; //Finish Flag
unsigned char syn :1; //Synchronise Flag
unsigned char rst :1; //Reset Flag
unsigned char psh :1; //Push Flag
unsigned char ack :1; //Acknowledgement Flag
unsigned char urg :1; //Urgent Flag
unsigned char ecn :1; //ECN-Echo Flag
unsigned char cwr :1; //Congestion Window Reduced Flag
unsigned short window; // window
unsigned short checksum; // checksum
unsigned short urgent_pointer; // urgent pointer
} TCP_HDR;
In main.c file we use the Winsock2.h library from the MinGW compiler to implement sockets functions used in the sniffing.
Main.c source code:
#include
#include
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
#include "header.h"
#define TAILLE_TRAME 2048
#define TAILLE_TMP 256
unsigned long nb_Total;
long Nb_Paquets[11];
BOOL Mode_PROMISCOUS;
int main(int argc, char **argv)
{
WSADATA wsa;
SOCKET sock; // the socket
struct sockaddr_in/* source,*/dest;
char trame[4096];
char *donnees = NULL;
unsigned long taille=1;
char tmp[TAILLE_TMP];
char ip[100],ent_ip[100],ent_tcp[100];
unsigned short portS, portD;
int rcvtimeo = 5000 ;
//init for the network
if (WSAStartup(MAKEWORD(2,0), &wsa) != 0)
{
//erreur
printf("\n[!]Impossible to join the network.\n--- Erreur WSAStartup() : %d\n\n", WSAGetLastError());
}else
{
//open socket on RAW mode
if ((sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP)) == INVALID_SOCKET)
printf("\n[!]Impossible to create socket.\n--- Erreur socket() : %d\n\n", WSAGetLastError());
else
{
//init of structure
memset(&dest, 0, sizeof(dest));
//promiscous mode
if (Mode_PROMISCOUS)
setsockopt( sock , SOL_SOCKET , SO_RCVTIMEO , (const char *)&rcvtimeo , sizeof(rcvtimeo));
dest.sin_addr.s_addr = inet_addr(tmp);
dest.sin_family = AF_INET;
dest.sin_port = 0;
//bind for listening
if (bind(sock,(struct sockaddr *)&dest,sizeof(dest)) == SOCKET_ERROR)
printf("\n[!]listening impossible.\n--- Erreur bind() : %d\n\n", WSAGetLastError());
else
{
//intercepting packets
WSAIoctl(sock, SIO_RCVALL, &taille, sizeof(taille), 0, 0,(LPDWORD)&tmp,0, 0);// == SOCKET_ERROR) erreur
IPV4_HDR *HeaderIP=(IPV4_HDR*) trame;
TCP_HDR *HeaderTCP=(TCP_HDR*)(sizeof(IPV4_HDR)+trame);
donnees = (char *)(sizeof(TCP_HDR)+sizeof(IPV4_HDR)+trame);
//we read packets
do
{
//printing packets fields
taille = recvfrom(sock,trame,TAILLE_TRAME,0,0,0);
printf("\n\n -------- New Packet --------");
portS = ntohs(HeaderTCP->source_port);
portD = ntohs(HeaderTCP->dest_port);
sprintf(ip,"%s:%d",inet_ntoa(*(struct in_addr *)&HeaderIP->ip_srcaddr), portS);
printf("\n [+]IP Source : %s",ip);
sprintf(ip,"%s:%d",inet_ntoa(*(struct in_addr *)&HeaderIP->ip_destaddr), portD);
printf("\n [+]IP Destination : %s",ip);
printf("\n [+]IP Version : %d -> %x", HeaderIP->ip_version, HeaderIP->ip_version);
printf("\n [+]IP Checksum : %d -> %x", HeaderIP->ip_checksum, HeaderIP->ip_checksum);
printf("\n [+]Protocol : %d -> %x", HeaderIP->ip_protocol, HeaderIP->ip_protocol);
printf("\n [+]FIN : %d -> %x", HeaderTCP->fin, HeaderTCP->fin);
printf("\n [+]SYN : %d -> %x", HeaderTCP->syn, HeaderTCP->syn);
printf("\n [+]RESET : %d -> %x", HeaderTCP->rst, HeaderTCP->rst);
printf("\n [+]PUSH: %d -> %x", HeaderTCP->psh, HeaderTCP->psh);
printf("\n [+]ACK : %d -> %x", HeaderTCP->ack, HeaderTCP->ack);
printf("\n [+]URGENT: %d -> %x", HeaderTCP->urg, HeaderTCP->urg);
printf("\n [+]ECN: %d -> %x", HeaderTCP->ecn, HeaderTCP->ecn);
printf("\n [+]CWR: %d -> %x", HeaderTCP->cwr, HeaderTCP->cwr);
printf("\n [+]TCP Checksum : %d -> %x\n\n", HeaderTCP->checksum, HeaderTCP->checksum);
printf("\n%d %d %d %d %d %d %d %d %d %d %d %d %d %d %d\n",HeaderIP->ip_header_len,HeaderIP->ip_version,HeaderIP->ip_tos,HeaderIP->ip_total_length,HeaderIP->ip_id,HeaderIP->ip_frag_offset ,HeaderIP->ip_more_fragment,HeaderIP->ip_dont_fragment,HeaderIP->ip_reserved_zero,HeaderIP->ip_frag_offset1,HeaderIP->ip_ttl,HeaderIP->ip_protocol,HeaderIP->ip_checksum,HeaderIP->ip_srcaddr,HeaderIP->ip_destaddr);
printf("\n%d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d\n",portS,portD,HeaderTCP->sequence,HeaderTCP->acknowledge,HeaderTCP->ns,HeaderTCP->reserved_part1,HeaderTCP->data_offset,HeaderTCP->fin,HeaderTCP->syn,HeaderTCP->rst,HeaderTCP->psh,HeaderTCP->ack,HeaderTCP->urg,HeaderTCP->ecn,HeaderTCP->cwr,HeaderTCP->window,HeaderTCP->checksum,HeaderTCP->urgent_pointer);
sprintf(ent_ip,"\n%d %d %d %d %d %d %d %d %d %d %d %d %d %d %d\n",HeaderIP->ip_header_len,HeaderIP->ip_version,HeaderIP->ip_tos,HeaderIP->ip_total_length,HeaderIP->ip_id,HeaderIP->ip_frag_offset ,HeaderIP->ip_more_fragment,HeaderIP->ip_dont_fragment,HeaderIP->ip_reserved_zero,HeaderIP->ip_frag_offset1,HeaderIP->ip_ttl,HeaderIP->ip_protocol,HeaderIP->ip_checksum,HeaderIP->ip_srcaddr,HeaderIP->ip_destaddr);
sprintf(ent_tcp,"\n%d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d\n",portS,portD,HeaderTCP->sequence,HeaderTCP->acknowledge,HeaderTCP->ns,HeaderTCP->reserved_part1,HeaderTCP->data_offset,HeaderTCP->fin,HeaderTCP->syn,HeaderTCP->rst,HeaderTCP->psh,HeaderTCP->ack,HeaderTCP->urg,HeaderTCP->ecn,HeaderTCP->cwr,HeaderTCP->window,HeaderTCP->checksum,HeaderTCP->urgent_pointer);
printf("ip_header %s",ent_ip);
printf("tcp_header %s",ent_tcp);
}while (taille>0);
}
closesocket(sock);
}
WSACleanup();
}
return 0;
}
This source code is compiled and executed with Code::Blocks can be downloaded from http://www.codeblocks.org/downloads/5 choose codeblocks-8.02mingw-setup.exe file which include the MinGW compiler.
After creating project in Code::Blocks create the two files main.c and header.h and before compling you should include the library Winsock2.h by clicking with the mouse right button on the project name then build options and linker settings, finally add the library with the add button.
Now you have only to compile and execute to see all fields of TCP/IP packets presented in the network.
Enjoy it.