prom.c

Nast是一个基于Libnet 和Libpcap的sniffer包和LAN分析器。它可以在通常模式或混合模式下检查通过网络接口的数据包

/*
    nast

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

*/

#include "include/nast.h"

/* if ip_dst is 0 scan for all network NIC */

int psearch (char *dev, u_long ip_dst, u_short lg)
{
   u_char enet_dst[6] =
     {
	0xff, 0xff, 0, 0, 0, 0
     };
   u_char enet_src[6];
   u_long ip_src;
   char errbuf[256];
   int sd;
   fd_set rfsd;
   struct timeval tv;
   libnet_t *l;
   struct libnet_ether_addr *e;
   struct nast_arp_hdr *arp;
   u_char *pkt;
   struct host *uphost=NULL;
   u_short pcount, i, k;
   u_char ip[16];

   k = i = 0;

   /* demonize */
   if (demonize)
     printf ("Is very useless demonize me here! Omit\n\n");

   if ((l = libnet_init (LIBNET_LINK, dev, errbuf))==NULL)
     {
        fprintf(stderr, "libnet_init: %s\n\n", errbuf);
        return -1;
     }

   if ((e = libnet_get_hwaddr(l))==NULL)
     {
	fprintf(stderr, "Can't get hardware address: %s\n\n", libnet_geterror(l));
	return -1;
     }

   memcpy (enet_src, e->ether_addr_octet, 6);

   if ((pcap_lookupnet(dev, &netp, &maskp, errbuf))==-1)
     {
	fprintf (stderr, "pcap_lookupnet error: %s\n", errbuf);
	return -1;
     }

   if ((ip_src = libnet_get_ipaddr4(l))==-1)
     {
	fprintf (stderr, "Can't get local ip address : %s\n\n", libnet_geterror(l));
	return -1;
     }

   /* log all packets */
   if (lg)
     {
	openfile();
	printf ("Logging to file... ");
	fflush (stdout);
	fprintf(log, "NAST PROMISC SCAN REPORT\n");
	fprintf(log, "Made on %s\n\n", timed);
     }

   if (ip_dst==0)
     {
	fprintf (log, "Probe for hosts... ");
	fflush (log);
	if ((uphost = map_lan(dev, 0, &k))==NULL)
	  {
	     fprintf (stderr, "\nCan't build truly host list! mmhhh!\nReport bug to author please\n\n");
	     return -1;
	  }
	if (k==0)
	  {
	     fprintf (stderr, "\nWhat are you doing? You are alone in this network!\n\n");
	     return -1;
	  }
	fprintf (log, "done\n\n");
     }

   /* only 1 host */
   if (ip_dst!=0) k=1;

   while (i < k)
     {
	/* single host */
	if (ip_dst!=0)
	  {
	     if (libnet_build_arp(ARPHRD_ETHER, ETHERTYPE_IP, 6, 4, ARPOP_REQUEST,
				  enet_src, (u_char *)&ip_src, enet_dst, (u_char *)&ip_dst,
				  NULL, 0, l, 0)==-1)
	       {
		  fprintf (stderr, "Can't build arp header : %s\n\n", libnet_geterror(l));
		  return -1;
	       }
	  }
	/* all network */
	else
	  {
	     if (libnet_build_arp(ARPHRD_ETHER, ETHERTYPE_IP, 6, 4, ARPOP_REQUEST,
				  enet_src, (u_char *)&ip_src, enet_dst, uphost[i].ip,
				  NULL, 0, l, 0)==-1)
	       {
		  fprintf (stderr, "Can't build arp header : %s\n\n", libnet_geterror(l));
		  return -1;
	       }
	  }

	if (libnet_build_ethernet(enet_dst, enet_src, ETHERTYPE_ARP, NULL, 0, l, 0)==-1)
	  {
	     fprintf (stderr, "Can't build arp header : %s\n\n", libnet_geterror(l));
	     return -1;
	  }

        /* inizializzo e recupero il file descriptor per la select */
	if ((descr = pcap_open_live(dev, BUFSIZ, NOT_PROMISC, 10, errbuf))==NULL)
	  {
	     fprintf (stderr, "pcap_open_liver() error : %s\n\n", errbuf);
	     libnet_destroy(l);
	     return -1;
	  }

	if ((pcap_compile(descr,&fp,"arp",0,netp))==-1)
	  {
	     fprintf (stderr, "error: %s\n", pcap_geterr (descr));
	     libnet_destroy(l);
	     return -1;
	  }

	if ((pcap_setfilter(descr,&fp))==-1)
	  {
	     fprintf (stderr, "error: %s\n", pcap_geterr (descr));
	     libnet_destroy(l);
	     return -1;
	  }

	sd = pcap_fileno(descr);

	if (ip_dst!=0) fprintf (log, "%s (%s)     \t", libnet_addr2name4(ip_dst, LIBNET_DONT_RESOLVE), libnet_addr2name4(ip_dst, LIBNET_RESOLVE));
	else
	  {
	     sprintf (ip, "%d.%d.%d.%d", uphost[i].ip[0], uphost[i].ip[1], uphost[i].ip[2], uphost[i].ip[3]);
	     fprintf (log, "%s (%s)     \t", ip, libnet_addr2name4(inet_addr(ip), LIBNET_RESOLVE));
	  }
	fflush (log);

        /* mando il pacchetto */
	if (libnet_write(l)==-1)
	  {
	     fprintf (stderr, "Error sending arp request : %s\n\n", libnet_geterror(l));
	     return -1;
	  }

	if ((offset=(device(dev,descr)))==-1) return -1;
	pcount=1;

	for (;;)
	  {
             /* inizializzo la select() */
	     FD_ZERO (&rfsd);
	     FD_SET (sd ,&rfsd);
	     tv.tv_sec = 3;
	     tv.tv_usec = 0;

	     if (!select(sd+1, &rfsd, NULL, NULL, &tv) || (pcount==10))
	       {
		  fprintf (log, "Not found\n");
		  break;
	       }

	     if ((pkt = (u_char *) pcap_next(descr, &hdr))!=NULL)
	       {
		  arp = (struct nast_arp_hdr *) (pkt+offset);

		  if (ntohs(arp->ar_op)==2)
		    {
		       fprintf(log, "%sFound!%s\n", BOLD, NORMAL);
		       break;
		    }
	       }

	     pcount++;

	  }

	/* next host */
	if (descr) pcap_close(descr);
	i++;

     }

   if (l) libnet_destroy(l);
   if (lg)
     {
	printf ("finished\n\n");
	fclose (log);
     }
   else
     printf ("\n");
   return 0;
}