fgw.c

Nast是一个基于Libnet 和Libpcap的sniffer包和LAN分析器。它可以在通常模式或混合模式下检查通过网络接口的数据包

/*
    nast

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

*/

/* try to find lan-gateway
 *
 * return 1 if lan-gw is found
 * return 0 if lan-gw is not found
 * return -1 on error
 *
 */

 /* This version is limitated:
  * Max 255 hosts to search gateway for ...
  */

#include "include/nast.h"

int fgw (u_char *dev)
{
   /* an "external" ip (www.google.com) */
   u_char *extip =
     {
	"216.239.51.101"
     };
   u_long myip;
   struct libnet_ether_addr *tmpmac;
   u_char mymac[6];
   u_short i, k, pcount;
   u_short n; /* n=number of up hosts */

   libnet_t *l;
   u_char ebuf[LIBNET_ERRBUF_SIZE];
   libnet_ptag_t ptag;
   pcap_t *p;

   struct host * uphost;

   /* pcap options */
   u_int16_t type;
   struct libnet_ipv4_hdr *ip;
   struct libnet_tcp_hdr *tcp;
   int sd;

   struct timeval tv;
   fd_set rfsd;

   n = k = ptag = pcount = 0;

   /* query device to find MAC / IP / NETMASK */
   if (!dev)
     {
	fprintf (stderr, "Device is null!\n");
	return -1;
     }

   if (demonize)
     printf ("Is very useless demonize me in finding gateway! Omit\n\n");

   l = libnet_init (LIBNET_LINK, dev, ebuf);
   myip = libnet_get_ipaddr4(l);
   tmpmac = libnet_get_hwaddr(l);
   for (i=0; i<6; i++) mymac[i]=tmpmac->ether_addr_octet[i];

   /* init libnet_t *l  */
   l = libnet_init (LIBNET_LINK, dev, ebuf);

   /* build tcp and ip header (this doesn't change */
   if (libnet_build_tcp (2500, 80, 847930886, 524972923, 0x02, 32767, 0, 0, LIBNET_TCP_H, NULL, 0, l, 0)==-1)
     {
	fprintf (stderr, "Error building tcp header : %s\n" ,libnet_geterror(l));
	libnet_destroy (l);
	return -1;
     }

   if (libnet_build_ipv4 (LIBNET_TCP_H + LIBNET_IPV4_H, 0x08, 35320, 0, 64, IPPROTO_TCP, 0, myip, libnet_name2addr4(l, extip, LIBNET_DONT_RESOLVE), NULL, 0, l, 0)==-1)
     {
	fprintf (stderr, "Error building ip header : %s\n", libnet_geterror(l));
	libnet_destroy(l);
	return -1;
     }

   printf ("Finding suitable hosts (excluding localhost) -> ");
   fflush (stdout);

   /* find up possible hosts */
   if ((uphost = map_lan(dev, 0, &n))==NULL)
     {
	fprintf (stderr, "\nCan't build truly host list! mmhhh!\nReport bug to author please\n\n");
	return -1;
     }
   if (n==0)
     {
	fprintf (stderr, "\nWhat are you doing? You are alone in this network!\n\n");
	return -1;
     }

   printf ("done\n");

   /* set gwip and increment within for cicle */
   while (k < n)
     {
	printf ("Tring %d.%d.%d.%d (%s)\t-> ", uphost[k].ip[0], uphost[k].ip[1], uphost[k].ip[2], uphost[k].ip[3], nast_hex_ntoa (uphost[k].mac));
	fflush (stdout);

	if ((ptag = libnet_build_ethernet (uphost[k].mac, mymac, 0x0800, NULL, 0, l, ptag))==-1)
	  {
	     fprintf (stderr, "Error rebuilding ethernet frame : %s\n", libnet_geterror(l));
	     libnet_destroy(l);
	     return -1;
	  }

	if (libnet_write (l) == -1)
	  {
	     fprintf (stderr, "Error writing packet on wire : %s\n", libnet_geterror(l));
	     libnet_destroy(l);
	     return -1;
	  }

	pcap_lookupnet(dev,&netp,&maskp,ebuf);

	if ((p = pcap_open_live (dev, BUFSIZ, NOT_PROMISC, 10, ebuf))==NULL)
	  {
	     fprintf (stderr, "pcap_open_liver() error : %s\n", ebuf);
	     libnet_destroy(l);
	     return -1;
	  }

	/* to better work with many traffic */
	pcap_compile(p,&fp,"src port 80 and dst port 2500",0,netp);
	pcap_setfilter(p,&fp);

	sd = pcap_fileno(p);

	/* try to sniff */

	for (;;)
	  {

	     /* set 2 secondz delay | DONT TOUCH! */
	     FD_ZERO (&rfsd);
	     FD_SET (sd ,&rfsd);
	     tv.tv_sec = 2;
	     tv.tv_usec = 0;

	     /* 30 packet max for delay */
	     if (pcount == 30)
	       {
		  printf ("Bad (timeout due to high traffic to your host, try again later to make sure)\n");
		  break;
	       }

	     if (!select(sd+1, &rfsd, NULL, NULL, &tv))
	       {
		  printf ("Bad\n");
		  break;
	       }

	     /* capture packet (packet) and pcap_header (hdr) */
	     packet = (u_char *) pcap_next (p, &hdr);

	     if (packet==NULL)
	       {
		  fprintf (stderr, "Null packet!\n");
		  break;
	       }

	     type = handle_ethernet (packet);

	     if (type==ETHERTYPE_IP)
	       {
		  ip = (struct libnet_ipv4_hdr *) (packet + offset);
		  tcp = (struct libnet_tcp_hdr *) (packet + offset + sizeof(struct libnet_ipv4_hdr));

		  /* verify packet : ports and source ip*/
		  if ((ntohs(tcp->th_sport)==80) && (ntohs(tcp->th_dport)==2500) && (!strcmp(inet_ntoa(ip->ip_src), extip)))
		    {
		       printf ("%sYep!%s\n", BOLD, NORMAL);
		       break;
		    }
	       }

	     pcount ++;
	  }

	pcap_close(p);
	pcount = 1;
	k++;
     }

   if (l) libnet_destroy(l);

   printf ("\n");

   return 0;
}