u_sehsniffer.pas

linux program to read packet data

(*
 * One Way Network Sniffer (OWNS)
 * Copyright (C) 2001-2002 OWNS
 *
 * http://owns.sourceforge.net/
 * http://www.owns.st
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *)

(* $Id: u_SehSniffer.pas,v 1.6 2002/11/23 21:49:50 owns Exp $ *)

unit u_SehSniffer;
interface
uses classes, IdGlobal,u_Sniffer,u_Debug,sysutils,packet32seh;


// uses packet32seh

const
  MAX_ADAPTER_COUNT = 20;

type
  TSnifferThread = class;

  TSehSniffer = class(TSniffer)
  private
    FAdapterDescs: array[0..MAX_ADAPTER_COUNT-1] of ADAPTER_DESC; // description des interfaces r閟eaux
    FpPacket: LPPACKET;
    FhAdapter: Longword;
    FuBuffer: array[0..1520] of Char;
    FuMac: array[0..5] of Byte;
    FThread : TSnifferThread;
    FThreadPriority : TThreadPriority;
    procedure setThreadPriority(p_Priority : TThreadPriority);
    procedure threadTerminated(Sender: TObject);
  public
    class function isAvailable : boolean; override;
    constructor create;
    destructor Destroy; override;
    function getAdapters(var ErrStr : String) : boolean; override;
    function Activate(var ErrStr: string) : Boolean; override;
    function Deactivate(var ErrStr: string): boolean; override;
    property ThreadPriority : TThreadPriority read FThreadPriority write setThreadPriority;
  end;

  TSnifferThread = class(TThread)
  private
    FpAdapter: LPADAPTER;
    FpPacket: LPPACKET;
    FdwRxBytes: LongWord;
    FParent: TSehSniffer;
    FException : Exception;
  protected
  public
    constructor Create(p_Parent : TSehSniffer; p_Adapter : LPADAPTER; p_Packet : LPPACKET);
    destructor Destroy; override;
    procedure Execute; override;
    procedure PacketReceived;

    property Adapter: LPADAPTER read FpAdapter write FpAdapter;
    property Packet: LPPACKET read FpPacket write FpPacket;
  end;


implementation

////////////////////////////////////////////////////////////////////////////////
//
// TSehSniffer
//
////////////////////////////////////////////////////////////////////////////////

constructor TSehSniffer.create;
begin
  inherited Create;
  FThreadPriority := tpNormal;
  FThread := nil;
  FMode := live; // cannot capture offline
end;

destructor TSehSniffer.Destroy;
var
  l_ErrStr : String;
begin
  if FSnoopStarted then Deactivate(l_ErrStr);
  inherited Destroy;
end;

// build the network interfaces list
function TSehSniffer.getAdapters(var ErrStr : String) : boolean;
var
  i : Integer;
  l_AdapterCount : Integer;
begin
  result := false;
  if (PacketGetAdapterNames(@FAdapterDescs[0], MAX_ADAPTER_COUNT, @l_AdapterCount) = FALSE) then
  begin
    errStr := 'Cannot get adapters names';
    result := false;
    exit;
  end;

  For i := 0 to l_adapterCount-1 do
    FAdapters.Add(FAdapterDescs[i].szAdapterDesc);
  result := true;
end;


// start to sniff
function TSehSniffer.Activate(var ErrStr: string) : Boolean;
var
  i: integer;
begin
  Result := False;

  if (FSnoopStarted) then
  begin
    ErrStr := 'Snooping already activated';
    exit;
  end;

  //Open Adapter
  FhAdapter := PacketOpenAdapter(FAdapterDescs[FAdapterIndex].szAdapterName);
  if (FhAdapter = 0) then
  begin
    ErrStr := 'Error while opening adapter';
    exit;
  end;

(*  if (PacketSetLookAhead(LPADAPTER(FhAdapter),2000) = false) then
  begin
    ErrStr := 'Error while setting lookahead';
    exit;
  end;
*)

  //Get Adapter Description
  PacketAdapterDesc(LPADAPTER(FhAdapter), @FuBuffer[0], sizeof(FuBuffer), @i);

  //Get Current Mac Address
  PacketGetAddress(LPADAPTER(FhAdapter), @FuMac[0], 6, @i);

  //Select Filter mode
  PacketSetFilter(LPADAPTER(FhAdapter), NDIS_PACKET_TYPE_PROMISCUOUS);

  //Allocate Packet
  FpPacket := LPPACKET( PacketAllocatePacket(LPADAPTER(FhAdapter)) );
  if (FpPacket = Nil) then
  begin
    //Error...
    PacketCloseAdapter(LPADAPTER(FhAdapter));
    ErrStr := 'Error while allocating packet';
    exit;
  end;

  //set the packet's buffer and its max. length
  PacketInitPacket(FpPacket, @FuBuffer[0], 1520);

  //Create Thread
  FThread := TSnifferThread.Create(self,LPADAPTER(FhAdapter),FpPacket); //Create Suspended Thread
  // cela 関ite d'appeler FThread.free dans StopSnoop qui peut 阾re appel