sniffer1.c

利用libpcap实现一个网络监听的程序

#include<stdio.h>
#include<stdlib.h>
#include<string.h>
#include<unistd.h>
#include<pcap.h>
#include<netinet/in.h>
#include<netinet/in_systm.h>
#include<netinet/ip.h>
#include<netinet/if_ether.h>
#include<netinet/udp.h>
#include<netinet/tcp.h>
#include<sys/types.h>
#include<sys/time.h>
#include<netinet/ip_icmp.h>
#include<sys/stat.h>
#include<fcntl.h>
#include<string.h>
#include<signal.h>
#define ON 1
#define OFF 0
#define IF_DEVICE  0
#define IF_FILTER  1
#define  IF_ALL 2
#define IF_SAVE 3
#define IF_HELP  4
#define IF_COUNT 5
#define IF_PRO  6
#define IF_READ 7
#define IF_STATIC 8
#define OPTNUM   9
#define DEFAULT_SNAPLEN  68
char filename[256];
int opt[OPTNUM];


long arp_count=0;
long rarp_count=0;
long tcp_count=0;
long udp_count=0;
long icmp_count=0;
long other_count=0;

void help()
{

printf("sniffer [-a display the packet in detail]\n");
printf("        [-c count]\n");                                    
printf("        [-f filter expression]\n");
printf("        [-h get help]\n"); 
printf("        [-i interface]\n");
printf("        [-p set to promiscuuous]\n");
printf("        [-s tongjibao\n");
printf("        [-w save the packet in a file]\n");
printf("        [-r  fen xi a packet in a file ]\n");  


}
char * mac_ntoa(u_char *d)
{
static char str[50];
sprintf(str,"%02x:%02x:%02x:%02x:%02x:%02x",d[0],d[1],d[2],d[3],d[4],d[5],d[6]);return str;

}
char * ip_ftoa(int flag)
{
static char f[]={'R','D','M'};
static char str[7];
u_int mask=0x8000;
int i;
for(i=0;i<3;i++)
if(flag&(mask>>i)!=0)
str[i]=f[i];
else 
str[i]='0';

str[i]='\0';
return str;
}
//void p_ipad(u_char * d)
char * tcp_to_char(struct tcphdr * tcp)
{
static char str[17];
int i;
for(i=0;i<6;i++)str[i]='0';
i=0;
if(tcp->urg==1)str[0]='u';
if(tcp->ack==1)str[1]='a';
if(tcp->psh==1)str[2]='p';
if(tcp->rst==1)str[3]='r';
if(tcp->syn==1)str[4]='s';
if(tcp->fin==1)str[5]='f';
str[6]='\0';
return str;
}
char * ip_to_char(u_char * d)
{
 static char str[25];
sprintf(str,"%3d.%3d.%3d.%3d",d[0],d[1],d[2],d[3]);
return str;
}
void print_ether(struct ether_header * eth)
{
printf("Ethernet Frame\n");
printf("+--------+--------+--------+--------+--------+--------+\n");
printf("|Destination MAC Address:%29s|\n",mac_ntoa(eth->ether_dhost));
printf("+--------+--------+--------+--------+--------+--------+\n");
printf("|Source MAC Address:%34s|\n",mac_ntoa(eth->ether_shost));
printf("+--------+--------+--------+--------+--------+--------+\n");
printf("|ether_type:0x%04x|\n",ntohs(eth->ether_type));
printf("+--------+--------+\n");
}
void print_arp(struct ether_arp *arp)
{
static char * arp_operation[]={"undefine",
 "arp request","arp reply","rarp request","rarp reply"};
int op=ntohs((arp->ea_hdr).ar_op);


if(op<=0||op>5)
op=0;

printf("Protocol:ARP\n");
printf("op:%s\n",arp_operation[op]);
printf("+--------+--------+--------+--------+--------+--------+\n");
printf("|Source MAC Address:%34s|\n",mac_ntoa(arp->arp_sha));
printf("+--------+--------+--------+--------+\n");
printf("|source ip:%26s|\n",ip_to_char((u_char *)&(arp->arp_spa)));
printf("+--------+--------+--------+--------+--------+--------+\n");
printf("|Destination MAC Address:%29s|\n",mac_ntoa(arp->arp_tha));
printf("+--------+--------+--------+--------+\n");
printf("|Destination ip:%22s|\n",ip_to_char((u_char *)&(arp->arp_tpa)));


}
void print_ip(struct  ip *ip)
{
printf("Protocol:ip\n");
printf("+----+----+--------+--------+--------+\n");

printf("|IV:%1u|hl:%2u|T:%2u|Total Length:%7u|\n",ip->ip_v,ip->ip_hl,
 ip->ip_tos,   ntohs(ip->ip_len) );
printf("+--------+--------+----+----+--------+\n");
printf("|Identifer:%7u|FF:%3s|FO:%8u\n",ntohs(ip->ip_id),
ip_ftoa(ntohs(ip->ip_off)),ntohs(ip->ip_off)&IP_OFFMASK);
printf("+--------+--------+----+----+--------+\n");
printf("|TTL:%4u|pro:%4u|checksum%10u|\n",ip->ip_ttl,ip->ip_p,
ntohs(ip->ip_sum));
printf("+--------+--------+----+----+--------+\n");
printf("|source ip:%26s|\n",ip_to_char((u_char *)&(ip->ip_src)));
printf("+--------+--------+----+----+--------+\n");
printf("|Destnation ip:%22s|\n",ip_to_char((u_char *)&(ip->ip_dst)));
printf("+--------+--------+----+----+--------+\n");
}
void print_icmp(struct icmp * icmp)
{
static char * type_name[]={
"echo reply",
"undefine",
"undefine",
"destination unreachable",
"source quench",
"redirect",
"undefine",
"echo request",
"undefine",
"undefine",
"time exceeded",
"parameter",
"timestamp request",
"temestamp replay",
"information request",
"information reply",
"address mask request",
"address mask reply",
"unknown"
};

int type=icmp->icmp_type;
if(type<0||type>18)
type=19;
printf("protocol :icmp(%s)\n",type_name[type]);
printf("+-------+--------+--------+---------+\n");

printf("|type:%2u|code:%3u|checksum :%8u|\n",icmp->icmp_type,
icmp->icmp_code,ntohs(icmp->icmp_cksum));
printf("+-------+--------+--------+---------+\n");
if(icmp->icmp_type==0||icmp->icmp_type==8)
{
printf("|ID:%13u|Seq Number:%7u|\n",ntohs(icmp->icmp_id),ntohs(icmp->icmp_seq));
printf("+-------+--------+--------+---------+\n");


}

else if(icmp->icmp_type==3)
{

printf("|void :%5u|next MTU:%5u|\n",ntohs(icmp->icmp_pmvoid),
ntohs(icmp->icmp_nextmtu));


}
else if(icmp->icmp_type==5)
{
printf("|router ip address :%15s|\n",
ip_to_char((u_char*)&(icmp->icmp_gwaddr)   ));
}
else if(icmp->icmp_type==11)
{

printf("|unused :%10u|\n",(u_long)ntohl(icmp->icmp_void));
printf("+-------+--------+--------+---------+\n");
}
}
void print_udp(struct udphdr *  udp)
{
printf("protocol:UDP\n");
printf("+-------+-------+-------+-------+\n");
printf("|Sou Port:%6u|Dest Port:%5u|\n",
ntohs(udp->source),ntohs(udp->dest));
printf("+-------+-------+-------+-------+\n");
printf("|length:%8u|checksum%7u|\n",ntohs(udp->len),
ntohs(udp->check));
}
void print_tcp(struct tcphdr * tcp)
{
printf("Protocol :TCP\n");
printf("+----------------+----------------+\n");
printf("|Sou port:%7u|Dest port:%6u|\n",ntohs(tcp->source)
,ntohs(tcp->dest));
printf("+----------------+----------------+\n");
printf("|Sequence Number:%17lu\n",(u_long)ntohl(tcp->seq));
printf("+----------------+----------------+\n");
printf("|Acknowledgement Number:%10lu\n",(u_long)ntohl(tcp->ack_seq));
printf("+----------------+----------------+\n");

printf("|Do:%1u|Rese|%6s|window Size:%7u|\n",tcp->doff,
tcp_to_char(tcp),tcp->window);
printf("+----------------+----------------+\n");

printf("|Checksum:%7u|Urgent Poin:%4u|\n",ntohs(tcp->check),
ntohs(tcp->urg_ptr));
}
void dump_packet(u_char* buf,int len)
{

int i,j,k;
printf("Frame Dump:\n");
for(i=0;i<len;i+=16)
{

	for(j=i;j<i+16&&j<len;j++)
	{
	
	printf("%02x",buf[j]);
        if(j%2==1)
        printf("  ");
	}
if(j%16!=0)
{

for(k=0;k<((j%16)+(j%2));k++)
printf(" ");
}
printf(":");

	
	for(j=i;j<i+16&&j<len;j++)
	{
	if((buf[j]>=0x20)&&(buf[j]<=0x7e))
	printf("%c",buf[j]);
	else
	printf(".");

	}
	
	
	printf("\n");
}

}
void sniffer_main(u_char * user,const struct pcap_pkthdr * h,const u_char * p)
{

static int count=0;
char time[256];

printf("Nnmber:%3d" ,++count);

time_t tt;
tt=(h->ts).tv_sec;

sscanf(ctime(&tt),"%*s%*s%*s%s",time);
printf("  time:%s",time);
printf("  size: %d byte--",h->len);
struct ether_header * eth;
struct ether_arp * arp;
struct ip * ip;
struct icmp * icmp;
struct tcphdr * tcp;
struct udphdr * udp;
eth=(struct ether_header *)p;

                                                                                                               
if(ntohs(eth->ether_type)==ETHERTYPE_IP)
{
ip=(struct ip *)(p+sizeof(struct ether_header ));
                                                                                                               
printf("%s->",ip_to_char((u_char *)&(ip->ip_src)));
printf("%s",ip_to_char((u_char *)&(ip->ip_dst)));                                                                                                               
switch(ip->ip_p)
{
case IPPROTO_TCP:
tcp=(struct tcphdr *)(p+sizeof(struct ether_header )+ip->ip_hl*4);
printf("    tcp port :% 6u\n",ntohs(tcp->source));

                                                                                                               
break;
case IPPROTO_UDP:
udp=(struct udphdr *)(p+sizeof(struct ether_header )+ip->ip_hl*4);
printf("    udp  port:%6u\n",ntohs(udp->source));


break;
case IPPROTO_ICMP:
icmp=(struct icmp *)(p+sizeof(struct ether_header )+ip->ip_hl*4);
printf("   icmp\n");
break;
                                                                                                               
default:
printf("unknow\n");
}
                                                                                                               
}
                                                                                                               
else if(ntohs(eth->ether_type)==ETHERTYPE_ARP)
{
arp=(struct ether_arp *)(p+sizeof(struct ether_header ));

printf("arp from :%s\n",ip_to_char((u_char *)&(arp->arp_spa)));
                                                                                                               
}





















}
void save_packet(u_char * user,const struct pcap_pkthdr * h,const u_char * p)
{
static count=0;
printf("%d packets is saved \n",++count);
int fp1,fp2;
fp1=open(filename,O_RDWR|O_APPEND);
if(fp1==-1)
{
printf("open  packet  file error\n");
exit(1);
                                                                                                               
}
char temp[256];
strcpy(temp,filename);
fp2=open(strcat(temp,"_size"),O_RDWR|O_APPEND);
if(fp2==-1)
{
printf("open packet size  file  %s    error\n",strcat(filename,"_size"));
exit(1);
                                                                                                               
}
                                                                                                               
if(write(fp1 ,p,h->len)==-1)
{
                                                                                                               
printf("save packet  error\n");
exit(1);
                                                                                                               
 }
if(write(fp2 ,&(h->len),sizeof(int))==-1)
{
                                                                                                               
printf("save packet size   error\n");
exit(1);
                                                                                                               
 }
                                                                                                               
                                                                                                               
                                                                                                               
close(fp1);
close(fp2);





}
void read_packet(const u_char * p,int len)
{