Skip to content

Instantly share code, notes, and snippets.

@hui1601

hui1601/pcap.c

Created April 7, 2024 12:47
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save hui1601/52da1ba0502498050da3924a70444534 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save hui1601/52da1ba0502498050da3924a70444534 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
pcap.c
#include <arpa/inet.h>
#include <pcap.h>
#include <stdio.h>
#include <stdlib.h>
typedef unsigned char uchar;
typedef unsigned short ushort;
typedef unsigned int uint;
/* Ethernet header */
struct ethheader {
uchar ether_dhost[6]; /* destination host address */
uchar ether_shost[6]; /* source host address */
ushort ether_type; /* protocol type (IP, ARP, RARP, etc) */
};
/* IP Header */
struct ipheader {
unsigned char iph_ihl : 4, // IP header length
iph_ver : 4; // IP version
unsigned char iph_tos; // Type of service
unsigned short int iph_len; // IP Packet length (data + header)
unsigned short int iph_ident; // Identification
unsigned short int iph_flag : 3, // Fragmentation flags
iph_offset : 13; // Flags offset
unsigned char iph_ttl; // Time to Live
unsigned char iph_protocol; // Protocol type
unsigned short int iph_chksum; // IP datagram checksum
struct in_addr iph_sourceip; // Source IP address
struct in_addr iph_destip; // Destination IP address
};
/* TCP Header */
struct tcpheader {
ushort tcp_sport; /* source port */
ushort tcp_dport; /* destination port */
uint tcp_seq; /* sequence number */
uint tcp_ack; /* acknowledgement number */
uchar tcp_offx2; /* data offset, rsvd */
#define TH_OFF(th) (((th)->tcp_offx2 & 0xf0) >> 4)
uchar tcp_flags;
#define TH_FIN 0x01
#define TH_SYN 0x02
#define TH_RST 0x04
#define TH_PUSH 0x08
#define TH_ACK 0x10
#define TH_URG 0x20
#define TH_ECE 0x40
#define TH_CWR 0x80
#define TH_FLAGS (TH_FIN | TH_SYN | TH_RST | TH_ACK | TH_URG | TH_ECE | TH_CWR)
ushort tcp_win; /* window */
ushort tcp_sum; /* checksum */
ushort tcp_urp; /* urgent pointer */
};
void got_packet(uchar *args, const struct pcap_pkthdr *header,
const uchar *packet) {
struct ethheader *eth = (struct ethheader *)packet;
struct ipheader *ip = (struct ipheader *)(packet + sizeof(struct ethheader));
if (ntohs(eth->ether_type) != 0x0800) {
return;
}
if(ip->iph_len < 5){
return;
}
printf(" Source MAC: ");
for (int i = 0; i < 6; i++) {
printf("%02x", eth->ether_shost[i]);
if (i < 5)
printf(":");
}
printf("\n");
printf(" Destination MAC: ");
for (int i = 0; i < 6; i++) {
printf("%02x", eth->ether_dhost[i]);
if (i < 5)
printf(":");
}
printf("\n");
printf(" From: %s\n", inet_ntoa(ip->iph_sourceip));
printf(" To: %s\n", inet_ntoa(ip->iph_destip));
struct tcpheader *tcp =
(struct tcpheader *)(packet + sizeof(struct ethheader) +ip->iph_ihl * 4);
printf(" Source port: %u\n", ntohs(tcp->tcp_sport));
printf("Destination port: %u\n", ntohs(tcp->tcp_dport));
size_t tcp_data_offset = TH_OFF(tcp) * 4;
size_t data_length = ntohs(ip->iph_len) - ip->iph_ihl - tcp_data_offset;
printf(" Data length: %lu bytes\n", data_length);
uchar *data = (uchar *)(tcp + tcp_data_offset);
printf(" Data(hex): ");
data_length = data_length > 128 ? 128 : data_length;
for (size_t i = 0; i < data_length; i++) {
printf("%02X ", data[i]);
}
printf("\n");
printf(" Data(raw): ");
for (size_t i = 0; i < data_length; i++) {
if (data[i] == '\n') {
printf("\\n");
} else if (data[i] == '\r') {
printf("\\r");
} else {
printf("%c ", data[i]);
}
}
printf("\n");
printf("=====================================\n");
}
int main() {
pcap_t *handle;
char errbuf[PCAP_ERRBUF_SIZE];
struct bpf_program fp;
char filter_exp[] = "ip and tcp";
bpf_u_int32 net = 0;
handle = pcap_open_live("wlo1", BUFSIZ, 1, 100, errbuf);
pcap_compile(handle, &fp, filter_exp, 0, net);
if (pcap_setfilter(handle, &fp) != 0) {
pcap_perror(handle, "Error:");
exit(EXIT_FAILURE);
}
pcap_loop(handle, -1, got_packet, NULL);
pcap_close(handle);
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment