-
Notifications
You must be signed in to change notification settings - Fork 8
/
pcap_sniffer.c
67 lines (57 loc) · 1.95 KB
/
pcap_sniffer.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#include <stdio.h>
#include <pcap.h>
int main(int argc, char *argv[])
{
pcap_t *handle; /* Session handle */
char dev[]= "ppp0"; /* Device to sniffer on */
char errbuf[PCAP_ERRBUF_SIZE]; /* Error String */
struct bpf_program fp; /* The compliled filter expression */
char filter_exp[] = "port 80"; /* The filter expression */
bpf_u_int32 mask; /* The netmask of our sniffing device */
bpf_u_int32 net; /* The IP of our sniffering device */
struct pcap_pkthdr header; /* The header that pcap gives us */
const u_char *packet; /* The actual packet */
/* Define the device */
/*
dev = pcap_lookupdev(errbuf);
if(dev == NULL)
{
fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
return(2);
}
*/
/* Find the properties for the device */
if(pcap_lookupnet(dev, &net, &mask, errbuf) == -1)
{
fprintf(stderr, "Can't get netmask for device %s\n", dev);
net = 0;
mask = 0;
return(2);
}
/* Open the session in promiscuous mode */
handle = pcap_open_live(dev, BUFSIZ, 1, 100, errbuf);
if(handle == NULL)
{
fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
return(2);
}
/* Compile and apply the filter */
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1)
{
fprintf(stderr, "Counldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
if(pcap_setfilter(handle, &fp) == -1)
{
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
/* Grab a packet */
while ((packet = pcap_next(handle, &header)) == NULL)
;
/* Print its length */
printf("Jacked a packet with length of [%d]\n", header.len);
/*And close the session */
pcap_close(handle);
return(0);
}