[C] Errori con le funzioni pcap di pcap.h

**nightfall** · 11-06-2004, 18:09

Perche' mi da' sempre "Dispositivo sconosciuto" ???
e non fa' quello che dovrebbe fare ???

codice:

/* [ pop3sniff.c ] */
#include <netinet/tcp.h> 
#include <netinet/ip.h>
#include <netinet/in.h>
#include <net/if.h>
#include <signal.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <ctype.h>
#include <stdio.h>
#include <pcap.h>

#define SNAPLEN		8*1024
#define LOGFILE		"sniff.log"
#define IPHDR		sizeof(struct iphdr)

/* Search this String */
#define WRDCTRL1		"test"
#define WRDCTRL2		"TEST"
#define WRDCTRL3		"Test"
#define WRDCTRL4		"tset"


int IFFHDR, i, S, iplen, tcplen;
struct pcap *pcap_s;
struct pcap_pkthdr pcap_h;
unsigned char *buf, *saddr, *daddr;
struct iphdr *ip;
struct tcphdr *tcp;
char *payload, buff[SNAPLEN];
FILE *logs;

void iffclose() {
	pcap_close(pcap_s);
	fclose(logs);
	exit(13);
}

void dumpip() {
	saddr = (unsigned char *)&(ip->saddr);
	daddr = (unsigned char *)&(ip->daddr);
	
	fprintf (logs, "\r\n-=[ %u.%u.%u.%u:%d <-> %u.%u.%u.%u:%d : ", 
				saddr[0], saddr[1], saddr[2], saddr[3], ntohs(tcp->source),
				daddr[0], daddr[1], daddr[2], daddr[3], ntohs(tcp->dest));
	fflush (logs);
}


void nethunt() {
	ip = (struct iphdr *)(buf+IFFHDR);
	iplen = (ip->ihl<<2);
	
	if (ip->protocol != IPPROTO_TCP) return;
	
	tcp = (struct tcphdr *)(buf+IFFHDR+iplen);
	tcplen = (tcp->doff<<2);
	payload = (char *)(buf+IFFHDR+iplen+tcplen);
	
	if (ntohs(tcp->dest) == 110) {
		if (strstr(payload, WRDCTRL1) || strstr(payload, WRDCTRL2) ||
			 strstr(payload, WRDCTRL3) || strstr(payload, WRDCTRL4)) 
		{
			strncpy (buff, payload, SNAPLEN-5); 
			buff[SNAPLEN-4] = '\0';
			
			dumpip();
			
			for (i=0; i < strlen(buff); i++) {
				if (isprint(buff[i])) {
					fputc(buff[i], logs);
				} else if (buff[i] == '\r' || buff[i] == '\n') {
					fputs (" ]=-\r\n", logs);
					fflush (logs);
					return;
				}
			}
		}
	}	
}

int main (int argc, char **argv) {
	char ebuf[255];
	
	if (getuid()) {
		fprintf (stderr, "Devi essere root...\r\n");
		return (1);
	}
	
	if ((pcap_s = pcap_open_live("ppp0", SNAPLEN, 1, 1000, ebuf)) == NULL) {
		fprintf (stderr, "Impossibile aprire il dispositivi di Pcap...\r\n");
		return (17);
	}
	
	switch (pcap_datalink(pcap_s)) {
		case DLT_NULL:		IFFHDR = 4;
								break;
		case DLT_EN10MB:
		case DLT_EN3MB:	IFFHDR = 14;
								break;
		case DLT_PPP:		IFFHDR = 4;
								break;
		case DLT_SLIP:		IFFHDR = 16;
								break;
		case DLT_FDDI:		IFFHDR = 21;
								break;
		case DLT_RAW:		IFFHDR = 0;
								break;
		default:	fprintf (stderr, "Dispositivo sconosciuto...\r\n");
					break;
	}
	
	if ((logs = fopen(LOGFILE, "a")) == NULL) {
		fprintf (stderr, "Impossibile Aprire il File di Log...\r\n");
		return (17);
	}
	
	signal (SIGINT,  iffclose);
	signal (SIGTERM, iffclose);
	signal (SIGKILL, iffclose);
	signal (SIGQUIT, iffclose);
	
	
	while (1) {
		buf = (u_char *)pcap_next(pcap_s, &pcap_h);
		if (buf != NULL && (pcap_h.len - IFFHDR) >= IPHDR) nethunt();
	}
	
	return (0);
}

PS: Per la compilazione e la fase di linker e' tutto aposto...

Discussione: [C] Errori con le funzioni pcap di pcap.h

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio