hola . estoy con dev c++ 5.0 utilizando la libreria winpcap . y busque un ejemplo de filtrar paquetes .
/*
* Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy)
* Copyright (c) 2005 - 2006 CACE Technologies, Davis (California)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Politecnico di Torino, CACE Technologies
* nor the names of its contributors may be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <stdlib.h>
#include <stdio.h>
#include <pcap.h>
#define MAX_PRINT 80
#define MAX_LINE 16
void usage();
void main(int argc, char **argv)
{
pcap_t *fp;
char errbuf[PCAP_ERRBUF_SIZE];
char *source=NULL;
char *ofilename=NULL;
char *filter=NULL;
int i;
pcap_dumper_t *dumpfile;
struct bpf_program fcode;
bpf_u_int32 NetMask;
int res;
struct pcap_pkthdr *header;
const u_char *pkt_data;
if (argc == 1)
{
usage();
return;
}
for(i=1;i < argc; i+= 2)
{
switch (argv[i] [1])
{
case 's':
{
source=argv[i+1];
};
break;
case 'o':
{
ofilename=argv[i+1];
};
break;
case 'f':
{
filter=argv[i+1];
};
break;
}
}
// open a capture from the network
if (source != NULL)
{
if ( (fp= pcap_open(source,
1514 /*snaplen*/,
PCAP_OPENFLAG_PROMISCUOUS /*flags*/,
20 /*read timeout*/,
NULL /* remote authentication */,
errbuf)
) == NULL)
{
fprintf(stderr,"\nUnable to open the adapter.\n");
return;
}
}
else usage();
if (filter != NULL)
{
// We should loop through the adapters returned by the pcap_findalldevs_ex()
// in order to locate the correct one.
//
// Let's do things simpler: we suppose to be in a C class network ;-)
NetMask=0xffffff;
//compile the filter
if(pcap_compile(fp, &fcode, filter, 1, NetMask) < 0)
{
fprintf(stderr,"\nError compiling filter: wrong syntax.\n");
return;
}
//set the filter
if(pcap_setfilter(fp, &fcode)<0)
{
fprintf(stderr,"\nError setting the filter\n");
return;
}
}
//open the dump file
if (ofilename != NULL)
{
dumpfile= pcap_dump_open(fp, ofilename);
if (dumpfile == NULL)
{
fprintf(stderr,"\nError opening output file\n");
return;
}
}
else usage();
//start the capture
while((res = pcap_next_ex( fp, &header, &pkt_data)) >= 0)
{
if(res == 0)
/* Timeout elapsed */
continue;
//save the packet on the dump file
pcap_dump((unsigned char *) dumpfile, header, pkt_data);
}
}
void usage()
{
printf("\npf - Generic Packet Filter.\n");
printf("\nUsage:\npf -s source -o output_file_name [-f filter_string]\n\n");
exit(0);
}
[code=bash]In file included from C:/Dev-Cpp/include/pcap.h:14,
from main.c:38:
C:/Dev-Cpp/include/pcap++/Packet.h:16: error: syntax error before "pcappp"
C:/Dev-Cpp/include/pcap++/Packet.h:16: error: syntax error before '{' token
C:/Dev-Cpp/include/pcap++/Packet.h:36: error: syntax error before "Data"
C:/Dev-Cpp/include/pcap++/Packet.h:36: warning: data definition has no type or storage class
C:/Dev-Cpp/include/pcap++/Packet.h:42: warning: data definition has no type or storage class
C:/Dev-Cpp/include/pcap++/Packet.h:50: error: syntax error before "const"
C:/Dev-Cpp/include/pcap++/Packet.h:50: warning: data definition has no type or storage class
C:/Dev-Cpp/include/pcap++/Packet.h:56: error: syntax error before "const"
C:/Dev-Cpp/include/pcap++/Packet.h:69: error: syntax error before '&' token
C:/Dev-Cpp/include/pcap++/Packet.h:84: error: `packet' undeclared here (not in a function)
C:/Dev-Cpp/include/pcap++/Packet.h:84: warning: data definition has no type or storage class
C:/Dev-Cpp/include/pcap++/Packet.h:85: error: `false' undeclared here (not in a function)
C:/Dev-Cpp/include/pcap++/Packet.h:85: warning: data definition has no type or storage class
C:/Dev-Cpp/include/pcap++/Packet.h:86: error: syntax error before '}' token
C:/Dev-Cpp/include/pcap++/Packet.h: In function `get_seconds':
C:/Dev-Cpp/include/pcap++/Packet.h:116: error: syntax error before '{' token
C:/Dev-Cpp/include/pcap++/Packet.h:168: error: syntax error before "Data"
In file included from C:/Dev-Cpp/include/pcap++/DataLink.h:15,
from C:/Dev-Cpp/include/pcap.h:15,
from main.c:38:
C:/Dev-Cpp/include/string.h:37: warning: `__pure__' attribute ignored
C:/Dev-Cpp/include/string.h:42: warning: `__pure__' attribute ignored
C:/Dev-Cpp/include/string.h:43: warning: `__pure__' attribute ignored
C:/Dev-Cpp/include/string.h:46: warning: `__pure__' attribute ignored
C:/Dev-Cpp/include/string.h:49: warning: `__pure__' attribute ignored
C:/Dev-Cpp/include/string.h:51: warning: `__pure__' attribute ignored
C:/Dev-Cpp/include/string.h:53: warning: `__pure__' attribute ignored
C:/Dev-Cpp/include/string.h:54: warning: `__pure__' attribute ignored
C:/Dev-Cpp/include/string.h:55: warning: `__pure__' attribute ignored
C:/Dev-Cpp/include/string.h:56: warning: `__pure__' attribute ignored
C:/Dev-Cpp/include/string.h:67: warning: `__malloc__' attribute ignored
C:/Dev-Cpp/include/string.h:92: warning: `__malloc__' attribute ignored
C:/Dev-Cpp/include/string.h:97: error: storage class specified for parameter `strcasecmp'
C:/Dev-Cpp/include/string.h:97: error: syntax error before '{' token
C:/Dev-Cpp/include/string.h:103: error: storage class specified for parameter `strncasecmp'
C:/Dev-Cpp/include/string.h:103: error: syntax error before '{' token
C:/Dev-Cpp/include/string.h:170: error: storage class specified for parameter `wcscmpi'
C:/Dev-Cpp/include/string.h:170: error: redefinition of parameter 'wcscmpi'
C:/Dev-Cpp/include/string.h:167: error: previous definition of 'wcscmpi' was here
C:/Dev-Cpp/include/string.h:170: error: syntax error before '{' token
In file included from C:/Dev-Cpp/include/pcap.h:15,
from main.c:38:
C:/Dev-Cpp/include/pcap++/DataLink.h:17: error: syntax error before "namespace"
C:/Dev-Cpp/include/pcap++/DataLink.h:482: error: parameter `desc' is initialized
C:/Dev-Cpp/include/pcap++/DataLink.h:482: error: `m_type' undeclared (first use in this function)
C:/Dev-Cpp/include/pcap++/DataLink.h:482: error: (Each undeclared identifier is reported only once
C:/Dev-Cpp/include/pcap++/DataLink.h:482: error: for each function it appears in.)
C:/Dev-Cpp/include/pcap++/DataLink.h:482: confused by earlier errors, bailing out
make.exe: *** [main.o] Error 1
Ejecución Terminada
ALGUNA solucion que me ofrescan
documentacion:http://www.winpcap.org/docs/docs_40_2/html/group__wpcapsamps.html
surce code de winpcap: http://www.winpcap.org/install/bin/PacketCE.zip[/code]
Pues este code es de John Ericson...
1. Code sniffer
2. Hacking-network.h
3. Hacking.h
Todos los codes... (http://anayamultimedia.com/catalogos/complementos/MU0023501_9999997451.zip)
#include <pcap.h>
#include "hacking.h"
#include "hacking-network.h"
void pcap_fatal(const char *, const char *);
void decode_ethernet(const u_char *);
void decode_ip(const u_char *);
u_int decode_tcp(const u_char *);
void caught_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
int main() {
struct pcap_pkthdr cap_header;
const u_char *packet, *pkt_data;
char errbuf[PCAP_ERRBUF_SIZE];
char *device;
pcap_t *pcap_handle;
device = pcap_lookupdev(errbuf);
if(device == NULL)
pcap_fatal("pcap_lookupdev", errbuf);
printf("Sniffing on device %s\n", device);
pcap_handle = pcap_open_live(device, 4096, 1, 0, errbuf);
if(pcap_handle == NULL)
pcap_fatal("pcap_open_live", errbuf);
pcap_loop(pcap_handle, 3, caught_packet, NULL);
pcap_close(pcap_handle);
}
void caught_packet(u_char *user_args, const struct pcap_pkthdr *cap_header, const u_char *packet) {
int tcp_header_length, total_header_size, pkt_data_len;
u_char *pkt_data;
printf("==== Got a %d byte packet ====\n", cap_header->len);
decode_ethernet(packet);
decode_ip(packet+ETHER_HDR_LEN);
tcp_header_length = decode_tcp(packet+ETHER_HDR_LEN+sizeof(struct ip_hdr));
total_header_size = ETHER_HDR_LEN+sizeof(struct ip_hdr)+tcp_header_length;
pkt_data = (u_char *)packet + total_header_size; // pkt_data points to the data portion
pkt_data_len = cap_header->len - total_header_size;
if(pkt_data_len > 0) {
printf("\t\t\t%u bytes of packet data\n", pkt_data_len);
dump(pkt_data, pkt_data_len);
} else
printf("\t\t\tNo Packet Data\n");
}
void pcap_fatal(const char *failed_in, const char *errbuf) {
printf("Fatal Error in %s: %s\n", failed_in, errbuf);
exit(1);
}
void decode_ethernet(const u_char *header_start) {
int i;
const struct ether_hdr *ethernet_header;
ethernet_header = (const struct ether_hdr *)header_start;
printf("[[ Layer 2 :: Ethernet Header ]]\n");
printf("[ Source: %02x", ethernet_header->ether_src_addr[0]);
for(i=1; i < ETHER_ADDR_LEN; i++)
printf(":%02x", ethernet_header->ether_src_addr[i]);
printf("\tDest: %02x", ethernet_header->ether_dest_addr[0]);
for(i=1; i < ETHER_ADDR_LEN; i++)
printf(":%02x", ethernet_header->ether_dest_addr[i]);
printf("\tType: %hu ]\n", ethernet_header->ether_type);
}
void decode_ip(const u_char *header_start) {
const struct ip_hdr *ip_header;
ip_header = (const struct ip_hdr *)header_start;
printf("\t(( Layer 3 ::: IP Header ))\n");
printf("\t( Source: %s\t", inet_ntoa(ip_header->ip_src_addr));
printf("Dest: %s )\n", inet_ntoa(ip_header->ip_dest_addr));
printf("\t( Type: %u\t", (u_int) ip_header->ip_type);
printf("ID: %hu\tLength: %hu )\n", ntohs(ip_header->ip_id), ntohs(ip_header->ip_len));
}
u_int decode_tcp(const u_char *header_start) {
u_int header_size;
const struct tcp_hdr *tcp_header;
tcp_header = (const struct tcp_hdr *)header_start;
header_size = 4 * tcp_header->tcp_offset;
printf("\t\t{{ Layer 4 :::: TCP Header }}\n");
printf("\t\t{ Src Port: %hu\t", ntohs(tcp_header->tcp_src_port));
printf("Dest Port: %hu }\n", ntohs(tcp_header->tcp_dest_port));
printf("\t\t{ Seq #: %u\t", ntohl(tcp_header->tcp_seq));
printf("Ack #: %u }\n", ntohl(tcp_header->tcp_ack));
printf("\t\t{ Header Size: %u\tFlags: ", header_size);
if(tcp_header->tcp_flags & TCP_FIN)
printf("FIN ");
if(tcp_header->tcp_flags & TCP_SYN)
printf("SYN ");
if(tcp_header->tcp_flags & TCP_RST)
printf("RST ");
if(tcp_header->tcp_flags & TCP_PUSH)
printf("PUSH ");
if(tcp_header->tcp_flags & TCP_ACK)
printf("ACK ");
if(tcp_header->tcp_flags & TCP_URG)
printf("URG ");
printf(" }\n");
return header_size;
}
/* This function accepts a socket FD and a ptr to the null terminated
* string to send. The function will make sure all the bytes of the
* string are sent. Returns 1 on success and 0 on failure.
*/
int send_string(int sockfd, unsigned char *buffer) {
int sent_bytes, bytes_to_send;
bytes_to_send = strlen(buffer);
while(bytes_to_send > 0) {
sent_bytes = send(sockfd, buffer, bytes_to_send, 0);
if(sent_bytes == -1)
return 0; // return 0 on send error
bytes_to_send -= sent_bytes;
buffer += sent_bytes;
}
return 1; // return 1 on success
}
/* This function accepts a socket FD and a ptr to a destination
* buffer. It will receive from the socket until the EOL byte
* sequence in seen. The EOL bytes are read from the socket, but
* the destination buffer is terminated before these bytes.
* Returns the size of the read line (without EOL bytes).
*/
int recv_line(int sockfd, unsigned char *dest_buffer) {
#define EOL "\r\n" // End-Of-Line byte sequence
#define EOL_SIZE 2
unsigned char *ptr;
int eol_matched = 0;
ptr = dest_buffer;
while(recv(sockfd, ptr, 1, 0) == 1) { // read a single byte
if(*ptr == EOL[eol_matched]) { // does this byte match terminator
eol_matched++;
if(eol_matched == EOL_SIZE) { // if all bytes match terminator,
*(ptr+1-EOL_SIZE) = '\0'; // terminate the string
return strlen(dest_buffer); // return bytes recevied
}
} else {
eol_matched = 0;
}
ptr++; // increment the pointer to the next byter;
}
return 0; // didn't find the end of line characters
}
/* Structure for Ethernet headers */
#define ETHER_ADDR_LEN 6
#define ETHER_HDR_LEN 14
struct ether_hdr {
unsigned char ether_dest_addr[ETHER_ADDR_LEN]; // Destination MAC address
unsigned char ether_src_addr[ETHER_ADDR_LEN]; // Source MAC address
unsigned short ether_type; // Type of Ethernet packet
};
/* Structure for Internet Protocol (IP) headers */
struct ip_hdr {
unsigned char ip_version_and_header_length; // version and header length combined
unsigned char ip_tos; // type of service
unsigned short ip_len; // total length
unsigned short ip_id; // identification number
unsigned short ip_frag_offset; // fragment offset and flags
unsigned char ip_ttl; // time to live
unsigned char ip_type; // protocol type
unsigned short ip_checksum; // checksum
unsigned int ip_src_addr; // source IP address
unsigned int ip_dest_addr; // destination IP address
};
/* Structure for Transmission Control Protocol (TCP) headers */
struct tcp_hdr {
unsigned short tcp_src_port; // source TCP port
unsigned short tcp_dest_port; // destination TCP port
unsigned int tcp_seq; // TCP sequence number
unsigned int tcp_ack; // TCP acknowledgement number
unsigned char reserved:4; // 4-bits from the 6-bits of reserved space
unsigned char tcp_offset:4; // TCP data offset for little endian host
unsigned char tcp_flags; // TCP flags (and 2-bits from reserved space)
#define TCP_FIN 0x01
#define TCP_SYN 0x02
#define TCP_RST 0x04
#define TCP_PUSH 0x08
#define TCP_ACK 0x10
#define TCP_URG 0x20
unsigned short tcp_window; // TCP window size
unsigned short tcp_checksum; // TCP checksum
unsigned short tcp_urgent; // TCP urgent pointer
};
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
// A function to display an error message and then exit
void fatal(char *message) {
char error_message[100];
strcpy(error_message, "[!!] Fatal Error ");
strncat(error_message, message, 83);
perror(error_message);
exit(-1);
}
// An error checked malloc() wrapper function
void *ec_malloc(unsigned int size) {
void *ptr;
ptr = malloc(size);
if(ptr == NULL)
fatal("in ec_malloc() on memory allocation");
return ptr;
}
// dumps raw memory in hex byte and printable split format
void dump(const unsigned char *data_buffer, const unsigned int length) {
unsigned char byte;
unsigned int i, j;
for(i=0; i < length; i++) {
byte = data_buffer[i];
printf("%02x ", data_buffer[i]); // display byte in hex
if(((i%16)==15) || (i==length-1)) {
for(j=0; j < 15-(i%16); j++)
printf(" ");
printf("| ");
for(j=(i-(i%16)); j <= i; j++) { // display printable bytes from line
byte = data_buffer[j];
if((byte > 31) && (byte < 127)) // outside printable char range
printf("%c", byte);
else
printf(".");
}
printf("\n"); // end of the dump line (each line 16 bytes)
} // end if
} // end for
}
Va como la seda :P
Suerte!