begin process at 2008 07 20 09:27:31
1 213 150 membres
71 nouveaux aujourd'hui
14 166 membres club

Vous ne trouvez pas de réponse à votre problème ? Alors posez la question dans le forum.
Souvenez-vous qu'il n'y a jamais de question bête, mais rester dans l'ignorance parce que l'on n'ose pas poser une question, ça c'est une erreur !

[C/WINPCAP]SNIFFER TCP(ANALYSEUR DE TRAMES) POUR WINDOWS


Information sur la source

Catégorie :Réseaux & Internet Classé sous : sniffer, winpcap, analyseur, trames, paquets Niveau : Initié Date de création : 03/07/2006 Date de mise à jour : 24/01/2007 22:15:45 Vu / téléchargé: 18 189 / 1 196

Note :
10 / 10 - par 1 personne
10,00 / 10

  • 1

  • 2

  • 3

  • 4

  • 5

  • 6

  • 7

  • 8

  • 9

  • 10

Commentaire sur cette source (9)
Ajouter un commentaire et/ou une note

Description

Bonjour voila un sniffer minimaliste pour windows qui utilise la librairie winpcap vous devez donc la télécharger et l'intaller pour faire tourner mon programme. => http://www.winpcap.org/<=
Pour le développer j'ai utiliser codeblocks, voila un tutorial que j'ai fait pour ceux qui voudrait tester et recompiler mon code:
http://psyphi.zeblog.com/54921-configurer-winpcap-pour-codeblocks/
Sinon que dire de plus, le sniffer affiche les entêtes ethernet, ip et tcp ainsi que le reste des données contenues dans le paquet.

README:

Compiled and tested with Code::Blocks and Mingw under Windows XP SP2.
You need to install winPcap and configure Code::Blocks to compile this source.

Links:
------
Project:
http://bores.fr/psyphi/dev/c/network/sniffer_winpcap/
winPcap:
http://www.winpcap.org/
Code::Blocks
http://www.codeblocks.org/
How to configure Code::Blocks for winPcap (french):
http://psyphi.zeblog.com/54921-configurer-winpcap-pour-codeblocks/

Source

  • /*
  • ************************************************************************************
  • * sniffer_winPcap *
  • * Last version at http://psyphi.bores.fr/dev/c/network/sniffer_winpcap *
  • * Copyright (C) 2006 psyphi psyphi(_at_)gmail(_dot_)com *
  • * *
  • * sniffer_winPcap program is free software; you can redistribute it and/or *
  • * modify it under the terms of the GNU General Public License *
  • * as published by the Free Software Foundation; either version 2 *
  • * of the License, or (at your option) any later version. *
  • * *
  • * sniffer_winPcap program is distributed in the hope that it will be useful, *
  • * but WITHOUT ANY WARRANTY; without even the implied warranty of *
  • * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
  • * GNU General Public License for more details. *
  • * *
  • * You should have received a copy of the GNU General Public License *
  • * along with this program; if not, write to the Free Software *
  • * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. *
  • ************************************************************************************
  • */
  • #include <stdio.h>
  • #include <stdlib.h>
  • #include <winsock2.h>
  • #pragma comment(lib,"wpcap.lib")
  • #pragma comment(lib,"ws2_32.lib")
  • #define HAVE_REMOTE
  • #define WPCAP
  • #define PACKET_SIZE 65536
  • #include <pcap.h> // must be writing after the defines
  • /*
  • * Structures
  • */
  • struct ethhdr // Ethernet header
  • {
  • unsigned char h_dest[6]; // Destination host address
  • unsigned char h_source[6]; // Source host address
  • unsigned short h_proto; // Packet type ID field (IP, ARP ...)
  • };
  • struct iphdr // structure IP Header
  • {
  • //Pour processeur de type little-endian
  • unsigned char ihl:4; // IP header length
  • unsigned char version:4;
  • unsigned char tos; // Type of service
  • unsigned short tot_len; // Total length
  • unsigned short id; // Identification
  • unsigned short frag_off; // Fragment Offset + Flags
  • unsigned char ttl; // Time to life
  • unsigned char protocol;
  • unsigned short check; // Checksum
  • unsigned int saddr; // Source address
  • unsigned int daddr; // Destination address
  • };
  • struct tcphdr // structure TCP Header
  • {
  • //Pour processeur de type little-endian
  • unsigned short source; // port source
  • unsigned short dest; // port de destination
  • unsigned int seq; // Sequence number
  • unsigned int ack_seq; // acknowledge sequence
  • unsigned short res1:4, // Reserved 1 : 4 bits
  • doff:4, // Data Offset
  • fin:1, // Flag FINISH
  • syn:1, // Flag SYNCHRONIZE
  • rst:1, // Flag RESET
  • psh:1, // Flag PUSH
  • ack:1, // Flag ACKNOLEDGE
  • urg:1, // Flag URGENT
  • res2:2; // Reserved 2 : 2 bits (res1 + res2 = 6 bits reserved)
  • unsigned short window;
  • unsigned short check; // checksum
  • unsigned short urg_ptr; // urgent
  • };
  • /*
  • * Functions
  • */
  • void print_eth_header(struct ethhdr * eth){
  • fprintf(stdout,"-------------------[ETH HEADER]-----------\r\n");
  • fprintf(stdout,"| %.2X:%.2X:%.2X:%.2X:%.2X:%.2X -> ",eth->h_source[0],eth->h_source[1], eth->h_source[2],eth->h_source[3],eth->h_source[4],eth->h_source[5]);
  • fprintf(stdout,"%.2X:%.2X:%.2X:%.2X:%.2X:%.2X |\r\n",eth->h_dest[0],eth->h_dest[1], eth->h_dest[2],eth->h_dest[3],eth->h_dest[4],eth->h_dest[5]);
  • fprintf(stdout,"------------------------------------------\r\n");
  • fprintf(stdout,"Protocol: 0x%.4X\r\n", htons(eth->h_proto));
  • }
  • void print_ip_header(struct iphdr * ip){
  • unsigned char * src = (unsigned char *)&(ip->saddr);
  • unsigned char * dest = (unsigned char *)&(ip->daddr);
  • fprintf(stdout,"[ IP : %d.%d.%d.%d -> ",src[0],src[1],src[2],src[3]);
  • fprintf(stdout,"%d.%d.%d.%d ]\r\n",dest[0],dest[1],dest[2],dest[3]);
  • fprintf(stdout,"--------------------[IP HEADER]----------------------\r\n");
  • fprintf(stdout,"| IP header length : %d * 32 bits = %d bytes |\r\n",ip->ihl, ip->ihl * 4);
  • fprintf(stdout,"| IP version : %.5d | ",ip->version);
  • fprintf(stdout,"Type of service : %.5d |\r\n",ip->tos);
  • fprintf(stdout,"| Total length : %.5d | ",htons(ip->tot_len));
  • fprintf(stdout,"Identification : %.5d |\r\n",htons(ip->id));
  • fprintf(stdout,"| Time to live : %.5d | ",ip->ttl);
  • fprintf(stdout,"Protocol : %.5d |\r\n",ip->protocol);
  • fprintf(stdout,"| Checksum : %.5d |\r\n",ip->check);
  • fprintf(stdout,"-----------------------------------------------------\r\n");
  • }
  • void print_tcp_header(struct tcphdr * tcp){
  • fprintf(stdout,"[ Port : %.5d -> %.5d ]\n", ntohs(tcp->source), ntohs(tcp->dest) );
  • fprintf(stdout,"--------------------[TCP HEADER]---------------------\r\n");
  • fprintf(stdout,"| TCP Header length : %d * 32 bits = %d bytes |\r\n",tcp->doff, tcp->doff * 4);
  • fprintf(stdout,"| URG (URGENT) = %d | ",tcp->urg);
  • fprintf(stdout,"ACK (ACKNOWLEDGE) = %d |\r\n",tcp->ack);
  • fprintf(stdout,"| PSH (PUSH) = %d | ",tcp->psh);
  • fprintf(stdout,"RST (RESET) = %d |\r\n",tcp->rst);
  • fprintf(stdout,"| SYN (SYNCHRONIZE) = %d | ",tcp->syn);
  • fprintf(stdout,"FIN (FINISH) = %d |\r\n",tcp->fin);
  • fprintf(stdout,"-----------------------------------------------------\r\n");
  • }
  • void print_data(unsigned char * data, unsigned int size){
  • int j = 0, k = 0;
  • for( j = 0; j < size; j++)
  • {
  • if( k == 16)
  • {
  • j -= 16;
  • fprintf(stdout," ");
  • for(k = 0 ; k < 16 ; k++, j++)
  • {
  • if(data[j] < 127 && data[j] > 31)
  • fprintf(stdout, "%c", data[j]);
  • else
  • fprintf(stdout, ".");
  • }
  • j--;
  • k = 0;
  • fprintf(stdout,"\r\n");
  • }
  • else
  • {
  • fprintf(stdout,"%.2x ",data[j]);
  • k++;
  • }
  • }
  • j -= k;
  • while(k!=0)
  • {
  • if(data[j] < 127 && data[j] > 31)
  • fprintf(stdout, "%c", data[j]);
  • else
  • fprintf(stdout, ".");
  • k--;
  • j++;
  • }
  • fprintf(stdout,"\r\n");
  • }
  • void print_packet(const u_char * packetData){
  • struct iphdr * ip;
  • struct tcphdr * tcp;
  • ip = (struct iphdr *)(packetData+sizeof(struct ethhdr));
  • print_ip_header(ip);
  • switch(ip->protocol){
  • case 1 : printf("Internet Control Message Protocol (ICMP)\r\n");
  • break;
  • case 6 : printf("Transmission Control Protocol (TCP)\r\n");
  • tcp = (struct tcphdr *)(packetData+sizeof(struct ethhdr)+sizeof(struct iphdr));
  • print_tcp_header(tcp);
  • /* Data */
  • unsigned char * data = (unsigned char *)(packetData+sizeof(struct ethhdr)+sizeof(struct iphdr)+sizeof(struct tcphdr));
  • print_data(data, htons(ip->tot_len)-(ip->ihl * 4)-(tcp->doff * 4));
  • break;
  • case 17 : printf("User Datagram Protocol (UDP)\r\n");
  • break;
  • default : printf("Unknow\r\n");
  • break;
  • }
  • }
  • int main(void){
  • // Interfaces
  • pcap_if_t * alldevs;
  • pcap_if_t * d;
  • int ifNum;
  • int i=0;
  • pcap_t * captureHandle;
  • // Packet
  • struct pcap_pkthdr* packetHeader;
  • const u_char * packetData;
  • struct ethhdr * eth;
  • int res;
  • char errbuf[PCAP_ERRBUF_SIZE];
  • /* Retrieve the device list from the local machine */
  • if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
  • {
  • fprintf(stderr,"Error in pcap_findalldevs_ex: %s\r\n", errbuf);
  • return EXIT_FAILURE;
  • }
  • /* Print the list */
  • for(d= alldevs; d != NULL; d= d->next)
  • {
  • printf("%d.\r\nName:\r\n\t%s\r\n", ++i, d->name);
  • if (d->description)
  • printf("Descriptions:\r\n\t%s\r\n\r\n", d->description);
  • else
  • printf(" (No description available)\r\n");
  • }
  • if (i == 0)
  • {
  • printf("\r\nNo interfaces found! Make sure WinPcap is installed.\r\n");
  • return EXIT_FAILURE;
  • }else{
  • printf("Enter the interface number (1-%d):",i);
  • scanf("%d", &ifNum);
  • }
  • if(ifNum < 1 || ifNum > i)
  • {
  • printf("\nInterface number out of range.\r\n");
  • /* Free the device list */
  • pcap_freealldevs(alldevs);
  • return -1;
  • }
  • /* Jump to the selected adapter */
  • for(d=alldevs, i=0; i< ifNum-1 ;d=d->next, i++);
  • captureHandle = pcap_open(d->name, PACKET_SIZE, 0, 1000, NULL, errbuf);
  • if( captureHandle == NULL){
  • fprintf(stderr, "pcap_open(): %s\r\n", errbuf);
  • pcap_freealldevs(alldevs);
  • return EXIT_FAILURE;
  • }
  • /* We don't need any more the device list. Free it */
  • pcap_freealldevs(alldevs);
  • /* start the capture */
  • while( (res = pcap_next_ex(captureHandle, &packetHeader, &packetData)) >= 0){
  • if(res == 0)
  • /* Timeout elapsed */
  • continue;
  • printf("\r\n\r\nPacket length: %d\r\n", packetHeader->len);
  • printf("Received at ..... %s\r\n",ctime((const time_t*)&packetHeader->ts.tv_sec));
  • eth = (struct ethhdr *) packetData;
  • print_eth_header(eth);
  • // Analyse ethernet type
  • switch(htons(eth->h_proto)){
  • case 0x0800 : fprintf(stdout,"Internet Protocol, Version 4 (IPv4)\r\n");
  • print_packet(packetData);
  • break;
  • case 0x0806 : fprintf(stdout,"Address Resolution Protocol (ARP)\r\n");
  • break;
  • case 0x8035 : fprintf(stdout,"Reverse Address Resolution Protocol (RARP)\r\n");
  • break;
  • case 0x809B : fprintf(stdout,"AppleTalk (Ethertalk)\r\n");
  • break;
  • case 0x80F3 : fprintf(stdout,"AppleTalk Address Resolution Protocol (AARP)\r\n");
  • break;
  • case 0x8100 : fprintf(stdout,"IEEE 802.1Q-tagged frame\r\n");
  • break;
  • case 0x8137 : fprintf(stdout,"Novell IPX (alt)\r\n");
  • break;
  • case 0x8138 : fprintf(stdout,"Novell\r\n");
  • break;
  • case 0x86DD : fprintf(stdout,"Internet Protocol, Version 6 (IPv6)\r\n");
  • print_packet(packetData);
  • break;
  • case 0x8847 : fprintf(stdout,"MPLS unicast\r\n");
  • break;
  • case 0x8848 : fprintf(stdout,"MPLS multicast\r\n");
  • break;
  • case 0x8863 : fprintf(stdout,"PPPoE Discovery Stage\r\n");
  • break;
  • case 0x8864 : fprintf(stdout,"PPPoE Session Stage\r\n");
  • break;
  • case 0x88A2 : fprintf(stdout,"ATA over Ethernet\r\n");
  • break;
  • default : fprintf(stdout,"Unknow packet\r\n");
  • break;
  • }
  • }
  • if(res == -1){
  • printf("Error reading the packets: %s\r\n", pcap_geterr(captureHandle));
  • return EXIT_FAILURE;
  • }
  • pcap_close(captureHandle);
  • return EXIT_SUCCESS;
  • }
/*
 ************************************************************************************
 * sniffer_winPcap                                                                  *
 * Last version at http://psyphi.bores.fr/dev/c/network/sniffer_winpcap             *
 * Copyright (C) 2006  psyphi psyphi(_at_)gmail(_dot_)com                           *
 *                                                                                  *
 * sniffer_winPcap program is free software; you can redistribute it and/or         *
 * modify it under the terms of the GNU General Public License                      *
 * as published by the Free Software Foundation; either version 2                   *
 * of the License, or (at your option) any later version.                           *
 *                                                                                  *
 * sniffer_winPcap program is distributed in the hope that it will be useful,       *
 * but WITHOUT ANY WARRANTY; without even the implied warranty of                   *
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the                    *
 * GNU General Public License for more details.                                     *
 *                                                                                  *
 * You should have received a copy of the GNU General Public License                *
 * along with this program; if not, write to the Free Software                      *
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.  *
 ************************************************************************************
*/

#include <stdio.h>
#include <stdlib.h>

#include <winsock2.h>

#pragma comment(lib,"wpcap.lib")
#pragma comment(lib,"ws2_32.lib")

#define HAVE_REMOTE
#define WPCAP
#define PACKET_SIZE 65536

#include <pcap.h> // must be writing after the defines


/*
 * Structures
 */
struct ethhdr // Ethernet header
{
	unsigned char   h_dest[6];       // Destination host address
	unsigned char   h_source[6];     // Source host address
	unsigned short  h_proto;         // Packet type ID field (IP, ARP ...)
};

struct iphdr // structure IP Header
{
  //Pour processeur de type little-endian
  unsigned char  ihl:4;    // IP header length
  unsigned char  version:4;

  unsigned char  tos;      // Type of service
  unsigned short tot_len;  // Total length
  unsigned short id;       // Identification
  unsigned short frag_off; // Fragment Offset + Flags
  unsigned char  ttl;      // Time to life
  unsigned char  protocol;
  unsigned short check;    // Checksum
  unsigned int   saddr;    // Source address
  unsigned int   daddr;    // Destination address
};

struct tcphdr // structure TCP Header
{
  //Pour processeur de type little-endian
  unsigned short source;  // port source
  unsigned short dest;    // port de destination
  unsigned int   seq;     // Sequence number
  unsigned int   ack_seq; // acknowledge sequence

  unsigned short res1:4,  // Reserved 1 : 4 bits
                 doff:4,  // Data Offset
                 fin:1,   // Flag FINISH
                 syn:1,   // Flag SYNCHRONIZE
                 rst:1,   // Flag RESET
                 psh:1,   // Flag PUSH
                 ack:1,   // Flag ACKNOLEDGE
                 urg:1,   // Flag URGENT
                 res2:2;  // Reserved 2 : 2 bits (res1 + res2 = 6 bits reserved)

	unsigned short window;
	unsigned short check;   // checksum
	unsigned short urg_ptr; // urgent
};

/*
 * Functions
 */

void print_eth_header(struct ethhdr * eth){
    fprintf(stdout,"-------------------[ETH HEADER]-----------\r\n");
    fprintf(stdout,"| %.2X:%.2X:%.2X:%.2X:%.2X:%.2X -> ",eth->h_source[0],eth->h_source[1], eth->h_source[2],eth->h_source[3],eth->h_source[4],eth->h_source[5]);
    fprintf(stdout,"%.2X:%.2X:%.2X:%.2X:%.2X:%.2X |\r\n",eth->h_dest[0],eth->h_dest[1], eth->h_dest[2],eth->h_dest[3],eth->h_dest[4],eth->h_dest[5]);
    fprintf(stdout,"------------------------------------------\r\n");
    fprintf(stdout,"Protocol: 0x%.4X\r\n", htons(eth->h_proto));
}

void print_ip_header(struct iphdr * ip){

	unsigned char * src = (unsigned char *)&(ip->saddr);
	unsigned char * dest = (unsigned char *)&(ip->daddr);

	fprintf(stdout,"[ IP : %d.%d.%d.%d -> ",src[0],src[1],src[2],src[3]);
	fprintf(stdout,"%d.%d.%d.%d ]\r\n",dest[0],dest[1],dest[2],dest[3]);
	fprintf(stdout,"--------------------[IP HEADER]----------------------\r\n");
	fprintf(stdout,"| IP header length    : %d * 32 bits = %d bytes      |\r\n",ip->ihl, ip->ihl * 4);
	fprintf(stdout,"| IP version      : %.5d | ",ip->version);
	fprintf(stdout,"Type of service : %.5d |\r\n",ip->tos);
	fprintf(stdout,"| Total length    : %.5d | ",htons(ip->tot_len));
	fprintf(stdout,"Identification  : %.5d |\r\n",htons(ip->id));
	fprintf(stdout,"| Time to live    : %.5d | ",ip->ttl);
	fprintf(stdout,"Protocol        : %.5d |\r\n",ip->protocol);
	fprintf(stdout,"| Checksum            : %.5d                       |\r\n",ip->check);
	fprintf(stdout,"-----------------------------------------------------\r\n");
}

void print_tcp_header(struct tcphdr * tcp){
	fprintf(stdout,"[ Port : %.5d -> %.5d ]\n", ntohs(tcp->source), ntohs(tcp->dest) );
	fprintf(stdout,"--------------------[TCP HEADER]---------------------\r\n");
	fprintf(stdout,"| TCP Header length   : %d * 32 bits = %d bytes      |\r\n",tcp->doff, tcp->doff * 4);
	fprintf(stdout,"| URG (URGENT)      = %d | ",tcp->urg);
	fprintf(stdout,"ACK (ACKNOWLEDGE) = %d     |\r\n",tcp->ack);
	fprintf(stdout,"| PSH (PUSH)        = %d | ",tcp->psh);
	fprintf(stdout,"RST (RESET)       = %d     |\r\n",tcp->rst);
	fprintf(stdout,"| SYN (SYNCHRONIZE) = %d | ",tcp->syn);
	fprintf(stdout,"FIN (FINISH)      = %d     |\r\n",tcp->fin);
	fprintf(stdout,"-----------------------------------------------------\r\n");
}

void print_data(unsigned char * data, unsigned int size){
	int j = 0, k = 0;

	for( j = 0; j < size; j++)
	{
		if( k == 16)
		{
			j -= 16;
			fprintf(stdout," ");
			for(k = 0 ; k < 16 ; k++, j++)
			{
				if(data[j] < 127 && data[j] > 31)
					fprintf(stdout, "%c", data[j]);
				else
					fprintf(stdout, ".");
			}
			j--;
			k = 0;
			fprintf(stdout,"\r\n");
		}
		else
		{
			fprintf(stdout,"%.2x ",data[j]);
			k++;
		}
	}
	j -= k;
	while(k!=0)
	{
		if(data[j] < 127 && data[j] > 31)
			fprintf(stdout, "%c", data[j]);
		else
			fprintf(stdout, ".");
		k--;
		j++;
	}
	fprintf(stdout,"\r\n");
}

void print_packet(const u_char * packetData){
    struct iphdr  *     ip;
    struct tcphdr *     tcp;

    ip = (struct iphdr *)(packetData+sizeof(struct ethhdr));
    print_ip_header(ip);
    switch(ip->protocol){
        case 1 : printf("Internet Control Message Protocol (ICMP)\r\n");
            break;
        case 6 : printf("Transmission Control Protocol (TCP)\r\n");
            tcp = (struct tcphdr *)(packetData+sizeof(struct ethhdr)+sizeof(struct iphdr));
            print_tcp_header(tcp);
            /* Data */
            unsigned char * data = (unsigned char *)(packetData+sizeof(struct ethhdr)+sizeof(struct iphdr)+sizeof(struct tcphdr));
            print_data(data, htons(ip->tot_len)-(ip->ihl * 4)-(tcp->doff * 4));
            break;
        case 17 : printf("User Datagram Protocol (UDP)\r\n");
            break;
        default : printf("Unknow\r\n");
            break;
    }
}

int main(void){
    // Interfaces
    pcap_if_t * alldevs;
    pcap_if_t * d;
    int ifNum;
    int i=0;

    pcap_t    * captureHandle;

    // Packet
    struct pcap_pkthdr* packetHeader;
    const  u_char *     packetData;
    struct ethhdr *     eth;


	int res;

    char errbuf[PCAP_ERRBUF_SIZE];

    /* Retrieve the device list from the local machine */
    if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
    {
        fprintf(stderr,"Error in pcap_findalldevs_ex: %s\r\n", errbuf);
        return EXIT_FAILURE;
    }

    /* Print the list */
    for(d= alldevs; d != NULL; d= d->next)
    {
        printf("%d.\r\nName:\r\n\t%s\r\n", ++i, d->name);
        if (d->description)
            printf("Descriptions:\r\n\t%s\r\n\r\n", d->description);
        else
            printf(" (No description available)\r\n");
    }

    if (i == 0)
    {
        printf("\r\nNo interfaces found! Make sure WinPcap is installed.\r\n");
        return EXIT_FAILURE;
    }else{
        printf("Enter the interface number (1-%d):",i);
        scanf("%d", &ifNum);
    }

    if(ifNum < 1 || ifNum > i)
    {
        printf("\nInterface number out of range.\r\n");
        /* Free the device list */
        pcap_freealldevs(alldevs);
        return -1;
    }

    /* Jump to the selected adapter */
    for(d=alldevs, i=0; i< ifNum-1 ;d=d->next, i++);

    captureHandle = pcap_open(d->name, PACKET_SIZE, 0, 1000, NULL, errbuf);

    if( captureHandle == NULL){
        fprintf(stderr, "pcap_open(): %s\r\n", errbuf);
        pcap_freealldevs(alldevs);
        return EXIT_FAILURE;
    }

    /* We don't need any more the device list. Free it */
    pcap_freealldevs(alldevs);

    /* start the capture */
    while( (res = pcap_next_ex(captureHandle, &packetHeader, &packetData)) >= 0){
        if(res == 0)
        /* Timeout elapsed */
            continue;
        printf("\r\n\r\nPacket length: %d\r\n", packetHeader->len);
        printf("Received at ..... %s\r\n",ctime((const time_t*)&packetHeader->ts.tv_sec));

        eth = (struct ethhdr *) packetData;
        print_eth_header(eth);

        // Analyse ethernet type
        switch(htons(eth->h_proto)){
            case 0x0800 :   fprintf(stdout,"Internet Protocol, Version 4 (IPv4)\r\n");
                            print_packet(packetData);
                            break;
            case 0x0806 :   fprintf(stdout,"Address Resolution Protocol (ARP)\r\n");
                            break;
            case 0x8035 :   fprintf(stdout,"Reverse Address Resolution Protocol (RARP)\r\n");
                            break;
            case 0x809B :   fprintf(stdout,"AppleTalk (Ethertalk)\r\n");
                            break;
            case 0x80F3 :   fprintf(stdout,"AppleTalk Address Resolution Protocol (AARP)\r\n");
                            break;
            case 0x8100 :   fprintf(stdout,"IEEE 802.1Q-tagged frame\r\n");
                            break;
            case 0x8137 :   fprintf(stdout,"Novell IPX (alt)\r\n");
                            break;
            case 0x8138 :   fprintf(stdout,"Novell\r\n");
                            break;
            case 0x86DD :   fprintf(stdout,"Internet Protocol, Version 6 (IPv6)\r\n");
                            print_packet(packetData);
                            break;
            case 0x8847 :   fprintf(stdout,"MPLS unicast\r\n");
                            break;
            case 0x8848 :   fprintf(stdout,"MPLS multicast\r\n");
                            break;
            case 0x8863 :   fprintf(stdout,"PPPoE Discovery Stage\r\n");
                            break;
            case 0x8864 :   fprintf(stdout,"PPPoE Session Stage\r\n");
                            break;
            case 0x88A2 :   fprintf(stdout,"ATA over Ethernet\r\n");
                            break;
            default     :  fprintf(stdout,"Unknow packet\r\n");
                            break;
        }
    }

    if(res == -1){
        printf("Error reading the packets: %s\r\n", pcap_geterr(captureHandle));
        return EXIT_FAILURE;
    }

    pcap_close(captureHandle);
    return EXIT_SUCCESS;
}
Pour les "Membres Club", vous pouvez télécharger directement un fichier contenu dans le zip sans télécharger le zip en entier !
  • README.txtTélécharger ce fichier [Réservé aux membres club]Voir ce fichier442 octets
  • sniffer_winpcap._xeTélécharger ce fichier [Réservé aux membres club]23 284 octets
  • sniffer_winpcap.cTélécharger ce fichier [Réservé aux membres club]Voir ce fichier11 813 octets
  • sniffer_winpcap.cbpTélécharger ce fichier [Réservé aux membres club]946 octets
  • sniffer_winpcap.dependTélécharger ce fichier [Réservé aux membres club]721 octets
  • sniffer_winpcap.layoutTélécharger ce fichier [Réservé aux membres club]237 octets

Télécharger le zip

04 juillet 2006 10:45:37 :
Une petit correction pour l'affichage des données et ajout du .exe dans le zip.
24 janvier 2007 22:15:46 :
Légère mise à jour de la source Ajout d'une capture d'écran
  • signaler à un administrateur
    Commentaire de DeAtHCrAsH le 04/07/2006 09:55:57

    Il aurait été bien de mettre l'executable renommé en .ex_ dans le zip, afin que l'on puisse tester sans recompiler.

  • signaler à un administrateur
    Commentaire de psyphi le 04/07/2006 10:47:13

    J'ai l'impression que c'est CS qui filtre le .exe, donc voila un lien avec le .zip à l'intérieur:
    http://www.surfprotector.org/perso/dev/c/sniffer.zip

  • signaler à un administrateur
    Commentaire de BruNews le 04/07/2006 11:01:45 administrateur CS

    DeAtHCrAsH avait bien spécifié "renommé en .ex_", auquel cas il n'aurait pas été supprimé du zip.

  • signaler à un administrateur
    Commentaire de psyphi le 04/07/2006 12:00:28

    Héhé, ouki, dsl j'avais pas compris l'astuce ^^

  • signaler à un administrateur
    Commentaire de Yassan le 24/01/2007 16:28:16

    j'ai dû ajouter
    #pragma comment(lib,"wpcap.lib")
    #pragma comment(lib,"WS2_32.LIB")
    pour que ça fonctionne mais c'est du bon boulot ;)

  • signaler à un administrateur
    Commentaire de psyphi le 24/01/2007 19:24:05

    @ Yassan : tu utilises quel compilateur?

  • signaler à un administrateur
    Commentaire de Yassan le 27/01/2007 19:43:35

    VC++6
    J'ai eu besoin de ce code pour faire un sniffer/decrypteur de packet d'un jeu "On the fly" pour récuperer quelques infos.
    Je l'ai mis sous forme de DLL.
    Ca fonctionne vraiment à merveille, merci =D

  • signaler à un administrateur
    Commentaire de psyphi le 27/01/2007 22:35:35

    Fait tourner le code et la dll que je l'ajoute dans le zip et sur mon site ;-).

  • signaler à un administrateur
    Commentaire de tonycalv le 10/05/2007 13:02:12

    Bonjour,

    Comment se procuer wpcap.lib,WS2_32.LIB, et <pcap.h>
    pour que ça fonctionne ?

    Merci d'avance

Ajouter un commentaire

Pub



Appels d'offres

Dessins techniques
Budget : 60€
Animation Flash - Doma...
Budget : 370€
Application flash medi...
Budget : 1 000€

CalendriCode

Juillet 2008
LMMJVSD
 123456
78910111213
14151617181920
21222324252627
28293031   

Téléchargements

Logiciels à télécharger sur le même thème :

Boutique

Boutique de goodies CodeS-SourceS