Raw Socket Programming - Efficient Packet Sniffer Post: 302826551

Sponsored Content

Top Forums Programming Raw Socket Programming - Efficient Packet Sniffer Post 302826551 by rstnsrr on Thursday 27th of June 2013 12:27:13 AM

06-27-2013

Registered User

Hi corona,
The following is the code in C:

Code:

 1 /* pkt_sniffer.c - sniffing all the packets received at network interface.
  2  */
  3 
  4 #include <stdio.h>
  5 #include <stdlib.h>
  6 #include <sys/socket.h>
  7 #include <sys/types.h>
  8 #include <errno.h>
  9 #include <net/if.h>
 10 #include <sys/ioctl.h>
 11 #include <linux/if_ether.h>
 12 #include <string.h>
 13 #include <linux/in.h>
 14 
 15 int main(int argc, char **argv)
 16 {
 17   int sock, n;
 18   char buffer[2048];
 19   unsigned char *iphead, *ethhead;
 20   struct ifreq ethreq;
 21 
 22   if ( (sock=socket(PF_PACKET, SOCK_RAW,
 23                     htons(ETH_P_ALL)))<0) {
 24     perror("socket");
 25     exit(1);
 26   }
 27 
 28   /* Set the network card in promiscuos mode */
 29   strncpy(ethreq.ifr_name,"eth0",IFNAMSIZ);
 30   if (ioctl(sock,SIOCGIFFLAGS,&ethreq)==-1) {
 31     perror("ioctl");
 32     close(sock);
 33     exit(1);
 34   }
 35   ethreq.ifr_flags|=IFF_PROMISC;
 36   if (ioctl(sock,SIOCSIFFLAGS,&ethreq)==-1) {
 37     perror("ioctl");
 38     close(sock);
 39     exit(1);
 40   }
 41 
 42   while (1) {
 43     printf("----------\n");
 44     n = recvfrom(sock,buffer,2048,0,NULL,NULL);
 45 
 46     /* pkt processing done here and then sent
 47      * to the RANAP stack
 48      * */
 49 
 50     }
 51   return 0;
 52 
 53 }

Thanks in advance.
Royz

rstnsrr

View Public Profile for rstnsrr

Find all posts by rstnsrr

9 More Discussions You Might Find Interesting

1. Programming

Getting an ACK for RAW SYN packet

Hi, I'm trying to create a RAW TCP SYN packet and send it from one Linux machine to another. I know the packet I have created is well formed and is received by the peer. Now what I want is to get an ACK for my SYN. I want the peer's Network protocol stack to send me an ACK for that. I know...

2. Linux

Kernel programming: packet divertion

Hi All, Not sure if this is the right place to ask, so please tell me where is appropriate... Anyway, here is the problem. I'm a bit new to kernel programming, so nothing works :confused: . I need to intercept cetrtain ethernet packets from Host1("eth0") to Host2("eth1") and send them to...

3. Programming

sendto in packet socket

Hi, I have created a packet socket (PF_PACKET, SOCK_DGRAM, htons(ETH_P_ARP)) to catch the ARP packets coming to my machine and send appropriate reply. Now I'm able to recieve the ARP requests using recvfrom but don't know how to send the reply. I looked into man page but I'm not able to...

4. Programming

RAW socket and CONFIG_FILTER

Hi, Im doin a project on DHCp client-server setup. i have to use RAW sockets in the code for this. The call PF_PACKET, SOCK_RAW as the first two arguments. The code compiles but when i try to start the Dhcp client, I get an error saying "Make sure CONFIG_PACKET and CONFIG_FILTER is enabled". I...

5. IP Networking

Changing the source IP?? using RAW Socket.

Hi There, Suppoose we have configured logical Interface 2.2.2.2 on a server with Primary IP 1.1.1.1. Now when I am sending a packet from this server, is it possible to make receiver assume that this packet has come from IP 2.2.2.2 and not 1.1.1.1 I think it is possibl using RAW sockets??? but...

6. UNIX for Advanced & Expert Users

Why root permissions required for creating of RAW Socket

To create RAW socket in Unix/Linux why should one have root permissions? Any other work around to create raw sockets in Unix/Linux using a normal login id? Since I don't have super user credentials and I want to create RAW sockets. Let me know if you are aware of any work around.

7. Programming

Writing a Packet sniffer

Hi, I want to write a packet sniffer in C without using libpcap. Can anyone suggest me how to begin writing it? Any tutorials or books? Thanks in advance!

8. IP Networking

Raw Sockets Programming

Hi everybody!! I'm studding at the university raw sockets, but i can't find a good place to read about them... Does anybody now where i can find some information??? I've been goggling a lot but couldn't find nothing useful, just man pages... by the way, I'm programming under Linux... Bye!

9. Programming

Receiving broadcast packets using packet socket

Hello I try to send DHCP RENEW packets to the network and receive the responses. I broadcast the packet and I can see that it's successfully sent using Wireshark. But I have difficulties receiving the responses.I use packet sockets to catch the packets. I can see that there are responses to my...

LEARN ABOUT ULTRIX

rarpd

rarpd(8c) rarpd(8c)

Name
rarpd - reverse address resolution protocol (RARP) daemon

Syntax
/usr/etc/rarpd [ interface ] [ -v ] [ -n ] [ -f filename ]

Description
The daemon maps the Ethernet address of a machine to the machine's Internet Protocol (IP) address.

When is invoked, it reads the file (by default) and waits to process a RARP request. The file is checked every ten minutes for any
changes. If the file has been modified, reads it again. You can disable this feature with the option. You can force a scan of the file by
sending the daemon a SIGHUP signal. See for more information on SIGHUP.

The format of the file is described in You can specify a file other than with the option. The interface is the network interface on which
the daemon should listen. The command shows the correct interface or interfaces for your system. The daemon uses the first interface it
finds, if you do not specify an interface. See the reference page for more information.

Because the daemon has been implemented with the Ethernet Packet Filter (see you must configure your kernel with the packet filter option
in order for to function properly. The packet filter detects RARP broadcast packets and passes them to for processing. The filter priority
for rarpd is set to 28.

All messages from the daemon are directed to

Options
interface Specifies the system's network interface.

-v Causes to operate in verbose mode. This option logs details of RARP to The instance of a RARP request and its response are
also logged.

-n Disables checking of the file. By default, checks the file once every ten minutes, and, if the file was modified, rereads
the file. If you specify the option scans the file once at startup time.

-f filename Reads an alternate Ethernet address file.

Restrictions
The ignores all ARP requests sent encapsulated within a RARP packet. You should make all ARP request using the command.

The machine for which an IP address is being requested must be present in the server's file.

Diagnostics
The following message is logged to if the Packet Filter is not configured in your kernel:
Packet Filter is not configured in /vmunix
The following messages are printed to your screen if the Packet Filter is not configured in your kernel:
rarpd: cannot find symbol Pfilt_read in /vmunix
option PACKETFILTER does not appear to be configured in
your kernel.

Files
Database that maps Ethernet addresses to hostnames

See Also
ethers(3n), packetfilter(4), ethers(5), hosts(5), arp(8c), ifconfig(8c), syslog(8c)
The Packet Filter: An Efficient Mechanism for User-Level Network Code

rarpd(8c)