what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

nagini.c

nagini.c
Posted Apr 30, 2003
Authored by netric, Sacrine | Site netric.org

A simple TCP packetlogger/sniffer for Linux which includes background logging.

tags | tcp
systems | linux
SHA-256 | 35c08a7777d1b751a168478dad9d3126b0d7fa46d8d372c1035af3c21843f383

nagini.c

Change Mirror Download
/*
* Nagini v0.01 - simple TCP packetlogger by sacrine
* .. 1 kleine neger ..
* NETRIC SECURITY 2003
*
* includes:
* - Log functionality
* - Can run in background
*
* More options will be included in (if it depends on me) next versions
*
* <cliche>
*
* Special Thanks go to:
* gloomy, eSDee, ilja, ntronic
*
* Greets:
* atje, The_Itch, ThePike, Laurens, powerpork,
* psycoder, Remy, {}, Scrippie and whole #netric :)
*
* </cliche>
*
* If there are any questions/remarks or even bugs that you discovered,
* Please mail me at sacrine@netric.org
*
* Weetjes en Nieuwtjes:
*
* - Je bent gespuis als je niet af en toe samba(l) eet
* - The_Itch stemt SP
* - soul en gloomy zijn tegen een jointje op Rock Werchter
* - atje is gestopt met drinken
* - Xatr0z heeft wel degelijk de nederlandse nationaliteit
*
* Volgende keer weer meer nieuwtjes en weetjes uit Netric land,
* Tot ziens ;)
*
*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
#include <netdb.h>
#include <signal.h>
#include <errno.h>
#include <fcntl.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <sys/ioctl.h>
#include <getopt.h>
#include <linux/ip.h>
#include <linux/tcp.h>

#define LOG_SIZE 50
#define JUNK_SIZE 1024
#define BUF_SIZE 1024
#define PCKT_SIZE 65535

#define VERSION "Nagini v0.01"
#define BACKGROUND 0

struct
pckts_list
{
char p_size[PCKT_SIZE];
int bytes;
int from_lenght;
struct iphdr *ip;
struct tcphdr *tcp;
} pckts;

struct
ip_list
{
unsigned int ip_lenght:4;
unsigned int ip_version:4;
unsigned char ip_tos;
unsigned short ip_total_lenght;
unsigned short ip_id;
unsigned short ip_flags;
unsigned char ip_ttl;
unsigned char ip_protocol;
unsigned short ip_cksum;
unsigned int ip_source;
} ip;

struct
tcp_list
{
unsigned short tcp_source_port;
unsigned short tcp_dest_port;
unsigned int tcp_seqno;
unsigned int tcp_ackno;
unsigned int tcp_res1:4,
tcp_hlen:4,
tcp_fin:1,
tcp_syn:1,
tcp_rst:1,
tcp_psh:1,
tcp_ack:1,
tcp_urg:1,
tcp_res2:2;
unsigned short tcp_winsize;
unsigned short tcp_cksum;
unsigned short tcp_urgent;
} tcp;

int
bground(void)
{
pid_t dummy;
int fdescr;
int vorkje;

if((dummy = getppid()) != 1)
{
signal(SIGTTOU, SIG_IGN);
signal(SIGTTIN, SIG_IGN);
signal(SIGTSTP, SIG_IGN);

vorkje = fork();

if(vorkje < 0)
{
perror("fork()");
exit(-1);
}
if(vorkje > 0)
{
fprintf(stdout,"[+] Now running in background.. pid=[%u]\n\n",vorkje);
exit(0);
}
setpgrp();
fdescr=open("/dev/tty", O_RDWR);
if(fdescr >= 0)
{
ioctl(fdescr, TIOCNOTTY, (char *)NULL);
close(fdescr);
}
}
for(fdescr = 0;fdescr < 1024;fdescr++)
errno = 0;
chdir("/");
umask(0);
}

void
usage(char *x)
{
fprintf(stdout,"Usage: %s [l:Bvh]\n"
"\t-l\t-\tspecified logfile\n"
"\t-B\t-\trun in background\n"
"\t-v\t-\tdisplay version info\n"
"\t-h\t-\tshows this help function\n\n",x);
exit(0);
}

int
main(int c, char *v[])
{
char pfile[LOG_SIZE];
int opts;
int sock;
FILE *LOG=NULL;
static char junk[JUNK_SIZE];
static char buf[BUF_SIZE];
struct ip_list *iph;
struct tcp_list *tcph;
struct sockaddr_in ader;

short int sin_family;
unsigned short int sin_port;
struct in_addr sin_addr;
unsigned char sin_zero[8];

struct protoent *pe;
struct servent *pnr;
struct servent *pnr2;

char timebuf[50];

time_t curtime;
struct tm *loctime;
curtime = time (NULL);
loctime = localtime (&curtime);

int i;
int on=0;

fprintf(stdout,"\n%s TCP packetlogger by sacrine\n"
"NETRIC SECURITY 2003 - sacrine@netric.org\n\n",VERSION);

if (getuid() != 0)
{
fprintf(stderr,"This program requires root priviledges\n..aborting\n");
exit(-1);
}
else
{
fprintf(stdout,"[+] Logged in as root\n\n");
}
while((opts=getopt(c,v,"Bhl:v"))!=EOF)
{
switch(opts)
{
case 'l':
memset(pfile,0x00,sizeof(pfile));
strncpy(pfile,optarg,sizeof(pfile)-1);
LOG=fopen(pfile,"w+");
if(!LOG)
{
perror("file()");
exit(-1);
}
fprintf(stdout,"[+] Writing results to: %s\n",pfile);
break;
case 'B':
on=1;
break;
case 'v':
fprintf(stdout,"%s\n",VERSION);
break;
case 'h':
usage(v[0] == NULL ? "help function:" : v[0]);
exit(0);
break;
default:
break;
}
}

if(!LOG)
{
if(on)
{
fprintf(stderr,"Sorry, you need to specify a logfile with the -l option for this!\n"
"..Aborting\n\n");
exit(-1);
}
else
{
LOG = stdout;
}

}
else if(on && LOG)
{
bground();
}

if((sock=socket(AF_INET, SOCK_RAW, 0x06))<0)
{
perror("socket()");
exit(-1);
}

while(1)
{
pckts.from_lenght = sizeof ader;
memset(pckts.p_size,0x00,sizeof(pckts.p_size));
pckts.bytes = recvfrom( sock, pckts.p_size,
sizeof (pckts.p_size)-1, 0,
(struct sockaddr *)&ader, &pckts.from_lenght
);

memset(timebuf,0x00,sizeof(timebuf));
snprintf(timebuf,sizeof(timebuf)-1,"%s", asctime (loctime));

for(i = 0; i < sizeof(timebuf); i++) if (timebuf[i] == 0x0a) timebuf[i] = 0x00;
fprintf(LOG,"[%s]",timebuf);

fprintf(LOG," Recieved %d bytes from ", pckts.bytes);
fflush(LOG);
fprintf(LOG,"%s ", inet_ntoa(ader.sin_addr));
fflush(LOG);

(struct ip *) iph = (struct ip *)pckts.p_size;
pe = getprotobynumber(iph->ip_protocol);
if (pe == NULL)
{
perror("protocol()");
return(-1);
}
fprintf(LOG,"- IP hdr lenght=[%d] ", iph->ip_lenght);
fflush(LOG);
fprintf(LOG,"(%s)", pe->p_name);
fflush(LOG);

(struct tcp *) tcph = (struct tcp *)(pckts.p_size + (4*iph->ip_lenght));
pnr = getservbyport(tcph->tcp_source_port,pe->p_name);

if(pnr == NULL)
{
fprintf(LOG," src port:%d ",ntohs(tcph->tcp_source_port));
fflush(LOG);
}
else
{
fprintf(LOG," src port:%s ", pnr->s_name);
fflush(LOG);
}

pnr2 = getservbyport(tcph->tcp_dest_port,pe->p_name);

if(pnr2 == NULL)
{
fprintf(LOG," dest port:%d\n",ntohs(tcph->tcp_dest_port));
fflush(LOG);
}
else
{
fprintf(LOG," dest port:%s\n", pnr2->s_name);
fflush(LOG);
}
}

return(0);
}




Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close