what you don't know can hurt you

katsniff.c

katsniff.c
Posted Nov 16, 2006
Authored by Kris Katterjohn

A simple ICMP/TCP/UDP packet sniffer that was written for and tested on Linux.

tags | tool, udp, sniffer, tcp
systems | linux
MD5 | 047cbc79c160dd2b932a853e25639043

katsniff.c

Change Mirror Download
/* katsniff.c - simple ICMP|TCP|UDP packet sniffer
*
* By Kris Katterjohn 2006
*
* This is based on some *old* code of mine. I just picked it up to refresh
* myself on pcap.
*
* It was written for and tested on Linux, but it should work on other OSs with
* (or possibly without) a little modification. It also wouldn't be too hard to
* add support for other interface types and protocols.
*
* Some of the code is kinda harsh.
*
* # cc katsniff.c -okatsniff -lpcap
*
*/

#define _BSD_SOURCE

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <stdarg.h>
#include <signal.h>
#include <setjmp.h>
#include <time.h>
#include <pcap.h>
#include <netdb.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/ether.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>

static int resolve = 1;
static pcap_t *handle;
static jmp_buf jump;

static void die(const char *fmt, ...)
{
va_list ap;

va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
va_end(ap);

fprintf(stderr, "\n");

exit(1);
}

static void printUsage(void)
{
printf("Usage: katsniff [-i <interface>] [-d]\n\n");
printf(" -d Don't resolve hostnames\n");
printf(" -i <iface> Listen on <iface> instead of eth0\n\n");

exit(1);
}

static void caughtsig(int sig)
{
struct pcap_stat stats;

pcap_stats(handle, &stats);

printf("\n%d packets received by filter", stats.ps_recv);
printf("\n%d packets dropped by kernel\n", stats.ps_drop);

longjmp(jump, 1);
}

static char *lookuphost(struct in_addr *addr)
{
struct hostent *host = NULL;

if (resolve)
host = gethostbyaddr((char *) addr, sizeof *addr, AF_INET);

return strdup(host ? host->h_name : inet_ntoa(*addr));
}

static void printIcmp(struct ip *ip, struct icmp *icmp)
{
char *strs[] = {
"ECHO REPLY", NULL, NULL, "DESTINATION UNREACHABLE",
"SOURCE QUENCH", "REDIRECT", NULL, NULL, "ECHO REQUEST",
NULL, NULL, "TTL EXCEEDED", "PARAMETER PROBLEM",
"TIMESTAMP REQUEST", "TIMESTAMP REPLY", "INFO REQUEST",
"INFO REPLY", "ADDRESS MASK REQUEST", "ADDRESS MASK REPLY"
};

icmp->icmp_cksum = ntohs(icmp->icmp_cksum);
icmp->icmp_id = ntohs(icmp->icmp_id);
icmp->icmp_seq = ntohs(icmp->icmp_seq);

printf("%s -> ", lookuphost(&ip->ip_src));
printf("%s icmp ", lookuphost(&ip->ip_dst));

if (icmp->icmp_type < (sizeof strs / sizeof *strs) && strs[icmp->icmp_type])
printf("%s ", strs[icmp->icmp_type]);
else
printf("%d ", icmp->icmp_type);

printf("chksum %d ", icmp->icmp_cksum);

if (icmp->icmp_id)
printf("id %d ", icmp->icmp_id);

if (icmp->icmp_seq)
printf("seq %d ", icmp->icmp_seq);
}

static void printTcp(struct ip *ip, struct tcphdr *tcp)
{
char *tcpflags[8] = { "FIN", "SYN", "RST", "PSH", "ACK", "URG", "ECE", "CWR" };
int i, usedfl = 0;

tcp->th_sport = ntohs(tcp->th_sport);
tcp->th_dport = ntohs(tcp->th_dport);
tcp->th_seq = ntohl(tcp->th_seq);
tcp->th_ack = ntohl(tcp->th_ack);
tcp->th_win = ntohs(tcp->th_win);
tcp->th_sum = ntohs(tcp->th_sum);

printf("%s:%d -> ", lookuphost(&ip->ip_src), tcp->th_sport);
printf("%s:%d tcp ", lookuphost(&ip->ip_dst), tcp->th_dport);

for (i = 0; i < 8; i++)
if (tcp->th_flags & 1 << i) {
if (usedfl++)
putchar('/');
printf(tcpflags[i]);
}

putchar(' ');

if (tcp->th_flags & TH_SYN)
printf("seq %u ", tcp->th_seq);

if (tcp->th_flags & TH_ACK)
printf("ack %u ", tcp->th_ack);

if (tcp->th_win)
printf("win %d ", tcp->th_win);

printf("chksum %d", tcp->th_sum);
}

static void printUdp(struct ip *ip, struct udphdr *udp)
{
udp->uh_sport = ntohs(udp->uh_sport);
udp->uh_dport = ntohs(udp->uh_dport);
udp->uh_ulen = ntohs(udp->uh_ulen);
udp->uh_sum = ntohs(udp->uh_sum);

printf("%s:%d -> ", lookuphost(&ip->ip_src), udp->uh_sport);
printf("%s:%d udp ", lookuphost(&ip->ip_dst), udp->uh_dport);

printf("len %d chksum %d", udp->uh_ulen, udp->uh_sum);
}

static void printTime(time_t secs)
{
char timebuf[22];

strftime(timebuf, 22, "%m/%d/%Y %H:%M:%S: ", localtime(&secs));
printf("%s", timebuf);
}

static void callback(unsigned char *args, const struct pcap_pkthdr *hdr,
const unsigned char *pkt)
{
struct ip *ip = (struct ip *) (pkt + sizeof(struct ether_header));
char *nexthdr = (char *) ip + sizeof *ip;

printTime(hdr->ts.tv_sec);

if (ip->ip_p == IPPROTO_ICMP)
printIcmp(ip, (struct icmp *) nexthdr);
else if (ip->ip_p == IPPROTO_TCP)
printTcp(ip, (struct tcphdr *) nexthdr);
else if (ip->ip_p == IPPROTO_UDP)
printUdp(ip, (struct udphdr *) nexthdr);

putchar('\n');
fflush(0);
}

int main(int argc, char **argv)
{
int c;
char *dev = "eth0";
char errbuf[PCAP_ERRBUF_SIZE];
struct bpf_program filter;
bpf_u_int32 mask, net;

printf("katsniff by Kris Katterjohn\n\n");

if (geteuid())
die("You need root privileges!");

while ((c = getopt(argc, argv, "di:")) != -1) {
switch (c) {
case 'd':
resolve = 0;
break;
case 'i':
dev = optarg;
break;
default:
printUsage();
break;
}
}

if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1)
die(errbuf);

if (!(handle = pcap_open_live(dev, BUFSIZ, 1, 0, errbuf)))
die(errbuf);

if (pcap_datalink(handle) != DLT_EN10MB)
die("Only supports ethernet");

if (pcap_compile(handle, &filter, "icmp or tcp or udp", 1, net) == -1)
die(pcap_geterr(handle));

if (pcap_setfilter(handle, &filter) == -1)
die(pcap_geterr(handle));

signal(SIGHUP, caughtsig);
signal(SIGINT, caughtsig);
signal(SIGQUIT, caughtsig);
signal(SIGTERM, caughtsig);

if (!setjmp(jump))
pcap_loop(handle, -1, callback, 0);

pcap_close(handle);

return 0;
}

Login or Register to add favorites

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    11 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close