{iCode}: Implementation of Packet sniffer. Program should identify header of each protocol. Use multi-core programming.

Program

#include<netinet/in.h>

#include<errno.h>

#include<netdb.h>

#include<stdio.h> //For standard things

#include<stdlib.h> //malloc

#include<string.h> //strlen

#include<netinet/ip_icmp.h> //Provides declarations for icmp header

#include<netinet/udp.h> //Provides declarations for udp header

#include<netinet/tcp.h> //Provides declarations for tcp header

#include<netinet/ip.h> //Provides declarations for ip header

#include<netinet/if_ether.h> //For ETH_P_ALL

#include<net/ethernet.h> //For ether_header

#include<sys/socket.h>

#include<arpa/inet.h>

#include<sys/ioctl.h>

#include<sys/time.h>

#include<sys/types.h>

#include<unistd.h>

#include<pthread.h>

#include<sched.h>

void ProcessPacket(unsigned char* , int);

void print_ip_header(unsigned char* , int);

void print_tcp_packet(unsigned char * , int );

void print_udp_packet(unsigned char * , int );

void print_icmp_packet(unsigned char* , int );

void PrintData (unsigned char* , int);

FILE *logfile;

struct sockaddr_in source,dest;

int tcp=0,udp=0,icmp=0,others=0,igmp=0,total=0,i,j,count=15;

int main()

{

int saddr_size , data_size;

struct sockaddr saddr;

unsigned char *buffer = (unsigned char *) malloc(65536);

logfile=fopen("log.txt","w");

if(logfile==NULL)

{

printf("Unable to create log.txt file.");

}

printf("Starting...\n");

int sock_raw = socket( AF_PACKET , SOCK_RAW , htons(ETH_P_ALL)) ;

if(sock_raw < 0)

{

//Print the error with proper message

perror("Socket Error");

return 1;

}

while(count>0)

{

saddr_size = sizeof saddr;

//Receive a packet

data_size = recvfrom(sock_raw , buffer , 65536 , 0 , &saddr , (socklen_t*)&saddr_size);

if(data_size <0 )

{

printf("Recvfrom error , failed to get packets\n");

return 1;

}

//Now process the packet

ProcessPacket(buffer , data_size);

count--;

}

close(sock_raw);

printf("\nFinished\n");

return 0;

}

void ProcessPacket(unsigned char* buffer, int size)

{

//Get the IP Header part of this packet , excluding the ethernet header

struct iphdr *iph = (struct iphdr*)(buffer + sizeof(struct ethhdr));

++total;

switch (iph->protocol) //Check the Protocol and do accordingly...

{

case 1: //ICMP Protocol

print_icmp_packet( buffer , size);

break;

case 2: //IGMP Protocol

++igmp;

break;

case 6: //TCP Protocol

print_tcp_packet(buffer , size);

break;

case 17: //UDP Protocol

print_udp_packet(buffer , size);

break;

default: //Some Other Protocol like ARP etc.

++others;

break;

}

printf("TCP : %d UDP : %d ICMP : %d IGMP : %d Others : %d Total : %d\r", tcp , udp , icmp , igmp , others , total);

}

void print_ethernet_header(unsigned char* Buffer, int Size)

{

struct ethhdr *eth = (struct ethhdr *)Buffer;

fprintf(logfile , "\n");

fprintf(logfile , "Ethernet Header\n");

fprintf(logfile , " |-Destination Address : %.2X-%.2X-%.2X-%.2X-%.2X-%.2X \n", eth->h_dest[0] , eth->h_dest[1] , eth->h_dest[2] , eth->h_dest[3] , eth->h_dest[4] , eth->h_dest[5] );

fprintf(logfile , " |-Source Address : %.2X-%.2X-%.2X-%.2X-%.2X-%.2X \n", eth->h_source[0] , eth->h_source[1] , eth->h_source[2] , eth->h_source[3] , eth->h_source[4] , eth->h_source[5] );

fprintf(logfile , " |-Protocol : %u \n",(unsigned short)eth->h_proto);

}

void print_ip_header(unsigned char* Buffer, int Size)

{

print_ethernet_header(Buffer , Size);

unsigned short iphdrlen;

struct iphdr *iph = (struct iphdr *)(Buffer + sizeof(struct ethhdr) );

iphdrlen =iph->ihl*4;

memset(&source, 0, sizeof(source));

source.sin_addr.s_addr = iph->saddr;

memset(&dest, 0, sizeof(dest));

dest.sin_addr.s_addr = iph->daddr;

fprintf(logfile , "\n");

fprintf(logfile , "IP Header\n");

fprintf(logfile , " |-IP Version : %d\n",(unsigned int)iph->version);

fprintf(logfile , " |-IP Header Length : %d DWORDS or %d Bytes\n",(unsigned int)iph->ihl,((unsigned int)(iph->ihl))*4);

fprintf(logfile , " |-Type Of Service : %d\n",(unsigned int)iph->tos);

fprintf(logfile , " |-IP Total Length : %d Bytes(Size of Packet)\n",ntohs(iph->tot_len));

fprintf(logfile , " |-Identification : %d\n",ntohs(iph->id));

fprintf(logfile , " |-TTL : %d\n",(unsigned int)iph->ttl);

fprintf(logfile , " |-Protocol : %d\n",(unsigned int)iph->protocol);

fprintf(logfile , " |-Checksum : %d\n",ntohs(iph->check));

fprintf(logfile , " |-Source IP : %s\n",inet_ntoa(source.sin_addr));

fprintf(logfile , " |-Destination IP : %s\n",inet_ntoa(dest.sin_addr));

}

void print_tcp_packet(unsigned char* Buffer, int Size)

{

cpu_set_t cpuset;

CPU_ZERO(&cpuset);

CPU_SET(0,&cpuset);

pthread_t current_thread =pthread_self();

pthread_setaffinity_np(current_thread , sizeof(cpu_set_t),&cpuset);

int s = pthread_getaffinity_np(current_thread, sizeof(cpu_set_t), &cpuset);

++tcp;

unsigned short iphdrlen;

struct iphdr *iph = (struct iphdr *)( Buffer + sizeof(struct ethhdr) );

iphdrlen = iph->ihl*4;

struct tcphdr *tcph=(struct tcphdr*)(Buffer + iphdrlen + sizeof(struct ethhdr));

int header_size = sizeof(struct ethhdr) + iphdrlen + tcph->doff*4;

fprintf(logfile , "\n\n***********************TCP Packet*************************\n");

print_ip_header(Buffer,Size);

fprintf(logfile , "\n");

fprintf(logfile , "TCP Header\n");

fprintf(logfile , " |-Source Port : %u\n",ntohs(tcph->source));

fprintf(logfile , " |-Destination Port : %u\n",ntohs(tcph->dest));

fprintf(logfile , " |-Sequence Number : %u\n",ntohl(tcph->seq));

fprintf(logfile , " |-Acknowledge Number : %u\n",ntohl(tcph->ack_seq));

fprintf(logfile , " |-Header Length : %d DWORDS or %d BYTES\n" ,(unsigned int)tcph->doff,(unsigned int)tcph->doff*4);

fprintf(logfile , " |-Urgent Flag : %d\n",(unsigned int)tcph->urg);

fprintf(logfile , " |-Acknowledgement Flag : %d\n",(unsigned int)tcph->ack);

fprintf(logfile , " |-Push Flag : %d\n",(unsigned int)tcph->psh);

fprintf(logfile , " |-Reset Flag : %d\n",(unsigned int)tcph->rst);

fprintf(logfile , " |-Synchronise Flag : %d\n",(unsigned int)tcph->syn);

fprintf(logfile , " |-Finish Flag : %d\n",(unsigned int)tcph->fin);

fprintf(logfile , " |-Window : %d\n",ntohs(tcph->window));

fprintf(logfile , " |-Checksum : %d\n",ntohs(tcph->check));

fprintf(logfile , " |-Urgent Pointer : %d\n",tcph->urg_ptr);

fprintf(logfile , "\n");

fprintf(logfile , " DATA Dump ");

fprintf(logfile , "\n");

fprintf(logfile , "IP Header\n");

PrintData(Buffer,iphdrlen);

fprintf(logfile , "TCP Header\n");

PrintData(Buffer+iphdrlen,tcph->doff*4);

fprintf(logfile , "Data Payload\n");

PrintData(Buffer + header_size , Size - header_size );

fprintf(logfile , "\nCPU Affinity: %d",sched_getcpu());

fprintf(logfile , "\n###########################################################");

}

void print_udp_packet(unsigned char *Buffer , int Size)

{

++udp;

cpu_set_t cpuset;

CPU_ZERO(&cpuset);

CPU_SET(1,&cpuset);

pthread_t current_thread =pthread_self();

pthread_setaffinity_np(current_thread , sizeof(cpu_set_t),&cpuset);

int s = pthread_getaffinity_np(current_thread, sizeof(cpu_set_t), &cpuset);

unsigned short iphdrlen;

struct iphdr *iph = (struct iphdr *)(Buffer + sizeof(struct ethhdr));

iphdrlen = iph->ihl*4;

struct udphdr *udph = (struct udphdr*)(Buffer + iphdrlen + sizeof(struct ethhdr));

int header_size = sizeof(struct ethhdr) + iphdrlen + sizeof udph;

fprintf(logfile , "\n\n***********************UDP Packet*************************\n");

print_ip_header(Buffer,Size);

fprintf(logfile , "\nUDP Header\n");

fprintf(logfile , " |-Source Port : %d\n" , ntohs(udph->source));

fprintf(logfile , " |-Destination Port : %d\n" , ntohs(udph->dest));

fprintf(logfile , " |-UDP Length : %d\n" , ntohs(udph->len));

fprintf(logfile , " |-UDP Checksum : %d\n" , ntohs(udph->check));

fprintf(logfile , "\n");

fprintf(logfile , "IP Header\n");

PrintData(Buffer , iphdrlen);

fprintf(logfile , "UDP Header\n");

PrintData(Buffer+iphdrlen , sizeof udph);

fprintf(logfile , "Data Payload\n");

//Move the pointer ahead and reduce the size of string

PrintData(Buffer + header_size , Size - header_size);

fprintf(logfile , "\nCPU Affinity: %d",sched_getcpu());

fprintf(logfile , "\n###########################################################");

}

void print_icmp_packet(unsigned char* Buffer , int Size)

{

unsigned short iphdrlen;

++icmp;

cpu_set_t cpuset;

CPU_ZERO(&cpuset);

CPU_SET(2,&cpuset);

pthread_t current_thread =pthread_self();

pthread_setaffinity_np(current_thread , sizeof(cpu_set_t),&cpuset);

int s = pthread_getaffinity_np(current_thread, sizeof(cpu_set_t), &cpuset);

struct iphdr *iph = (struct iphdr *)(Buffer + sizeof(struct ethhdr));

iphdrlen = iph->ihl * 4;

struct icmphdr *icmph = (struct icmphdr *)(Buffer + iphdrlen + sizeof(struct ethhdr));

int header_size = sizeof(struct ethhdr) + iphdrlen + sizeof icmph;

fprintf(logfile , "\n\n***********************ICMP Packet*************************\n");

print_ip_header(Buffer , Size);

fprintf(logfile , "\n");

fprintf(logfile , "ICMP Header\n");

fprintf(logfile , " |-Type : %d",(unsigned int)(icmph->type));

if((unsigned int)(icmph->type) == 11)

{

fprintf(logfile , " (TTL Expired)\n");

}

else if((unsigned int)(icmph->type) == ICMP_ECHOREPLY)

{

fprintf(logfile , " (ICMP Echo Reply)\n");

}

fprintf(logfile , " |-Code : %d\n",(unsigned int)(icmph->code));

fprintf(logfile , " |-Checksum : %d\n",ntohs(icmph->checksum));

//fprintf(logfile , " |-ID : %d\n",ntohs(icmph->id));

//fprintf(logfile , " |-Sequence : %d\n",ntohs(icmph->sequence));

fprintf(logfile , "\n");

fprintf(logfile , "IP Header\n");

PrintData(Buffer,iphdrlen);

fprintf(logfile , "UDP Header\n");

PrintData(Buffer + iphdrlen , sizeof icmph);

fprintf(logfile , "Data Payload\n");

//Move the pointer ahead and reduce the size of string

PrintData(Buffer + header_size , (Size - header_size) );

fprintf(logfile , "\nCPU Affinity: %d",sched_getcpu());

fprintf(logfile , "\n###########################################################");

}

void PrintData (unsigned char* data , int Size)

{

int i , j;

for(i=0 ; i < Size ; i++)

{

if( i!=0 && i%16==0) //if one line of hex printing is complete...

{

fprintf(logfile , " ");

for(j=i-16 ; j<i ; j++)

{

if(data[j]>=32 && data[j]<=128)

fprintf(logfile , "%c",(unsigned char)data[j]); //if its a number or alphabet

else fprintf(logfile , "."); //otherwise print a dot

}

fprintf(logfile , "\n");

}

if(i%16==0) fprintf(logfile , " ");

fprintf(logfile , " %02X",(unsigned int)data[i]);

if( i==Size-1) //print the last spaces

{

for(j =0;j<15-i%16;j++)

{

fprintf(logfile , " "); //extra spaces

}

fprintf(logfile , " ");

for(j=i-i%16 ; j<=i ; j++)

{

if(data[j]>=32 && data[j]<=128)

{

fprintf(logfile , "%c",(unsigned char)data[j]);

}

else

{

fprintf(logfile , ".");

}

fprintf(logfile , "\n" );

}

Output

[exam10@localhost ~]$ su

Password:

[root@localhost exam10]# g++ sniff.cpp -o sniff -pthread

[root@localhost exam10]# ./sniff

Starting...

TCP : 0 UDP : 562 ICMP : 0 IGMP : 0 Others : 45 ^CTotal : 606

[root@localhost 3205]#

log.txt

***********************UDP Packet*************************

Ethernet Header

|-Destination Address : FF-FF-FF-FF-FF-FF

|-Source Address : 44-37-E6-02-6D-1F

|-Protocol : 8

IP Header

|-IP Version : 4

|-IP Header Length : 5 DWORDS or 20 Bytes

|-Type Of Service : 0

|-IP Total Length : 78 Bytes(Size of Packet)

|-Identification : 11159

|-TTL : 64

|-Protocol : 17

|-Checksum : 40053

|-Source IP : 192.168.17.67

|-Destination IP : 192.168.31.255

UDP Header

|-Source Port : 137

|-Destination Port : 137

|-UDP Length : 58

|-UDP Checksum : 31826

IP Header

FF FF FF FF FF FF 44 37 E6 02 6D 1F 08 00 45 00 ......D7..m...E.

00 4E 2B 97 .N+.

UDP Header

00 00 40 11 9C 75 C0 A8 ..@..u..

Data Payload

80 14 01 10 00 01 00 00 00 00 00 00 20 46 48 46 €........... FHF

41 45 42 45 45 43 4F 43 41 43 41 43 41 43 41 43 AEBEECOCACACACAC

41 43 41 43 41 43 41 43 41 43 41 41 41 00 00 20 ACACACACACAAA..

00 01 ..

CPU Affinity: 1

###########################################################

***********************UDP Packet*************************

Ethernet Header

|-Destination Address : FF-FF-FF-FF-FF-FF

|-Source Address : 78-45-C4-27-7A-60

|-Protocol : 8

IP Header

|-IP Version : 4

|-IP Header Length : 5 DWORDS or 20 Bytes

|-Type Of Service : 0

|-IP Total Length : 210 Bytes(Size of Packet)

|-Identification : 22184

|-TTL : 128

|-Protocol : 17

|-Checksum : 15554

|-Source IP : 192.168.5.97

|-Destination IP : 192.168.31.255

UDP Header

|-Source Port : 138

|-Destination Port : 138

|-UDP Length : 190

|-UDP Checksum : 27094

IP Header

FF FF FF FF FF FF 78 45 C4 27 7A 60 08 00 45 00 ......xE.'z`..E.

00 D2 56 A8 ..V.

UDP Header

00 00 80 11 3C C2 C0 A8 ..€.<...

Data Payload

11 02 BA 5B C0 A8 05 61 00 8A 00 A8 00 00 20 45 ...[...a...... E

42 44 44 44 41 44 48 43 4E 45 44 45 50 45 4E 43 BDDDADHCNEDEPENC

4E 44 43 44 44 43 41 43 41 43 41 43 41 41 41 00 NDCDDCACACACAAA.

20 46 48 45 50 46 43 45 4C 45 48 46 43 45 50 46 FHEPFCELEHFCEPF

46 46 41 43 41 43 41 43 41 43 41 43 41 43 41 42 FFACACACACACACAB

4E 00 FF 53 4D 42 25 00 00 00 00 00 00 00 00 00 N..SMB%.........

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00 00 11 00 00 0E 00 00 00 00 00 00 00 00 00 E8 ................

03 00 00 00 00 00 00 00 00 0E 00 56 00 03 00 01 ...........V....

00 01 00 02 00 1F 00 5C 4D 41 49 4C 53 4C 4F 54 .......\MAILSLOT

5C 42 52 4F 57 53 45 00 02 00 41 33 30 37 2D 43 \BROWSE...A307-C

4F 4D 2D 32 33 00 OM-23.

CPU Affinity: 1

###########################################################

***********************UDP Packet*************************

Ethernet Header

|-Destination Address : FF-FF-FF-FF-FF-FF

|-Source Address : 30-85-A9-21-1C-94

|-Protocol : 8

IP Header

|-IP Version : 4

|-IP Header Length : 5 DWORDS or 20 Bytes

|-Type Of Service : 0

|-IP Total Length : 78 Bytes(Size of Packet)

|-Identification : 342

|-TTL : 128

|-Protocol : 17

|-Checksum : 38383

|-Source IP : 192.168.2.10

|-Destination IP : 192.168.31.255

UDP Header

|-Source Port : 137

|-Destination Port : 137

|-UDP Length : 58

|-UDP Checksum : 33512

IP Header

FF FF FF FF FF FF 30 85 A9 21 1C 94 08 00 45 00 ......0..!....E.

00 4E 01 56 .N.V

UDP Header

00 00 80 11 95 EF C0 A8 ..€.....

Data Payload

90 B2 01 10 00 01 00 00 00 00 00 00 20 45 4A 46 ............ EJF

44 45 42 46 45 45 42 46 41 43 41 43 41 43 41 43 DEBFEEBFACACACAC

41 43 41 43 41 43 41 43 41 43 41 41 41 00 00 20 ACACACACACAAA..

00 01 ..

CPU Affinity: 1

###########################################################

***********************UDP Packet*************************

Ethernet Header

|-Destination Address : FF-FF-FF-FF-FF-FF

|-Source Address : F0-4D-A2-FD-B2-E9

|-Protocol : 8

IP Header

|-IP Version : 4

|-IP Header Length : 5 DWORDS or 20 Bytes

|-Type Of Service : 0

|-IP Total Length : 96 Bytes(Size of Packet)

|-Identification : 50

|-TTL : 128

|-Protocol : 17

|-Checksum : 38376

|-Source IP : 192.168.3.35

|-Destination IP : 192.168.31.255

UDP Header

|-Source Port : 137

|-Destination Port : 137

|-UDP Length : 76

|-UDP Checksum : 25708

IP Header

FF FF FF FF FF FF F0 4D A2 FD B2 E9 08 00 45 00 .......M......E.

00 60 00 32 .`.2

UDP Header

00 00 80 11 95 E8 C0 A8 ..€.....

Data Payload

80 12 29 10 00 01 00 00 00 00 00 01 20 45 46 43 €.)......... EFC

47 46 45 45 44 43 41 43 41 43 41 43 41 43 41 43 GFEEDCACACACACAC

41 43 41 43 41 43 41 43 41 43 41 42 4F 00 00 20 ACACACACACABO..

00 01 C0 0C 00 20 00 01 00 04 93 E0 00 06 E0 00 ..... ..........

C0 A8 03 23 ...#

CPU Affinity: 1

###########################################################

***********************UDP Packet*************************

Ethernet Header

|-Destination Address : FF-FF-FF-FF-FF-FF

|-Source Address : F0-4D-A2-FD-B2-E9

|-Protocol : 8

IP Header

|-IP Version : 4

|-IP Header Length : 5 DWORDS or 20 Bytes

|-Type Of Service : 0

|-IP Total Length : 229 Bytes(Size of Packet)

|-Identification : 51

|-TTL : 128

|-Protocol : 17

|-Checksum : 38242

|-Source IP : 192.168.3.35

|-Destination IP : 192.168.31.255

UDP Header

|-Source Port : 138

|-Destination Port : 138

|-UDP Length : 209

|-UDP Checksum : 12882

IP Header

FF FF FF FF FF FF F0 4D A2 FD B2 E9 08 00 45 00 .......M......E.

00 E5 00 33 ...3

UDP Header

00 00 80 11 95 62 C0 A8 ..€..b..

Data Payload

11 0E 80 13 C0 A8 03 23 00 8A 00 BB 00 00 20 45 ..€....#...... E

45 46 44 46 41 44 41 44 45 43 41 43 41 43 41 43 EFDFADADECACACAC

41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACACA.

20 45 46 43 47 46 45 45 44 43 41 43 41 43 41 43 EFCGFEEDCACACAC

41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 42 ACACACACACACACAB

4E 00 FF 53 4D 42 25 00 00 00 00 00 00 00 00 00 N..SMB%.........

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00 00 11 00 00 21 00 00 00 00 00 00 00 00 00 E8 .....!..........

03 00 00 00 00 00 00 00 00 21 00 56 00 03 00 01 .........!.V....

00 00 00 02 00 32 00 5C 4D 41 49 4C 53 4C 4F 54 .....2.\MAILSLOT

5C 42 52 4F 57 53 45 00 01 00 C0 D4 01 00 44 53 \BROWSE.......DS

50 30 34 00 00 00 00 00 24 F5 13 00 02 00 05 01 P04.....$.......

03 10 00 00 0F 01 55 AA 00 ......U..

CPU Affinity: 1

###########################################################

***********************UDP Packet*************************

Ethernet Header

|-Destination Address : FF-FF-FF-FF-FF-FF

|-Source Address : 00-25-64-91-8D-25

|-Protocol : 8

IP Header

|-IP Version : 4

|-IP Header Length : 5 DWORDS or 20 Bytes

|-Type Of Service : 0

|-IP Total Length : 229 Bytes(Size of Packet)

|-Identification : 4330

|-TTL : 128

|-Protocol : 17

|-Checksum : 33911

|-Source IP : 192.168.3.87

|-Destination IP : 192.168.31.255

UDP Header

|-Source Port : 138

|-Destination Port : 138

|-UDP Length : 209

|-UDP Checksum : 45677

IP Header

FF FF FF FF FF FF 00 25 64 91 8D 25 08 00 45 00 .......%d..%..E.

00 E5 10 EA ....

UDP Header

00 00 80 11 84 77 C0 A8 ..€..w..

Data Payload

11 02 80 5B C0 A8 03 57 00 8A 00 BB 00 00 20 45 ..€[...W...... E

49 45 50 45 46 45 45 43 41 43 41 43 41 43 41 43 IEPEFEECACACACAC