Need help with Basic packet sniffer Identifying ARP and Broadcast pkts

I'm required to write a packet sniffer in the C programming language and Identify the Packet as IP, ARP, or Broadcast and count how many packets of each. I'm able to get IP packets identified and counted, but don't seem to be seeing any ARP or Broadcasts correctly or count them.

[code]
#define RETSIGTYPE void
#include
#include
#include
#include
#include
#include
#include
#include
#include

#ifndef setsignal_h
#define setsignal_h

RETSIGTYPE (*setsignal(int, RETSIGTYPE (*)(int)))(int);
#endif

/* Ethernet addresses are 6 bytes */
#define ETHER_ADDR_LEN 6
#define SIZE_ETHERNET 14
#define SIZE_IPHDR 20

/* Ethernet header */
struct sniff_ethernet {
u_char ether_dhost[ETHER_ADDR_LEN]; /* Destination host address */
u_char ether_shost[ETHER_ADDR_LEN]; /* Source host address */
u_short ether_type; /* IP? ARP? etc */
};

/* ARP packet */
struct sniff_arp {
u_short arp_hwtype;
u_short arp_proto;
u_char arp_addrlen;
u_char arp_protolen;
u_short arp_operation;
u_char arp_src[6];
u_char arp_src_proto_addr[4];
u_char arp_dst[6];
u_char arp_dst_proto_addr[4];
};

/* IP header */
struct sniff_ip {
u_char ip_vhl; /* version << 4 | header length >> 2 */
u_char ip_tos; /* type of service */
u_short ip_len; /* total length */
u_short ip_id; /* identification */
u_short ip_off; /* fragment offset field */
#define IP_RF 0x8000 /* reserved fragment flag */
#define IP_DF 0x4000 /* dont fragment flag */
#define IP_MF 0x2000 /* more fragments flag */
#define IP_OFFMASK 0x1fff /* mask for fragmenting bits */
u_char ip_ttl; /* time to live */
u_char ip_p; /* protocol */
u_short ip_sum; /* checksum */
u_char ip_src[4]; /* source port */
u_char ip_dst[4]; /* destination port */
// struct in_addr ip_src,ip_dst; /* source and dest address */
};

int nPackets = 1;
int nARP = 0;
int nIP = 0;
int nBroadcast = 0;


char cpre580f98[] = "netdump";

void raw_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p);

int packettype;

char *program_name;

/* Externs */
extern void bpf_dump(struct bpf_program *, int);

extern char *copy_argv(char **);

/* Forwards */
void program_ending(int);

/* Length of saved portion of packet. */
int snaplen = 1500;;

static pcap_t *pd;

extern int optind;
extern int opterr;
extern char *optarg;
int pflag = 0, aflag = 0;

int
main(int argc, char **argv)
{
int cnt, op, i, done = 0;
bpf_u_int32 localnet, netmask;
char *cp, *cmdbuf, *device;
struct bpf_program fcode;
void (*oldhandler)(int);
u_char *pcap_userdata;
char ebuf[PCAP_ERRBUF_SIZE];

cnt = -1;
device = NULL;

if ((cp = strrchr(argv[0], '/')) != NULL)
program_name = cp + 1;
else
program_name = argv[0];

opterr = 0;
while ((i = getopt(argc, argv, "pa")) != -1)
{
switch (i)
{
case 'p':
pflag = 1;
break;
case 'a':
aflag = 1;
break;
case '?':
default:
done = 1;
break;
}
if (done) break;
}
if (argc > (optind)) cmdbuf = copy_argv(&argv[optind]);
else cmdbuf = "";

if (device == NULL) {
device = pcap_lookupdev(ebuf);
if (device == NULL)
error("%s", ebuf);
}
pd = pcap_open_live(device, snaplen, 1, 1000, ebuf);
if (pd == NULL)
error("%s", ebuf);
i = pcap_snapshot(pd);
if (snaplen < i) {
warning("snaplen raised from %d to %d", snaplen, i);
snaplen = i;
}
if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) {
localnet = 0;
netmask = 0;
warning("%s", ebuf);
}
/*
* Let user own process after socket has been opened.
*/
setuid(getuid());

if (pcap_compile(pd, &fcode, cmdbuf, 1, netmask) < 0)
error("%s", pcap_geterr(pd));

(void)setsignal(SIGTERM, program_ending);
(void)setsignal(SIGINT, program_ending);
/* Cooperate with nohup(1) */
if ((oldhandler = setsignal(SIGHUP, program_ending)) != SIG_DFL)
(void)setsignal(SIGHUP, oldhandler);

if (pcap_setfilter(pd, &fcode) < 0)
error("%s", pcap_geterr(pd));
pcap_userdata = 0;
(void)fprintf(stderr, "%s: listening on %s
", program_name, device);
if (pcap_loop(pd, cnt, raw_print, pcap_userdata) < 0) {
(void)fprintf(stderr, "%s: pcap_loop: %s
",
program_name, pcap_geterr(pd));
exit(1);
}
pcap_close(pd);
exit(0);
}

/* routine is executed on exit */
void program_ending(int signo)
{
struct pcap_stat stat;

if (pd != NULL && pcap_file(pd) == NULL) {
(void)fflush(stdout);
putc('
', stderr);
if (pcap_stats(pd, &stat) < 0)
(void)fprintf(stderr, "pcap_stats: %s
",
pcap_geterr(pd));
else {
printf("Statistics:
_________________________________________________
");
printf("Packet Counts:
");
printf("ARP......%d
",nARP);
printf("IP.......%d
",nIP);
printf("BRDCST...%d

",nBroadcast);
printf("

");
(void)fprintf(stderr, "%d packets received by filter
",stat.ps_recv);
(void)fprintf(stderr, "%d packets dropped by kernel
",stat.ps_drop);
}
}
exit(0);
}

/* Like default_print() but data need not be aligned */
void
default_print_unaligned(register const u_char *cp, register u_int length)
{
register u_int i, s;
register int nshorts;

nshorts = (u_int) length / sizeof(u_short);
i = 0;
while (--nshorts >= 0) {
if ((i++ % 8) == 0)
(void)printf("
");
s = *cp++;
(void)printf(" %02x%02x", s, *cp++);
}
if (length & 1) {
if ((i % 8) == 0)
(void)printf("
");
(void)printf(" %02x", *cp);
}
}

/*
* By default, print the packet out in hex.
*/
void
default_print(register const u_char *bp, register u_int length)
{
register const u_short *sp;
register u_int i;
register int nshorts;

if ((long)bp & 1) {
default_print_unaligned(bp, length);
return;
}
sp = (u_short *)bp;
nshorts = (u_int) length / sizeof(u_short);
i = 0;
while (--nshorts >= 0) {
if ((i++ % 8) == 0)
(void)printf("
");
(void)printf(" %04x", ntohs(*sp++));
}
if (length & 1) {
if ((i % 8) == 0)
(void)printf("
");
(void)printf(" %02x", *(u_char *)sp);
}
}

/*
insert your code in this routine

*/

void raw_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
{


/* declare pointers to packet headers */
const struct sniff_ethernet *ethernet; /* The ethernet header */
const struct sniff_arp *arp; /* The arp packet */
const struct sniff_ip *ip; /* The IP header */
char *payload; /* Packet payload */
char data[1480];
int shoPayload = 0;

ethernet = (struct sniff_ethernet*)(p);

//decode ethernet packet header
u_short type;
int i=0, bcst=1;
u_char test;
//short bcast = "ff";
printf("Ethernet Header
---------------------------
");
printf("Src: %02x:%02x:%02x:%02x:%02x:%02x
", ethernet->ether_shost[0],ethernet->ether_shost[1],ethernet->ether_shost[2],ethernet->ether_shost[3],ethernet->ether_shost[4],ethernet->ether_shost[5]);
printf("Dst: %02x:%02x:%02x:%02x:%02x:%02x
", ethernet->ether_dhost[0],ethernet->ether_dhost[1],ethernet->ether_dhost[2],ethernet->ether_dhost[3],ethernet->ether_dhost[4],ethernet->ether_dhost[5]);


while (i < 6) {
printf("%x:",(u_char *)ethernet->ether_dhost[i]);
if ("ff" != ethernet->ether_dhost[i]) {
printf("%x:",ethernet->ether_dhost[i]);
bcst = 0;
//bcst ++;
//nBroadcast++;
//printf("Broadcast
");
}
i++;
}
if (bcst == 1) {
nBroadcast++;
printf("Broadcast
");
}

type = ntohs(ethernet->ether_type);
printf("
Type: 0x%x
", type);

switch (type) {
case 0x806:
//decode ARP packet header
arp = (struct sniff_arp*)(p + SIZE_ETHERNET);
printf("Payload = ARP
");
printf("
ARP Decode
-------------------
");
printf(" HW type: %04x
", arp->arp_hwtype);
printf(" Proto type: %04x
", arp->arp_proto);
printf(" HW Addr Len: %02x
", arp->arp_addrlen);
printf(" Proto Len: %02x
", arp->arp_protolen);
printf(" Src: %02x:%02x:%02x:%02x:%02x:%02x
", arp->arp_src[0],arp->arp_src[1],arp->arp_src[2],arp->arp_src[3],arp->arp_src[4],arp->arp_src[5]);
printf(" Dst: %02x:%02x:%02x:%02x:%02x:%02x
", arp->arp_dst[0],arp->arp_dst[1],arp->arp_dst[2],arp->arp_dst[3],arp->arp_dst[4],arp->arp_dst[5]);
//printf(" Src IP: %d.%d.%d.%d
", arp->arp_src_proto_addr[0],arp->arp_src_proto_addr[1],arp->arp_src_proto_addr[2],arp->arp_src_proto_addr[3]);
//printf(" Dst IP: %d.%d.%d.%d
", arp->arp_dst_proto_addr[0],arp->arp_dst_proto_addr[1],arp->arp_dst_proto_addr[2],arp->arp_dst_proto_addr[3]);
nARP++;
break;
case 0x800:
//decode IP packet header
ip = (struct sniff_ip*)(p + SIZE_ETHERNET);
printf("Payload = IP
");
printf("
IP Header
-------------------
");
printf(" Src: %d.%d.%d.%d
", ip->ip_src[0],ip->ip_src[1],ip->ip_src[2],ip->ip_src[3]);
printf(" Dst: %d.%d.%d.%d
", ip->ip_dst[0],ip->ip_dst[1],ip->ip_dst[2],ip->ip_dst[3]);
printf(" IP Version: %x
", (ip->ip_vhl) >> 4);
//printf(" Header Len: %x
",(ip->ip_vhl) & 0x0F);
//printf(" TOS: %x
", ip->ip_tos);
printf(" Length: %d
", ntohs(ip->ip_len));
//printf(" Packet ID: %d
", ntohs(ip->ip_id));
//printf(" Offset: %d
", ntohs(ip->ip_off) & 0x1fff);
//printf(" TTL: %d
", ip->ip_ttl);
//printf(" Checksum: %d
", ntohs(ip->ip_sum));
nIP++;
break;
}
u_int length = h->len;
u_int caplen = h->caplen;
default_print(p, caplen);
putchar('
');
}
[/code]

Any help is greatly appreciated.

Thanks,
JW
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories