sniffer.cpp

   1 // Copyright (c) 2012, Miriam Ruiz <miriam@debian.org>. All rights reserved.
   2 //
   3 // Redistribution and use in source and binary forms, with or without
   4 // modification, are permitted provided that the following conditions are met:
   5 //
   6 //  1. Redistributions of source code must retain the above copyright notice,
   7 //     this list of conditions and the following disclaimer.
   8 //
   9 //  2. Redistributions in binary form must reproduce the above copyright
  10 //     notice, this list of conditions and the following disclaimer in the
  11 //     documentation and/or other materials provided with the distribution.
  12 //
  13 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER "AS IS", AND ANY EXPRESS
  14 // OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  15 // OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN
  16 // NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY
  17 // DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  18 // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  19 // LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  20 // ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  21 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  22 // THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  23
  24 #include "sniffer.h"
  25 #include "headers.h"
  26 #include "ip_port_connection.h"
  27
  28 #include <pcap.h>
  29
  30 #include <stdlib.h>
  31 #include <stdio.h>
  32 #include <string.h>
  33
  34 #include <sys/socket.h>
  35 #include <arpa/inet.h>
  36 #include <net/ethernet.h>
  37 #include <netinet/ip_icmp.h>
  38 #include <netinet/udp.h>
  39 #include <netinet/tcp.h>
  40 #include <netinet/ip.h>
  41 #include <net/if_arp.h>
  42
  43 using namespace filter;
  44
  45 void Sniffer::loop(const char* devname) {
  46         printf("Opening device %s for sniffing ... " , devname);
  47
  48         pcap_t* handle; // Handle of the device that shall be sniffed
  49         char errbuf[100];
  50
  51         // Open device for sniffing
  52         handle = pcap_open_live(devname , 65536 , 1 , 0 , errbuf);
  53
  54         if (handle == NULL)
  55         {
  56                 fprintf(stderr, "Couldn't open device %s : %s\n" , devname , errbuf);
  57                 exit(1);
  58         }
  59
  60         printf("Sniffing...\n");
  61
  62         // Put the device in sniff loop
  63         pcap_loop(handle, -1, process_packet, (u_char*)this);
  64 }
  65
  66 void Sniffer::newPacket(const unsigned char * buffer, int size) {
  67         // Create list of headers from buffer
  68         EthernetHeader first_header(buffer, size);
  69
  70         // Find the last header
  71         AbstractHeader *last_header = &first_header;
  72         AbstractHeader *header = last_header;
  73         do {
  74                 last_header = header;
  75                 //std::cout << *header << std::endl;
  76         } while (NULL != (header = header->getNextHeader()));
  77
  78         // Print headers in reverse order
  79         const AbstractHeader *payload_data = NULL; (void)payload_data;
  80         const AbstractHeader *transport_header = NULL; (void)transport_header;
  81         const AbstractHeader *network_layer = NULL; (void)network_layer;
  82         for (const AbstractHeader *h = last_header; h != NULL; h = h->getPreviousHeader() ) {
  83                 if (!transport_header && (h->getLayers() | PAYLOAD_DATA) != 0)
  84                                 payload_data = h;
  85
  86                 if (!transport_header) {
  87                         if ((h->getLayers() | TRANSPORT_LAYER) != 0)
  88                                 transport_header = h;
  89                 } else if (!network_layer) {
  90                         if ((h->getLayers() | NETWORK_LAYER) != 0)
  91                                 network_layer = h;
  92                 }
  93
  94                 std::cout << "<< " << *h << std::endl;
  95         }
  96 }
  97
  98 void Sniffer::process_packet(u_char* arg, const struct pcap_pkthdr * header, const u_char * buffer) {
  99         Sniffer *sniffer = (Sniffer *)arg;
 100         int size = header->len;
 101         sniffer->newPacket(buffer, size);
 102         std::cout << "     ----------" << std::endl;
 103 }
 104
 105 void Sniffer::printConnections(std::ostream& out) {
 106         for (ConnectionStatusMap::const_iterator it = connections.begin(); it != connections.end(); it++) {
 107                 const Connection & key = it->first; (void) key;
 108                 const Status & value = it->second; (void) value;
 109                 out << key << std::endl;
 110         }
 111 }