/* http://www.anticode.com for the latest exploits, tools and documents! */
/* ipl.c 1/3/95 by loq */
/* monitors ip packets for Linux */
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <linux/if.h>
#include <signal.h>
#include <stdio.h>
#include <linux/socket.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/if_ether.h>
#define BUFLEN 8192
#define ETHLINKHDR 14
print_data(int count, char *buff)
{
int i,j,c;
int printnext=1;
if(count)
{
if(count%16)
c=count+(16-count%16);
else c=count;
}
else
c=count;
for(i=0;i<c;i++)
{
if(printnext) { printnext--; printf("%.4x ",i&0xffff); }
if(i<count)
printf("%3.2x",buff[i]&0xff);
else
printf(" ");
if(!((i+1)%8))
if((i+1)%16)
printf(" -");
else
{
printf(" ");
for(j=i-15;j<=i;j++)
if(j<count) {
if( (buff[j]&0xff) >= 0x20 &&
(buff[j]&0xff)<=0x7e)
printf("%c",buff[j]&0xff);
else printf(".");
} else printf(" ");
printf("\n"); printnext=1;
}
}
}
int
initdevice(device, pflag)
char *device;
int pflag;
{
#define PROTO htons(0x0800) /* Ethernet code for IP protocol */
int if_fd=0;
struct ifreq ifr;
if ( (if_fd=socket(AF_INET,SOCK_PACKET,PROTO)) < 0 ) {
perror("Can't get socket");
exit(2);
}
strcpy(ifr.ifr_name, device); /* interface we're gonna use */
if( ioctl(if_fd, SIOCGIFFLAGS, &ifr) < 0 ) { /* get flags */
close(if_fd);
perror("Can't get flags");
exit(2);
}
#if 1
if ( pflag )
ifr.ifr_flags |= IFF_PROMISC; /* set promiscuous mode */
else
ifr.ifr_flags &= ~(IFF_PROMISC);
#endif
if( ioctl(if_fd, SIOCSIFFLAGS, &ifr) < 0 ) { /* set flags */
close(if_fd);
perror("Can't set flags");
exit(2);
}
return if_fd;
}
struct etherpacket {
struct ethhdr eth;
struct iphdr ip;
struct tcphdr tcp;
char data[8192];
};
main()
{
int linktype;
int if_eth_fd=initdevice("eth0",1);
#if 0
int if_ppp_fd=initdevice("sl0",1);
#endif
struct etherpacket ep;
struct sockaddr dest;
struct iphdr *ip;
struct tcphdr *tcp;
struct timeval timeout;
fd_set rd,wr;
int dlen;
#if 0
struct slcompress *slc=slhc_init(64,64);
#endif
for(;;)
{
bzero(&dest,sizeof(dest));
dlen=0;
FD_ZERO(&rd);
FD_ZERO(&wr);
FD_SET(if_eth_fd,&rd);
#if 0
FD_SET(if_ppp_fd,&rd);
#endif
timeout.tv_sec=0;
timeout.tv_usec=0;
ip=(struct iphdr *)(((unsigned long)&ep.ip)-2);
tcp=(struct tcphdr *)(((unsigned long)&ep.tcp)-2);
while(timeout.tv_sec==0 && timeout.tv_usec==0)
{
timeout.tv_sec=10;
timeout.tv_usec=0;
select(20,&rd,&wr,NULL,&timeout);
if(FD_ISSET(if_eth_fd,&rd))
{
printf("eth\n");
recvfrom(if_eth_fd,&ep,sizeof(ep),0,&dest,&dlen);
}
#if 0
else
if(FD_ISSET(if_ppp_fd,&rd))
{
recvfrom(if_ppp_fd,&ep,sizeof(ep),0,&dest,&dlen);
printf("ppp\n");
}
#endif
}
printf("proto: %.4x",ntohs(ep.eth.h_proto));
#if 0
if(ep.eth.h_proto==ntohs(8053))
{
slhc_uncompress(slc,&ep,sizeof(ep));
}
#endif
if(ep.eth.h_proto==ntohs(ETH_P_IP))
{
printf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x->",
ep.eth.h_source[0],ep.eth.h_source[1],
ep.eth.h_source[2],ep.eth.h_source[3],
ep.eth.h_source[4],ep.eth.h_source[5]);
printf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x ",
ep.eth.h_dest[0],ep.eth.h_dest[1],
ep.eth.h_dest[2],ep.eth.h_dest[3],
ep.eth.h_dest[4],ep.eth.h_dest[5]);
printf("%s[%d]->",inet_ntoa(ip->saddr),ntohs(tcp->source));
printf("%s[%d]\n",inet_ntoa(ip->daddr),ntohs(tcp->dest));
print_data(htons(ip->tot_len)-sizeof(ep.ip)-sizeof(ep.tcp),
ep.data-2);
}
}
}
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
