|
***************************************************************************
* Copyright (C) 2010 by Velan. *
* vlabs.c@gmail.com *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the *
* Free Software Foundation, Inc., *
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
***************************************************************************/
// 0.0.5 - included ethernet header, modified ARP header, changing APR processing by including ntohs; etc
// dependencies - libpcap -> tcpdump.org
// compilation - g++ arp_sniff.cc -o arp_sniff -lpcap -w
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
//#include <iostream>
//#include <cstdlib>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
//#include <features.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/tcp.h>
#include <pcap.h>
using namespace std;
void List_Devices();
void Sniff_Device(char *Device);
void Got_ARP_Packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet);
// Ethernet header
typedef u_int32_t tcp_seq;
main(int argc, char *argv[])
{
//printf("Shellcode detector. \n");
char *ArgDevice;
ArgDevice = (char*)malloc(256);
bzero(ArgDevice, 256);
printf("Sniffer Lite. by Velan. vlabs.c@gmail.com\nThis module contains the ARPSniffer.\n");
if(argc < 2)
{
printf("\nUsage: %s [ld] [device name]\narg\t\tfunction\n", argv[0]);
printf("-l\t\tlisting available devices\n");
printf("-d\t\tuse default device\n");
printf("\n");
exit(0);
}
else if(strncmp(argv[1], "-l", 2) == 0)
{
List_Devices();
}
else if(strncmp(argv[1], "-d", 2) == 0)
{
printf("Selecting default device. ");
snprintf(ArgDevice, 3, "%s", "-d");
Sniff_Device(ArgDevice);
}
else if(argc == 2 && strncmp(argv[1], "-l", 2) != 0 && strncmp(argv[1], "-d", 2) != 0)
{
snprintf(ArgDevice, 256, "%s", argv[1]);
Sniff_Device(ArgDevice);
}
}
void List_Devices()
{
pcap_if_t *All_Devices_SP, *d;
int ret = 0;
char pcap_errbuf[PCAP_ERRBUF_SIZE];
printf("Listing available devices.\n");
ret = pcap_findalldevs(&All_Devices_SP, pcap_errbuf);
if(ret == -1)
{
printf("Error in looking up all available devices. %s\n", pcap_errbuf);
exit(-1);
}
printf("\n----------------------------\nDevice\t\tDescription\n----------------------------\n");
for(d = All_Devices_SP; d; d = d->next)
{
printf("%s\t\t%s\n", d->name, d->description);
}
printf("\n");
exit(0);
}
void Sniff_Device(char *Device)
{
char *dev = NULL;
char pcap_errbuf[PCAP_ERRBUF_SIZE];
const u_char *packet = NULL;
int ret = 0, i = 0;
unsigned int ts = 0;
pcap_t *pcap_handle;
bpf_u_int32 pcap_device_mask;
bpf_u_int32 pcap_device_ip;
struct pcap_pkthdr header;
struct bpf_program filter;
dev = (char*) malloc(256);
if(strncmp(Device, "-d", 2) == 0)
{
dev = pcap_lookupdev(pcap_errbuf);
printf("Default device: %s, ", dev);
}
else
{
snprintf(dev, 256, "%s", Device);
}
if(dev == NULL)
{
printf("Error in looking up default device. %s\n", pcap_errbuf);
exit(0);
}
ret = pcap_lookupnet(dev, &pcap_device_ip, &pcap_device_mask, pcap_errbuf);
if(ret == -1)
{
printf("Error in lookup device. %s\n", pcap_errbuf);
exit(0);
}
printf("opening the device %s for sniffing\n", dev);
// print sniffing IP - start
ts = pcap_device_ip;
ts = (ts << 24) >> 24;
printf("Sniffing device IP: %u.", ts);
ts = pcap_device_ip;
ts = (ts << 16) >> 24;
printf("%u.", ts);
ts = pcap_device_ip;
ts = (ts << 8) >> 24;
printf("%u.", ts);
ts = pcap_device_ip;
ts = (ts >> 24);
printf("%u, ", ts);
// print sniffing IP - end
// print sniffing IP Mask - start
ts = pcap_device_mask;
ts = (ts << 24) >> 24;
printf("Mask: %u.", ts);
ts = pcap_device_mask;
ts = (ts << 16) >> 24;
printf("%u.", ts);
ts = pcap_device_mask;
ts = (ts << 8) >> 24;
printf("%u.", ts);
ts = pcap_device_mask;
ts = (ts >> 24);
printf("%u\n", ts);
// print sniffing IP Mask - end
printf("\n\n");
pcap_handle = pcap_open_live(dev, 1000, 0, 10000, pcap_errbuf);
if(pcap_handle == NULL){ printf("Error!\n"); }
pcap_compile(pcap_handle, &filter, "arp", 1, pcap_device_mask); // create filter to grab only ARP
pcap_setfilter(pcap_handle, &filter); // apply the filter to the handle
printf("______________________________________________________\n\n");
pcap_loop(pcap_handle, -1, Got_ARP_Packet, NULL); // -1 means unlimited packet
}
void Got_ARP_Packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
typedef struct EthernetHeader_StructMain{
u_char DestinationMACAddress[6];
u_char SourceMACAddress[6];
u_short Type;
}Struct_EthernetHeader; // 14 bytes
typedef struct ARPHeader_StructMain{
u_int16_t HardwareType; // hardware type
u_int16_t ProtocolType; // protocol type
u_char HardwareAddressLength; // harware address length
u_char ProtocolAddressLength; // protocol address length
u_int16_t Opcode; // opcode - request, reply, re request
u_char SourceHardwareAddress[6]; // source MAC address
u_char SourceProtocolAddress[4]; // source IP address
u_char DestinationHardwareAddress[6]; // target MAC address
u_char DestinationProtocolAddress[4]; // target IP address
}Struct_ARPHeader; // 28 bytes
unsigned int ts = 0, j = 0 ;
u_int16_t HardwareType_Host = 0, ProtocolType_Host = 0, Opcode_Host = 0;
u_char HardwareAddressLength_Host = 0, ProtocolAddressLength_Host = 0;
Struct_EthernetHeader *EthernetHeader = NULL;
Struct_ARPHeader *ARPHeader = NULL;
bzero(&EthernetHeader, sizeof(Struct_EthernetHeader));
bzero(&ARPHeader, sizeof(Struct_ARPHeader));
EthernetHeader = (Struct_EthernetHeader *) packet;
ARPHeader = (Struct_ARPHeader *) (packet+14);
HardwareType_Host = ntohs(ARPHeader->HardwareType);
ProtocolType_Host = ntohs(ARPHeader->ProtocolType);
Opcode_Host = ntohs(ARPHeader->Opcode);
HardwareAddressLength_Host = ARPHeader->HardwareAddressLength;
ProtocolAddressLength_Host = ARPHeader->ProtocolAddressLength;
// print Ethernet header - 14 bytes - start
printf("Ethernet packet - Frame II: ");
// print source MAC address
for(j = 0; j < 6; j++)
{
//printf("(%u, %02X)", ARPHeader->SourceHardwareAddress[j], ARPHeader->SourceHardwareAddress[j]);
printf("%02X", EthernetHeader->SourceMACAddress[j]);
if(j != 5){ printf(":"); }
}
printf(" > ");
// print destination MAC address
for(j = 0; j < 6; j++)
{
//printf("(%u, %02X)", ARPHeader->SourceHardwareAddress[j], ARPHeader->SourceHardwareAddress[j]);
printf("%02X", EthernetHeader->DestinationMACAddress[j]);
if(j != 5){ printf(":"); }
}
// print Ethernet type
printf(", Type: 0x%X", ntohs(EthernetHeader->Type));
// print Ethernet header - 14 bytes - end
printf("\n");
// print ARP header - 28 bytes - start
printf("ARP Header: ");
// print source ip address
for(j = 0; j < 4; j++)
{
printf("%d", ARPHeader->SourceProtocolAddress[j]);
if(j != 3){ printf("."); }
}
printf(" > ");
// print target ip address
for(j = 0; j < 4; j++)
{
printf("%d", ARPHeader->DestinationProtocolAddress[j]);
if(j != 3){ printf("."); }
}
printf("\t\t=\t");
//printf("\n\t\t");
printf("MAC: ");
// print source hardware address
for(j = 0; j < 6; j++)
{
//printf("(%u, %02X)", ARPHeader->SourceHardwareAddress[j], ARPHeader->SourceHardwareAddress[j]);
printf("%02X", ARPHeader->SourceHardwareAddress[j]);
if(j != 5){ printf(":"); }
}
printf(" > ");
// print target hardware address
for(j = 0; j < 6; j++)
{
printf("%02X", ARPHeader->DestinationHardwareAddress[j]);
if(j != 5){ printf(":"); }
}
printf("\n\t\t");
//print hardware type - start
printf("Hardware type: ");
if(HardwareType_Host == 0)
{ printf("Reserved"); }
else if(HardwareType_Host == 1)
{ printf("Ethernet"); }
else if(HardwareType_Host == 2)
{ printf("Experimental Ethernet"); }
else if(HardwareType_Host == 3)
{ printf("Amateur Radio AX25"); }
else if(HardwareType_Host == 4)
{ printf("Proteon ProNET Token Ring"); }
else if(HardwareType_Host == 5)
{ printf("Chaos"); }
else if(HardwareType_Host == 6)
{ printf("IEEE 802"); }
else if(HardwareType_Host == 7)
{ printf("ARCNET"); }
else if(HardwareType_Host == 8)
{ printf("Hyperchannel"); }
else if(HardwareType_Host == 9)
{ printf("Lanstar"); }
else if(HardwareType_Host == 10)
{ printf("Atuonet Short Address"); }
else if(HardwareType_Host == 11)
{ printf("LocalTalk"); }
else if(HardwareType_Host == 12)
{ printf("LocalNet (IBM PCNet or SYTEK LocalNET)"); }
else if(HardwareType_Host == 13)
{ printf("Ultra link"); }
else if(HardwareType_Host == 14)
{ printf("SMDS"); }
else if(HardwareType_Host == 15)
{ printf("Frame Relay"); }
else if(HardwareType_Host == 16)
{ printf("ATM, Asynchronous Transmission Mode"); }
else if(HardwareType_Host == 17)
{ printf("HDLC"); }
else if(HardwareType_Host == 18)
{ printf("Fibre Channel"); }
else if(HardwareType_Host == 19)
{ printf("ATM, Asynchronous Transmission Mode"); }
else if(HardwareType_Host == 20)
{ printf("Serial Line"); }
else if(HardwareType_Host == 21)
{ printf("ATM, Asynchronous Transmission Mode"); }
else if(HardwareType_Host == 22)
{ printf("MIL-STD-188-220"); }
else if(HardwareType_Host == 23)
{ printf("Metricom"); }
else if(HardwareType_Host == 24)
{ printf("IEEE 1394.1995"); }
else if(HardwareType_Host == 25)
{ printf("MAPOS"); }
else if(HardwareType_Host == 26)
{ printf("Twinazial"); }
else if(HardwareType_Host == 27)
{ printf("EUI-64"); }
else if(HardwareType_Host == 28)
{ printf("HIPARP"); }
else if(HardwareType_Host == 29)
{ printf("IP and ARP over ISO 7816-3"); }
else if(HardwareType_Host == 30)
{ printf("ARPSec"); }
else if(HardwareType_Host == 31)
{ printf("IPsec tunnel"); }
else if(HardwareType_Host == 32)
{ printf("Infiniband"); }
else if(HardwareType_Host == 33)
{ printf("CAI, TIA-102 Project 25 Common Air Interface"); }
else if(HardwareType_Host == 34)
{ printf("Wiegand Interface"); }
else if(HardwareType_Host == 35)
{ printf("Pure IP"); }
else if(HardwareType_Host == 36)
{ printf("HW_EXP1"); }
else if(HardwareType_Host > 36 && HardwareType_Host <256)
{ printf("Unknown"); }
else if(HardwareType_Host == 256)
{ printf("HW_EXP2"); }
else if(HardwareType_Host > 256 && HardwareType_Host <65535)
{ printf("Unknown"); }
else if(HardwareType_Host == 65535)
{ printf("Reserved"); }
printf(" (0x%X)", HardwareType_Host);
// print hardware type - end
// print protocol type - start
printf(", ");
printf("Protocol: ");
if(ProtocolType_Host == 0x0800) // 0x0800 - IP
{ printf("IP "); }
printf(" (0x%X)", ProtocolType_Host);
// print protocol type - end
// print opcode type - start
printf(", ");
printf("Opcode: ");
if(Opcode_Host == 0)
{ printf("Reserved"); }
else if(Opcode_Host == 1)
{ printf("Request"); }
else if(Opcode_Host == 2)
{ printf("Reply"); }
else if(Opcode_Host == 3)
{ printf("Request Reverse"); }
else if(Opcode_Host == 4)
{ printf("Reply Reverse"); }
else if(Opcode_Host == 5)
{ printf("DRARP Request"); }
else if(Opcode_Host == 6)
{ printf("DRARP Reply"); }
else if(Opcode_Host == 7)
{ printf("DRARP Error"); }
else if(Opcode_Host == 8)
{ printf("InARP Request"); }
else if(Opcode_Host == 9)
{ printf("InARP Reply"); }
else if(Opcode_Host == 10)
{ printf("ARP NAK"); }
else if(Opcode_Host == 11)
{ printf("MARS Request"); }
else if(Opcode_Host == 12)
{ printf("MARS Multi"); }
else if(Opcode_Host == 13)
{ printf("MARS MServ"); }
else if(Opcode_Host == 14)
{ printf("MARS Join"); }
else if(Opcode_Host == 15)
{ printf("MARS Leave"); }
else if(Opcode_Host == 16)
{ printf("MARS NAK"); }
else if(Opcode_Host == 17)
{ printf("MARS Unserv"); }
else if(Opcode_Host == 18)
{ printf("MARS SJoin"); }
else if(Opcode_Host == 19)
{ printf("MARS SLeave"); }
else if(Opcode_Host == 20)
{ printf("MARS Grouplist Reply"); }
else if(Opcode_Host == 21)
{ printf("MARS Grouplist Reply"); }
else if(Opcode_Host == 22)
{ printf("MARS Redirect Map"); }
else if(Opcode_Host == 23)
{ printf("MAPOS UNARP"); }
else if(Opcode_Host == 24)
{ printf("OP_EXP1"); }
else if(Opcode_Host == 25)
{ printf("OP_EXP2"); }
else if(Opcode_Host > 25 && Opcode_Host < 65535)
{ printf("Unknown"); }
else if(Opcode_Host == 65535)
{ printf("Unknown"); }
printf(" (0x%X)", Opcode_Host);
// print opcode type - end
printf("\n\t\t");
// print hardware address length and protocol address length - start
printf("Hardware address length: %u, Protocol address length: %u", HardwareAddressLength_Host, ProtocolAddressLength_Host);
// print hardware address length and protocol address length - end
printf("\n\t\t");
// print hardware vendor name - start
// 000000, 000001, 000002, 000003, 000004, 000005, 000006, 000007, 000008, 000009 - XEROX CORPORATION.
// 00000C - CISCO SYSTEMS, INC.
// 00001A - ADVANCED MICRO DEVICES
// 0002B3 - Intel Corporation.
// 0001E6 - Hewlett-Packard Company.
// 000255 - IBM Corporation
// 00065B - Dell Computer Corp.
// 000102 - 3COM CORPORATION
// 00178D - Checkpoint Systems, Inc.
// 000585 - Juniper Networks, Inc.
//000569, 000C29, 001C14, 005056 - VMWare Inc.
char *MAC_IDs[23] = {"000000", "000001", "000002", "000003", "000004", "000005", "000006", "000007", "000008", "000009", "00000C", "00001A", "0002B3", "0001E6", "000255", "00065B", "000102", "00178D", "000585", "000569", "000C29", "001C14", "005056"};
char *MAC_Vendors[23] = {"XEROX CORPORATION", "XEROX CORPORATION", "XEROX CORPORATION", "XEROX CORPORATION", "XEROX CORPORATION", "XEROX CORPORATION", "XEROX CORPORATION", "XEROX CORPORATION", "XEROX CORPORATION", "XEROX CORPORATION", "CISCO SYSTEMS, INC.", "ADVANCED MICRO DEVICES", "Intel Corporation.", "Hewlett-Packard Company.", "IBM Corporation", "Dell Computer Corp.", "3COM CORPORATION", "Checkpoint Systems, Inc.", "Juniper Networks, Inc.", "VMWare Inc.", "VMWare Inc.", "VMWare Inc.", "VMWare Inc."};
char *MACID;
MACID = (char *)malloc(6);
sprintf(MACID, "%02X%02X%02X", ARPHeader->SourceHardwareAddress[0], ARPHeader->SourceHardwareAddress[1], ARPHeader->SourceHardwareAddress[2]);
printf("Source Ethernet Vendor: ");
ts = 0;
for(j = 0; j < 23; j++)
{
if(strncmp(MAC_IDs[j], MACID, 6) == 0)
{
printf("%s\n", MAC_Vendors[j]);
ts = 1;
break;
}
}
if(ts == 0)
{
printf("Unknown. oui id: %s. Refer http://standards.ieee.org/regauth/oui/oui.txt\n", MACID);
}
// print hardware vendor name - end
// print ARP header - 28 bytes - end
printf("\n______________________________________________________\n\n");
}
|
推荐
评论(0条)
