Scribd
Upload
12 views10 pages

Satyam Kumar - Lab Activity2 (2021btech106)

The document describes a C program for a packet sniffer that uses raw sockets to capture packets from promiscuous mode and filters for TCP, UDP, and DNS packets. It prints the source/destination IPs, ports, and packet lengths.

Uploaded by

Satyam Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
12 views10 pages

Satyam Kumar - Lab Activity2 (2021btech106)

The document describes a C program for a packet sniffer that uses raw sockets to capture packets from promiscuous mode and filters for TCP, UDP, and DNS packets. It prints the source/destination IPs, ports, and packet lengths.

Uploaded by

Satyam Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 10

Lab Activity– 2

EE1225: Introduction to Cyber Security

SUBMITTED BY:

Satyam Singh (2021Btech106)

FACULTY GUIDE:
Dr. Devika Kataria

Institute of Engineering and


Technology (IET)
JK Lakshmipat University, Jaipur

January 2024
Write the C language code for packet sniffer made using raw socket which used the
packets from Promiscuous mode of os and stores in a buffer. Apply filter for packet types
"TCP", "UDP" and "DNS" and show the port of entry and lenght of packets as well.

1.TCP
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <netinet/if_ether.h>
#include <net/ethernet.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <sys/ioctl.h>
#include <net/if.h>

void process_packet(unsigned char *buffer, int size);

int main() {
int raw_socket, data_size;
char interface_name[IFNAMSIZ];
unsigned char *buffer = (unsigned char *)malloc(65536);

// Prompt for the network interface name


printf("Enter the network interface name: ");
scanf("%s", interface_name);

raw_socket = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));

if (raw_socket == -1) {
perror("Socket creation error");
exit(EXIT_FAILURE);
}

struct ifreq ifr;


strncpy(ifr.ifr_name, interface_name, IFNAMSIZ - 1);
if (ioctl(raw_socket, SIOCGIFFLAGS, &ifr) < 0) {
perror("Error while getting interface flags");
exit(EXIT_FAILURE);
}
ifr.ifr_flags |= IFF_PROMISC;
if (ioctl(raw_socket, SIOCSIFFLAGS, &ifr) < 0) {
perror("Error while setting interface to promiscuous mode");
exit(EXIT_FAILURE);
}

while (1) {
data_size = recvfrom(raw_socket, buffer, 65536, 0, NULL, NULL);
if (data_size < 0) {
perror("Packet receive error");
exit(EXIT_FAILURE);
}

process_packet(buffer, data_size);
}

close(raw_socket);
free(buffer);

return 0;
}

void process_packet(unsigned char *buffer, int size) {


struct ethhdr *eth = (struct ethhdr *)buffer;
struct iphdr *iph = (struct iphdr *)(buffer + sizeof(struct ethhdr));
struct tcphdr *tcph = (struct tcphdr *)(buffer + sizeof(struct ethhdr) + (iph->ihl * 4));

if (eth->h_proto == htons(ETH_P_IP) && iph->protocol == IPPROTO_TCP) {


printf("TCP Packet\n");
printf("Source IP: %s\n", inet_ntoa(*(struct in_addr *)&iph->saddr));
printf("Destination IP: %s\n", inet_ntoa(*(struct in_addr *)&iph->daddr));
printf("Source Port: %u\n", ntohs(tcph->source));
printf("Destination Port: %u\n", ntohs(tcph->dest));
printf("Packet Length: %d\n", ntohs(iph->tot_len));
printf("-----------------------------------\n");
}
}
2.DNS
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <netinet/if_ether.h>
#include <net/ethernet.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <sys/ioctl.h>
#include <net/if.h>

#define DNS_PORT 53

void process_packet(unsigned char *buffer, int size);

int main() {
int raw_socket, data_size;
char interface_name[IFNAMSIZ];
unsigned char *buffer = (unsigned char *)malloc(65536);

// Prompt for the network interface name


printf("Enter the network interface name: ");
scanf("%s", interface_name);

raw_socket = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));

if (raw_socket == -1) {
perror("Socket creation error");
exit(EXIT_FAILURE);
}

struct ifreq ifr;


strncpy(ifr.ifr_name, interface_name, IFNAMSIZ - 1);
if (ioctl(raw_socket, SIOCGIFFLAGS, &ifr) < 0) {
perror("Error while getting interface flags");
exit(EXIT_FAILURE);
}

ifr.ifr_flags |= IFF_PROMISC;
if (ioctl(raw_socket, SIOCSIFFLAGS, &ifr) < 0) {
perror("Error while setting interface to promiscuous mode");
exit(EXIT_FAILURE);
}

while (1) {
data_size = recvfrom(raw_socket, buffer, 65536, 0, NULL, NULL);
if (data_size < 0) {
perror("Packet receive error");
exit(EXIT_FAILURE);
}

process_packet(buffer, data_size);
}

close(raw_socket);
free(buffer);

return 0;
}

void process_packet(unsigned char *buffer, int size) {


struct ethhdr *eth = (struct ethhdr *)buffer;
struct iphdr *iph = (struct iphdr *)(buffer + sizeof(struct ethhdr));
struct udphdr *udph = (struct udphdr *)(buffer + sizeof(struct ethhdr) + (iph->ihl * 4));

if (eth->h_proto == htons(ETH_P_IP) && iph->protocol == IPPROTO_UDP) {


if (ntohs(udph->dest) == DNS_PORT || ntohs(udph->source) == DNS_PORT) {
// DNS packet
printf("DNS Packet\n");
printf("Source IP: %s\n", inet_ntoa(*(struct in_addr *)&iph->saddr));
printf("Destination IP: %s\n", inet_ntoa(*(struct in_addr *)&iph->daddr));
printf("Source Port: %u\n", ntohs(udph->source));
printf("Destination Port: %u\n", ntohs(udph->dest));
printf("Packet Length: %d\n", ntohs(iph->tot_len));
printf("-----------------------------------\n");

// Parse DNS header


unsigned char *dns_data = buffer + sizeof(struct ethhdr) + (iph->ihl * 4) + sizeof(struct
udphdr);
unsigned short dns_id = (dns_data[0] << 8) | dns_data[1];
unsigned short dns_flags = (dns_data[2] << 8) | dns_data[3];
unsigned short dns_qdcount = (dns_data[4] << 8) | dns_data[5];
unsigned short dns_ancount = (dns_data[6] << 8) | dns_data[7];
unsigned short dns_nscount = (dns_data[8] << 8) | dns_data[9];
unsigned short dns_arcount = (dns_data[10] << 8) | dns_data[11];

printf("DNS ID: %u\n", dns_id);


printf("DNS Flags: %u\n", dns_flags);
printf("DNS Questions Count: %u\n", dns_qdcount);
printf("DNS Answers Count: %u\n", dns_ancount);
printf("DNS Name Server Count: %u\n", dns_nscount);
printf("DNS Additional Records Count: %u\n", dns_arcount);
printf("-----------------------------------\n");
}
}
}

3.UDP
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <netinet/if_ether.h>
#include <net/ethernet.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <sys/ioctl.h>
#include <net/if.h>

void process_packet(unsigned char *buffer, int size);

int main() {
int raw_socket, data_size;
char interface_name[IFNAMSIZ];
unsigned char *buffer = (unsigned char *)malloc(65536);

// Prompt for the network interface name


printf("Enter the network interface name: ");
scanf("%s", interface_name);

raw_socket = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));

if (raw_socket == -1) {
perror("Socket creation error");
exit(EXIT_FAILURE);
}

struct ifreq ifr;


strncpy(ifr.ifr_name, interface_name, IFNAMSIZ - 1);
if (ioctl(raw_socket, SIOCGIFFLAGS, &ifr) < 0) {
perror("Error while getting interface flags");
exit(EXIT_FAILURE);
}

ifr.ifr_flags |= IFF_PROMISC;
if (ioctl(raw_socket, SIOCSIFFLAGS, &ifr) < 0) {
perror("Error while setting interface to promiscuous mode");
exit(EXIT_FAILURE);
}

while (1) {
data_size = recvfrom(raw_socket, buffer, 65536, 0, NULL, NULL);
if (data_size < 0) {
perror("Packet receive error");
exit(EXIT_FAILURE);
}

process_packet(buffer, data_size);
}

close(raw_socket);
free(buffer);

return 0;
}

void process_packet(unsigned char *buffer, int size) {


struct ethhdr *eth = (struct ethhdr *)buffer;
struct iphdr *iph = (struct iphdr *)(buffer + sizeof(struct ethhdr));
struct udphdr *udph = (struct udphdr *)(buffer + sizeof(struct ethhdr) + (iph->ihl * 4));

if (eth->h_proto == htons(ETH_P_IP) && iph->protocol == IPPROTO_UDP) {


printf("UDP Packet\n");
printf("Source IP: %s\n", inet_ntoa(*(struct in_addr *)&iph->saddr));
printf("Destination IP: %s\n", inet_ntoa(*(struct in_addr *)&iph->daddr));
printf("Source Port: %u\n", ntohs(udph->source));
printf("Destination Port: %u\n", ntohs(udph->dest));
printf("Packet Length: %d\n", ntohs(iph->tot_len));
printf("-----------------------------------\n");
}
}

You might also like