-
Notifications
You must be signed in to change notification settings - Fork 1
/
rawtraffic.c
103 lines (86 loc) · 2.49 KB
/
rawtraffic.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#include <libgen.h>
#include <stdio.h>
#include <string.h>
#include <pcap.h>
#define SAVEFILE "capture" // Save filename
#define PCOUNT 15 // Number of packets to capture
void usage(char *progname)
{
printf("Usage: %s <interface> <port> [<savefile name>]\n", basename(progname));
}
int main(int argc, char *argv[])
{
pcap_t *handle; // Session handle
char *dev = argv[1]; // Device to capture on
char errbuf[PCAP_ERRBUF_SIZE]; // Error string
char *port = argv[2]; // Port to monitor
char filter_exp[] = "port "; // Filter expression
struct bpf_program fp; // Compiled filter expression
bpf_u_int32 mask; // Netmask of capturing device
bpf_u_int32 net; // IP of capturing device
pcap_dumper_t *file_pointer; // Pointer to the dump file
char filename[80]; // Name of file to save to
int packet = 0; // Number of packets captured
// Device and port number arguments are required
if (argc < 2)
{
usage(argv[0]);
return 1;
}
/**
* Open device for capture and set capture filter
*/
// Open the device for capturing
handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf);
if (handle == NULL)
{
fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
return 1;
}
// Find the IPv4 network number and netmask associated with device
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1)
{
fprintf(stderr, "Can't get netmask for device %s\n", dev);
return 1;
}
// Compile the filter expression string
strncat(filter_exp, port, 5);
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1)
{
fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
return 1;
}
// Set the filter
if (pcap_setfilter(handle, &fp) == -1)
{
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
return 1;
}
/**
* Capture and save packets
*/
// Set filename
if (argc >= 4)
strncpy(filename, argv[3], sizeof(filename));
else
strcpy(filename, SAVEFILE);
// Open dump device for writing captured packets
file_pointer = pcap_dump_open(handle, filename);
if (file_pointer == NULL)
{
fprintf(stderr, "Error opening file \"%s\" for writing: %s\n", filename, pcap_geterr(handle));
return 1;
}
// Capture packets and save to file
packet = pcap_loop(handle, PCOUNT, &pcap_dump, (char *)file_pointer);
if (packet < 0)
{
fprintf(stderr, "Error reading packets from interface %s", dev);
return 1;
}
// Close file
pcap_dump_close(file_pointer);
// Close packet capture device
pcap_close(handle);
return 0;
}