I've never understood the hatred that usually follows resurrecting old threads. Can someone enlighten me why this is?
One of the top Google responses to the search phrase "c++ windows packet sniffer" happens to be a post from Oliver_FF from years ago. See:
http://www.techpowerup.com/forums/showthread.php?t=56901
My post shows what is necessary to run Oliver_FF's proposed suggestions in Windows 7 / VBS 2012, a conversion process that took my poor coding skills approximately four hours to overcome. I think it would be really handy if my post occurred in the same thread.
Anyways, on with the solution:
You will need to:
1. Run Visual Studio Debug / Release versions as administrator
2. Link to ws2_32.lib, from the Windows developer platform SDK. Mine was located at C:\Program Files (x86)\Windows Kits\8.0\Lib\win8\um\x86
ConsolePacketCapture.cpp
stdafx.cpp
stdafx.h
ippacket.cpp
ippacket.h
tcppacket.cpp
tcppacket.h
udppacket.cpp
udppacket.h
targetver.h
One of the top Google responses to the search phrase "c++ windows packet sniffer" happens to be a post from Oliver_FF from years ago. See:
http://www.techpowerup.com/forums/showthread.php?t=56901
My post shows what is necessary to run Oliver_FF's proposed suggestions in Windows 7 / VBS 2012, a conversion process that took my poor coding skills approximately four hours to overcome. I think it would be really handy if my post occurred in the same thread.
Anyways, on with the solution:
You will need to:
1. Run Visual Studio Debug / Release versions as administrator
2. Link to ws2_32.lib, from the Windows developer platform SDK. Mine was located at C:\Program Files (x86)\Windows Kits\8.0\Lib\win8\um\x86
ConsolePacketCapture.cpp
Code:
// ConsolePacketCapture.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <winsock.h>
int main(int argc, char *argv[])
{
int thisSocket, optVal=1, newData, result, packetCount;
int inn=1, outt, more=0;
long rett;
time_t nowTime;
struct sockaddr_in destination;
char packetBuffer[BUFFERSIZE];
#ifdef __WINDOWS
WSADATA wsaData;
#endif
printf("Welcome to Eyeball!");
//**************************************
if (argc<=2)
{
printf("\nUseage...");
printf("\ndood [IP-address] [packet-count] (ml) (o)");
printf("\n--> eyeball ");
return EXIT_SUCCESS;
}
#ifdef __WINDOWS
WSAStartup(0x0202, &wsaData);
#endif
//**********************************
thisSocket = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
if (thisSocket < 0)
{
printf("Socket creation FAILED!");
if (thisSocket) closesocket(thisSocket);
return 0;
}
printf("Socket created!");
//**********************************
#ifdef __WINDOWS
if(setsockopt(thisSocket, IPPROTO_IP, 2, (char *)&optVal, sizeof(optVal))<0)
{
printf("\nUnable to set socket options!");
if (thisSocket) closesocket(thisSocket);
return 0;
}
printf("\nOptions set!");
#endif
//**********************************
//destination.sin_family = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
destination.sin_family = AF_INET;
destination.sin_port = 0;
destination.sin_addr.s_addr = inet_addr(argv[1]);
if (bind(thisSocket, (struct sockaddr *)&destination, sizeof(destination))<0){
printf("\nBinding Socket FAILED!\n");
if (thisSocket) close(thisSocket);
return 0;
}
printf("\nSocket bound to %s!", argv[1]);
//**********************************
#ifdef __WINDOWS
if (WSAIoctl(thisSocket, 0x98000001, &inn, sizeof(inn), &outt, sizeof(outt),(LPDWORD)&rett,0,0)!=0)
{
printf("\nCouldn't set IO control!\n");
if (thisSocket) closesocket(thisSocket);
return 0;
}
printf("\nIO controls set!");
#endif
//**********************************
if ((argc>=4) && (strcmp(argv[3], "m")==0))
more=1;
//**********************************
result = atoi(argv[2]);
packetCount=0;
printf("\nWaiting for %i packets...\n", result);
while (packetCount<result || result==0)
{
newData = recv(thisSocket, packetBuffer, BUFFERSIZE, 0);
time(&nowTime);
printf("\n\nPacket %i: at %u\n", packetCount, (unsigned int)nowTime);
printIpPacket(packetBuffer, newData, more);
packetCount++;
}
//**********************************
closesocket(thisSocket);
#ifdef __WINDOWS
system("PAUSE");
#endif
return 0;
}stdafx.cpp
Code:
// stdafx.cpp : source file that includes just the standard includes
// ConsolePacketCapture.pch will be the pre-compiled header
// stdafx.obj will contain the pre-compiled type information
#include "stdafx.h"
// TODO: reference any additional headers you need in STDAFX.H
// and not in this filestdafx.h
Code:
// stdafx.h : include file for standard system include files,
// or project specific include files that are used frequently, but
// are changed infrequently
//
#pragma once
#include "targetver.h"
#include <stdio.h>
#include <tchar.h>
#define __WINDOWS // /lib/libws2_32.a
//#define __LINUX // -lsocket -lnsl ??|ifconfig eth0 (-)promisc|??
#include <stdlib.h>
#include <stdio.h>
#ifdef __WINDOWS
#include <winsock2.h>
#pragma comment(lib, "Ws2_32.lib")
#endif
#ifdef __LINUX
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#endif
//#include <unistd.h> // replaced mostly by io.h
#include <io.h>
#include <string.h>
#include <time.h>
#include "ippacket.h"
#define BUFFERSIZE 4098
#ifdef __LINUX
void closesocket(int socket) { close(socket); }
#endif
// TODO: reference additional headers your program requires hereippacket.cpp
Code:
#include "stdafx.h"
void printRawData(char *data, int length, int more)
{
int i, c=0;
printf(" -------------Data Begins-------------\n");
for (i=0; i<length; i++)
{
if ((data[i]>30 && data[i]<122) ||
(((data[i]==10) || (data[i]==13) || (data[i]==123) || (data[i]==125))
&& (more>0)))
{
printf("%c", data[i]);
c+=1;
}
else
{
printf("[%i]", data[i]);
c+=3;
if (data[i]>9) c++;
if (data[i]>99) c++;
}
if (c>=47)
{
printf("\n");
c=0;
}
}
}
void writeRawData(char *data, int length, int type, FILE *file1)
{
int i, c=0;
fprintf(file1, " -------------Data Begins-------------\n");
for (i=0; i<length; i++)
{
if ((data[i]>30 && data[i]<122) ||
(((data[i]==10) || (data[i]==13) || (data[i]==123) || (data[i]==125))
&& (type>0)))
{
fprintf(file1, "%c", data[i]);
c+=1;
}
else
{
fprintf(file1, "[%i]", data[i]);
c+=3;
if (data[i]>9) c++;
if (data[i]>99) c++;
}
if (c>=47)
{
fprintf(file1, "\n");
c=0;
}
}
}
void printIpPacket(char *data, int length, int more)
{
printf("-----------------Packet Begins-----------------\n");
printf("IP Version: %i, Packet Size: %ibytes, Id: %i\n",
(data[0]>>4), (data[2]*256)+data[3], (data[4]*256)+data[5]);
printf("Fragment: %i, TTL: %i, HL: %iwds, Protocol: %i\n",
((int)(data[6]>>4)*256)+data[7], data[8], ((char)(data[0]<<4))>>4, data[9]);
printf("Source: %i.%i.%i.%i, Destination: %i.%i.%i.%i\n",
data[12], data[13], data[14], data[15],
data[16], data[17], data[18], data[19]);
if (data[9]==6)
printTcpPacket(data+(((char)(data[0]<<4))>>2), length-(((char)(data[0]<<4))>>2), more);
else if (data[9]==17)
printUdpPacket(data+(((char)(data[0]<<4))>>2), length-(((char)(data[0]<<4))>>2), more);
else
printRawData(data+(((char)(data[0]<<4))>>2), length-(((char)(data[0]<<4))>>2), more);
printf("\n------------------Packet Ends------------------\n");
}
/*
void writeIpPacket(unsigned char *data, int length, int type)
{
FILE *file1;
char buffer[3];
char fileName[30];
int a=0;
for (a=0; a<30; a++)
fileName[a] = 0;
strcat(fileName, "data\\");
strcat(fileName, itoa(data[12], buffer, 10));
strcat(fileName, ".");
strcat(fileName, itoa(data[13], buffer, 10));
strcat(fileName, ".");
strcat(fileName, itoa(data[14], buffer, 10));
strcat(fileName, ".");
strcat(fileName, itoa(data[15], buffer, 10));
strcat(fileName, ".txt");
if((file1 = fopen(fileName, "ab")) == NULL){
printf("\nError opening output file %s", fileName);
return;
}
fprintf(file1, "-----------------Packet Begins-----------------\n");
fprintf(file1, "IP Version: %i, Packet Size: %ibytes, Id: %i\n",
(data[0]>>4), (data[2]*256)+data[3], (data[4]*256)+data[5]);
fprintf(file1, "Fragment: %i, TTL: %i, HL: %iwds, Protocol: %i\n",
((int)(data[6]>>4)*256)+data[7], data[8], ((char)(data[0]<<4))>>4, data[9]);
fprintf(file1, "Source: %i.%i.%i.%i, Destination: %i.%i.%i.%i\n",
data[12], data[13], data[14], data[15],
data[16], data[17], data[18], data[19]);
if (data[9]==6)
writeTcpPacket(data+(((char)(data[0]<<4))>>2), length-(((char)(data[0]<<4))>>2), type, file1);
else if (data[9]==17)
writeUdpPacket(data+(((char)(data[0]<<4))>>2), length-(((char)(data[0]<<4))>>2), type, file1);
else
writeRawData(data+(((char)(data[0]<<4))>>2), length-(((char)(data[0]<<4))>>2), type, file1);
fprintf(file1, "\n------------------Packet Ends------------------\n\n");
fclose(file1);
}*/ippacket.h
Code:
#ifndef __IPPACKET
#define __IPPACKET
#include "tcppacket.h"
#include "udppacket.h"
void printRawData(char *data, int length, int more);
void writeRawData(char *data, int length, int type, FILE *file1);
void printIpPacket(char *data, int length, int more);
#endiftcppacket.cpp
Code:
#include "stdafx.h"
void printTcpPacket(char *data, int length, int more)
{
printf("Source Port: %i, Destination Port: %i\n",
(data[0]*256)+data[1], (data[2]*256)+data[3]);
printf("Sequence: %i, Acknowledgment: %u\n",
(data[4]*16777216)+(data[5]*65536)+(data[6]*256)+data[7],
(data[9]*16777216)+(data[9]*65536)+(data[10]*256)+data[11]);
printf("TCPHdr Size: %i, Flags: ", (data[12] >> 4));
if ((char)(data[13]<<7)>>7) printf("FIN ");
if ((char)(data[13]<<6)>>7) printf("SYN ");
if ((char)(data[13]<<5)>>7) printf("RST ");
if ((char)(data[13]<<4)>>7) printf("PSH ");
if ((char)(data[13]<<3)>>7) printf("ACK ");
if ((char)(data[13]<<2)>>7) printf("URG ");
if ((char)(data[13]<<1)>>7) printf("ECE ");
if ((char)(data[13]<<0)>>7) printf("CWR ");
printf("\n");
printRawData(data+(data[12]>>2), length-(data[12]>>2), more);
}
void writeTcpPacket(char *data, int length, int type, FILE *file1)
{
fprintf(file1, "Source Port: %i, Destination Port: %i\n",
(data[0]*256)+data[1], (data[2]*256)+data[3]);
fprintf(file1, "Sequence: %i, Acknowledgment: %u\n",
(data[4]*16777216)+(data[5]*65536)+(data[6]*256)+data[7],
(data[9]*16777216)+(data[9]*65536)+(data[10]*256)+data[11]);
fprintf(file1, "TCPHdr Size: %i, Flags: ", (data[12] >> 4));
if ((char)(data[13]<<7)>>7) fprintf(file1, "FIN ");
if ((char)(data[13]<<6)>>7) fprintf(file1, "SYN ");
if ((char)(data[13]<<5)>>7) fprintf(file1, "RST ");
if ((char)(data[13]<<4)>>7) fprintf(file1, "PSH ");
if ((char)(data[13]<<3)>>7) fprintf(file1, "ACK ");
if ((char)(data[13]<<2)>>7) fprintf(file1, "URG ");
if ((char)(data[13]<<1)>>7) fprintf(file1, "ECE ");
if ((char)(data[13]<<0)>>7) fprintf(file1, "CWR ");
fprintf(file1, "\n");
writeRawData(data+(data[12]>>2), length-(data[12]>>2), type, file1);
}tcppacket.h
Code:
#ifndef __TCPPACKET
#define __TCPPACKET
void printTcpPacket(char *data, int length, int more);
void writeTcpPacket(char *data, int length, int type, FILE *file1);
#endifudppacket.cpp
Code:
#include "stdafx.h"
void printUdpPacket(char *data, int length, int more)
{
printf("Source Port: %i, Destination Port: %i\n",
(data[0]*256)+data[1], (data[2]*256)+data[3]);
printf("Length: %i, Checksum: %i\n",
(data[4]*256)+data[5], (data[6]*256)+data[7]);
printRawData(data+8, length-8, more);
}
void writeUdpPacket(char *data, int length, int type, FILE *file1)
{
fprintf(file1, "Source Port: %i, Destination Port: %i\n",
(data[0]*256)+data[1], (data[2]*256)+data[3]);
fprintf(file1, "Length: %i, Checksum: %i\n",
(data[4]*256)+data[5], (data[6]*256)+data[7]);
writeRawData(data+8, length-8, type, file1);
}udppacket.h
Code:
#ifndef __UDPPACKET
#define __UDPPACKET
void printUdpPacket(char *data, int length, int more);
void writeUdpPacket(char *data, int length, int type, FILE *file1);
#endiftargetver.h
Code:
#pragma once
// Including SDKDDKVer.h defines the highest available Windows platform.
// If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
// set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
#include <SDKDDKVer.h>