*nix
#include <linux/socket.h>
#include <linux/ioctl.h>
#include <linux/if.h>
#include <linux/in.h>
#include <linux/types.h>
#include <linux/if_ether.h>
#include <linux/if_packet.h>
#include <stdio.h>
#include <signal.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#define PROMISC_MODE_ON 1
#define PROMISC_MODE_OFF 0
struct ifparam {
__u32 ip;
__u32 mask;
int mtu;
int index;
} ifp;
int getifconf(__u8 *intf, struct ifparam *ifp, int mode)
{
int fd;
struct sockaddr_in s;
struct ifreq ifr;
memset((void *)&ifr, 0, sizeof(struct ifreq));
if((fd = socket(AF_INET,SOCK_DGRAM,0)) < 0) return (-1);
sprintf(ifr.ifr_name,"%s",intf);
if(!mode) goto setmode;
if(ioctl(fd, SIOCGIFADDR, &ifr) < 0) {
perror("ioctl SIOCGIFADDR");
return -1;
}
memset((void *)&s, 0, sizeof(struct sockaddr_in));
memcpy((void *)&s, (void *)&ifr.ifr_addr, sizeof(struct sockaddr));
memcpy((void *)&ifp->ip, (void *)&s.sin_addr.s_addr, sizeof(__u32));
if(ioctl(fd, SIOCGIFNETMASK, &ifr) < 0) {
perror("ioctl SIOCGIFNETMASK");
return -1;
}
memset((void *)&s, 0, sizeof(struct sockaddr_in));
memcpy((void *)&s, (void *)&ifr.ifr_netmask, sizeof(struct sockaddr));
memcpy((void *)&ifp->mask, (void *)&s.sin_addr.s_addr, sizeof(u_long));
if(ioctl(fd, SIOCGIFMTU, &ifr) < 0) {
perror("ioctl SIOCGIFMTU");
return -1;
}
ifp->mtu = ifr.ifr_mtu;
if(ioctl(fd, SIOCGIFINDEX, &ifr) < 0) {
perror("ioctl SIOCGIFINDEX");
return -1;
}
ifp->index = ifr.ifr_ifindex;
setmode:
if(ioctl(fd, SIOCGIFFLAGS, &ifr) < 0) {
perror("ioctl SIOCGIFFLAGS");
close(fd);
return -1;
}
if(mode) ifr.ifr_flags |= IFF_PROMISC;
else ifr.ifr_flags &= ~(IFF_PROMISC);
if(ioctl(fd, SIOCSIFFLAGS, &ifr) < 0) {
perror("ioctl SIOCSIFFLAGS");
close(fd);
return (-1);
}
return 0;
}
int getsock_recv(int index)
{
int sd;
struct sockaddr_ll s_ll;
sd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
if(sd < 0) return -1;
memset((void *)&s_ll, 0, sizeof(struct sockaddr_ll));
s_ll.sll_family = PF_PACKET;
s_ll.sll_protocol = htons(ETH_P_ALL);
s_ll.sll_ifindex = index;
if(bind(sd, (struct sockaddr *)&s_ll, sizeof(struct sockaddr_ll)) < 0) {
close(sd);
return -1;
}
return sd;
}
__u8 buff[ETH_FRAME_LEN];
void mode_off()
{
if(getifconf("eth0", &ifp, PROMISC_MODE_OFF) < 0) {
perror("getifconf");
exit(-1);
}
return;
}
int main(int argc,char**argv)
{
__u32 num = 0;
int eth0_if, rec = 0, ihl = 0,i;
struct iphdr ip;
struct tcphdr tcp;
struct ethhdr eth;
static struct sigaction act;
if(getifconf("eth0", &ifp, PROMISC_MODE_ON) < 0) {
perror("getifconf");
return -1;
}
printf("IP address - %s\n",inet_ntoa(ifp.ip));
printf("Netmask - %s\n",inet_ntoa(ifp.mask));
printf("MTU - %d\n", ifp.mtu);
printf("interface - %d\n", ifp.index);
if((eth0_if = getsock_recv(ifp.index)) < 0) {
perror("getsock_recv");
return -1;
}
act.sa_handler = mode_off;
sigfillset(&(act.sa_mask));
sigaction(SIGINT, &act, NULL);
for(;;) {
memset(buff, 0, ETH_FRAME_LEN);
rec = recvfrom(eth0_if, (char *)buff, ifp.mtu + 18, 0, NULL, NULL);
if(rec < 0 || rec > ETH_FRAME_LEN) {
perror("recvfrom");
return -1;
}
memcpy((void *)ð, buff, ETH_HLEN);
memcpy((void *)&ip, buff + ETH_HLEN, sizeof(struct iphdr));
if((ip.version) != 4) continue;
memcpy((void *)&tcp, buff + ETH_HLEN + ip.ihl * 4, sizeof(struct tcphdr));
if(ip.protocol == IPPROTO_TCP)
{
printf("Number packet %u\n", num++);
printf("Len header - %d, ", (ip.ihl * 4));
printf("Len packet - %d\n", ntohs(ip.tot_len));
if(ntohs(tcp.source)==atoi(argv[1])||ntohs(tcp.dest)==atoi(argv[1]))
{
printf("%s (%d)\t->\t",inet_ntoa(ip.saddr), ntohs(tcp.source));
printf("%s (%d)\n\n",inet_ntoa(ip.daddr), ntohs(tcp.dest));
//printf("TCP Packet\n");
for(i=(sizeof(eth)+sizeof(ip)+sizeof(tcp));i<rec;i++)printf("%c",buff[i]);
}
printf("\r\n---------------------------------------------------------------\r\n");
}
}
return 0;
}
компилишь, потом запускаеш
sniffer <port>
и смотришь не пакетики)
win
#include <conio.h>
#include <stdio.h>
#include <winsock2.h>
#include <string.h>
#define MAX_PACKET_SIZE 0x10000
#define SIO_RCVALL 0x98000001
/* u_char Buffer[MAX_PACKET_SIZE]; SOCKET s; WSADATA wsadata; HOSTENT * phe; SOCKADDR_IN sa; u_char name[64]; */
u_char name[64];
class sniffing
{
private:
u_char Buffer[MAX_PACKET_SIZE];
SOCKET s;
WSADATA wsadata;
HOSTENT * phe;
SOCKADDR_IN sa;
int k, count;
FILE * log;
u_long flag;
u_char src[16];
u_char dst[16];
u_char lbyte;
u_char hbyte;
public:
void createsocket( int i );
void sniff( int proto, int cout );
~sniffing()
{
fclose( log );
closesocket( s );
WSACleanup();
}
};
typedef struct IPHeader
{
u_char iph_verlen;
u_char iph_tos;
u_short iph_length;
u_short iph_id;
u_short iph_offset;
u_char iph_ttl;
u_char iph_protocol;
u_short iph_xsum;
u_int iph_src;
u_int iph_dest;
}
IPHeader;
typedef struct TCP_HEADER
{
u_short source;
u_short dest;
u_int seq;
u_int ack_seq;
u_short res : 4, headlen : 4, cwr : 1, ece : 1, urg : 1, ack : 1, psh : 1, rst : 1, syn : 1, fin : 1;
u_short window;
u_short check;
u_short urg_ptr;
}
TCP_HEADER;
void main( void )
{
int i, k;
sniffing sg;
printf( "set interface\n" );
scanf( "%d", & i );
sg.createsocket( i );
printf( "set amout packet and sniffing port (0 all port sniffing)\n" );
scanf( "%d", & i );
scanf( "%d", & k );
sg.sniff( k, i );
}
void sniffing::sniff( int proto, int pack )
{
int i;
k = 0;
log = fopen( "log.txt", "wb" );
while ( k < pack )
{
count = recv( s, Buffer, sizeof( Buffer ), 0 );
if ( count >= sizeof( IPHeader ) )
{
IPHeader * ipHdr = ( IPHeader * ) ( Buffer );
TCP_HEADER * tcpHdr = ( TCP_HEADER * ) ( Buffer + sizeof( IPHeader ) );
if ( ntohs( tcpHdr->source ) == proto || ntohs( tcpHdr->dest ) == proto || proto == 0 )
{
k++;
lbyte = ipHdr->iph_length >> 8;
hbyte = ipHdr->iph_length;
hbyte = hbyte + lbyte;
sa.sin_addr.s_addr = ipHdr->iph_src;
strcpy( src, inet_ntoa( sa.sin_addr ) );
sa.sin_addr.s_addr = ipHdr->iph_dest;
strcpy( dst, inet_ntoa( sa.sin_addr ) );
fprintf( log, "IP Source: %s Destantion: %s TTL: %d Size: %d\r\n\r\nTCP Source port: %d Destantion port:% d\r\nHeaderLenght : % d | CWR % d | ECE % d | URG % d | ACK % d | PSH % d | RST % d | SYN % d | FIN % d |\r\nSEQ :% u ACK SEQ : % u\r\nWindow : % d CheckSum : % x URG ptr :% d ",
src, dst, ipHdr->iph_ttl, hbyte, ntohs( tcpHdr->source ), ntohs( tcpHdr->dest ),
tcpHdr->headlen * 4, tcpHdr->cwr, tcpHdr->ece, tcpHdr->urg, tcpHdr->ack, tcpHdr->psh, tcpHdr->rst, tcpHdr->syn,
tcpHdr->fin, tcpHdr->seq, tcpHdr->ack_seq, tcpHdr->window, tcpHdr->check, tcpHdr->urg_ptr );
fprintf( log, "\r\n------------------DATA------------------------\r\n" );
for ( i = sizeof( TCP_HEADER ) + sizeof( IPHeader ); i < count; i++ )
fprintf( log, "%c", Buffer[i] );
fprintf( log, "\r\n\r\n------------------------------------------------------------------------------------------------------------\r\n\r\n" );
printf( "%d\r", k );
}
}
}
printf( "\nSniffing end press any key" );
}
void sniffing::createsocket( int i )
{
//----------Startup--------
if ( WSAStartup( MAKEWORD( 2, 2 ), & wsadata ) )
{
printf( "Initialized error" );
WSACleanup();
exit( 1 );
}
else
printf( wsadata.szSystemStatus );
//-------------------------
//---------Socket----------
s = socket( AF_INET, SOCK_RAW, IPPROTO_IP );
if ( s == INVALID_SOCKET )
{
printf( "Can`t create sock\n" );
WSACleanup();
exit( 2 );
}
printf( "\nCreate sock\n" );
//-------------------------
//---------Sockadd--------
phe = gethostbyname( name );
ZeroMemory( & sa, sizeof( sa ) );
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = ( ( struct in_addr * ) phe->h_addr_list[i] )->s_addr;
//------------------------
//--------bind------------
if ( bind( s, ( SOCKADDR * ) & sa, sizeof( SOCKADDR ) ) )
{
printf( "Can`t bind socket" );
WSACleanup();
closesocket( s );
exit( 3 );
}
printf( "Socket bind\n" );
//-------------------------
flag = 1;
if ( !ioctlsocket( s, SIO_RCVALL, & flag ) ) printf( "sniffing mode\n" );
else
{
printf( "Error sniffing mode" ); exit( 4 );
}
}
тож компилишь)
тока тут выбираешь интерфейс который снифать если у тебя не одна сетевая, дальше кол-во пакетом и тоже порт ( если тебе все порты снифать то ставь 0)
а вообще пользуйся вот этим http://www.ethereal.com/