cramer/pcapmirror
1
0
Fork 1
mirror of https://git.freestone.net/cramer/pcapmirror.git synced 2025-12-31 03:50:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

new packet decoder with arp support. removed default filter

Browse Source
This commit is contained in:
Matthias Cramer
2025-03-28 20:26:05 +01:00
parent 1233bf5ede
commit 0897fa1755
2 changed files with 53 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
main.c
View File

@@ -11,6 +11,7 @@ Copyright (c) 2025, Matthias Cramer, cramer@freestone.net
#include <netinet/ip.h> #include <netinet/ip.h>
#include <netinet/ip6.h> #include <netinet/ip6.h>
#include <netinet/tcp.h> #include <netinet/tcp.h>
#include <netinet/if_ether.h> // For Ethernet and ARP headers
#include <arpa/inet.h> #include <arpa/inet.h>
#include <string.h> #include <string.h>
#include <sys/socket.h> #include <sys/socket.h>
@@ -18,7 +19,6 @@ Copyright (c) 2025, Matthias Cramer, cramer@freestone.net
#include <netdb.h> #include <netdb.h>
#include <netinet/in.h> #include <netinet/in.h>
#include <unistd.h> #include <unistd.h>
#include <netinet/ip6.h>
#define DEFAULT_DEST_PORT 37008 // Default TZSP port #define DEFAULT_DEST_PORT 37008 // Default TZSP port
#define TZSP_ENCAP_LEN 4 // Length of TZSP encapsulation header #define TZSP_ENCAP_LEN 4 // Length of TZSP encapsulation header
@@ -38,6 +38,19 @@ struct tzsp_tagged {
unsigned char type; // Tag type unsigned char type; // Tag type
}; };
// Add this structure for ARP header parsing
struct arp_header {
uint16_t htype; // Hardware type
uint16_t ptype; // Protocol type
uint8_t hlen; // Hardware address length
uint8_t plen; // Protocol address length
uint16_t oper; // Operation (1 = request, 2 = reply)
uint8_t sha[6]; // Sender hardware address
uint8_t spa[4]; // Sender protocol address
uint8_t tha[6]; // Target hardware address
uint8_t tpa[4]; // Target protocol address
};
// Function to check if the system is little-endian // Function to check if the system is little-endian
int is_little_endian() { int is_little_endian() {
volatile unsigned int i=0x01234567; volatile unsigned int i=0x01234567;
@@ -80,7 +93,7 @@ void print_usage(const char *program_name) {
int main(int argc, char *argv[]) { int main(int argc, char *argv[]) {
char errbuf[PCAP_ERRBUF_SIZE]; char errbuf[PCAP_ERRBUF_SIZE];
char *filter_exp = "tcp port 8088"; // Default filter char *filter_exp = ""; // Default filter
char *dev_name = NULL; // Device name char *dev_name = NULL; // Device name
char *mirror_host = NULL; // Destination IP, no default value char *mirror_host = NULL; // Destination IP, no default value
int dest_port = DEFAULT_DEST_PORT; // Destination port, default value int dest_port = DEFAULT_DEST_PORT; // Destination port, default value
@@ -171,6 +184,8 @@ int main(int argc, char *argv[]) {
return 1; return 1;
} }
memset(&dest_addr, 0, sizeof(dest_addr));
// Set the destination address // Set the destination address
if (res->ai_family == AF_INET) { if (res->ai_family == AF_INET) {
struct sockaddr_in *ipv4 = (struct sockaddr_in *)res->ai_addr; struct sockaddr_in *ipv4 = (struct sockaddr_in *)res->ai_addr;
@@ -242,8 +257,16 @@ int main(int argc, char *argv[]) {
continue; continue;
if (verbose) { if (verbose) {
// Check IP version
ip_header = (struct ip*)(packet + ETHERNET_HEADER_LENGTH); // Parse Ethernet header
struct ether_header *eth_header = (struct ether_header *)packet;
// Check EtherType
uint16_t ether_type = ntohs(eth_header->ether_type);
if (ether_type == ETHERTYPE_IP) {
// Handle IPv4 traffic
ip_header = (struct ip *)(packet + ETHERNET_HEADER_LENGTH);
ip_protocol = ip_header->ip_v & 0x0F; // Get IP version ip_protocol = ip_header->ip_v & 0x0F; // Get IP version
if (ip_protocol == 4) { if (ip_protocol == 4) {
@@ -252,17 +275,29 @@ int main(int argc, char *argv[]) {
printf("IPv4 Packet: %s -> %s, IP Protocol: %d\n", printf("IPv4 Packet: %s -> %s, IP Protocol: %d\n",
source_ip_str, dest_ip_str, ip_header->ip_p); source_ip_str, dest_ip_str, ip_header->ip_p);
}
} else if (ip_protocol == 6) { } else if (ether_type == ETHERTYPE_IPV6) {
// IPv6 // Handle IPv6 traffic
ip6_header = (struct ip6_hdr*)(packet + ETHERNET_HEADER_LENGTH); ip6_header = (struct ip6_hdr *)(packet + ETHERNET_HEADER_LENGTH);
inet_ntop(AF_INET6, &(ip6_header->ip6_src), source_ip_str, INET6_ADDRSTRLEN); inet_ntop(AF_INET6, &(ip6_header->ip6_src), source_ip_str, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &(ip6_header->ip6_dst), dest_ip_str, INET6_ADDRSTRLEN); inet_ntop(AF_INET6, &(ip6_header->ip6_dst), dest_ip_str, INET6_ADDRSTRLEN);
printf("IPv6 Packet: %s -> %s, Next Header: %d\n", printf("IPv6 Packet: %s -> %s, Next Header: %d\n",
source_ip_str, dest_ip_str, ip6_header->ip6_nxt); source_ip_str, dest_ip_str, ip6_header->ip6_nxt);
} else if (ether_type == ETHERTYPE_ARP) {
// Handle ARP traffic
struct arp_header *arp = (struct arp_header *)(packet + ETHERNET_HEADER_LENGTH);
printf("ARP Packet: Operation: %s\n",
(ntohs(arp->oper) == 1) ? "Request" : "Reply");
printf("Sender MAC: %02x:%02x:%02x:%02x:%02x:%02x, Sender IP: %d.%d.%d.%d\n",
arp->sha[0], arp->sha[1], arp->sha[2], arp->sha[3], arp->sha[4], arp->sha[5],
arp->spa[0], arp->spa[1], arp->spa[2], arp->spa[3]);
printf("Target MAC: %02x:%02x:%02x:%02x:%02x:%02x, Target IP: %d.%d.%d.%d\n",
arp->tha[0], arp->tha[1], arp->tha[2], arp->tha[3], arp->tha[4], arp->tha[5],
arp->tpa[0], arp->tpa[1], arp->tpa[2], arp->tpa[3]);
} else { } else {
printf("Non-IP Packet, Protocol: %i\n", ip_protocol); printf("Non-IP/ARP Packet, EtherType: 0x%04x\n", ether_type);
} }
} }

0
udpsend.h Normal file
View File