Packet Sniffer Code in C Using Linux Sockets

Pkt Sniffer Code (Read pkts only) using AF_PACKET Linux Sokets In the previous part we part we made a simple sniffer which created a raw socket and started receiving on it. But it had few drawbacks: 1. Could sniff only incoming data. 2. Could sniff only TC or !" or IC# or any one protocol packets at a time. $. rovided I frames% so &thernet headers were not available. In this article we are going to modify the same code to fi' the above $ dra wbacks. !o"e#er "e s$all not %e using li%pap. li%pap. T$is "ill %e done using pure Linux sokets& T$e differene is #ery s'all and is  lines  Instead of : sock_raw = socket(AF_INET , SOCK_RAW , IPPROTO_TCP); 1 (e do : 1 2 3

sock_raw = socket( AF_PACKET , SOCK_RAW , htons(ETH_P_ALL)) ; //Opto!a" //setsockopt(sock_raw , SO#_SOCKET , SO_$IN%TO%E&ICE , 'et' , str"e!('et')* + );

and we are done.

)ow it will: 1. *niff both incoming and outgoing traffic. 2. *niff +,, &T-&)&T &T-&)&T /+#&*% which includes all kinds of I packets and even more if there are any. $. rovides the &thernet headers too% which contain the mac addresses. The setsockopt line is optional. Its important to provide the correct interface name to setsockopt % eth0 in this case and in most cases. *o may be you would like to present the user with a list of interfaces available and allow him to choose the one to be sniffed.

A*A+ ,-TE Can "e use t$is 'et$od "it$ t$e adapter in pro'isuous 'ode and apture e#eryt$ing on t$e "ire. Li%pap "ill do t$is %ut an t$is 'et$od do it.

Here s the !"## so"rce co$e% co$e% !c"-.e!et!et/!01 !c"-.eerr!o01 !c"-.e!et.201 !c"-.est.o01 //For sta!.ar. t!3s !c"-.est."201 //4a""oc !c"-.estr!301 //str"e!

!c"-.e!et!et/p_c4p01 !c"-.e!et!et/-.p01 !c"-.e!et!et/tcp01 !c"-.e!et!et/p01 !c"-.e!et!et/6_eter01 !c"-.e!et/eter!et01 !c"-.es8s/socket01 !c"-.earpa/!et01 !c"-.es8s/oct"01 !c"-.es8s/t4e01 !c"-.es8s/t8pes01 !c"-.e-!st.01

//Pro5.es .ec"arato!s //Pro5.es .ec"arato!s //Pro5.es .ec"arato!s //Pro5.es .ec"arato!s //For ET7_P_A## //For eter_ea.er

5o. ProcessPacket (-!s3!e. car& , 5o. ProcessPacket 5o. pr!t_p_ea.er 5o.  pr!t_p_ea.er (-!s3!e. car& 5o. pr!t_tcp_packet 5o.  pr!t_tcp_packet (-!s3!e. car 5o. pr!t_-.p_packet 5o.  pr!t_-.p_packet (-!s3!e. car

!t); , !t); & , !t ); & , !t );

6or 6or 6or 6or

c4p ea.er -.p ea.er tcp ea.er p ea.er

5o. pr!t_c4p_packet (-!s3!e. car& , !t ); 5o. pr!t_c4p_packet 5o. Pr!t%ata 5o.  Pr!t%ata (-!s3!e. car& , !t); FI#E &"o36"e ; str-ct socka..r_! str-ct  socka..r_! so-rce ,.est; !t tcp !t  tcp=,-.p=,c4p=,oters =,34p=,tota"=,,9; !t 4a!() !t 4a! ' !t sa..r_s:e !t  sa..r_s:e , .ata_s:e ; str-ct socka..r str-ct  socka..r sa..r ; -!s3!e. car &2-66er = (-!s3!e. car &) 4a""oc(<<); //Its $3>

   

"o36"e =6ope!('"o30t?t' ,'w'); !( ! ("o36"e ==  LL)  LL) ' pr!t6 ('@!a2"e to create "o30t?t 6"e0' ); * pr!t6 ('Start!3000!' ); !t sock_raw = socket( AF_PACKET , SOCK_RAW , to!s(ET7_P_A## )) ; !t sock_raw //setsockopt(sock_raw , SO#_SOCKET , SO_$IN%TO%E&ICE , 'et' , str"e!('et')* + );

 

   

 

     

!( ! (sock_raw  + ) ' //Pr!t te error wt proper 4essa3e perror ('Socket Error' ); ret"rn +; *  wh#e(  wh#e (+) ' sa..r_s:e = seo! sa..r ; //Rece5e a packet .ata_s:e = rec56ro4 (sock_raw , 2-66er , << ,  , -sa..r , (sock"e!_t &) -sa..r_s:e ); !( ! (.ata_s:e  + ) ' pr!t6('Rec56ro4 error , 6a"e. to 3et packets!' ); ret"rn +; * //Now process te packet ProcessPacket (2-66er , .ata_s:e ); * c"ose(sock_raw ); pr!t6 ('F!se.' ); ret"rn ;

*

5o. ProcessPacket (-!s3!e. car& 2-66er, !t 5o. ProcessPacket !t s:e  s:e) ' //Bet te IP 7ea.er part o6 ts packet , e?c"-.!3 te eter!et ea.er seo!( (str-ct str-ct p.r str-ct  p.r &p = (str-ct str-ct p.r  p.r &)(2-66er . seo! str-ct et.r  et.r)); ..tota"; swtch (p/0  protoco" protoco" ) //Ceck te Protoco" a!. .o accor.!3"8000 ' case +% //ICP Protoco" ..c4p;   pr!t_c4p_packet ( 2-66er , s:e);  1reak;  1reak ; case D% //IBP Protoco" ..34p;  1reak;  1reak ; case %

//TCP Protoco"

5o. pr!t_c4p_packet (-!s3!e. car& , !t ); 5o. pr!t_c4p_packet 5o. Pr!t%ata 5o.  Pr!t%ata (-!s3!e. car& , !t); FI#E &"o36"e ; str-ct socka..r_! str-ct  socka..r_! so-rce ,.est; !t tcp !t  tcp=,-.p=,c4p=,oters =,34p=,tota"=,,9; !t 4a!() !t 4a! ' !t sa..r_s:e !t  sa..r_s:e , .ata_s:e ; str-ct socka..r str-ct  socka..r sa..r ; -!s3!e. car &2-66er = (-!s3!e. car &) 4a""oc(<<); //Its $3>

   

"o36"e =6ope!('"o30t?t' ,'w'); !( ! ("o36"e ==  LL)  LL) ' pr!t6 ('@!a2"e to create "o30t?t 6"e0' ); * pr!t6 ('Start!3000!' ); !t sock_raw = socket( AF_PACKET , SOCK_RAW , to!s(ET7_P_A## )) ; !t sock_raw //setsockopt(sock_raw , SO#_SOCKET , SO_$IN%TO%E&ICE , 'et' , str"e!('et')* + );

 

   

 

     

!( ! (sock_raw  + ) ' //Pr!t te error wt proper 4essa3e perror ('Socket Error' ); ret"rn +; *  wh#e(  wh#e (+) ' sa..r_s:e = seo! sa..r ; //Rece5e a packet .ata_s:e = rec56ro4 (sock_raw , 2-66er , << ,  , -sa..r , (sock"e!_t &) -sa..r_s:e ); !( ! (.ata_s:e  + ) ' pr!t6('Rec56ro4 error , 6a"e. to 3et packets!' ); ret"rn +; * //Now process te packet ProcessPacket (2-66er , .ata_s:e ); * c"ose(sock_raw ); pr!t6 ('F!se.' ); ret"rn ;

*

5o. ProcessPacket (-!s3!e. car& 2-66er, !t 5o. ProcessPacket !t s:e  s:e) ' //Bet te IP 7ea.er part o6 ts packet , e?c"-.!3 te eter!et ea.er seo!( (str-ct str-ct p.r str-ct  p.r &p = (str-ct str-ct p.r  p.r &)(2-66er . seo! str-ct et.r  et.r)); ..tota"; swtch (p/0  protoco" protoco" ) //Ceck te Protoco" a!. .o accor.!3"8000 ' case +% //ICP Protoco" ..c4p;   pr!t_c4p_packet ( 2-66er , s:e);  1reak;  1reak ; case D% //IBP Protoco" ..34p;  1reak;  1reak ; case %

//TCP Protoco"

 

 

..tcp; pr!t_tcp_packet (2-66er , s:e);  1reak;  1reak ; case +% //@%P Protoco" ..-.p; pr!t_-.p_packet (2-66er , s:e);  1reak;  1reak ;

$e!a"#t% //So4e Oter Protoco" "ke ARP etc0 $e!a"#t% ..oters ;  1reak;  1reak ; *   pr!t6 ('TCP  G. @%P  G. ICP  G. IBP  G. , -.p ,   c4p , 34p , oters , tota"); *

Oters  G.

Tota"  G.r' , tcp

5o. pr!t_eter!et_ea.er (-!s3!e. car& $-66er, !t 5o. pr!t_eter!et_ea.er !t S:e  S:e) ' str-ct et.r str-ct  et.r &et = (str-ct str-ct et.r  et.r &)$-66er ;

   

 

  *

6pr!t6 ("o36"e , '!'); 6pr!t6 ("o36"e , 'Eter!et 7ea.er!' ); 6pr!t6 ("o36"e , ' H%est!ato! A..ress  G0DJG0DJG0DJG0DJG0DJ G0DJG0DJG0DJG0DJG0DJG0DJ G0DJ !' , et/0  _.est _.est 23,et/0  _.est _.est2+3,et/0  _.est _.est2D3,et/0  _.est _.est23,et/0  _.est _.est 23, et/0  _.est _.est 2<3 ); 6pr!t6 ("o36"e , ' HSo-rce A..ress  G0DJG0DJG0DJG0DJG0DJ G0DJG0DJG0DJG0DJG0DJG0DJ G0DJ !' , et/0  _so-rce _so-rce 23 , et/0  _so-rce _so-rce 2+3 , et/0  _so-rce _so-rce 2D3 , et/0  _so-rce _so-rce 23 , et/0  _so-rce _so-rce 23 , et/0  _so-rce _so-rce 2<3 ); 6pr!t6 ("o36"e , ' HProtoco"  G- !' ,(-!s3!e. sort)et/0  _proto _proto );

5o. pr!t_p_ea.er (-!s3!e. car& $-66er , !t 5o. pr!t_p_ea.er !t S:e  S:e) '   pr!t_eter!et_ea.er ($-66er , S:e); -!s3!e. sort sort p.r"e!  p.r"e! ;

 

str-ct  p.r &p = (str-ct str-ct p.r str-ct p.r  p.r &)($-66er p.r"e! =p/0  " "&;

 

seo!( (so-rce )); 4e4set (-so-rce , , seo! so-rce 4s!_a..r 4s_a..r = p/0  sa..r sa..r;

 

4e4set (-.est, , seo! seo!( (.est)); .est4s!_a..r 4s_a..r = p/0  .a..r .a..r ;

           

. seo! seo!( (str-ct str-ct et.r  et.r) );

6pr!t6 ("o36"e , '!'); 6pr!t6 ("o36"e , 'IP 7ea.er!' ); 6pr!t6 ("o36"e , ' HIP &erso!  G.!' ,(-!s3!e. !t)p/0  5erso! 5erso! ); 6pr!t6 ("o36"e , ' HIP 7ea.er #e!3t  G. %WOR%S or G. $8tes!' , (-!s3!e. !t)p/0  " ", ((-!s3!e. !t)(p/0  " "))&); 6pr!t6 ("o36"e , ' HT8pe O6 Ser5ce  G.!' ,(-!s3!e. !t)p/0  tos tos); 6pr!t6 ("o36"e , ' HIP Tota" #e!3t  G. $8tes(S:e o6 Packet)!' , !tos(p/0  tot_"e! tot_"e! )); 6pr!t6 ("o36"e , ' HI.e!t6cato!  G.!' ,!tos(p/0  . .)); //6pr!t6("o36"e , ' HReser5e. LERO Fe".  G.!', (-!s3!e. !t)p.r 1p_reser5e._:ero); //6pr!t6("o36"e , ' H%o!t Fra34e!t Fe".  G.!', (-!s3!e. !t)p.r1p_.o!t_6ra34e!t) !t)p.r1p_.o!t_6ra34e!t); ;

          *

//6pr!t6("o36"e , ' Hore Fra34e!t Fe".  G.!', (-!s3!e. !t)p.r1p_4ore_6ra34e!t); 6pr!t6("o36"e , ' HTT#  G.!' ,(-!s3!e. !t)p/0  tt"); 6pr!t6("o36"e , ' HProtoco"  G.!' ,(-!s3!e. !t)p/0  protoco" ); 6pr!t6("o36"e , ' HCecks-4  G.!' ,!tos(p/0  ceck)); 6pr!t6("o36"e , ' HSo-rce IP  Gs!' ,!et_!toa (so-rce4s!_a..r )); 6pr!t6("o36"e , ' H%est!ato! IP  Gs!' ,!et_!toa (.est4s!_a..r ));

5o. pr!t_tcp_packet (-!s3!e. car& $-66er, !t S:e) ' -!s3!e. sort p.r"e!;

 

str-ct p.r &p = (str-ct p.r &)( $-66er p.r"e! = p/0  "&;

. seo!(str-ct et.r) );

str-ct tcp.r &tcp=(str-ct tcp.r&)($-66er . p.r"e! . seo!(str-ct et.r)); !t ea.er_s:e =

seo!(str-ct et.r) . p.r"e! . tcp/0  .o66&;

6pr!t6 ("o36"e , '!!MMMMMMMMMMMMMMMMMMMMMMTCP PacketMMMMMMMMMMMMMMMMMMMMMMMMM!' ); pr!t_p_ea.er ($-66er,S:e);

                       

6pr!t6 ("o36"e , '!'); 6pr!t6("o36"e , 'TCP 7ea.er!' ); 6pr!t6("o36"e , ' HSo-rce Port  G-!' ,!tos(tcp/0  so-rce)); 6pr!t6("o36"e , ' H%est!ato! Port  G-!' ,!tos(tcp/0  .est)); 6pr!t6("o36"e , ' HSe-e!ce N-42er  G-!' ,!to"(tcp/0  se)); 6pr!t6("o36"e , ' HAck!ow"e.3e N-42er  G-!' ,!to"(tcp/0  ack_se )); 6pr!t6("o36"e , ' H7ea.er #e!3t  G. %WOR%S or G. $TES!' , .o66,(-!s3!e. !t)tcp/0  .o66&); (-!s3!e. !t)tcp/0  //6pr!t6("o36"e , ' HCWR F"a3  G.!',(-!s3!e. !t)tcp1cwr); //6pr!t6("o36"e , ' HECN F"a3  G.!',(-!s3!e. !t)tcp1ece); 6pr!t6("o36"e , ' H@r3e!t F"a3  G.!' ,(-!s3!e. !t)tcp/0  -r3); 6pr!t6("o36"e , ' HAck!ow"e.3e4e!t F"a3  G.!' ,(-!s3!e. !t)tcp/0  ack); 6pr!t6("o36"e , ' HP-s F"a3  G.!' ,(-!s3!e. !t)tcp/0  ps); 6pr!t6("o36"e , ' HReset F"a3  G.!' ,(-!s3!e. !t)tcp/0  rst); 6pr!t6("o36"e , ' HS8!cro!se F"a3  G.!' ,(-!s3!e. !t)tcp/0  s8!); 6pr!t6("o36"e , ' HF!s F"a3  G.!' ,(-!s3!e. !t)tcp/0  6!); 6pr!t6("o36"e , ' HW!.ow  G.!' ,!tos(tcp/0  w!.ow)); 6pr!t6("o36"e , ' HCecks-4  G.!' ,!tos(tcp/0  ceck)); 6pr!t6("o36"e , ' H@r3e!t Po!ter  G.!' ,tcp/0  -r3_ptr ); 6pr!t6("o36"e , '!'); 6pr!t6("o36"e , ' %ATA %-4p ' ); 6pr!t6("o36"e , '!');

 

6pr!t6 ("o36"e , 'IP 7ea.er!' ); Pr!t%ata ($-66er,p.r"e! );

 

6pr!t6 ("o36"e , 'TCP 7ea.er!' ); Pr!t%ata ($-66er.p.r"e! ,tcp/0  .o66&);

           

6pr!t6 ("o36"e , '%ata Pa8"oa.!' ); Pr!t%ata ($-66er . ea.er_s:e , S:e / ea.er_s:e ); 6pr!t6 ("o36"e , '!' ); *

5o. pr!t_-.p_packet (-!s3!e. car &$-66er , !t S:e) '

-!s3!e. sort p.r"e!;

 

str-ct p.r &p = (str-ct p.r &)($-66er . p.r"e! = p/0  "&;

seo!(str-ct et.r));

str-ct -.p.r &-.p = (str-ct -.p.r&)($-66er . p.r"e! !t ea.er_s:e =

. seo!(str-ct et.r ));

seo!(str-ct et.r) . p.r"e! . seo! -.p;

6pr!t6 ("o36"e , '!!MMMMMMMMMMMMMMMMMMMMMM@%P PacketMMMMMMMMMMMMMMMMMMMMMMMMM!' ); pr!t_p_ea.er ($-66er,S:e);

       

6pr!t6 ("o36"e 6pr!t6("o36"e 6pr!t6("o36"e 6pr!t6("o36"e 6pr!t6("o36"e

   

6pr!t6 ("o36"e , '!'); 6pr!t6("o36"e , 'IP 7ea.er!' ); Pr!t%ata ($-66er , p.r"e!);

 

6pr!t6 ("o36"e , '@%P 7ea.er!' ); Pr!t%ata ($-66er.p.r"e! , seo! -.p);

, , , , ,

'!@%P 7ea.er!' ); ' HSo-rce Port ' H%est!ato! Port ' H@%P #e!3t ' H@%P Cecks-4

   

G.!' G.!' G.!' G.!'

, !tos(-.p/0  so-rce)); , !tos(-.p/0  .est)); , !tos(-.p/0  "e!)); ceck)); , !tos(-.p/0 

6pr!t6 ("o36"e , '%ata Pa8"oa.!' );

 

//o5e te po!ter aea. a!. re.-ce te s:e o6 str!3 Pr!t%ata ($-66er . ea.er_s:e , S:e / ea.er_s:e ); 6pr!t6 ("o36"e , '!' );

*

5o. pr!t_c4p_packet (-!s3!e. car& $-66er , !t S:e) ' -!s3!e. sort p.r"e!;

 

str-ct p.r &p = (str-ct p.r &)($-66er p.r"e! = p/0  " & ;

. seo!(str-ct et.r));

str-ct c4p.r &c4p = (str-ct c4p.r &)($-66er . p.r"e! . seo!(str-ct et.r )); !t ea.er_s:e =

seo!(str-ct et.r) . p.r"e! . seo! c4p;

6pr!t6 ("o36"e , '!!MMMMMMMMMMMMMMMMMMMMICP PacketMMMMMMMMMMMMMMMMMMMMMM!' ); pr!t_p_ea.er ($-66er , S:e); 6pr!t6 ("o36"e , '!');

 

 

 

6pr!t6 ("o36"e , 'ICP 7ea.er!' ); 6pr!t6("o36"e , ' HT8pe  G.' ,(-!s3!e. !t)(c4p/0  t8pe)); !((-!s3!e. !t)(c4p/0  t8pe) == ++) ' 6pr!t6("o36"e , ' (TT# E?pre.)!' ); * e#se !((-!s3!e. !t)(c4p/0  t8pe) == ICP_EC7OREP# ) ' 6pr!t6("o36"e , ' (ICP Eco Rep"8)!' ); *

 

6pr!t6 ("o36"e , 6pr!t6("o36"e , //6pr!t6("o36"e //6pr!t6("o36"e 6pr!t6("o36"e ,

   

6pr!t6("o36"e , 'IP 7ea.er!' ); Pr!t%ata ($-66er,p.r"e! );

 

6pr!t6 ("o36"e , '@%P 7ea.er!' ); Pr!t%ata ($-66er . p.r"e! , seo! c4p);

 

' HCo.e  G.!' ,(-!s3!e. !t)(c4p/0  co.e)); ' HCecks-4  G.!' ,!tos(c4p/0  cecks-4 )); , ' HI%  G.!',!tos(c4p1.)); , ' HSe-e!ce  G.!',!tos(c4p1se-e!ce)); '!');

6pr!t6 ("o36"e , '%ata Pa8"oa.!' );

 

//o5e te po!ter aea. a!. re.-ce te s:e o6 str!3 Pr!t%ata ($-66er . ea.er_s:e , (S:e / ea.er_s:e ) ); 6pr!t6 ("o36"e , '!' );

*

5o. Pr!t%ata (-!s3!e. car& .ata , !t S:e) ' !t  , 9; !or(= ;  + S:e ; ..) ' !( 5= -- 6+==) //6 o!e "!e o6 e? pr!t!3 s co4p"ete000 '   6pr!t6 ("o36"e , ' '); !or(9=/+ ; 9  + ; 9..) ' !(.ata2930=D -- .ata293+=+D)   6pr!t6("o36"e , 'Gc',(-!s3!e. car).ata293); //6 !-42er or a"pa2et e#se 6pr!t6 ("o36"e , '0'); //oterwse pr!t a .ot *   6pr!t6 ("o36"e , '!'); * !(6+==) 6pr!t6("o36"e , ' '); 6pr!t6("o36"e , ' GDJ',(-!s3!e. !t).ata23);

 

!( ==S:e/+) //pr!t te "ast spaces ' !or(9=;9  ++
 

6pr!t6 ("o36"e , '

!or(9=/6+ ; 9  += ; 9..) ' !(.ata2930=D -- .ata293+=+D) ' 6pr!t6("o36"e , 'Gc',(-!s3!e. car).ata293); * e#se ' 6pr!t6("o36"e , '0'); * * 6pr!t6 ("o36"e , '!' );

 

 

* * *

');

The log file will looks somewhat like this :

MMMMMMMMMMMMMMMMMMMMMMMTCP PacketMMMMMMMMMMMMMMMMMMMMMMMMM

Eter!et 7ea.er

H%est!ato! A..ress  D<
HSo-rce A..ress

 +CCFQEE

HProtoco"

 

IP 7ea.er

HIP &erso!

 

HIP 7ea.er #e!3t

 < %WOR%S or D $8tes

HT8pe O6 Ser5ce

 

HIP Tota" #e!3t

 ++

HI.e!t6cato!

 ++DD

HTT#

$8tes(S:e o6 Packet)

 

HProtoco"  

HCecks-4  
HSo-rce IP

 +QD0+0+0

H%est!ato! IP

 0+D<0+0+D<

TCP 7ea.er

HSo-rce Port

 <<

H%est!ato! Port 
HSe-e!ce N-42er

 <<

HAck!ow"e.3e N-42er  DD

H7ea.er #e!3t

 < %WOR%S or D $TES

H@r3e!t F"a3

 

HAck!ow"e.3e4e!t F"a3  +

HP-s F"a3

 +

HReset F"a3

 

HS8!cro!se F"a3

 

HF!s F"a3

 

HW!.ow

 DQD

HCecks-4

 D+<

H@r3e!t Po!ter  

%ATA %-4p

IP 7ea.er

 D<
0G0=000008000E0

 %  D

00$

TCP 7ea.er

    $  C A +  A %  %  

0000000UVBV0w

+   A%

0600

%ata Pa8"oa.

+  +   A QC <% + A+ D< A$ CE $ C E$

000000X00G000H0

+A A  A  %% E $ E  C+ Q A %D D< D

00C000k!C0090G

 Q
0030,00Y0000#

% A E % QE F $ CE QE $ F E+ $% QE < <

00000k00k0000PS

% F A$ ++ < % + D F  C A ED  D$ +

400000A0000007*

+ + FF <$ %F < % <$ A% Q 
000Z0P0Z000#000

$ D E D 

0rYD0



In the above log we can see the &thernet headers being printed. They show the source and destination mac address along with the packet protocol.  means I protocol )ote: 1. If you want to sniff only I and + packets for e'ample then you can try this: sockraw 3 socket4 +/+C5&T % *6C5+( % htons4&T-I7&T-+88 9 The complete list of protocols is found in usrincludelinu'ifether.h 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

/M M Tese are te .e6!e. Eter!et Protoco" I%[s0 M/ .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e

ET7_P_#OOP ? ET7_P_P@P ?D ET7_P_P@PAT ?D+ ET7_P_IP ? ET7_P_JD< ?< ET7_P_ARP ? ET7_P_$P\ ?FF ET7_P_IEEEP@P ?a ET7_P_IEEEP@PAT ?a+ ET7_P_%EC ? ET7_P_%NA_%# ?+ ET7_P_%NA_RC ?D ET7_P_%NA_RT ?

/M /M /M /M /M /M /M /M /M /M /M /M /M

Eter!et #oop2ack packet M/ Jero? P@P packet M/ Jero? P@P A..r Tra!s packet M/ I!ter!et Protoco" packet M/ CCITT J0D< M/ A..ress Reso"-to! packet M/ B$P\ AJ0D< Eter!et Packet ZNOT AN OFFICIA## REBISTERE% I%X M/ Jero? IEEED0 P@P packet M/ Jero? IEEED0 P@P A..r Tra!s packet M/ %EC Ass3!e. proto M/ %EC %NA %-4p/#oa. M/ %EC %NA Re4ote Co!so"e M/ %EC %NA Ro-t!3 M/

17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76

&n;oy<<

.e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e

.e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e

ET7_P_#AT ? /M %EC #AT M/ ET7_P_%IAB ?< /M %EC %a3!ostcs M/ ET7_P_C@ST ? /M %EC C-sto4er -se M/ ET7_P_SCA ? /M %EC S8ste4s Co44s Arc M/ ET7_P_TE$ ?<< /M Tra!s Eter $r.3!3 M/ ET7_P_RARP ?< /M Re5erse A..r Res packet M/ ET7_P_ATA#K ?Q$ /M App"eta"k %%P M/ ET7_P_AARP ?F /M App"eta"k AARP M/ ET7_P_D+\ ?+ /M D0+\ &#AN E?te!.e. 7ea.er M/ ET7_P_IPJ ?+ /M IPJ o5er %IJ M/ ET7_P_IP& ?%% /M IP5 o5er 2"-e2ook M/ ET7_P_PA@SE ? /M IEEE Pa-se 6ra4es0 See D0 +$ M/ ET7_P_S#OW ?Q /M S"ow Protoco"0 See D0a. $ M/ ET7_P_WCCP ?E /M We2cace coor.!ato! protoc .ra6tw"so!wrecwccp5D0t?t M/ ET7_P_PPP_%ISC ? /M PPPoE .sco5er8 4essa3es M/ ET7_P_PPP_SES ? /M PPPoE sesso! 4essa3es M/ ET7_P_P#S_@C ? /M P#S @!cast tra66c M/ ET7_P_P#S_C ? /M P#S -"tcast tra66c M/ ET7_P_ATPOA ?c /M -"tProtoco" O5er AT M/ ET7_P_#INK_CT# ?c /M 7PNA, w"a! "!k "oca" t-!!e" M/ ET7_P_ATFATE ? /M Fra4e2ase. AT Tra!sport M o5er Eter!et M/ ET7_P_PAE ?E /M Port Access E!tt8 (IEEE D0+J) M/ ET7_P_AOE ?AD /M ATA o5er Eter!et M/ ET7_P_TIPC ?CA /M TIPC M/ ET7_P_+< ?F /M IEEE +< T4es8!c M/ ET7_P_FCOE ?Q /M F2re Ca!!e" o5er Eter!et M/ ET7_P_FIP ?Q+ /M FCoE I!ta":ato! Protoco" M/ ET7_P_E%SA ?%A%A /M Etert8pe %SA Z NOT AN OFFICIA## REBISTERE% I% X M/

/M M No! %IJ t8pes0 Wo![t c"as 6or +< t8pes0 M/ .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e .e6!e

ET7_P_D_ ?+ ET7_P_AJD< ?D ET7_P_A## ? ET7_P_D_D ? ET7_P_SNAP ?< ET7_P_%%CP ? ET7_P_WAN_PPP ? ET7_P_PPP_P ? ET7_P_#OCA#TA#K ?Q ET7_P_CAN ?C ET7_P_PPPTA#K ?+ ET7_P_TR_D_D ?++ ET7_P_O$ITEJ ?+< ET7_P_CONTRO# ?+ ET7_P_IR%A ?+ ET7_P_ECONET ?+ ET7_P_7%#C ?+Q ET7_P_ARCNET ?+A ET7_P_%SA ?+$ ET7_P_TRAI#ER ?+C ET7_P_P7ONET ?F< ET7_P_IEEED+< ?F ET7_P_CAIF ?F

/M /M /M /M /M /M /M /M /M

%-448 t8pe 6or D0 6ra4es M/ %-448 protoco" . 6or AJ0D< M/ E5er8 packet (2e care6-">>>) M/ D0D 6ra4es M/ I!ter!a" o!"8 M/ %EC %%CP I!ter!a" o!"8 M/ %-448 t8pe 6or WAN PPP 6ra4esM/ %-448 t8pe 6or PPP P 6ra4es M/ #oca"ta"k pse-.o t8pe M/ /M Co!tro""er Area Network M/ /M %-448 t8pe 6or Ata"k o5er PPPM/ /M D0D 6ra4es M/ /M o2te? (ka:ca6e0!et) M/ /M Car. spec6c co!tro" 6ra4es M/ /M #!-?Ir%A M/ /M Acor! Eco!et M/ /M 7%#C 6ra4es M/ /M +A 6or ArcNet ) M/ /M %str2-te. Swtc Arc0 M/ /M Tra"er swtc ta33!3 M/ /M Noka Po!et 6ra4es M/ /M IEEED0+<0 6ra4e M/ /M STErcsso! CAIF protoco" M/

Send an Et$ fra'e using an AF_PACKET soket in C Content

•

1 Objective

•

2 Background

•

3 Scenario

•

4 Method

o

4.1 Overview

o

4.2 Select the required EtherT!e

o

4.3 "reate the #$%&#"'ET (ocket

o

4.4 )eter*ine the inde+ nu*ber o, the Ethernet inter,ace to be u(ed

o

4.- "on(truct the de(tination addre((

o

4. Send the Ethernet ,ra*e

o

4./ Send the ,ra*e 0u(ing (endto

o

4. Send the ,ra*e 0u(ing (end*(g

•

- #lternative(

o

-.1 (ing lib!ca!

o

-.2 (ing a raw (ocket

•

 $urther reading

Tested on

Debian (Lenny) Ubuntu (Lucid, Trusty)

6b;ective To send an arbitrary t!ernet "ra#e usin$ an

AF_PACKET  soc%et

Background t!ernet is a &in% &ayer 'rotoco& ost net*or%in$ 'ro$ra#s interact *it! t!e net*or% stac% at t!e trans'ort &ayer or abo+e, so !a+e no need to dea& *it! t!ernet "ra#es direct&y, but t!ere are so#e circu#stances *!ere interaction at a &o*er &e+e& #ay be necessary T!ese inc&ude •

•

i#'&e#entation o" t!ernet-based 'rotoco&s t!at are not bui&t in to t!e net*or% stac%, and  'roduction o" #a&"or#ed or ot!er*ise non-standard "ra#es "or testin$ 'ur'oses

*cenario .u''ose t!at you *is! to send an / reuest "or t!e  address 192168083 T!e reuest is to be sent "ro# inter"ace et to t!e broadcast / adddress (/ is t!e /ddress eso&ution rotoco& t is used *!en a !ost needs to send a data$ra# to a $i+en  address, but does not %no* *!ic! / address corres'onds to t!at  address)

#ethod 6verview T!e #et!od described !ere !as "i+e ste's 1 .e&ect t!e reuired t!erTy'e 2 reate t!e AF_PACKET  soc%et 3 Deter#ine t!e inde nu#ber o" t!e t!ernet inter"ace to be used 4 onstruct t!e destination address 5 .end t!e t!ernet "ra#e T!e "o&&o*in$ !eader "i&es are used !eader

/sed %y

err!o01 str!301

err!o

arpa/!et01

!_a..r_t , to!s

!et/eter!et01 !et/601 !et!et/6_eter0 1 !etpacket/packet0 1 s8s/oct"01 s8s/socket01

ET7ER_A%%R_#EN , ET7_P_M str-ct 6re

4e4cp8, strerror , str"e!

str-ct eter_arp str-ct socka..r_"" SIOCBIFIN%EJ , oct" str-ct socka..r , str-ct o5ec , str-ct

4s3.r, AF_PACKET , SOCK_%BRA , socket, se!.to, se!.4s3 AF_PACKET  soc%ets

are s'eci"ic to Linu ro$ra#s t!at #a%e use o" t!e# need e&e+ated 'ri+i&e$es

in order to run .ettin$ SO_$ROA%CAST  does not a''ear to be necessary *!en sendin$ broadcast "ra#es usin$ an AF_PACKET  soc%et .o#e 'ro$ra#s do so any*ay, *!ic! is un&i%e&y to be !ar#"u&, and cou&d be considered a *ort!*!i&e !ed$e a$ainst any "uture c!an$e in be!a+iour

*elect the re=uired &therType T!e t!erTy'e o" an t!ernet "ra#e s'eci"ies t!e ty'e o" 'ay&oad t!at it contains T!ere are se+era& sources "ro# *!ic! t!erTy'es can be obtained •

T!e !eader "i&e "!-?/6_eter01  'ro+ides constants "or #ost co##on&y-used t!erTy'es a#'&es inc&ude ET7_P_IP  "or t!e nternet rotoco& ( ? ), ET7_P_ARP  "or t!e /ddress eso&ution rotoco& ( ?) and ET7_P_D+\  "or  8021 L/ ta$s ( ?+)

•

T!e  #aintains t!e de"initi+e &ist o" re$istered t!erTy'es

•

/ se#i-o""icia& &ist is #aintained by //

T!e *i&dcard +a&ue ET7_P_A##  a&&o*s any t!erTy'e to be recei+ed *it!out usin$ #u&ti'&e soc%ets T!is inc&udes t!erTy'es t!at are !and&ed by t!e %erne&, suc! as  and / " you need an t!erTy'e "or e'eri#enta& or 'ri+ate use t!en t!e +a&ues  been reser+ed "or t!at 'ur'ose

?2< and ?2 !a+e

Create the +/+C5&T socket T!e soc%et t!at *i&& be used to send t!e t!ernet "ra#e s!ou&d be created usin$ t!e T!is ta%es t!ree ar$u#ents

socket "unction

•

t!e do#ain (AF_PACKET  "or a 'ac%et soc%et)

•

t!e soc%et ty'e (SOCK_%BRA  i" you *ant t!e t!ernet !eader to be constructed "or you or SOCK_RAW  i" you *ant to construct it yourse&") and

•

t!e 'rotoco& (eua& to t!e t!erty'e c!osen abo+e, con+erted to net*or% byte order), *!ic! is used "or "i&terin$ inbound 'ac%ets

n t!is instance t!e soc%et *i&& be used "or sendin$ (and 'resu#ab&y a&so recei+in$) / reuests, t!ere"ore t!e t!ird ar$u#ent s!ou&d be set to to!s(ET7_P_ARP)  (or eui+a&ent&y, to!s(?) ) T!ere is no need to construct a custo# t!ernet !eader so t!e second ar$u#ent s!ou&d be set to SOCK_%BRA 