|
http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=8601 [º¹»ç]
ka0r1@ka0r1-GF63-Thin-11UC:~$ cat http_sniffer.c
void packet_handler(u_char *user_data, const struct pcap_pkthdr *pkthdr, const u_char *packet) {
if (pkthdr->len < 14) {
printf("Too short for Ethernet header\n");
return;
}
struct ip *ip_header = (struct ip *)(packet + 14);
int ip_header_len = ip_header->ip_hl * 4;
if (pkthdr->len < 14 + ip_header_len) {
printf("Too short for IP header\n");
return;
}
struct tcphdr *tcp_header = (struct tcphdr *)(packet + 14 + ip_header_len);
int tcp_header_len = tcp_header->th_off * 4;
if (pkthdr->len < 14 + ip_header_len + tcp_header_len) {
printf("Too short for TCP header\n");
return;
}
const u_char *payload = packet + 14 + ip_header_len + tcp_header_len;
int payload_len = pkthdr->len - (14 + ip_header_len + tcp_header_len);
printf("Packet captured:\n");
printf("From: %s\n", inet_ntoa(ip_header->ip_src));
printf("To: %s\n", inet_ntoa(ip_header->ip_dst));
printf("Payload (%d bytes):\n", payload_len);
if (payload_len > 0)
print_hex_ascii(payload, payload_len);
else
printf("[No Payload]\n");
printf("--------------------------------------------------\n");
}
=================================================================
$ sudo ./libpcap_capture
Packet catured:
Packet length: 85 bytes
01 00 5e 00 00 fb 50 b7 c3 9e d1 67 08 00 45 00 ..^...P....g..E.
00 47 de 62 00 00 01 11 5e 38 c0 a8 db 67 e0 00 .G.b....^8...g..
00 fb 14 e9 14 e9 00 33 af 2c 00 00 00 00 00 01 .......3.,......
00 00 00 00 00 00 0e 5f 6d 69 63 72 6f 73 6f 66 ......._microsof
74 5f 6d 63 63 04 5f 74 63 70 05 6c 6f 63 61 6c t_mcc._tcp.local
00 00 0c 80 01 .....
Packet catured:
Packet length: 105 bytes
33 33 00 00 00 fb 50 b7 c3 9e d1 67 86 dd 60 0d 33....P....g..`.
e9 46 00 33 11 01 fe 80 00 00 00 00 00 00 f8 44 .F.3...........D
0b 56 13 a9 68 bb ff 02 00 00 00 00 00 00 00 00 .V..h...........
00 00 00 00 00 fb 14 e9 14 e9 00 33 ad ba 00 00 ...........3....
00 00 00 01 00 00 00 00 00 00 0e 5f 6d 69 63 72 ..........._micr
6f 73 6f 66 74 5f 6d 63 63 04 5f 74 63 70 05 6c osoft_mcc._tcp.l
6f 63 61 6c 00 00 0c 80 01 ocal.....
Packet catured:
Packet length: 86 bytes
80 ca 4b 86 e9 d5 84 7b 57 67 a5 0c 08 00 45 00 ..K....{Wg....E.
00 48 af b5 00 00 40 11 58 f0 c0 a8 db 2b 3d 29 .H....@.X....+=)
99 02 cb 13 00 35 00 34 72 45 82 f8 01 00 00 01 .....5.4rE......
00 00 00 00 00 00 01 31 03 32 31 39 03 31 36 38 .......1.219.168
03 31 39 32 07 69 6e 2d 61 64 64 72 04 61 72 70 .192.in-addr.arp
61 00 00 0c 00 01 a.....
Packet catured:
Packet length: 135 bytes
84 7b 57 67 a5 0c 80 ca 4b 86 e9 d5 08 00 45 00 .{Wg....K.....E.
00 79 59 61 00 00 37 11 b8 13 3d 29 99 02 c0 a8 .yYa..7...=)....
db 2b 00 35 cb 13 00 65 e9 86 82 f8 81 83 00 01 .+.5...e........
00 00 00 01 00 00 01 31 03 32 31 39 03 31 36 38 .......1.219.168
03 31 39 32 07 69 6e 2d 61 64 64 72 04 61 72 70 .192.in-addr.arp
61 00 00 0c 00 01 c0 12 00 06 00 01 00 00 03 2b a..............+
00 25 09 6c 6f 63 61 6c 68 6f 73 74 00 04 72 6f .%.localhost..ro
6f 74 00 00 00 00 01 00 09 3a 80 00 01 51 80 00 ot.......:...Q..
24 ea 00 00 09 3a 80 $....:.
Packet catured:
Packet length: 85 bytes
01 00 5e 00 00 fb 50 b7 c3 9e d1 67 08 00 45 00 ..^...P....g..E.
00 47 de 63 00 00 01 11 5e 37 c0 a8 db 67 e0 00 .G.c....^7...g..
00 fb 14 e9 14 e9 00 33 af ac 00 00 00 00 00 01 .......3........
00 00 00 00 00 00 0e 5f 6d 69 63 72 6f 73 6f 66 ......._microsof
74 5f 6d 63 63 04 5f 74 63 70 05 6c 6f 63 61 6c t_mcc._tcp.local
00 00 0c 00 01 .....
Packet catured:
Packet length: 105 bytes
33 33 00 00 00 fb 50 b7 c3 9e d1 67 86 dd 60 0d 33....P....g..`.
e9 46 00 33 11 01 fe 80 00 00 00 00 00 00 f8 44 .F.3...........D
0b 56 13 a9 68 bb ff 02 00 00 00 00 00 00 00 00 .V..h...........
00 00 00 00 00 fb 14 e9 14 e9 00 33 ae 3a 00 00 ...........3.:..
00 00 00 01 00 00 00 00 00 00 0e 5f 6d 69 63 72 ..........._micr
6f 73 6f 66 74 5f 6d 63 63 04 5f 74 63 70 05 6c osoft_mcc._tcp.l
6f 63 61 6c 00 00 0c 00 01 ocal..... |
Hit : 1316 Date : 2025/04/20 09:04
|
1617, 
1/81 
