/* ===================================== snifftest.c Authors: Jakob Klamra, jklamra@csee.usf.edu and Martin Olsson, molsson@csee.usf.edu This program will sniff network traffic for 10 seconds, filtering out UDP packets and printing SSDP NOTIFY and M-SEARCH. The program uses the library netwib, which must be installed before the program can be compiled or run. Newib can be found here: http://www.laurentconstantin.com/en/netw/netwib/ Netwib uses Winpcap which can be found here: http://winpcap.polito.it/ Parts of this code has been borrowed from the testprograms for netwib. Please download the whole developer package from the netwib homepage to get acces to documentation and testfiles. This code should be compiled using Visual C++ or Dev C++. Please refer to netwib documentation for settings of the compiler. This program was downloaded from http://www.csee.usf.edu/~jklamra/upnp/ and is part of a master thesis about power management in Universal Plug and Play. ===================================== */ #include #include netwib_err print_capture(netwib_io *pio); netwib_err choose_device(netwib_buf *pbuf); int main(void) { netwib_buf device, filter; netwib_io *pio; netwib_err ret; netwib_init(); //init the library ret = NETWIB_ERR_OK; netwib_er(netwib_buf_init_mallocdefault(&device)); //init device variable choose_device(&device); //select an interface and store it in device if (ret == NETWIB_ERR_NOTFOUND) { netwib_er(netwib_buf_close(&device)); printf("Error1"); } netwib_er(netwib_buf_init_mallocdefault(&filter)); netwib_er(netwib_buf_append_text("udp", &filter)); ret = netwib_io_init_sniff(&device, &filter, &pio);//initiate a sniffing session netwib_er(netwib_buf_close(&filter)); netwib_er(netwib_buf_close(&device)); netwib_er(print_capture(pio)); netwib_er(netwib_io_close(&pio)); netwib_close(); } netwib_err print_capture(netwib_io *pio) { netwib_buf buf, msearchbuf, notifybuf, tempbuf, cmpbuf; netwib_string printstring; netwib_time t; netwib_uint32 i; netwib_encodetype_context ctx; netwib_device_dlttype dlt; netwib_bool event; netwib_err ret; netwib_linkhdr linkhdr; netwib_iphdr iphdr; netwib_udphdr udphdr; netwib_uint32 skipsize; netwib_cmp cmp; ////////////////////////////////////////////////////////////////////////////// ///// Create a buffer for notify and one for msearch to compare with ///// ///// will probably do this global later ///// ////////////////////////////////////////////////////////////////////////////// netwib_er(netwib_buf_init_mallocdefault(&msearchbuf)); netwib_er(netwib_buf_init_mallocdefault(¬ifybuf)); netwib_buf_init_ext_text("4d2d534541524348", &tempbuf); //start of http when it is a m-search netwib_buf_decode(&tempbuf, NETWIB_DECODETYPE_HEXA, &msearchbuf); netwib_buf_init_ext_text("4e4f54494659", &tempbuf); // start of hht when it is a sspd-notify netwib_buf_decode(&tempbuf, NETWIB_DECODETYPE_HEXA, ¬ifybuf); netwib_buf_close(&tempbuf); netwib_er(netwib_time_init_now(&t)); netwib_er(netwib_time_plus_sec(&t, 10));//add 10 seconds to actual time netwib_er(netwib_buf_encode_transition(&ctx, NETWIB_ENCODETYPE_TRANSITION_INIT, NULL));//initiate a transition of data netwib_er(netwib_sniff_ctl_get_dlt(pio, &dlt));//get dlt for sniffed packets for (i = 0; i < 100; i++) { printf(" %d\n", i); netwib_er(netwib_io_wait(pio, NETWIB_IO_WAYTYPE_READ, &t, &event));//wait for data in the IO if (!event) { break; } netwib_er(netwib_buf_init_mallocdefault(&buf)); ret = netwib_io_read(pio, &buf);//read from io if (ret == NETWIB_ERR_OK) { netwib_pkt_decode_linkhdr(dlt , &buf, &linkhdr, &skipsize); // get the linkhdr netwib_er(netwib_buf_shift(&buf, -skipsize, 0)); // shift away linkhdr netwib_pkt_decode_iphdr(&buf, &iphdr, &skipsize); //get the iphdr netwib_er(netwib_buf_shift(&buf, -skipsize, 0)); // shift away iphdr netwib_pkt_decode_udphdr(&buf, &udphdr, &skipsize); //get the udphdr netwib_er(netwib_buf_shift(&buf, -skipsize, 0)); //shift away udphdr netwib_er(netwib_buf_init_mallocdefault(&cmpbuf)); netwib_buf_append_buf(&buf, &cmpbuf); cmpbuf.totalsize = 8; cmpbuf.endoffset = 8; netwib_buf_cmp(&cmpbuf, &msearchbuf, &cmp); if(cmp == NETWIB_CMP_EQ) { netwib_er(netwib_buf_shift(&buf, -82, 0)); netwib_er(netwib_fmt_display("Packet is a M-search form ip %{ip}\n", &iphdr.src)); netwib_fmt_display("Looking for %{buf}\n", &buf); } else { cmpbuf.totalsize = 6; cmpbuf.endoffset = 6; netwib_buf_cmp(&cmpbuf, ¬ifybuf, &cmp); if(cmp == NETWIB_CMP_EQ) { netwib_er(netwib_buf_shift(&buf, -78, 0)); netwib_er(netwib_fmt_display("Packet is a SSDP-notify from ip %{ip}\n", &iphdr.src)); netwib_fmt_display("device: %{buf}\n", &buf); } } } else if(ret == NETWIB_ERR_NOTCONVERTED ) printf("not converted"); else if(ret == NETWIB_ERR_DATAMISSING) printf("datamissing"); else if (ret == NETWIB_ERR_DATANOTAVAIL) { netwib_er(netwib_fmt_display("Wait indicates event but nothing to read (this might be normal)\n")); } else { return(ret); } netwib_er(netwib_buf_close(&buf)); } return(NETWIB_ERR_OK); } netwib_err choose_device(netwib_buf *pbuf) { netwib_conf_devices conf; netwib_conf_devices_index *pconfindex; netwib_err ret; netwib_er(netwib_conf_devices_index_init(&conf, &pconfindex)); //initiate an idex used for cycling trough alla vailable devices ret = NETWIB_ERR_OK; while (NETWIB_TRUE) { ret = netwib_conf_devices_index_next(pconfindex);//get next entry in index if (ret != NETWIB_ERR_OK) { if (ret == NETWIB_ERR_DATAEND) ret = NETWIB_ERR_NOTFOUND; break; } if (conf.hwtype == NETWIB_DEVICE_HWTYPE_ETHER) {//found an ethernet device netwib_er(netwib_buf_append_buf(&conf.device, pbuf));//add chosen device to buffer that is returned break; } } netwib_er(netwib_conf_devices_index_close(&pconfindex)); //close index list if (ret == NETWIB_ERR_NOTFOUND) { netwib_er(netwib_fmt_display("No Ethernet device found\n")); } return(ret); }