cpp_packet_sniffer/main3.cpp at main · we-and/cpp_packet_sniffer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
#include <pcap.h>
#include <iostream>
#include <cstring>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <cctype>

class PacketMonitor {
private:
    pcap_t* handle;

    static void packet_handler(u_char* user_data, const struct pcap_pkthdr* pkthdr, const u_char* packet) {
        // Get IP header - on macOS, we need to handle BSD-style packets
        const struct ip* ip_header;
        int ethernet_header_length = 14;

        // Check if we're capturing on 'any' device or loopback
        if (pcap_datalink((pcap_t*)user_data) == DLT_NULL) {
            ip_header = (struct ip*)(packet + 4); // BSD loopback encapsulation
            ethernet_header_length = 4;
        } else {
            ip_header = (struct ip*)(packet + ethernet_header_length);
        }

        // Get TCP header
        int ip_header_len = ip_header->ip_hl * 4;
        const struct tcphdr* tcp_header = (struct tcphdr*)(packet + ethernet_header_length + ip_header_len);

        // Get payload
        int tcp_header_len = tcp_header->th_off * 4;
        const u_char* payload = packet + ethernet_header_length + ip_header_len + tcp_header_len;
        int payload_len = pkthdr->len - (ethernet_header_length + ip_header_len + tcp_header_len);

        std::cout << "\n=== Telnet Packet ===" << std::endl;
        std::cout << "Source IP: " << inet_ntoa(ip_header->ip_src) << std::endl;
        std::cout << "Destination IP: " << inet_ntoa(ip_header->ip_dst) << std::endl;
        std::cout << "Source Port: " << ntohs(tcp_header->th_sport) << std::endl;
        std::cout << "Destination Port: " << ntohs(tcp_header->th_dport) << std::endl;
        std::cout << "Payload length: " << payload_len << " bytes" << std::endl;

        if (payload_len > 0) {
            std::cout << "Payload (ASCII): ";
            for (int i = 0; i < payload_len; i++) {
                if (isprint(payload[i])) {
                    std::cout << payload[i];
                } else {
                    printf("\\x%02x", payload[i]);
                }
            }
            std::cout << std::endl;
        }
    }

public:
    PacketMonitor() : handle(nullptr) {}

    void list_interfaces() {
        pcap_if_t *alldevs;
        char errbuf[PCAP_ERRBUF_SIZE];

        if (pcap_findalldevs(&alldevs, errbuf) == -1) {
            std::cerr << "Error finding devices: " << errbuf << std::endl;
            return;
        }

        std::cout << "Available interfaces:" << std::endl;
        for (pcap_if_t *d = alldevs; d != nullptr; d = d->next) {
            std::cout << "Interface: " << d->name << std::endl;
            if (d->description) {
                std::cout << "Description: " << d->description << std::endl;
            }

            // Print addresses
            for (pcap_addr_t *a = d->addresses; a != nullptr; a = a->next) {
                if (a->addr && a->addr->sa_family == AF_INET) {
                    char ip[INET_ADDRSTRLEN];
                    inet_ntop(AF_INET,
                             &((struct sockaddr_in*)a->addr)->sin_addr,
                             ip, sizeof(ip));
                    std::cout << "  IP address: " << ip << std::endl;
                }
            }
            std::cout << std::endl;
        }

        pcap_freealldevs(alldevs);
    }

    bool initialize(const char* interface) {
        char errbuf[PCAP_ERRBUF_SIZE];

        std::cout << "Opening interface: " << interface << std::endl;

        // Open the network interface for packet capture
        handle = pcap_open_live(interface, BUFSIZ, 1, 1000, errbuf);
        if (handle == nullptr) {
            std::cerr << "Error opening interface: " << errbuf << std::endl;
            return false;
        }

        // Set filter to capture telnet traffic
        struct bpf_program fp;
        const char* filter = "tcp port 23";
        if (pcap_compile(handle, &fp, filter, 0, PCAP_NETMASK_UNKNOWN) == -1) {
            std::cerr << "Error compiling filter: " << pcap_geterr(handle) << std::endl;
            return false;
        }

        if (pcap_setfilter(handle, &fp) == -1) {
            std::cerr << "Error setting filter: " << pcap_geterr(handle) << std::endl;
            return false;
        }

        std::cout << "Successfully initialized capture on " << interface << std::endl;
        return true;
    }

    void start_capture() {
        if (handle == nullptr) {
            std::cerr << "Packet capture not initialized" << std::endl;
            return;
        }

        std::cout << "Starting packet capture... (Press Ctrl+C to stop)" << std::endl;
        pcap_loop(handle, 0, packet_handler, (u_char*)handle);
    }

    ~PacketMonitor() {
        if (handle) {
            pcap_close(handle);
        }
    }
};

int main(int argc, char* argv[]) {
    if (geteuid() != 0) {
        std::cerr << "This program requires root privileges to capture packets" << std::endl;
        return 1;
    }

    PacketMonitor monitor;

    // List all interfaces first
    monitor.list_interfaces();

    if (argc != 2) {
        std::cerr << "Usage: " << argv[0] << " <interface>" << std::endl;
        std::cerr << "Example: " << argv[0] << " lo0" << std::endl;
        return 1;
    }

    if (!monitor.initialize(argv[1])) {
        return 1;
    }

    monitor.start_capture();
    return 0;
}