Packet Sniffer Code in C using sockets. Packet sniffers. Packet sniffers are programs that intercept the network traffic flowing in and out of a system through network interfaces. So if you are browsing the internet then traffic is flowing and a packet sniffer would be able to catch it in the form of packets and display them for whatever reasons required. Packet sniffers are used for various needs like analysing protocols, monitoring network, and assessing the security of a network. Wireshark for example is the most popular packet sniffer out there and is available for all platforms. Its gui based and very easy to use. In this post we are going to talk about how to code and make our own packet sniffer in C and on the linux platform. By Linux it means that the code sample shown here would work only on linux and not windows. Field. Description. Type. 8 For echo message 0 for echo reply message. Code. 0. Checksum. The checksum is the 16bit ones complement of the ones complement. UDP User Datagram Protocol 11. Introduction. UDP is a simple, datagramoriented, transport layer protocol each output operation by a process produces exactly one. Raw udp sockets Raw udp sockets are used to send manually constructed udp packets. The udp header can be found in RFC 768 and has a very simple structure as. This tutorial demonstrates how to develop or build the Linux RAW socket or network program. The content includes a stepbystep C programming with the test result run. Packet sniffers can be coded by either using sockets api provided by the kernel, or by using some packet capture library like libpcap. In this tutorial we shall be covering the first method, that is by using sockets. Basic Sniffer using sockets. To code a very simply sniffer in C the steps would be. Create a raw socket. Put it in a recvfrom loop and receive data on it. A raw socket when put in recvfrom loop receives all incoming packets. This is because it is not bound to a particular address or port. AFINET, SOCKRAW, IPPROTOTCP. Thats all. The buffer will hold the data sniffed or picked up. The sniffing part is actually complete over here. The next task is to actually read the captured packet, analyse it and present it to the user in a readable format. Udp Checksum C Program' title='Udp Checksum C Program' />The following code shows an example of such a sniffer. Note that it sniffs only incoming packets. Codeincludelt stdio. For standard things. Provides declarations for icmp header. Provides declarations for udp header. The TCP and UDP protocols are two different protocols that handle data communications between terminals in an IP network the Internet. This page will talk about. Provides declarations for tcp header. Provides declarations for ip header. Process. Packetunsigned char, int. Print. Data unsigned char, int. Its Big logfilefopenlog. NULL printfUnable to create file. Udp Checksum C Program' title='Udp Checksum C Program' />Starting. Create a raw socket that shall sniff. AFINET, SOCKRAW, IPPROTOTCP. Socket Errorn. Receive a packet. Recvfrom error, failed to get packetsn. Now process the packet. Process. Packetbuffer, datasize. Finished. void Process. Packetunsigned charbuffer, int size. Get the IP Header part of this packet. Check the Protocol and do accordingly. ICMP Protocol. Print. Icmp. PacketBuffer,Size. IGMP Protocol. case 6 TCP Protocol. UDP Protocol. printudppacketbuffer, size. Some Other Protocol like ARP etc. TCP d UDP d ICMP d IGMP d Others d Total dr,tcp,udp,icmp,igmp,others,total. Buffer, int Size. Buffer. iphdrlen iph ihl. IP Headern. fprintflogfile, IP Version dn,unsigned intiph version. IP Header Length d DWORDS or d Bytesn,unsigned intiph ihl,unsigned intiph ihl. Type Of Service dn,unsigned intiph tos. IP Total Length d BytesSize of Packetn,ntohsiph totlen. Identification dn,ntohsiph id. Reserved ZERO Field dn,unsigned intiphdr ipreservedzero. Dont Fragment Field dn,unsigned intiphdr ipdontfragment. More Fragment Field dn,unsigned intiphdr ipmorefragment. TTL dn,unsigned intiph ttl. Protocol dn,unsigned intiph protocol. Checksum dn,ntohsiph check. Source IP sn,inetntoasource. Destination IP sn,inetntoadest. Buffer, int Size. Buffer. iphdrlen iph ihl. Buffer iphdrlen. TCP Packetn. Buffer,Size. fprintflogfile,n. TCP Headern. fprintflogfile, Source Port un,ntohstcph source. Destination Port un,ntohstcph dest. Sequence Number un,ntohltcph seq. Acknowledge Number un,ntohltcph ackseq. Header Length d DWORDS or d BYTESn ,unsigned inttcph doff,unsigned inttcph doff. CWR Flag dn,unsigned inttcph cwr. ECN Flag dn,unsigned inttcph ece. Urgent Flag dn,unsigned inttcph urg. Acknowledgement Flag dn,unsigned inttcph ack. Push Flag dn,unsigned inttcph psh. Reset Flag dn,unsigned inttcph rst. Synchronise Flag dn,unsigned inttcph syn. Finish Flag dn,unsigned inttcph fin. Window dn,ntohstcph window. Checksum dn,ntohstcph check. Urgent Pointer dn,tcph urgptr. DATA Dump. IP Headern. Print. DataBuffer,iphdrlen. TCP Headern. Print. DataBufferiphdrlen,tcph doff. Data Payloadn. Print. DataBuffer iphdrlen tcph doff, Size tcph doff iph ihl. Buffer, int Size. Buffer. iphdrlen iph ihl. Buffer iphdrlen. UDP Packetn. Buffer,Size. fprintflogfile,n. UDP Headern. fprintflogfile, Source Port dn, ntohsudph source. Destination Port dn, ntohsudph dest. UDP Length dn, ntohsudph len. UDP Checksum dn, ntohsudph check. IP Headern. Print. DataBuffer, iphdrlen. UDP Headern. Print. DataBufferiphdrlen, sizeof udph. Data Payloadn. Print. DataBuffer iphdrlen sizeof udph, Size sizeof udph iph ihl 4. Buffer, int Size. Buffer. iphdrlen iph ihl. Buffer iphdrlen. ICMP Packetn. Buffer, Size. fprintflogfile,n. ICMP Headern. fprintflogfile, Type d,unsigned inticmph type. TTL Expiredn. ICMPECHOREPLY. ICMP Echo Replyn. Code dn,unsigned inticmph code. Checksum dn,ntohsicmph checksum. ID dn,ntohsicmph id. Sequence dn,ntohsicmph sequence. IP Headern. Print. DataBuffer,iphdrlen. UDP Headern. Print. DataBuffer iphdrlen, sizeof icmph. Data Payloadn. Print. DataBuffer iphdrlen sizeof icmph, Size sizeof icmph iph ihl 4. Print. Data unsigned chardata, int Size. Size i. if i0 i1. X,unsigned intdatai. Size 1 print the last spaces. Compile and Run. gcc sniffer. The program must be run as root user or superuser privileges. The program creates raw sockets which require root access. The output in the log file is something like this. TCP Packet. IP Version 4. IP Header Length 5 DWORDS or 2. Bytes. Type Of Service 3. IP Total Length 1. BytesSize of Packet. Identification 3. TTL 5. 1. Protocol 6. Checksum 5. 43. Source IP 1. Destination IP 1. Source Port 6. Destination Port 3. Sequence Number 1. Acknowledge Number 6. Header Length 5 DWORDS or 2. BYTES. Urgent Flag 0. Acknowledgement Flag 1. Push Flag 1. Reset Flag 0. Synchronise Flag 0. Finish Flag 0. Window 9. Checksum 4. 67. Urgent Pointer 0. DATA Dump. 4. 5 2. B 3. 8 4. 0 0. 0 3. D4 7. D AE 8. F 7. B E email protected. C0 A8 0. 1 0. 6. A 0. B 9. 5 7. 9 4. BF 5. F 4. 1 0. 3 E5 5. E 3. 7 5. 0 1. 8 2. B0. y. I. A. 7. P. B6 8. 7 0. 0 0. A 6. B 6. 1 7. 4 6. E 6. B 6. 1 7. 4 6. E 6. C 6. 9 6. 1 7. 4 6. F 6. B 6. 1 7. 4 6. F 7. 8 ffiliatedkatex. Deception Torrent more. D 3. 0 3. 0 3. 0 3. D 5. 3 4. 7 0. PRIVMSG. A 6. 9 2. 0 6. E 6. C 7. 9 2. 0 7. 4 6. E ctly the right n. Port Numbers and Services Database. This file is from Internet Assigned Numbers Authority IANA. IANA maintains the Assigned Numbers RFC. RFC1. 70. 0, issued in October, 1. They update their assigned numbers files like this, the port numbers file. The entries in this file are in the same format as found in a. Berkeley UNIX etcservices file. There are also links. RFCs their standard documentation. This file has two sections. The Well Known Ports are controlled and assigned by the IANA and. Ports are used in the TCP RFC7. For the purpose of providing services to unknown callers, a service. This list specifies the port used by. The contact port is sometimes. To the extent possible, these same port assignments are used with. UDP RFC7. 68. The assigned ports use a small portion of the possible port numbers. For many years the assigned ports were in the range 0 2. Recently. the range for assigned ports managed by the IANA has been expanded. Go back to top of file. Port Assignments. Keyword Decimal Description References. Reserved. 0udp Reserved. Jon Postel lt postelisi. TCP Port Service Multiplexer. TCP Port Service Multiplexer. Mark Lottor lt MKLnisc. Management Utility. Management Utility. Compression Process. Compression Process. Bernie Volz lt VOLZPROCESS. COM. 4tcp Unassigned. Unassigned. rje 5tcp Remote Job Entry. Remote Job Entry. Jon Postel lt postelisi. Unassigned. 6udp Unassigned. Echo. echo 7udp Echo. Jon Postel lt postelisi. Unassigned. 8udp Unassigned. Discard. discard 9udp Discard. Jon Postel lt postelisi. Unassigned. 1. Unassigned. Active Users. systat 1. Active Users. Jon Postel lt postelisi. Unassigned. 1. Unassigned. Daytime. daytime 1. Daytime. Jon Postel lt postelisi. Unassigned. 1. Unassigned. Unassigned was netstat. Unassigned. 1. Unassigned. Unassigned. qotd 1. Quote of the Day. Quote of the Day. Jon Postel lt postelisi. Message Send Protocol. Message Send Protocol. Rina Nethaniel lt none. Character Generator. Character Generator. File Transfer Default Data. File Transfer Default Data. File Transfer Control. File Transfer Control. Jon Postel lt postelisi. SSH Remote Login Protocol. SSH Remote Login Protocol. Tatu Ylonen lt ylocs. Telnet. telnet 2. Telnet. Jon Postel lt postelisi. Rick Adams lt rickUUNET. UU. NET. smtp 2. Simple Mail Transfer. Simple Mail Transfer. Jon Postel lt postelisi. Unassigned. 2. Unassigned. NSW User System FE. NSW User System FE. Robert Thomas lt BThomasF. BBN. COM. 2. Unassigned. Unassigned. msg icp 2. MSG ICP. msg icp 2. MSG ICP. Robert Thomas lt BThomasF. BBN. COM. 3. Unassigned. Unassigned. msg auth 3. MSG Authentication. MSG Authentication. Robert Thomas lt BThomasF. BBN. COM. 3. Unassigned. Unassigned. dsp 3. Display Support Protocol. Display Support Protocol. Ed Cain lt cainedn unix. Unassigned. 3. Unassigned. Jon Postel lt postelisi. Unassigned. 3. Unassigned. Time. time 3. Time. Jon Postel lt postelisi. Route Access Protocol. Route Access Protocol. Robert Ullmann lt arielworld. Resource Location Protocol. Resource Location Protocol. Mike Accetta lt MIKE. ACCETTACMU CS A. EDU. Unassigned. 4. Unassigned. Graphics. graphics 4. Graphics. nameserver 4. Host Name Server. Host Name Server. Who Is. nicname 4. Who Is. mpm flags 4. MPM FLAGS Protocol. MPM FLAGS Protocol. Message Processing Module recv. Message Processing Module recv. MPM default send. MPM default send. Jon Postel lt postelisi. NI FTP. ni ftp 4. NI FTP. Steve Kille lt S. Killeisode. com. Digital Audit Daemon. Digital Audit Daemon. Larry Scott lt scottzk. Login Host Protocol TACACS. Login Host Protocol TACACS. Pieter Ditmars lt pditmarsBBN. COM. re mail ck 5. Remote Mail Checking Protocol. Remote Mail Checking Protocol. Steve Dorner lt s dornerUIUC. EDU. la maint 5. IMP Logical Address Maintenance. IMP Logical Address Maintenance. Andy Malis lt malisatimeplex. XNS Time Protocol. XNS Time Protocol. Susie Armstrong lt Armstrong. XEROX. domain 5. Domain Name Server. Domain Name Server. Paul Mockapetris lt PVMISI. EDU. xns ch 5. XNS Clearinghouse. XNS Clearinghouse. Susie Armstrong lt Armstrong. XEROX. isi gl 5. ISI Graphics Language. ISI Graphics Language. XNS Authentication. XNS Authentication. Susie Armstrong lt Armstrong. XEROX. 5. 7tcp any private terminal access. Jon Postel lt postelisi. XNS Mail. xns mail 5. XNS Mail. Susie Armstrong lt Armstrong. XEROX. 5. 9tcp any private file service. Jon Postel lt postelisi. Unassigned. 6. 0udp Unassigned. NI MAIL. ni mail 6. NI MAIL. Steve Kille lt S. Killeisode. com. ACA Services. ACA Services. E. Wald lt ewaldvia. Rickard Schoultz lt schoultzsunet. Communications Integrator CI. Communications Integrator CI. Tundra Tim Daneliuk. TACACS Database Service. TACACS Database Service. Kathy Huber lt khuberbbn. Oracle SQLET. sqlet 6. Oracle SQLET. Jack Haverty lt jhavertyORACLE. COM. bootps 6. Bootstrap Protocol Server. Bootstrap Protocol Server. Bootstrap Protocol Client. Bootstrap Protocol Client. Bill Croft lt CroftSUMEX AIM. STANFORD. EDU. Trivial File Transfer. Trivial File Transfer. David Clark lt ddcLCS. MIT. EDU. gopher 7. Gopher. gopher 7. Gopher. Mark Mc. Cahill lt mpmboombox. Remote Job Service. Remote Job Service. Remote Job Service. Remote Job Service. Zbrush Basic Tutorials. Remote Job Service. Remote Job Service. Remote Job Service. Remote Job Service. Bob Braden lt BradenISI. EDU. 7. 5tcp any private dial out service. Jon Postel lt postelisi. Distributed External Object Store. Distributed External Object Store. Robert Ullmann lt arielworld. RJE service. 7. 7udp any private RJE service. Jon Postel lt postelisi. Christopher Leong lt leongkolmod. Finger. finger 7. Finger. David Zimmerman lt dpzRUTGERS. EDU. http 8. World Wide Web HTTP. World Wide Web HTTP. World Wide Web HTTP. World Wide Web HTTP. Tim Berners Lee lt timblW3. HOSTS2 Name Server. HOSTS2 Name Server. Earl Killian lt EAKMORDOR. S1. GOV. xfer 8. XFER Utility. XFER Utility. Thomas M. Smith lt tmsmithesc. MIT ML Device. mit ml dev 8. MIT ML Device. David Reed lt none. Common Trace Facility. Common Trace Facility. Hugh Thomas lt thomasoils. MIT ML Device. mit ml dev 8. MIT ML Device. David Reed lt none. Micro Focus Cobol. Micro Focus Cobol. Simon Edwards lt none. Jon Postel lt postelisi. Kerberos. kerberos 8. Kerberos. B. Clifford Neuman lt bcnisi. SUMIT Telnet Gateway. SUMIT Telnet Gateway. Mark Crispin lt MRCPANDA. COM. dnsix 9. DNSIX Securit Attribute Token Map. DNSIX Securit Attribute Token Map. Charles Watt lt wattsware. MIT Dover Spooler. MIT Dover Spooler. Eliot Moss lt EBMXX. LCS. MIT. EDU. Network Printing Protocol. Network Printing Protocol. Louis Mamakos lt louiesayshell.