Statistic Consol Sniffer – No Driver Installation is Needed

• Download source files - 14.46 KB
• Download demo project - 55.88 KB

Introduction

Well, this is my first submission to The Code Project.

This small application is a statistic consol sniffer that requires neither installation nor driver to be installed.

It doesn't show you the DUMP data of the packet… but it shows you the total packet count / total size / % from the total of the entire network transfer (TCP / UDP / ICMP) on your LAN.

This application can filter by source / destination IP, source / destination PORT.

Make TXT log file for edit in letter time…

This application is used an AVL TREE for holding all the sessions of the LAN activity.

You can use it with C++ Builder 6 or any other C++ IDE.

Any comment can help to make it a better sniffer, so write one…

Please vote if you can.

The Code

void RecvPacket() // main function call & init the WSAStartup
{
SOCKET sock ;
WSADATA wsd ;
char *RecvBuf = new char[6000] ;
unsigned long dwBytesRet ;
unsigned int optval = 1 ;

if(WSAStartup(MAKEWORD(2,1),&wsd) != 0)
{
printf("\nerror init WSAStartup") ;
return ;
}

sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP) ;

char FAR name[MAX_HOSTNAME_LAN] ;
gethostname(name, MAX_HOSTNAME_LAN) ;

struct hostent FAR * pHostent ;
pHostent = (struct hostent * )new char[(sizeof(struct hostent))] ;
pHostent = gethostbyname(name) ;

SOCKADDR_IN sa ;
sa.sin_family = AF_INET ;
sa.sin_port = htons(6000) ;

memcpy(&sa.sin_addr.S_un.S_addr, pHostent->h_addr_list[0], pHostent->h_length) ;

bind(sock, (SOCKADDR *)&sa, sizeof(sa)) ;

WSAIoctl(sock, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL) ;

while (!kbhit())
{
recv(sock, RecvBuf, BufferLen, 0) ; // get the packet
filterpacket(RecvBuf) ;
}

// Filter the Packet
int filterpacket(char *buf)
{
IP_HDR *pIpheader = (IP_HDR *) buf ;
TCP_HDR *pTcpheader = (TCP_HDR *)(buf + sizeof(IP_HDR)) ;

// filter src_ip
if((ip_src_filter.S_un.S_addr != 0) &&
(ip_src_filter.S_un.S_addr != pIpheader->ip_srcaddr.S_un.S_addr))
{
return -1 ;
}

// filter dst_ip
if((ip_dst_filter.S_un.S_addr != 0) &&
(ip_dst_filter.S_un.S_addr != pIpheader->ip_destaddr.S_un.S_addr))
{
return -2 ;
}

// filter src_port
if((port_src_filter != 0) && (port_src_filter != htons(pTcpheader->sport)))
{
return -3 ;
}

// filter src_port
if((port_dst_filter != 0) && (port_dst_filter != htons(pTcpheader->dport)))
{
return -4 ;
}

.......

.......
}

The ALV TREE is out of this article... it's just part of the sniffer-statistic.

History

• 23^rd May, 2004: Initial post