packetforward/0000755000076500007650000000000011122731037012733 5ustar mickymickypacketforward/.svn/0000755000076500007650000000000011122731140013612 5ustar mickymickypacketforward/.svn/entries0000444000076500007650000000226011122731137015212 0ustar mickymicky8 dir 18 file:///Users/micky/svn/packetforward/trunk file:///Users/micky/svn/packetforward 2008-02-17T23:49:17.872003Z 16 micky svn:special svn:externals svn:needs-lock f8d3fd5a-4561-42d0-9a09-c939406c04cb headers.h file 2008-12-19T14:29:49.000000Z f313f248be8ad5442c6cfd7f534b8daa 2007-11-21T21:23:36.036835Z 4 micky LICENSE file 2008-12-19T14:29:49.000000Z f6fe0e9e70810a53816ed8f2be16b13e 2007-11-28T20:23:29.591437Z 15 micky pf file 2008-12-19T14:29:49.000000Z ebee5a54ec60a3b5039a2fcebf8b061f 2007-11-21T21:23:36.036835Z 4 micky has-props ChangeLog file 19 2008-12-19T14:35:39.000000Z 6ac1291e428a093e035e53bf172e18a5 2008-12-19T14:36:45.376677Z 19 micky packetforward file 22 2008-12-19T14:39:27.000000Z 68f8ff15253be3905836bf940dfa07ed 2008-12-19T14:40:31.120094Z 22 micky has-props Makefile file 2008-12-19T14:29:49.000000Z 8ed92e419a59ec266b39968b656b70b4 2008-02-17T23:49:17.872003Z 16 micky README file 19 2008-12-19T14:34:28.000000Z c903e1a53419438d52034ddba687da37 2008-12-19T14:36:45.376677Z 19 micky packetforward.c file 19 2008-12-19T14:34:58.000000Z e099248926c3f2c4891e586263edb1b3 2008-12-19T14:36:45.376677Z 19 micky packetforward/.svn/format0000444000076500007650000000000211122727735015032 0ustar mickymicky8 packetforward/.svn/prop-base/0000755000076500007650000000000011122727735015521 5ustar mickymickypacketforward/.svn/prop-base/packetforward.svn-base0000444000076500007650000000011611122727735022011 0ustar mickymickyK 14 svn:executable V 0 K 13 svn:mime-type V 24 application/octet-stream END packetforward/.svn/prop-base/pf.svn-base0000444000076500007650000000003511122727735017562 0ustar mickymickyK 14 svn:executable V 0 END packetforward/.svn/props/0000755000076500007650000000000011122727735014774 5ustar mickymickypacketforward/.svn/text-base/0000755000076500007650000000000011122731137015514 5ustar mickymickypacketforward/.svn/text-base/ChangeLog.svn-base0000444000076500007650000000216211122730473021004 0ustar mickymickyPACKETFORWARD 0.8.1 ----------------- Copyright @ 2008 by Micky Holdorf Contact: micky.holdorf@gmail.com Todo ---- * Support for more than one destination address. Versions -------- 0.8.1: Changed the makefile for easy configuration. Corrected minor errors in the readme file related to getting libnet. 0.8: New option to set PacketForward in packet capture mode only. 0.7.1: The makefile now uses the libpcap that is preinstalled on Mac OS X. The distributed Mac OS X (Intel) binary is now compiled to use the libpcap that is preinstalled on Mac OS X. Corrected minor errors in the readme file related to usage of PacketForward. Added a script to ease usage of PacketForward. 0.7: New code for injecting packets using libnet. New command line options handling. New options to hide headers and payload. Fixed minor bugs related to signedness warnings when compiling. Fixed minor bugs where wrong IP and TCP packet lengths were calculated. 0.5.1: Fixed a serius bug where the payload file for Nemesis was saved in a wrong directory. 0.5: First public release. Capture code is using libpcap. Dependent on Nemesis to inject packets.packetforward/.svn/text-base/headers.h.svn-base0000444000076500007650000000452011122727735021025 0ustar mickymicky/* * headers.c * Copyright (c) 2007 by Micky Holdorf * */ /* ethernet headers are always exactly 14 bytes */ #define SIZE_ETHERNET 14 /* ethernet addresses are 6 bytes */ #define ETHER_ADDR_LEN 6 /* Ethernet header */ struct sniff_ethernet { u_char ether_dhost[ETHER_ADDR_LEN]; /* destination host address */ u_char ether_shost[ETHER_ADDR_LEN]; /* source host address */ u_short ether_type; /* IP? ARP? RARP? etc */ }; /* IP header */ struct sniff_ip { u_char ip_vhl; /* version << 4 | header length >> 2 */ u_char ip_tos; /* type of service */ u_short ip_len; /* total length */ u_short ip_id; /* identification */ u_short ip_off; /* fragment offset field */ #define IP_RF 0x8000 /* reserved fragment flag */ #define IP_DF 0x4000 /* dont fragment flag */ #define IP_MF 0x2000 /* more fragments flag */ #define IP_OFFMASK 0x1fff /* mask for fragmenting bits */ u_char ip_ttl; /* time to live */ u_char ip_p; /* protocol */ u_short ip_sum; /* checksum */ struct in_addr ip_src,ip_dst; /* source and dest address */ }; #define IP_HL(ip) (((ip)->ip_vhl) & 0x0f) #define IP_V(ip) (((ip)->ip_vhl) >> 4) /* TCP header */ typedef u_int tcp_seq; struct sniff_tcp { u_short th_sport; /* source port */ u_short th_dport; /* destination port */ tcp_seq th_seq; /* sequence number */ tcp_seq th_ack; /* acknowledgement number */ u_char th_offx2; /* data offset, rsvd */ #define TH_OFF(th) (((th)->th_offx2 & 0xf0) >> 4) u_char th_flags; #define TH_FIN 0x01 #define TH_SYN 0x02 #define TH_RST 0x04 #define TH_PUSH 0x08 #define TH_ACK 0x10 #define TH_URG 0x20 #define TH_ECE 0x40 #define TH_CWR 0x80 #define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR) u_short th_win; /* window */ u_short th_sum; /* checksum */ u_short th_urp; /* urgent pointer */ }; /* UDP header */ struct sniff_udp { unsigned short int uh_sport; unsigned short int uh_dport; unsigned short int uh_len; unsigned short int uh_check; }; /* total udp header length: 8 bytes (=64 bits) */ packetforward/.svn/text-base/LICENSE.svn-base0000444000076500007650000001430011122727735020243 0ustar mickymicky * This software is a modification of Tim Carstens' "sniffer.c" * demonstration source code, released as follows: * * sniffer.c * Copyright (c) 2002 Tim Carstens * 2002-01-07 * Demonstration of using libpcap * timcarst -at- yahoo -dot- com * * "sniffer.c" is distributed under these terms: * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. The name "Tim Carstens" may not be used to endorse or promote * products derived from this software without prior written permission * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * * This software, "sniffex.c", is a derivative work of "sniffer.c" and is * covered by the following terms: * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Because this is a derivative work, you must comply with the "sniffer.c" * terms reproduced above. * 2. Redistributions of source code must retain the Tcpdump Group copyright * notice at the top of this source file, this list of conditions and the * following disclaimer. * 3. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. The names "tcpdump" or "libpcap" may not be used to endorse or promote * products derived from this software without prior written permission. * * THERE IS ABSOLUTELY NO WARRANTY FOR THIS PROGRAM. * BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY * FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN * OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES * PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED * OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS * TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE * PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, * REPAIR OR CORRECTION. * * IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING * WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR * REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, * INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING * OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED * TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY * YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER * PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE * POSSIBILITY OF SUCH DAMAGES. * * * This software, "PacketForward", is a derivative work of "sniffex.c" and is * covered by the following terms: * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Because this is a derivative work, you must comply with the "sniffer.c" * terms reproduced above. * 2. Redistributions of source code must retain the Tcpdump Group copyright * notice at the top of this source file, this list of conditions and the * following disclaimer. * 3. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. The names "libnet" or "libpcap" may not be used to endorse or promote * products derived from this software without prior written permission. * * THERE IS ABSOLUTELY NO WARRANTY FOR THIS PROGRAM. * BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY * FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN * OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES * PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED * OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS * TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE * PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, * REPAIR OR CORRECTION. * * IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING * WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR * REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, * INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING * OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED * TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY * YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER * PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE * POSSIBILITY OF SUCH DAMAGES. * packetforward/.svn/text-base/Makefile.svn-base0000444000076500007650000000050511122727735020700 0ustar mickymicky# packetforward - Makefile CC = gcc INCLUDE = -I/usr/include LIBS = -L/usr/lib -lpcap `libnet-config --defines --cflags --libs` INSTALL_DIR = /usr/bin all: $(CC) packetforward.c -o packetforward $(INCLUDE) $(LIBS) install: cp -f packetforward $(INSTALL_DIR)/packetforward clean: rm -f $(INSTALL_DIR)/packetforward packetforward/.svn/text-base/packetforward.c.svn-base0000444000076500007650000004354211122730422022233 0ustar mickymicky/* * packetforward.c * Copyright (c) 2008 by Micky Holdorf * */ #include #include #include "headers.h" #define APP_NAME "PacketForward 0.8.1" #define APP_DESC "IP packet capture and forward application based on libpcap and libnet." #define APP_COPYRIGHT "Copyright (c) 2008 by Micky Holdorf" /* default snap length (maximum bytes per packet to capture) */ #define SNAP_LEN 4096 char *dev = NULL; /* capture device1 name */ char *dev2 = NULL; /* capture device2 name */ char *daddr1 = NULL; char *daddr2 = NULL; char *saddr1 = NULL; char *saddr2 = NULL; u_char enet_src[6] = {0x0d, 0x0e, 0x0a, 0x0d, 0x00, 0x00}; u_char enet_dst[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; int hide_header = 0; int hide_payload = 0; int capture_only = 0; void send_packet(char *protocol, int sport, int dport, int id, int ttl, int count, const u_char *payload, int payload_size); void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet); void print_payload(const u_char *payload, int len); void print_hex_ascii_line(const u_char *payload, int len, int offset); void print_app_banner(void); void print_app_usage(char *name); /* app name/banner */ void print_app_banner(void) { printf("\n%s\n", APP_NAME); printf("%s\n", APP_DESC); printf("%s\n", APP_COPYRIGHT); printf("\n"); return; } /* print help text */ void print_app_usage(char *name) { print_app_banner(); printf("usage:\n %s [options]\n\n", name); printf("interface:\n"); printf(" -i interface1 Capture packets from interface1.\n\n"); printf("options:\n"); printf(" -I interface2 Forward packets to interface2.\n"); printf(" -d ip address Destination ip address of forwarded packets.\n"); printf(" -n number Number of packets to capture.\n"); printf(" -h Hide packet headers.\n"); printf(" -p Hide payload.\n"); printf(" -c Capture packets only.\n"); printf(" -f 'filter' Tcpdump packet filter expression.\n\n"); printf("example:\n"); printf(" sudo packetforward -i en1 -I tap0 -d 5.124.100.100 -f 'udp port 6112 and dst host 255.255.255.255'\n\n'"); return; } /* print data to file */ void fprint_ascii_line(const u_char *payload, int len, int offset) { int i; int gap; const u_char *ch; FILE *file; file = fopen("/tmp/payload.txt", "w+"); /* ascii */ ch = payload; for(i = 0; i < len; i++) { fprintf(file, "%c", *ch); ch++; } fclose (file); return; } /* * print data in rows of 16 bytes: offset hex ascii * 00000 4745 5420 2f20 4854 5450 2f31 2e31 0d0a GET / HTTP/1.1.. */ void print_hex_ascii_line(const u_char *payload, int len, int offset) { int i; int gap; const u_char *ch; /* offset */ printf("%05d ", offset); /* hex */ ch = payload; for(i = 0; i < len; i++) { printf("%02x", *ch); ch++; /* print extra space after for visual aid */ if (i%2 != 0) printf(" "); if (i == 7) printf(" "); } /* print space to handle line less than 8 bytes */ if (len < 8) printf(" "); /* fill hex gap with spaces if not full line */ if (len < 16) { gap = 16 - len; for (i = 0; i < gap; i++) { printf(" "); if (i%2 == 0) printf(" "); } } printf(" "); /* ascii (if printable) */ ch = payload; for(i = 0; i < len; i++) { if (isprint(*ch)) printf("%c", *ch); else printf("."); ch++; } printf("\n"); return; } /* * print packet payload data (avoid printing binary data) */ void print_payload(const u_char *payload, int len) { int len_rem = len; int line_width = 16; /* number of bytes per line */ int line_len; int offset = 0; /* zero-based offset counter */ const u_char *ch = payload; if (len <= 0) return; /* data fits on one line */ if (len <= line_width) { print_hex_ascii_line(ch, len, offset); return; } /* data spans multiple lines */ for ( ;; ) { /* compute current line length */ line_len = line_width % len_rem; /* print line */ print_hex_ascii_line(ch, line_len, offset); /* compute total remaining */ len_rem = len_rem - line_len; /* shift pointer to remaining bytes to print */ ch = ch + line_len; /* add offset */ offset = offset + line_width; /* check if we have line width chars or less */ if (len_rem <= line_width) { /* print last line and get out */ print_hex_ascii_line(ch, len_rem, offset); break; } } return; } void send_packet(char *protocol, int sport2, int dport2, int id, int ttl, int count, const u_char *payload, int payload_size) { char errbuf[LIBNET_ERRBUF_SIZE]; /* error buffer */ struct libnet_link_int *network; /* pointer to link interface struct */ int packet_size; /* size of our packet */ int ip_size; /* size of our ip */ int udp_size; /* size of our udp */ int tcp_size; /* size of our tcp */ int c; u_char *packet; /* pointer to our packet buffer */ /* * Step 1: Network Initialization (interchangable with step 2). */ if ((network = libnet_open_link_interface(dev2, errbuf)) == NULL) { libnet_error(LIBNET_ERR_FATAL, "libnet_open_link_interface: %s\n", errbuf); } /* * We're going to build a UDP packet with a payload using the * link-layer API, so this time we need memory for a ethernet header * as well as memory for the ICMP and IP headers and our payload. */ if (protocol == "udp") { packet_size = LIBNET_ETH_H + LIBNET_IP_H + LIBNET_UDP_H + payload_size; ip_size = LIBNET_IP_H + LIBNET_UDP_H + payload_size; udp_size = LIBNET_UDP_H + payload_size; /* * Step 2: Memory Initialization (interchangable with step 1). */ if (libnet_init_packet(packet_size, &packet) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n"); } /* * Step 3: Packet construction (ethernet header). */ libnet_build_ethernet( enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, packet); printf("\n--- Injected packet number %i on %s ---\n", count, dev2); /* * Step 3: Packet construction (IP header). */ libnet_build_ip( LIBNET_UDP_H + payload_size, 0, /* IP tos */ id, /* IP ID */ 0, /* Frag */ ttl, /* TTL */ IPPROTO_UDP, /* Transport protocol */ inet_addr(saddr2), /* Source IP */ inet_addr(daddr2), /* Destination IP */ payload, /* Pointer to payload (none) */ 0, packet + LIBNET_ETH_H); /* Packet header memory */ /* * Step 3: Packet construction (UDP header). */ libnet_build_udp( sport2, /* source port */ dport2, /* dest. port */ payload, /* payload */ payload_size, /* payload length */ packet + LIBNET_ETH_H + LIBNET_IP_H); /* * Step 4: Packet checksums (ICMP header *AND* IP header). */ if (libnet_do_checksum(packet + ETH_H, IPPROTO_UDP, LIBNET_UDP_H + payload_size) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n"); } if (libnet_do_checksum(packet + ETH_H, IPPROTO_IP, LIBNET_IP_H) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n"); } /* print packet info */ if (!hide_header) { printf("IP header Src Addr: %s", saddr2); printf(" Dst Addr: %s\n", daddr2); printf(" Len: %i ID: %i TTL: %i\n", ip_size, id, ttl); printf("UDP header Src port: %i Dst port: %i Len: %i\n", sport2, dport2, udp_size); } if (!hide_payload) { printf("Payload (%d bytes)\n", payload_size); print_payload(payload, payload_size); } } if (protocol == "tcp") { packet_size = LIBNET_ETH_H + LIBNET_IP_H + LIBNET_TCP_H + payload_size; ip_size = LIBNET_IP_H + LIBNET_TCP_H + payload_size; tcp_size = LIBNET_TCP_H + payload_size; /* * Step 2: Memory Initialization (interchangable with step 1). */ if (libnet_init_packet(packet_size, &packet) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n"); } /* * Step 3: Packet construction (ethernet header). */ libnet_build_ethernet( enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, packet); printf("\n--- Injected packet number %i on %s ---\n", count, dev2); /* * Step 3: Packet construction (IP header). */ libnet_build_ip( LIBNET_TCP_H + payload_size, 0, /* IP tos */ id, /* IP ID */ 0, /* Frag */ ttl, /* TTL */ IPPROTO_TCP, /* Transport protocol */ inet_addr(saddr2), /* Source IP */ inet_addr(daddr2), /* Destination IP */ payload, /* Pointer to payload */ 0, packet + LIBNET_ETH_H); /* Packet header memory */ /* * Step 3: Packet construction (TCP header). */ libnet_build_tcp( sport2, /* source TCP port */ dport2, /* destination TCP port */ 0xa1d95, /* sequence number */ 0x53, /* acknowledgement number */ TH_SYN, /* control flags */ 1024, /* window size */ 0, /* urgent pointer */ NULL, /* payload (none) */ 0, /* payload length */ packet + LIBNET_ETH_H + LIBNET_IP_H); /* * Step 4: Packet checksums (ICMP header *AND* IP header). */ if (libnet_do_checksum(packet + ETH_H, IPPROTO_TCP, LIBNET_TCP_H + payload_size) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n"); } if (libnet_do_checksum(packet + ETH_H, IPPROTO_IP, LIBNET_IP_H) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n"); } /* print packet info */ if (!hide_header) { printf("IP header Src Addr: %s", saddr2); printf(" Dst Addr: %s\n", daddr2); printf(" Len: %i ID: %i TTL: %i\n", ip_size, id, ttl); printf("TCP header Src port: %i Dst port: %i Len: %i\n", sport2, dport2, tcp_size); } if (!hide_payload) { printf("Payload (%d bytes)\n", payload_size); print_payload(payload, payload_size); } } /* * Step 5: Packet injection. */ c = libnet_write_link_layer(network, dev2, packet, packet_size); if (c < packet_size) { libnet_error(LN_ERR_WARNING, "libnet_write_link_layer only wrote %d bytes\n", c); } /* * Shut down the interface. */ if (libnet_close_link_interface(network) == -1) { libnet_error(LN_ERR_WARNING, "libnet_close_link_interface couldn't close the interface"); } /* * Free packet memory. */ libnet_destroy_packet(&packet); printf("\n"); } /* * dissect/print packet */ void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) { static int count = 1; /* packet counter */ /* declare pointers to packet headers */ const struct sniff_ethernet *ethernet; /* The ethernet header [1] */ const struct sniff_ip *ip; /* The IP header */ const struct sniff_tcp *tcp; /* The TCP header */ const struct sniff_udp *udp; /* The UDP header */ const u_char *payload; /* Packet payload */ int size_ip; int size_tcp; int size_udp; int size_payload; char *protocol; char nemesis[1000]; int sport,dport; const u_char *ch; char *errbuf; struct libnet_link_int *link2 = NULL; int id, ttl; printf("\n--- Captured packet number %i on %s ---\n", count,dev); /* define ethernet header */ ethernet = (struct sniff_ethernet*)(packet); /* define/compute ip header offset */ ip = (struct sniff_ip*)(packet + SIZE_ETHERNET); size_ip = IP_HL(ip)*4; if (size_ip < 20) { printf("\n Error: invalid IP header length: %u bytes\n", size_ip); return; } /* determine protocol */ switch(ip->ip_p) { case IPPROTO_TCP: goto tcp; case IPPROTO_UDP: goto udp; case IPPROTO_ICMP: printf(" ICMP header\n"); return; case IPPROTO_IP: printf(" IP header\n"); return; default: printf(" Unknown header\n"); return; } tcp: /* this packet is TCP */ protocol="tcp"; /* define/compute tcp header offset */ tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip); size_tcp = TH_OFF(tcp)*4; if (size_tcp < 20) { printf("\n Error: invalid TCP header length: %u bytes\n", size_tcp); return; } /* define/compute tcp payload (segment) offset */ payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_tcp); /* compute tcp payload (segment) size */ size_payload = ntohs(ip->ip_len) - (size_ip + size_tcp); sport=ntohs(tcp->th_sport); dport=ntohs(tcp->th_dport); /* print packet info */ if (!hide_header) { printf("IP header Src Addr: %s", inet_ntoa(ip->ip_src)); printf(" Dst Addr: %s\n", inet_ntoa(ip->ip_dst)); printf(" Len: %i ID: %i TTL: %i\n", size_ip+size_tcp+size_payload, ip->ip_id, ip->ip_ttl); printf("TCP header Src port: %i Dst port: %i Len: %i\n", ntohs(tcp->th_sport), ntohs(tcp->th_dport), size_tcp+size_payload); } if (!hide_payload) { printf("Payload (%d bytes)\n", size_payload); print_payload(payload, size_payload); } goto end; udp: /* this packet is UDP */ protocol="udp"; /* define/compute udp header offset */ udp = (struct sniff_udp*)(packet + SIZE_ETHERNET + size_ip); size_udp = 8; /* define/compute tcp payload (segment) offset */ payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_udp); /* compute udp payload (segment) size */ size_payload = ntohs(ip->ip_len) - (size_ip + size_udp); sport=ntohs(udp->uh_sport); dport=ntohs(udp->uh_dport); if (!hide_header) { /* print source and destination IP addresses */ printf("IP header Src Addr: %s", inet_ntoa(ip->ip_src)); printf(" Dst Addr: %s\n", inet_ntoa(ip->ip_dst)); printf(" Len: %i ID: %i TTL: %i\n", size_ip+size_udp+size_payload, ip->ip_id, ip->ip_ttl); printf("UDP header Src Port: %i Dst Port: %i Len: %i\n", ntohs(udp->uh_sport), ntohs(udp->uh_dport), size_udp+size_payload); } if (!hide_payload) { /* Print payload data; it might be binary, so don't just treat it as a string. */ printf("Payload (%d bytes)\n", size_payload); print_payload(payload, size_payload); } goto end; end: if (daddr2 == NULL) daddr2 = inet_ntoa(ip->ip_dst); id = ip->ip_id; ttl = ip->ip_ttl; if (!capture_only) send_packet(protocol, sport, dport, id, ttl, count, payload, size_payload); /* ch = payload; fprint_ascii_line(ch, size_payload, 0); sprintf(nemesis,"sudo nemesis %s -x %i -y %i -S %s -D %s -d %s -T 255 -P/tmp/payload.txt", protocol, sport, dport, saddr2, daddr2, dev2); system(nemesis); */ count++; return; } int main(int argc, char **argv) { bpf_u_int32 mask, mask2; /* subnet mask */ bpf_u_int32 net, net2; /* ip */ char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */ pcap_t *handle; /* packet capture handle */ char filter_exp[] = "ip"; /* filter expression */ struct bpf_program fp; /* compiled filter program (expression) */ int c,num_packets = -1; /* number of packets to capture */ struct libnet_link_int *l; u_long i; /* check command-line options */ while ((c = getopt(argc, argv, "i:I:d:n:hpcf:")) != EOF) { switch (c) { case 'i': dev = optarg; dev2 = dev; break; case 'I': dev2 = optarg; break; case 'd': daddr2 = optarg; break; case 'n': num_packets = atoi(optarg); break; case 'f': strcpy(filter_exp, optarg); break; case 'h': hide_header = 1; break; case 'p': hide_payload = 1; break; case 'c': capture_only = 1; break; default: print_app_usage(argv[0]); exit(EXIT_FAILURE); } } if (dev == NULL) { print_app_usage(argv[0]); exit(EXIT_FAILURE); } /* get source ip address associated with forward device */ l = libnet_open_link_interface(dev2, errbuf); if (!l) { printf("libnet_open_link_interface: %s\n", errbuf); goto failure; } i = libnet_get_ipaddr(l, dev2, errbuf); if (!i) { printf("Can't get ip address: %s\n", errbuf); goto failure; } saddr2 = (char *)libnet_host_lookup(ntohl(i), 0); /* get network number and mask associated with capture device */ if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { printf(" Error: couldn't get netmask for interface %s\n\n", errbuf); goto failure; } /* print capture info */ printf("\n Capture from: %s\n", dev); printf(" Forward to: %s\n", dev2); printf(" Src Address: %s\n", saddr2); if (daddr2) printf(" Dst Address: %s\n", daddr2); else printf(" Dst Address: Not changed\n"); if(num_packets > 0) printf("Packets to capture: %d\n", num_packets); printf("Packet Filter: %s\n", filter_exp); printf("\n"); /* open capture device */ handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf); if (handle == NULL) { printf("\n Error: couldn't open interface %s: %s\n\n", dev, errbuf); goto failure; } /* make sure we're capturing on an Ethernet device */ if (pcap_datalink(handle) != DLT_EN10MB) { printf("\n Error: %s is not on ethernet\n\n", dev); goto failure; } /* compile the filter expression */ if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) { printf("\n Error: couldn't parse filter %s: %s\n\n", filter_exp, pcap_geterr(handle)); goto failure; } /* apply the compiled filter */ if (pcap_setfilter(handle, &fp) == -1) { printf("\n Error: couldn't install filter %s: %s\n\n", filter_exp, pcap_geterr(handle)); goto failure; } /* now we can set our callback function */ pcap_loop(handle, num_packets, got_packet, NULL); /* cleanup */ pcap_freecode(&fp); pcap_close(handle); printf("\nCapture and forward complete.\n\n"); exit(EXIT_SUCCESS); failure: exit(EXIT_FAILURE); }packetforward/.svn/text-base/packetforward.svn-base0000444000076500007650000006555411122731037022024 0ustar mickymicky |8__PAGEZERO__TEXT@@__text__TEXT) __cstring__TEXTG_7__DATAP@__data__DATAPH@__dyld__DATAHPH@__bss__DATAP __IMPORT`P__pointers__IMPORT` P__jump_table__IMPORT@`@P8__LINKEDITp`l `ke P 1>-e0 /usr/lib/dyldCzS]RP 4/usr/lib/libpcap.A.dylib 4/usr/lib/libgcc_s.1.dylib 4o/usr/lib/libSystem.B.dylibj]\$ML$ˉ\$u\$ D$=BX1+2X2US[X)D$l)$Bt)${B)$mB$ \B[US[ED$)$*B)$&B)$B)$ B*$A9*$A}*$A*$A*$A+$A-+$Af+$Aq+$A[US$[+D$+$@EEEE"EЋED$$@EEE;E |֋E$@$[US$[ED$*$@EEEOED$*$@EEt $ @}u*$@EE;E |} *$n@} H+E EE,*$F@Et $ 2@EE;E|̍*$@EEE>E$GtE$? $.?EEE;E |$ ?$[UD$E$US$[E$ItU>D4#E EE D$E$>EE$[UEUHE EEEEE} E ;EED$E D$E$jUEEԋMԉ9UED$ED$E$UE)EEUEE;EED$ED$E$XUWVSl[-D$$EЃ}u D$(D$$/(9EE$*EԋE$E؋E$E܍D$Eԉ$ju3(D$$jD$D$D$ D$-D$-$#-D$ED$O($V=p-$<Ǎ-$<‹EȋEE$t$(D$$E D$ |$T$D$L$D$ D$D$$$ P"EȋE T$E$D$ E D$L$4$"U$T$D$$uy(D$$D$D$$iuy(D$$-uz-D$($;-D$($;ED$ ED$E؉D$($;E܉D$ ED$E D$($;-u'E$D$)$e;E$D$E $:3)9EE$6EԋE$(E؋E$ED$Eԉ$u3(D$$D$D$D$ D$-D$-$ -D$ED$O($:p-$0:Ǎ-$:‹EȋEE$t$(D$$E D$ |$T$D$L$D$ D$D$$lP"EȋE T$$D$ D$D$D$D$D$ SD$ L$$IU$T$D$$uy(D$$D$D$$uy(D$$-uz-D$($9-D$($8ED$ ED$E؉D$($8ED$ ED$E D$7)$8-u'E$D$)$8E$D$E $X-EԉD$ T$L$EЉ$pEE;E}ED$k)D$$EЉ$u)D$$$$ 7l[^_UWVSl[E&)'T$D$M#$7EEEEEE}ED$y#$[7dE@ t=t>#$'7&t5Ս#$6#$6"EȋEEEE@ %E}ED$#$6EUEEE@$ЋEE)ȉEċE$]E̋E@$EEЍ'E@ $5D$$$5E@$5D$$"$5E@ȋE@ЋEEEĉL$ T$D$$$5Eċ}NjE@$E$|$ t$D$E$$T5!'EĉD$"$/5EĉD$E$!EȋEEEEEUEEE@$ЋEE)ȉEċE$E̋E@$EЍ'E@ $'4D$ "$e4E@$4D$$"$E4E@ȋE@ЋEEEĉL$ T$D$5"$4Eċ}NjE@$ E$|$ t$D$y$$3!'u'EĉD$"$3EĉD$E$w'uE@$&3'E@EE@E䍃%'uA)'EĉD$ED$T$ED$ED$ EЉD$ẺD$Eȉ$)'P)'l[^_UEfEEEf USd[O!f@ED$E D$E$2E}uEI'{fF]t1!!!1!1!1$0E1D$$"1u "d"S"BE $s$,0!uE $N$0!D$$ E}uD$s$X0!D$T$E$E}uD$$0E$D$$!!D$ E؉D$EԉD$$/uD$$/O!D$$/!D$ $i/!D$ $O/!t!D$. $)/A $#/}~ED$\ $.D$t $.$ .!D$D$ D$D$$.E}u)!D$T$ ${.(E$C.t!D$ $L.EԉD$D$ D$D$E$-u,E$-D$D$ $-D$E$-u)E$-D$D$!$-WD$ D$ED$E$r-$U-E$6-/!$d-$,$,UEȉEEWVS0 ff|$Dtpt$CL$BT$AD$@t>t$L$T$ D$D$<$,t0[^_Í0[^_ËD$@D$,D$,D$D$$,dtD$D$$,낍S8 f|$Dt?D$CD$D$BD$D$AD$ D$@D$D$D$H$,8[ËD$@D$,D$,D$D$$l+tD$D$D$H$+8[UWVS<D$D$$+ƅx[l$1D$D$TD$,$+D$!l$D$!i 4$*xI4$*D$$ȃ<[^_]*$=+D$QD$D$X$+1<[^_]É4$]*1<[^_]WVS t$0f|$4wM)D5t@11tG<.t:PЁw t$<.t TPЁv [^_1 <uȃ [^_É4$)D$u*4$)ƅtL$@F D$T$ $)D$WVD$ fD$L$9ƃtitTtDt4t$t׃׃׃׃׃׃~<׍APPPPP P ׍HăuD$D$lj^_׃RƋL$1˃D$$D$D$ $ЉUWV l$0T$4E$t~~0YpZz ^_]ÃufE D$8D$,$9%‰fU btfFD$E $‹D$8f<D$8D$4$ЉfF ^_]Ã6tfFD$E $‹D$8f<T$8T$4$gЉfF댍tfFT$8T$4$)%‰fV ^_]Ít$&DžyfF D$$%‰fV <$H&tfFD$8D$aEED$8D$9D$11+L$)‰))EE(‰֍FEltfFT$8T$4$ %‰fV/D$1R)‰))Ƹl$T$D$)‰))D$T$9T$7|$9T$D$C‰D$9sD$)D$@t$|$ltftTtBt0tt Wt$t$t$t$t$t$t$9L$t$At$T8t$T8t$T8t$T8t$T8t$T8t$H9L$u{D$8j$WVS $0$8$D$ $4D$D$|$<$8$t8tba#D$<$_# [^_Ëa#D$ D$ D$$)#맋a#D$ D$D$$"ua#D$ D$ D$$"C$"$UWVS<1D$l$$ ^"8u8t$D$D$,$"D$,$"ǃtȉ<[^_]"$fD$ l$D$D$P$"<[^_]UWVSLYl$dD$4$ "Dž@@@ ,$‰t_D$tD$D$`D$t$4$!t$D$lB $.!D$8D$D$jB@$ !D$4D$D$uB$ D$8 tK GGC[ $D$nD$,$ GG " $lD$ D$`D$\D$,$ $:D$cD$,$ $D$~D$,$Z pGGu$D$D$,$! 7GG<D$ $WËT$ D$D$ T$D$D$UWVPD$4D$8D$<D$@D$DD$HD$D$|$L|$ D$D$t$44$y 1P^_]ËD$L$ŅtD$D$|$ D$D$4$9|$L9sq 9vd~uFpD$,VxT$(@D$D$dD$T$($u$bƅRT$,BD$(@fF1,$P^_]É,$1VD$ O4$‹D$$tt$D$$^ø^Vt$ t$^ø^UWVl$ D$$T$(uu ^_]Å~gtufuO<$PFE@t|$D$$9E@Ex ^_]뱸WV|$ T$u1҉^_Å~DШuA4;q wt"qPP^_ÃtكuωQP^_úVt$ t0@$Q@@@ ^ø^UWVP|$dl$pD$tD$,$T$`fT$T$hL$lD$ffT$@ffL$BT$DD$,D$EfD$FT$xT$HD$|D$L$t $u:D$<D$@FD$DFD$HF D$LFP^_]øP^_]ÍF$T$$T$$YVt$L$T$D$D$D$D$T$L$D$ D$ t$^UWV@t$X|$\D$`D$T$hT$l$tD$PT$TL$dffD$,ffT$.Ήt$0ω|$4D$D$9D$8PffL$:fD$<T$fT$>T$ltD$pu;D$,ED$0ED$4ED$8E D$ [options] interface: -i interface1 Capture packets from interface1. options: -I interface2 Forward packets to interface2. -d ip address Destination ip address of forwarded packets. -n number Number of packets to capture. -h Hide packet headers. -p Hide payload. -c Capture packets only. -f 'filter' Tcpdump packet filter expression. example: sudo packetforward -i en1 -I tap0 -d 5.124.100.100 -f 'udp port 6112 and dst host 255.255.255.255' 'w+/tmp/payload.txt%05d %02x libnet_open_link_interface: %s udplibnet_init_packet failed --- Injected packet number %i on %s --- libnet_do_checksum failed IP header Src Addr: %s Dst Addr: %s Len: %i ID: %i TTL: %i UDP header Src port: %i Dst port: %i Len: %i Payload (%d bytes) tcpTCP header Src port: %i Dst port: %i Len: %i libnet_write_link_layer only wrote %d bytes libnet_close_link_interface couldn't close the interface --- Captured packet number %i on %s --- Error: invalid IP header length: %u bytes ICMP header IP header Unknown header Error: invalid TCP header length: %u bytes IP header Src Addr: %s Len: %i ID: %i TTL: %i TCP header Src port: %i Dst port: %i Len: %i UDP header Src Port: %i Dst Port: %i Len: %i i:I:d:n:hpcf:Can't get ip address: %s Error: couldn't get netmask for interface %s Capture from: %s Forward to: %s Src Address: %s Dst Address: %s Dst Address: Not changedPackets to capture: %d Packet Filter: %s Error: couldn't open interface %s: %s Error: %s is not on ethernet Error: couldn't parse filter %s: %s Error: couldn't install filter %s: %s Capture and forward complete. ip%d.%d.%d.%dsocket: %sWarning: Critical: Fatal: /dev/bpf%d%s: %smalloc: %sBIOCVERSION: %sBIOCGDLT: %sBIOCSHDRCMPLT: %s   PPPP,.5!7P!A!J-X3f=~PDPPPR PPP@PP  PPP 2P*,P4P=dP )\8PiJAc<p.v<!$P(P" #+29@FN]l} 0@HQW_hpzU>A?@BCDEFGHIJK@LMNOPQRSTVWX@YZ[\]^_`abcd@efghij dyld_stub_binding_helper__dyld_func_lookup_isprint___istype_isascii__OSSwapInt16__OSSwapInt32___i686.get_pc_thunk.bxdyld__mach_header_count.5799_which.5048_hostname2.5047_hostname.5046_NXArgc_NXArgv___progname__mh_execute_header_capture_only_daddr1_daddr2_dev_dev2_enet_dst_enet_src_environ_fprint_ascii_line_got_packet_hide_header_hide_payload_libnet_bpf_open_libnet_build_ethernet_libnet_build_ip_libnet_build_ipv4_libnet_build_tcp_libnet_build_udp_libnet_close_link_interface_libnet_destroy_packet_libnet_destroy_packet_arena_libnet_do_checksum_libnet_error_libnet_get_hwaddr_libnet_get_ipaddr_libnet_host_lookup_libnet_host_lookup_r_libnet_in_cksum_libnet_init_packet_libnet_init_packet_arena_libnet_ip_check_libnet_name_resolve_libnet_next_packet_from_arena_libnet_open_link_interface_libnet_write_link_layer_ll_strerror_main_print_app_banner_print_app_usage_print_hex_ascii_line_print_payload_saddr1_saddr2_send_packetstart__DefaultRuneLocale___error___maskrune___sF_atoi_close_exit_fclose_fopen_fputc_fputs_free_fwrite_gethostbyaddr_gethostbyname_getopt$UNIX2003_inet_addr_inet_ntoa_ioctl_malloc_memcpy_memset_open_optarg_pcap_close_pcap_compile_pcap_datalink_pcap_freecode_pcap_geterr_pcap_lookupnet_pcap_loop_pcap_open_live_pcap_setfilter_printf_putchar_puts_socket_sprintf_strcpy_strerror_strncmp_strncpy_sysctl_vsnprintf_writepacketforward/.svn/text-base/pf.svn-base0000444000076500007650000000011411122727735017564 0ustar mickymickypacketforward -i en1 -I tap0 -f 'udp port 6112 and dst host 255.255.255.255'packetforward/.svn/text-base/README.svn-base0000444000076500007650000000737511122730364020124 0ustar mickymickyPACKETFORWARD 0.8.1 ----------------- Copyright @ 2008 by Micky Holdorf Contact: micky.holdorf@gmail.com Introduction ------------ PacketForward is an IP packet capture/forward application based on libpcap and libnet. It is a command line tool that listens on one network interface for UDP and TCP packets and then injects them on the same or another network interface. It has options for packet capture filtering and changing destination address. Supported Platforms ------------------- PakcetForward has been compiled and tested on Mac OS X 10.5.1 (Intel). But you are welcome to supply additional feedback if you compile and test it on other platforms succesfully. Since PakcetForward is based on libpcap and libnet, it should be portable to most other BSD and UNIX systems. Compilation and installation ---------------------------- In order to compile PacketForward, you must have libpcap and libnet 1.0.2a installed on your system. BSD systems like Mac OS X have libpcap preinstalled. I recommend using MacPorts (http://www.macports.org/) for getting libnet. The MacPorts project's main goal is to provide an easy way to install various open-source software products on Mac OS X. cd to the directory of PacketForward. To compile, type: make To install (requires root access), type: sudo make install To uninstall (requires root access), type: sudo make clean A compiled Mac OS X (Intel) binary is supplied with this distribution. Just copy it to your system for easy access: sudo cp packetforward /usr/bin/packetforward Usage ----- PacketForward will capture IP packets with TCP and UDP headers, show header info and content of payload. One of the uses of PacketForward is to forward packets from a physical to a virtual interface eg. the tun/tap interface for VPN networks. This is especially useful for games that do not broadcast on all interfaces but only use the default interface and you want to play games with a friend on the internet. usage: packetforward [options] interface: -i interface1 Capture packets from interface1. options: -I interface2 Forward packets to interface2. -d ip address Destination ip address of forwarded packets. -n number Number of packets to capture. -h Hide packet headers. -p Hide payload. -c Capture packets only. -f 'filter' Tcpdump packet filter expression. example: sudo packetforward -i en1 -I tap0 -d 5.124.100.100 -f 'udp port 6112 and dst host 255.255.255.255' You must have root access to use PacketForward. In this example PacketForward will listen on the en1 network interface for UDP broadcast packets with dst and src port 6112, change the destination address to 5.124.100.100 and inject them on to the tap0 network interface. The src address is automatically changed to match the tap0 network interface. A small executable script is provided to ease usage of packetforward. When in the directory of the script start it by typing sudo ./pf Filter ------ PacketForward is using Tcpdump filter expressions. Below is some examples. ip Capture all IP packets. udp Capture only UDP packets. tcp Capture only TCP packets. udp port 80 Capture only UDP packets with src or dst port 80. ip host 10.1.2.3 Capture all IP packets to or from host 10.1.2.3. udp dst port 80 and src host 10.1.2.3 Capture only UDP packets to port 80 from host 10.1.2.3. Read the Tcpdump man pages for more info on filter expressions. Download -------- You can download PacketForward from: http://www.holdorf.dk/software/ Thanks ------ Jakob Weitemeyer for discussion, ideas and testing PacketForward. packetforward/.svn/tmp/0000755000076500007650000000000011122731137014420 5ustar mickymickypacketforward/.svn/tmp/prop-base/0000755000076500007650000000000011122727735016321 5ustar mickymickypacketforward/.svn/tmp/props/0000755000076500007650000000000011122727735015574 5ustar mickymickypacketforward/.svn/tmp/text-base/0000755000076500007650000000000011122731137016314 5ustar mickymickypacketforward/._ChangeLog0000644000076500007650000000027211122730473014726 0ustar mickymickyMac OS X  2ATTRb\""com.macromates.caret{ column = 16; line = 2; }packetforward/ChangeLog0000644000076500007650000000216211122730473014511 0ustar mickymickyPACKETFORWARD 0.8.1 ----------------- Copyright @ 2008 by Micky Holdorf Contact: micky.holdorf@gmail.com Todo ---- * Support for more than one destination address. Versions -------- 0.8.1: Changed the makefile for easy configuration. Corrected minor errors in the readme file related to getting libnet. 0.8: New option to set PacketForward in packet capture mode only. 0.7.1: The makefile now uses the libpcap that is preinstalled on Mac OS X. The distributed Mac OS X (Intel) binary is now compiled to use the libpcap that is preinstalled on Mac OS X. Corrected minor errors in the readme file related to usage of PacketForward. Added a script to ease usage of PacketForward. 0.7: New code for injecting packets using libnet. New command line options handling. New options to hide headers and payload. Fixed minor bugs related to signedness warnings when compiling. Fixed minor bugs where wrong IP and TCP packet lengths were calculated. 0.5.1: Fixed a serius bug where the payload file for Nemesis was saved in a wrong directory. 0.5: First public release. Capture code is using libpcap. Dependent on Nemesis to inject packets.packetforward/._headers.h0000644000076500007650000000027011122727735014745 0ustar mickymickyMac OS X  2ATTRbV  com.macromates.caretxR<[k0?'3/«packetforward/headers.h0000644000076500007650000000452011122727735014532 0ustar mickymicky/* * headers.c * Copyright (c) 2007 by Micky Holdorf * */ /* ethernet headers are always exactly 14 bytes */ #define SIZE_ETHERNET 14 /* ethernet addresses are 6 bytes */ #define ETHER_ADDR_LEN 6 /* Ethernet header */ struct sniff_ethernet { u_char ether_dhost[ETHER_ADDR_LEN]; /* destination host address */ u_char ether_shost[ETHER_ADDR_LEN]; /* source host address */ u_short ether_type; /* IP? ARP? RARP? etc */ }; /* IP header */ struct sniff_ip { u_char ip_vhl; /* version << 4 | header length >> 2 */ u_char ip_tos; /* type of service */ u_short ip_len; /* total length */ u_short ip_id; /* identification */ u_short ip_off; /* fragment offset field */ #define IP_RF 0x8000 /* reserved fragment flag */ #define IP_DF 0x4000 /* dont fragment flag */ #define IP_MF 0x2000 /* more fragments flag */ #define IP_OFFMASK 0x1fff /* mask for fragmenting bits */ u_char ip_ttl; /* time to live */ u_char ip_p; /* protocol */ u_short ip_sum; /* checksum */ struct in_addr ip_src,ip_dst; /* source and dest address */ }; #define IP_HL(ip) (((ip)->ip_vhl) & 0x0f) #define IP_V(ip) (((ip)->ip_vhl) >> 4) /* TCP header */ typedef u_int tcp_seq; struct sniff_tcp { u_short th_sport; /* source port */ u_short th_dport; /* destination port */ tcp_seq th_seq; /* sequence number */ tcp_seq th_ack; /* acknowledgement number */ u_char th_offx2; /* data offset, rsvd */ #define TH_OFF(th) (((th)->th_offx2 & 0xf0) >> 4) u_char th_flags; #define TH_FIN 0x01 #define TH_SYN 0x02 #define TH_RST 0x04 #define TH_PUSH 0x08 #define TH_ACK 0x10 #define TH_URG 0x20 #define TH_ECE 0x40 #define TH_CWR 0x80 #define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR) u_short th_win; /* window */ u_short th_sum; /* checksum */ u_short th_urp; /* urgent pointer */ }; /* UDP header */ struct sniff_udp { unsigned short int uh_sport; unsigned short int uh_dport; unsigned short int uh_len; unsigned short int uh_check; }; /* total udp header length: 8 bytes (=64 bits) */ packetforward/LICENSE0000644000076500007650000001430011122727735013750 0ustar mickymicky * This software is a modification of Tim Carstens' "sniffer.c" * demonstration source code, released as follows: * * sniffer.c * Copyright (c) 2002 Tim Carstens * 2002-01-07 * Demonstration of using libpcap * timcarst -at- yahoo -dot- com * * "sniffer.c" is distributed under these terms: * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. The name "Tim Carstens" may not be used to endorse or promote * products derived from this software without prior written permission * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * * This software, "sniffex.c", is a derivative work of "sniffer.c" and is * covered by the following terms: * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Because this is a derivative work, you must comply with the "sniffer.c" * terms reproduced above. * 2. Redistributions of source code must retain the Tcpdump Group copyright * notice at the top of this source file, this list of conditions and the * following disclaimer. * 3. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. The names "tcpdump" or "libpcap" may not be used to endorse or promote * products derived from this software without prior written permission. * * THERE IS ABSOLUTELY NO WARRANTY FOR THIS PROGRAM. * BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY * FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN * OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES * PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED * OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS * TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE * PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, * REPAIR OR CORRECTION. * * IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING * WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR * REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, * INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING * OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED * TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY * YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER * PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE * POSSIBILITY OF SUCH DAMAGES. * * * This software, "PacketForward", is a derivative work of "sniffex.c" and is * covered by the following terms: * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Because this is a derivative work, you must comply with the "sniffer.c" * terms reproduced above. * 2. Redistributions of source code must retain the Tcpdump Group copyright * notice at the top of this source file, this list of conditions and the * following disclaimer. * 3. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. The names "libnet" or "libpcap" may not be used to endorse or promote * products derived from this software without prior written permission. * * THERE IS ABSOLUTELY NO WARRANTY FOR THIS PROGRAM. * BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY * FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN * OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES * PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED * OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS * TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE * PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, * REPAIR OR CORRECTION. * * IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING * WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR * REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, * INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING * OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED * TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY * YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER * PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE * POSSIBILITY OF SUCH DAMAGES. * packetforward/._Makefile0000644000076500007650000000027011122727735014621 0ustar mickymickyMac OS X  2ATTRb`  com.macromates.caretxR<[k0?'3/«packetforward/Makefile0000644000076500007650000000050511122727735014405 0ustar mickymicky# packetforward - Makefile CC = gcc INCLUDE = -I/usr/include LIBS = -L/usr/lib -lpcap `libnet-config --defines --cflags --libs` INSTALL_DIR = /usr/bin all: $(CC) packetforward.c -o packetforward $(INCLUDE) $(LIBS) install: cp -f packetforward $(INSTALL_DIR)/packetforward clean: rm -f $(INSTALL_DIR)/packetforward packetforward/packetforward0000755000076500007650000006555411122731037015534 0ustar mickymicky |8__PAGEZERO__TEXT@@__text__TEXT) __cstring__TEXTG_7__DATAP@__data__DATAPH@__dyld__DATAHPH@__bss__DATAP __IMPORT`P__pointers__IMPORT` P__jump_table__IMPORT@`@P8__LINKEDITp`l `ke P 1>-e0 /usr/lib/dyldCzS]RP 4/usr/lib/libpcap.A.dylib 4/usr/lib/libgcc_s.1.dylib 4o/usr/lib/libSystem.B.dylibj]\$ML$ˉ\$u\$ D$=BX1+2X2US[X)D$l)$Bt)${B)$mB$ \B[US[ED$)$*B)$&B)$B)$ B*$A9*$A}*$A*$A*$A+$A-+$Af+$Aq+$A[US$[+D$+$@EEEE"EЋED$$@EEE;E |֋E$@$[US$[ED$*$@EEEOED$*$@EEt $ @}u*$@EE;E |} *$n@} H+E EE,*$F@Et $ 2@EE;E|̍*$@EEE>E$GtE$? $.?EEE;E |$ ?$[UD$E$US$[E$ItU>D4#E EE D$E$>EE$[UEUHE EEEEE} E ;EED$E D$E$jUEEԋMԉ9UED$ED$E$UE)EEUEE;EED$ED$E$XUWVSl[-D$$EЃ}u D$(D$$/(9EE$*EԋE$E؋E$E܍D$Eԉ$ju3(D$$jD$D$D$ D$-D$-$#-D$ED$O($V=p-$<Ǎ-$<‹EȋEE$t$(D$$E D$ |$T$D$L$D$ D$D$$$ P"EȋE T$E$D$ E D$L$4$"U$T$D$$uy(D$$D$D$$iuy(D$$-uz-D$($;-D$($;ED$ ED$E؉D$($;E܉D$ ED$E D$($;-u'E$D$)$e;E$D$E $:3)9EE$6EԋE$(E؋E$ED$Eԉ$u3(D$$D$D$D$ D$-D$-$ -D$ED$O($:p-$0:Ǎ-$:‹EȋEE$t$(D$$E D$ |$T$D$L$D$ D$D$$lP"EȋE T$$D$ D$D$D$D$D$ SD$ L$$IU$T$D$$uy(D$$D$D$$uy(D$$-uz-D$($9-D$($8ED$ ED$E؉D$($8ED$ ED$E D$7)$8-u'E$D$)$8E$D$E $X-EԉD$ T$L$EЉ$pEE;E}ED$k)D$$EЉ$u)D$$$$ 7l[^_UWVSl[E&)'T$D$M#$7EEEEEE}ED$y#$[7dE@ t=t>#$'7&t5Ս#$6#$6"EȋEEEE@ %E}ED$#$6EUEEE@$ЋEE)ȉEċE$]E̋E@$EEЍ'E@ $5D$$$5E@$5D$$"$5E@ȋE@ЋEEEĉL$ T$D$$$5Eċ}NjE@$E$|$ t$D$E$$T5!'EĉD$"$/5EĉD$E$!EȋEEEEEUEEE@$ЋEE)ȉEċE$E̋E@$EЍ'E@ $'4D$ "$e4E@$4D$$"$E4E@ȋE@ЋEEEĉL$ T$D$5"$4Eċ}NjE@$ E$|$ t$D$y$$3!'u'EĉD$"$3EĉD$E$w'uE@$&3'E@EE@E䍃%'uA)'EĉD$ED$T$ED$ED$ EЉD$ẺD$Eȉ$)'P)'l[^_UEfEEEf USd[O!f@ED$E D$E$2E}uEI'{fF]t1!!!1!1!1$0E1D$$"1u "d"S"BE $s$,0!uE $N$0!D$$ E}uD$s$X0!D$T$E$E}uD$$0E$D$$!!D$ E؉D$EԉD$$/uD$$/O!D$$/!D$ $i/!D$ $O/!t!D$. $)/A $#/}~ED$\ $.D$t $.$ .!D$D$ D$D$$.E}u)!D$T$ ${.(E$C.t!D$ $L.EԉD$D$ D$D$E$-u,E$-D$D$ $-D$E$-u)E$-D$D$!$-WD$ D$ED$E$r-$U-E$6-/!$d-$,$,UEȉEEWVS0 ff|$Dtpt$CL$BT$AD$@t>t$L$T$ D$D$<$,t0[^_Í0[^_ËD$@D$,D$,D$D$$,dtD$D$$,낍S8 f|$Dt?D$CD$D$BD$D$AD$ D$@D$D$D$H$,8[ËD$@D$,D$,D$D$$l+tD$D$D$H$+8[UWVS<D$D$$+ƅx[l$1D$D$TD$,$+D$!l$D$!i 4$*xI4$*D$$ȃ<[^_]*$=+D$QD$D$X$+1<[^_]É4$]*1<[^_]WVS t$0f|$4wM)D5t@11tG<.t:PЁw t$<.t TPЁv [^_1 <uȃ [^_É4$)D$u*4$)ƅtL$@F D$T$ $)D$WVD$ fD$L$9ƃtitTtDt4t$t׃׃׃׃׃׃~<׍APPPPP P ׍HăuD$D$lj^_׃RƋL$1˃D$$D$D$ $ЉUWV l$0T$4E$t~~0YpZz ^_]ÃufE D$8D$,$9%‰fU btfFD$E $‹D$8f<D$8D$4$ЉfF ^_]Ã6tfFD$E $‹D$8f<T$8T$4$gЉfF댍tfFT$8T$4$)%‰fV ^_]Ít$&DžyfF D$$%‰fV <$H&tfFD$8D$aEED$8D$9D$11+L$)‰))EE(‰֍FEltfFT$8T$4$ %‰fV/D$1R)‰))Ƹl$T$D$)‰))D$T$9T$7|$9T$D$C‰D$9sD$)D$@t$|$ltftTtBt0tt Wt$t$t$t$t$t$t$9L$t$At$T8t$T8t$T8t$T8t$T8t$T8t$H9L$u{D$8j$WVS $0$8$D$ $4D$D$|$<$8$t8tba#D$<$_# [^_Ëa#D$ D$ D$$)#맋a#D$ D$D$$"ua#D$ D$ D$$"C$"$UWVS<1D$l$$ ^"8u8t$D$D$,$"D$,$"ǃtȉ<[^_]"$fD$ l$D$D$P$"<[^_]UWVSLYl$dD$4$ "Dž@@@ ,$‰t_D$tD$D$`D$t$4$!t$D$lB $.!D$8D$D$jB@$ !D$4D$D$uB$ D$8 tK GGC[ $D$nD$,$ GG " $lD$ D$`D$\D$,$ $:D$cD$,$ $D$~D$,$Z pGGu$D$D$,$! 7GG<D$ $WËT$ D$D$ T$D$D$UWVPD$4D$8D$<D$@D$DD$HD$D$|$L|$ D$D$t$44$y 1P^_]ËD$L$ŅtD$D$|$ D$D$4$9|$L9sq 9vd~uFpD$,VxT$(@D$D$dD$T$($u$bƅRT$,BD$(@fF1,$P^_]É,$1VD$ O4$‹D$$tt$D$$^ø^Vt$ t$^ø^UWVl$ D$$T$(uu ^_]Å~gtufuO<$PFE@t|$D$$9E@Ex ^_]뱸WV|$ T$u1҉^_Å~DШuA4;q wt"qPP^_ÃtكuωQP^_úVt$ t0@$Q@@@ ^ø^UWVP|$dl$pD$tD$,$T$`fT$T$hL$lD$ffT$@ffL$BT$DD$,D$EfD$FT$xT$HD$|D$L$t $u:D$<D$@FD$DFD$HF D$LFP^_]øP^_]ÍF$T$$T$$YVt$L$T$D$D$D$D$T$L$D$ D$ t$^UWV@t$X|$\D$`D$T$hT$l$tD$PT$TL$dffD$,ffT$.Ήt$0ω|$4D$D$9D$8PffL$:fD$<T$fT$>T$ltD$pu;D$,ED$0ED$4ED$8E D$ [options] interface: -i interface1 Capture packets from interface1. options: -I interface2 Forward packets to interface2. -d ip address Destination ip address of forwarded packets. -n number Number of packets to capture. -h Hide packet headers. -p Hide payload. -c Capture packets only. -f 'filter' Tcpdump packet filter expression. example: sudo packetforward -i en1 -I tap0 -d 5.124.100.100 -f 'udp port 6112 and dst host 255.255.255.255' 'w+/tmp/payload.txt%05d %02x libnet_open_link_interface: %s udplibnet_init_packet failed --- Injected packet number %i on %s --- libnet_do_checksum failed IP header Src Addr: %s Dst Addr: %s Len: %i ID: %i TTL: %i UDP header Src port: %i Dst port: %i Len: %i Payload (%d bytes) tcpTCP header Src port: %i Dst port: %i Len: %i libnet_write_link_layer only wrote %d bytes libnet_close_link_interface couldn't close the interface --- Captured packet number %i on %s --- Error: invalid IP header length: %u bytes ICMP header IP header Unknown header Error: invalid TCP header length: %u bytes IP header Src Addr: %s Len: %i ID: %i TTL: %i TCP header Src port: %i Dst port: %i Len: %i UDP header Src Port: %i Dst Port: %i Len: %i i:I:d:n:hpcf:Can't get ip address: %s Error: couldn't get netmask for interface %s Capture from: %s Forward to: %s Src Address: %s Dst Address: %s Dst Address: Not changedPackets to capture: %d Packet Filter: %s Error: couldn't open interface %s: %s Error: %s is not on ethernet Error: couldn't parse filter %s: %s Error: couldn't install filter %s: %s Capture and forward complete. ip%d.%d.%d.%dsocket: %sWarning: Critical: Fatal: /dev/bpf%d%s: %smalloc: %sBIOCVERSION: %sBIOCGDLT: %sBIOCSHDRCMPLT: %s   PPPP,.5!7P!A!J-X3f=~PDPPPR PPP@PP  PPP 2P*,P4P=dP )\8PiJAc<p.v<!$P(P" #+29@FN]l} 0@HQW_hpzU>A?@BCDEFGHIJK@LMNOPQRSTVWX@YZ[\]^_`abcd@efghij dyld_stub_binding_helper__dyld_func_lookup_isprint___istype_isascii__OSSwapInt16__OSSwapInt32___i686.get_pc_thunk.bxdyld__mach_header_count.5799_which.5048_hostname2.5047_hostname.5046_NXArgc_NXArgv___progname__mh_execute_header_capture_only_daddr1_daddr2_dev_dev2_enet_dst_enet_src_environ_fprint_ascii_line_got_packet_hide_header_hide_payload_libnet_bpf_open_libnet_build_ethernet_libnet_build_ip_libnet_build_ipv4_libnet_build_tcp_libnet_build_udp_libnet_close_link_interface_libnet_destroy_packet_libnet_destroy_packet_arena_libnet_do_checksum_libnet_error_libnet_get_hwaddr_libnet_get_ipaddr_libnet_host_lookup_libnet_host_lookup_r_libnet_in_cksum_libnet_init_packet_libnet_init_packet_arena_libnet_ip_check_libnet_name_resolve_libnet_next_packet_from_arena_libnet_open_link_interface_libnet_write_link_layer_ll_strerror_main_print_app_banner_print_app_usage_print_hex_ascii_line_print_payload_saddr1_saddr2_send_packetstart__DefaultRuneLocale___error___maskrune___sF_atoi_close_exit_fclose_fopen_fputc_fputs_free_fwrite_gethostbyaddr_gethostbyname_getopt$UNIX2003_inet_addr_inet_ntoa_ioctl_malloc_memcpy_memset_open_optarg_pcap_close_pcap_compile_pcap_datalink_pcap_freecode_pcap_geterr_pcap_lookupnet_pcap_loop_pcap_open_live_pcap_setfilter_printf_putchar_puts_socket_sprintf_strcpy_strerror_strncmp_strncpy_sysctl_vsnprintf_writepacketforward/._packetforward.c0000644000076500007650000000027211122730422016146 0ustar mickymickyMac OS X  2ATTRbd""com.macromates.caret{ column = 21; line = 2; }packetforward/packetforward.c0000644000076500007650000004354211122730422015740 0ustar mickymicky/* * packetforward.c * Copyright (c) 2008 by Micky Holdorf * */ #include #include #include "headers.h" #define APP_NAME "PacketForward 0.8.1" #define APP_DESC "IP packet capture and forward application based on libpcap and libnet." #define APP_COPYRIGHT "Copyright (c) 2008 by Micky Holdorf" /* default snap length (maximum bytes per packet to capture) */ #define SNAP_LEN 4096 char *dev = NULL; /* capture device1 name */ char *dev2 = NULL; /* capture device2 name */ char *daddr1 = NULL; char *daddr2 = NULL; char *saddr1 = NULL; char *saddr2 = NULL; u_char enet_src[6] = {0x0d, 0x0e, 0x0a, 0x0d, 0x00, 0x00}; u_char enet_dst[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; int hide_header = 0; int hide_payload = 0; int capture_only = 0; void send_packet(char *protocol, int sport, int dport, int id, int ttl, int count, const u_char *payload, int payload_size); void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet); void print_payload(const u_char *payload, int len); void print_hex_ascii_line(const u_char *payload, int len, int offset); void print_app_banner(void); void print_app_usage(char *name); /* app name/banner */ void print_app_banner(void) { printf("\n%s\n", APP_NAME); printf("%s\n", APP_DESC); printf("%s\n", APP_COPYRIGHT); printf("\n"); return; } /* print help text */ void print_app_usage(char *name) { print_app_banner(); printf("usage:\n %s [options]\n\n", name); printf("interface:\n"); printf(" -i interface1 Capture packets from interface1.\n\n"); printf("options:\n"); printf(" -I interface2 Forward packets to interface2.\n"); printf(" -d ip address Destination ip address of forwarded packets.\n"); printf(" -n number Number of packets to capture.\n"); printf(" -h Hide packet headers.\n"); printf(" -p Hide payload.\n"); printf(" -c Capture packets only.\n"); printf(" -f 'filter' Tcpdump packet filter expression.\n\n"); printf("example:\n"); printf(" sudo packetforward -i en1 -I tap0 -d 5.124.100.100 -f 'udp port 6112 and dst host 255.255.255.255'\n\n'"); return; } /* print data to file */ void fprint_ascii_line(const u_char *payload, int len, int offset) { int i; int gap; const u_char *ch; FILE *file; file = fopen("/tmp/payload.txt", "w+"); /* ascii */ ch = payload; for(i = 0; i < len; i++) { fprintf(file, "%c", *ch); ch++; } fclose (file); return; } /* * print data in rows of 16 bytes: offset hex ascii * 00000 4745 5420 2f20 4854 5450 2f31 2e31 0d0a GET / HTTP/1.1.. */ void print_hex_ascii_line(const u_char *payload, int len, int offset) { int i; int gap; const u_char *ch; /* offset */ printf("%05d ", offset); /* hex */ ch = payload; for(i = 0; i < len; i++) { printf("%02x", *ch); ch++; /* print extra space after for visual aid */ if (i%2 != 0) printf(" "); if (i == 7) printf(" "); } /* print space to handle line less than 8 bytes */ if (len < 8) printf(" "); /* fill hex gap with spaces if not full line */ if (len < 16) { gap = 16 - len; for (i = 0; i < gap; i++) { printf(" "); if (i%2 == 0) printf(" "); } } printf(" "); /* ascii (if printable) */ ch = payload; for(i = 0; i < len; i++) { if (isprint(*ch)) printf("%c", *ch); else printf("."); ch++; } printf("\n"); return; } /* * print packet payload data (avoid printing binary data) */ void print_payload(const u_char *payload, int len) { int len_rem = len; int line_width = 16; /* number of bytes per line */ int line_len; int offset = 0; /* zero-based offset counter */ const u_char *ch = payload; if (len <= 0) return; /* data fits on one line */ if (len <= line_width) { print_hex_ascii_line(ch, len, offset); return; } /* data spans multiple lines */ for ( ;; ) { /* compute current line length */ line_len = line_width % len_rem; /* print line */ print_hex_ascii_line(ch, line_len, offset); /* compute total remaining */ len_rem = len_rem - line_len; /* shift pointer to remaining bytes to print */ ch = ch + line_len; /* add offset */ offset = offset + line_width; /* check if we have line width chars or less */ if (len_rem <= line_width) { /* print last line and get out */ print_hex_ascii_line(ch, len_rem, offset); break; } } return; } void send_packet(char *protocol, int sport2, int dport2, int id, int ttl, int count, const u_char *payload, int payload_size) { char errbuf[LIBNET_ERRBUF_SIZE]; /* error buffer */ struct libnet_link_int *network; /* pointer to link interface struct */ int packet_size; /* size of our packet */ int ip_size; /* size of our ip */ int udp_size; /* size of our udp */ int tcp_size; /* size of our tcp */ int c; u_char *packet; /* pointer to our packet buffer */ /* * Step 1: Network Initialization (interchangable with step 2). */ if ((network = libnet_open_link_interface(dev2, errbuf)) == NULL) { libnet_error(LIBNET_ERR_FATAL, "libnet_open_link_interface: %s\n", errbuf); } /* * We're going to build a UDP packet with a payload using the * link-layer API, so this time we need memory for a ethernet header * as well as memory for the ICMP and IP headers and our payload. */ if (protocol == "udp") { packet_size = LIBNET_ETH_H + LIBNET_IP_H + LIBNET_UDP_H + payload_size; ip_size = LIBNET_IP_H + LIBNET_UDP_H + payload_size; udp_size = LIBNET_UDP_H + payload_size; /* * Step 2: Memory Initialization (interchangable with step 1). */ if (libnet_init_packet(packet_size, &packet) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n"); } /* * Step 3: Packet construction (ethernet header). */ libnet_build_ethernet( enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, packet); printf("\n--- Injected packet number %i on %s ---\n", count, dev2); /* * Step 3: Packet construction (IP header). */ libnet_build_ip( LIBNET_UDP_H + payload_size, 0, /* IP tos */ id, /* IP ID */ 0, /* Frag */ ttl, /* TTL */ IPPROTO_UDP, /* Transport protocol */ inet_addr(saddr2), /* Source IP */ inet_addr(daddr2), /* Destination IP */ payload, /* Pointer to payload (none) */ 0, packet + LIBNET_ETH_H); /* Packet header memory */ /* * Step 3: Packet construction (UDP header). */ libnet_build_udp( sport2, /* source port */ dport2, /* dest. port */ payload, /* payload */ payload_size, /* payload length */ packet + LIBNET_ETH_H + LIBNET_IP_H); /* * Step 4: Packet checksums (ICMP header *AND* IP header). */ if (libnet_do_checksum(packet + ETH_H, IPPROTO_UDP, LIBNET_UDP_H + payload_size) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n"); } if (libnet_do_checksum(packet + ETH_H, IPPROTO_IP, LIBNET_IP_H) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n"); } /* print packet info */ if (!hide_header) { printf("IP header Src Addr: %s", saddr2); printf(" Dst Addr: %s\n", daddr2); printf(" Len: %i ID: %i TTL: %i\n", ip_size, id, ttl); printf("UDP header Src port: %i Dst port: %i Len: %i\n", sport2, dport2, udp_size); } if (!hide_payload) { printf("Payload (%d bytes)\n", payload_size); print_payload(payload, payload_size); } } if (protocol == "tcp") { packet_size = LIBNET_ETH_H + LIBNET_IP_H + LIBNET_TCP_H + payload_size; ip_size = LIBNET_IP_H + LIBNET_TCP_H + payload_size; tcp_size = LIBNET_TCP_H + payload_size; /* * Step 2: Memory Initialization (interchangable with step 1). */ if (libnet_init_packet(packet_size, &packet) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n"); } /* * Step 3: Packet construction (ethernet header). */ libnet_build_ethernet( enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, packet); printf("\n--- Injected packet number %i on %s ---\n", count, dev2); /* * Step 3: Packet construction (IP header). */ libnet_build_ip( LIBNET_TCP_H + payload_size, 0, /* IP tos */ id, /* IP ID */ 0, /* Frag */ ttl, /* TTL */ IPPROTO_TCP, /* Transport protocol */ inet_addr(saddr2), /* Source IP */ inet_addr(daddr2), /* Destination IP */ payload, /* Pointer to payload */ 0, packet + LIBNET_ETH_H); /* Packet header memory */ /* * Step 3: Packet construction (TCP header). */ libnet_build_tcp( sport2, /* source TCP port */ dport2, /* destination TCP port */ 0xa1d95, /* sequence number */ 0x53, /* acknowledgement number */ TH_SYN, /* control flags */ 1024, /* window size */ 0, /* urgent pointer */ NULL, /* payload (none) */ 0, /* payload length */ packet + LIBNET_ETH_H + LIBNET_IP_H); /* * Step 4: Packet checksums (ICMP header *AND* IP header). */ if (libnet_do_checksum(packet + ETH_H, IPPROTO_TCP, LIBNET_TCP_H + payload_size) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n"); } if (libnet_do_checksum(packet + ETH_H, IPPROTO_IP, LIBNET_IP_H) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n"); } /* print packet info */ if (!hide_header) { printf("IP header Src Addr: %s", saddr2); printf(" Dst Addr: %s\n", daddr2); printf(" Len: %i ID: %i TTL: %i\n", ip_size, id, ttl); printf("TCP header Src port: %i Dst port: %i Len: %i\n", sport2, dport2, tcp_size); } if (!hide_payload) { printf("Payload (%d bytes)\n", payload_size); print_payload(payload, payload_size); } } /* * Step 5: Packet injection. */ c = libnet_write_link_layer(network, dev2, packet, packet_size); if (c < packet_size) { libnet_error(LN_ERR_WARNING, "libnet_write_link_layer only wrote %d bytes\n", c); } /* * Shut down the interface. */ if (libnet_close_link_interface(network) == -1) { libnet_error(LN_ERR_WARNING, "libnet_close_link_interface couldn't close the interface"); } /* * Free packet memory. */ libnet_destroy_packet(&packet); printf("\n"); } /* * dissect/print packet */ void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) { static int count = 1; /* packet counter */ /* declare pointers to packet headers */ const struct sniff_ethernet *ethernet; /* The ethernet header [1] */ const struct sniff_ip *ip; /* The IP header */ const struct sniff_tcp *tcp; /* The TCP header */ const struct sniff_udp *udp; /* The UDP header */ const u_char *payload; /* Packet payload */ int size_ip; int size_tcp; int size_udp; int size_payload; char *protocol; char nemesis[1000]; int sport,dport; const u_char *ch; char *errbuf; struct libnet_link_int *link2 = NULL; int id, ttl; printf("\n--- Captured packet number %i on %s ---\n", count,dev); /* define ethernet header */ ethernet = (struct sniff_ethernet*)(packet); /* define/compute ip header offset */ ip = (struct sniff_ip*)(packet + SIZE_ETHERNET); size_ip = IP_HL(ip)*4; if (size_ip < 20) { printf("\n Error: invalid IP header length: %u bytes\n", size_ip); return; } /* determine protocol */ switch(ip->ip_p) { case IPPROTO_TCP: goto tcp; case IPPROTO_UDP: goto udp; case IPPROTO_ICMP: printf(" ICMP header\n"); return; case IPPROTO_IP: printf(" IP header\n"); return; default: printf(" Unknown header\n"); return; } tcp: /* this packet is TCP */ protocol="tcp"; /* define/compute tcp header offset */ tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip); size_tcp = TH_OFF(tcp)*4; if (size_tcp < 20) { printf("\n Error: invalid TCP header length: %u bytes\n", size_tcp); return; } /* define/compute tcp payload (segment) offset */ payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_tcp); /* compute tcp payload (segment) size */ size_payload = ntohs(ip->ip_len) - (size_ip + size_tcp); sport=ntohs(tcp->th_sport); dport=ntohs(tcp->th_dport); /* print packet info */ if (!hide_header) { printf("IP header Src Addr: %s", inet_ntoa(ip->ip_src)); printf(" Dst Addr: %s\n", inet_ntoa(ip->ip_dst)); printf(" Len: %i ID: %i TTL: %i\n", size_ip+size_tcp+size_payload, ip->ip_id, ip->ip_ttl); printf("TCP header Src port: %i Dst port: %i Len: %i\n", ntohs(tcp->th_sport), ntohs(tcp->th_dport), size_tcp+size_payload); } if (!hide_payload) { printf("Payload (%d bytes)\n", size_payload); print_payload(payload, size_payload); } goto end; udp: /* this packet is UDP */ protocol="udp"; /* define/compute udp header offset */ udp = (struct sniff_udp*)(packet + SIZE_ETHERNET + size_ip); size_udp = 8; /* define/compute tcp payload (segment) offset */ payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_udp); /* compute udp payload (segment) size */ size_payload = ntohs(ip->ip_len) - (size_ip + size_udp); sport=ntohs(udp->uh_sport); dport=ntohs(udp->uh_dport); if (!hide_header) { /* print source and destination IP addresses */ printf("IP header Src Addr: %s", inet_ntoa(ip->ip_src)); printf(" Dst Addr: %s\n", inet_ntoa(ip->ip_dst)); printf(" Len: %i ID: %i TTL: %i\n", size_ip+size_udp+size_payload, ip->ip_id, ip->ip_ttl); printf("UDP header Src Port: %i Dst Port: %i Len: %i\n", ntohs(udp->uh_sport), ntohs(udp->uh_dport), size_udp+size_payload); } if (!hide_payload) { /* Print payload data; it might be binary, so don't just treat it as a string. */ printf("Payload (%d bytes)\n", size_payload); print_payload(payload, size_payload); } goto end; end: if (daddr2 == NULL) daddr2 = inet_ntoa(ip->ip_dst); id = ip->ip_id; ttl = ip->ip_ttl; if (!capture_only) send_packet(protocol, sport, dport, id, ttl, count, payload, size_payload); /* ch = payload; fprint_ascii_line(ch, size_payload, 0); sprintf(nemesis,"sudo nemesis %s -x %i -y %i -S %s -D %s -d %s -T 255 -P/tmp/payload.txt", protocol, sport, dport, saddr2, daddr2, dev2); system(nemesis); */ count++; return; } int main(int argc, char **argv) { bpf_u_int32 mask, mask2; /* subnet mask */ bpf_u_int32 net, net2; /* ip */ char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */ pcap_t *handle; /* packet capture handle */ char filter_exp[] = "ip"; /* filter expression */ struct bpf_program fp; /* compiled filter program (expression) */ int c,num_packets = -1; /* number of packets to capture */ struct libnet_link_int *l; u_long i; /* check command-line options */ while ((c = getopt(argc, argv, "i:I:d:n:hpcf:")) != EOF) { switch (c) { case 'i': dev = optarg; dev2 = dev; break; case 'I': dev2 = optarg; break; case 'd': daddr2 = optarg; break; case 'n': num_packets = atoi(optarg); break; case 'f': strcpy(filter_exp, optarg); break; case 'h': hide_header = 1; break; case 'p': hide_payload = 1; break; case 'c': capture_only = 1; break; default: print_app_usage(argv[0]); exit(EXIT_FAILURE); } } if (dev == NULL) { print_app_usage(argv[0]); exit(EXIT_FAILURE); } /* get source ip address associated with forward device */ l = libnet_open_link_interface(dev2, errbuf); if (!l) { printf("libnet_open_link_interface: %s\n", errbuf); goto failure; } i = libnet_get_ipaddr(l, dev2, errbuf); if (!i) { printf("Can't get ip address: %s\n", errbuf); goto failure; } saddr2 = (char *)libnet_host_lookup(ntohl(i), 0); /* get network number and mask associated with capture device */ if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { printf(" Error: couldn't get netmask for interface %s\n\n", errbuf); goto failure; } /* print capture info */ printf("\n Capture from: %s\n", dev); printf(" Forward to: %s\n", dev2); printf(" Src Address: %s\n", saddr2); if (daddr2) printf(" Dst Address: %s\n", daddr2); else printf(" Dst Address: Not changed\n"); if(num_packets > 0) printf("Packets to capture: %d\n", num_packets); printf("Packet Filter: %s\n", filter_exp); printf("\n"); /* open capture device */ handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf); if (handle == NULL) { printf("\n Error: couldn't open interface %s: %s\n\n", dev, errbuf); goto failure; } /* make sure we're capturing on an Ethernet device */ if (pcap_datalink(handle) != DLT_EN10MB) { printf("\n Error: %s is not on ethernet\n\n", dev); goto failure; } /* compile the filter expression */ if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) { printf("\n Error: couldn't parse filter %s: %s\n\n", filter_exp, pcap_geterr(handle)); goto failure; } /* apply the compiled filter */ if (pcap_setfilter(handle, &fp) == -1) { printf("\n Error: couldn't install filter %s: %s\n\n", filter_exp, pcap_geterr(handle)); goto failure; } /* now we can set our callback function */ pcap_loop(handle, num_packets, got_packet, NULL); /* cleanup */ pcap_freecode(&fp); pcap_close(handle); printf("\nCapture and forward complete.\n\n"); exit(EXIT_SUCCESS); failure: exit(EXIT_FAILURE); }packetforward/._pf0000755000076500007650000000027011122727735013514 0ustar mickymickyMac OS X  2ATTRbZ  com.macromates.caretxR<[k0?'3/«packetforward/pf0000755000076500007650000000011411122727735013274 0ustar mickymickypacketforward -i en1 -I tap0 -f 'udp port 6112 and dst host 255.255.255.255'packetforward/._README0000644000076500007650000000027211122730364014033 0ustar mickymickyMac OS X  2ATTRbb""com.macromates.caret{ column = 16; line = 2; }packetforward/README0000644000076500007650000000737511122730364013631 0ustar mickymickyPACKETFORWARD 0.8.1 ----------------- Copyright @ 2008 by Micky Holdorf Contact: micky.holdorf@gmail.com Introduction ------------ PacketForward is an IP packet capture/forward application based on libpcap and libnet. It is a command line tool that listens on one network interface for UDP and TCP packets and then injects them on the same or another network interface. It has options for packet capture filtering and changing destination address. Supported Platforms ------------------- PakcetForward has been compiled and tested on Mac OS X 10.5.1 (Intel). But you are welcome to supply additional feedback if you compile and test it on other platforms succesfully. Since PakcetForward is based on libpcap and libnet, it should be portable to most other BSD and UNIX systems. Compilation and installation ---------------------------- In order to compile PacketForward, you must have libpcap and libnet 1.0.2a installed on your system. BSD systems like Mac OS X have libpcap preinstalled. I recommend using MacPorts (http://www.macports.org/) for getting libnet. The MacPorts project's main goal is to provide an easy way to install various open-source software products on Mac OS X. cd to the directory of PacketForward. To compile, type: make To install (requires root access), type: sudo make install To uninstall (requires root access), type: sudo make clean A compiled Mac OS X (Intel) binary is supplied with this distribution. Just copy it to your system for easy access: sudo cp packetforward /usr/bin/packetforward Usage ----- PacketForward will capture IP packets with TCP and UDP headers, show header info and content of payload. One of the uses of PacketForward is to forward packets from a physical to a virtual interface eg. the tun/tap interface for VPN networks. This is especially useful for games that do not broadcast on all interfaces but only use the default interface and you want to play games with a friend on the internet. usage: packetforward [options] interface: -i interface1 Capture packets from interface1. options: -I interface2 Forward packets to interface2. -d ip address Destination ip address of forwarded packets. -n number Number of packets to capture. -h Hide packet headers. -p Hide payload. -c Capture packets only. -f 'filter' Tcpdump packet filter expression. example: sudo packetforward -i en1 -I tap0 -d 5.124.100.100 -f 'udp port 6112 and dst host 255.255.255.255' You must have root access to use PacketForward. In this example PacketForward will listen on the en1 network interface for UDP broadcast packets with dst and src port 6112, change the destination address to 5.124.100.100 and inject them on to the tap0 network interface. The src address is automatically changed to match the tap0 network interface. A small executable script is provided to ease usage of packetforward. When in the directory of the script start it by typing sudo ./pf Filter ------ PacketForward is using Tcpdump filter expressions. Below is some examples. ip Capture all IP packets. udp Capture only UDP packets. tcp Capture only TCP packets. udp port 80 Capture only UDP packets with src or dst port 80. ip host 10.1.2.3 Capture all IP packets to or from host 10.1.2.3. udp dst port 80 and src host 10.1.2.3 Capture only UDP packets to port 80 from host 10.1.2.3. Read the Tcpdump man pages for more info on filter expressions. Download -------- You can download PacketForward from: http://www.holdorf.dk/software/ Thanks ------ Jakob Weitemeyer for discussion, ideas and testing PacketForward.