Merging new sniffing feature from marsan27/sniffer

Added network packet sniffing capabilities

CMakeLists.txt

@@ -18,7 +18,7 @@ add_executable(RawTCP_Exec main.c)
 
 #Add files with implementation and INTERFACE library type (header only).
 add_library(RawTCP_Lib STATIC
-    src/segment.c src/packet.c src/packetForger.c src/socketManager.c )
+    src/segment.c src/packet.c src/packetForger.c src/socketManager.c src/packetInterpreter.c)
 
 include(GNUInstallDirs)
 

README.md

@@ -16,15 +16,26 @@
 
 # RawTCP_Lib
 
-RawTCP is a library to build custom TCP/IP packets from the ground and send them through raw sockets. It also generates TCP/IP checksums automatically.
+RawTCP is a library to build custom TCP/IP packets from the ground and send/receive them using only raw sockets and the C language.
 
-RawTCP uses the AF_INET address family so it supports both customization of the Network Layer (IP) and the Transport Layer (TCP) headers. Support for the Link Layer will come in future updates.
+## Features
+* Create custom TCP/IP packets with control over all their fields (including network flags).
+* Automatically build packets' checksums, or request a recalculation manually.
+* Send built packets over raw sockets.
+* **NEW:** Sniff incoming packets to your device, and operate with them later.
+
+## Use cases
+You can have a look at my project [TCPcannon](https://github.com/marsan27/TCPcannon) built on top of this library for an example!
 
-## Purpose
 * Send spoofed network packets (fake source IP/port).
 * Build specific packets for network attacks (e.g SYN flooding).
-* OS fingerprinting.
+* Monitor your device network traffic.
 * Fast integration in your network application.
+
+
+Note: RawTCP uses the AF_INET address family so it supports both customization of the Network Layer (IP) and the Transport Layer (TCP) headers. Support for the Link Layer will come in future updates.
+
+
 
 ## Installation
 RawTCP is built as an static library to facilitate integration with your project. 
@@ -72,6 +83,12 @@ while(1){
 }
 ```
 
+### Sniff incoming TCP packets
+```c
+//The packet can be used as if it was generated with build_standard_packet()
+packet_t packet = rawsocket_sniff();
+```
+
 ## Issues?
 Whether it is a bug, question or suggestion, please [open a ticket](https://github.com/marsan27/RawTCP_Lib/issues/new) and I will have a look at it as fast as I possibly can.
 ## LICENSE

include/packetForger.h

@@ -24,4 +24,6 @@ int packet_destroy(packet_t packet);
 
 int set_TCP_flags(packet_t packet, int hex_flags);
 
+packet_t build_null_packet(packet_t packet);
+
 #endif

include/packetInterpreter.h

@@ -0,0 +1,11 @@
+#ifndef HEADER_P_INTERPRETER
+#define HEADER_P_INTERPRETER
+
+#include "packetForger.h"
+#include <stdio.h>
+#include <stdlib.h>
+
+packet_t parse_packet(char* buffer, int size);
+
+
+#endif

include/socketManager.h

@@ -5,7 +5,10 @@
 #include <sys/socket.h>
 #include <arpa/inet.h>
 #include <unistd.h>
+#include "packetInterpreter.h"
 
 int rawsocket_send(packet_t packet);
 
+packet_t rawsocket_sniff();
+
 #endif

main.c

@@ -13,12 +13,20 @@
 #include "../include/socketManager.h"
 
 int main(){
-    packet_t packet = build_standard_packet(8000, 7000, "192.168.1.102", "192.168.1.1", 4096, "");
+    /*packet_t packet = build_standard_packet(8000, 7000, "192.168.1.102", "192.168.1.1", 4096, "");
    
     rawsocket_send(packet);
     set_TCP_flags(packet, 0x02);
     
-    packet_destroy(packet);
+    packet_destroy(packet);*/
+
+    packet_t packet = rawsocket_sniff();
+
+    struct sockaddr_in source;
+    memset(&source, 0, sizeof(source));
+	source.sin_addr.s_addr = packet.ipheader->daddr;
+
+    printf("Packet: %s\n", inet_ntoa(source.sin_addr));
 
     return 0;
 }

src/packetForger.c

@@ -95,6 +95,15 @@ int set_TCP_flags(packet_t packet, int hex_flags){
     return 0;
 }
 
+packet_t build_null_packet(packet_t packet){
+    packet.ipheader = NULL;
+    packet.packet = NULL;
+    packet.payload = NULL;
+    packet.payload_length = 0;
+    packet.tcpheader = NULL;
+    return packet;
+}
+
 
 int packet_destroy(packet_t packet){
     free(packet.packet);

src/packetInterpreter.c

@@ -0,0 +1,46 @@
+#include "../include/packetInterpreter.h"
+
+/**
+ * Function to get protocol of packet
+ * 
+ */ 
+int get_packet_proto(char* buffer, int size){
+    struct iphdr *ipheader = (struct iphdr*)buffer;
+
+    int protocol = ipheader->protocol;
+
+    printf("Packet of protocol %i detected\n", protocol);
+    return protocol;
+}
+
+/**
+ * Obtain packet from byte stream
+ * 
+ * NOTE: only accepts TCP packets for now
+ * 
+ */ 
+packet_t parse_packet(char* buffer, int size){
+    int proto = get_packet_proto(buffer, size);
+    packet_t packet;
+
+    if(proto!=6){
+        build_null_packet(packet);
+        fprintf(stderr, "Parsed packet of non-supported protocol. This should not have happened %i\n", proto);
+        return packet;
+    }
+
+    //Constructing packet struct
+    packet.ipheader = (struct iphdr*) buffer;
+    int ip_header_length = packet.ipheader->ihl*4;
+
+    packet.tcpheader = (struct tcphdr*) (buffer+ip_header_length);
+    int tcp_header_length = packet.tcpheader->doff*4;
+
+    packet.payload = (char*) buffer+ip_header_length+tcp_header_length;
+
+    packet.payload_length = size - ip_header_length - tcp_header_length;
+
+    packet.packet = buffer;
+
+    return packet;
+}

src/socketManager.c

@@ -33,3 +33,34 @@ int rawsocket_send(packet_t packet){
 }
 
 
+packet_t rawsocket_sniff(){
+    //Create raw socket.
+    int sock = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
+    packet_t packet;
+
+    if(sock == -1){
+        perror("ERROR opening raw socket. Do you have root priviliges?");
+        packet = build_null_packet(packet);
+        return packet;
+    }
+
+    //Result of recv
+    int buffer_size = 20000;
+    char* buffer = calloc(buffer_size, sizeof(char));
+    int received = recvfrom(sock, buffer, buffer_size, 0x0, NULL, NULL);
+
+
+
+    if(received<0){
+        perror("ERROR receiving packet in the socket");
+        packet = build_null_packet(packet);
+        return packet;
+    }
+
+    packet = parse_packet(buffer, buffer_size);
+
+    close(sock);
+    return packet;
+}
+
+