0

i have implemented a c program where raw packets are received from the network in promiscuous mode and stores it in a text file. but i was supposed to save it in a binary file. how can i do this? i mean what do i need to change to save it as a binary file. please can anybody guide me ? or give me a link where i can go through the binary file handlers and check for the solution :(

here is my data_capture_module:

int main()
{
int saddr_size , data_size;
struct sockaddr saddr;
gopromiscous();
unsigned char *buffer = (unsigned char *) malloc(1024);  

logfile=fopen("sniff_data.txt","w");
if(logfile==NULL)
  {
    printf("Unable to create sniff_data file.");
  }
printf("\n Starting..\n");

int sock_raw = socket( AF_PACKET , SOCK_RAW , htons(ETH_P_ALL)) ;
 setsockopt(sock_raw , SOL_SOCKET , SO_BINDTODEVICE , "eth0" , strlen("eth0")+ 1 );

if(sock_raw < 0)
   {
    //Print the error with proper message
    perror("Socket Error");
    return 1;
   }
int count=30; 
while(count>=0)
  { 
    count--;
    saddr_size = sizeof saddr;       
    data_size = recvfrom(sock_raw , buffer , 1024, 0 , &saddr ,(socklen_t*)&saddr_size);
    if(data_size <0 )
    {
        printf("Recvfrom error , failed to get packets\n");
        return 1;
    }
    ProcessPacket(buffer , data_size);
  }
fclose(logfile);
close(sock_raw);
printf("\n");
printf(" Finished\n\n");
return 0;
}

void ProcessPacket(unsigned char* buffer, int size)

{
//Get the IP Header part of this packet , excluding the ethernet header
struct iphdr *iph = (struct iphdr*)(buffer + sizeof(struct ethhdr));
++total;
switch (iph->protocol) //Check the Protocol and do accordingly...
  {
    case 1:  //ICMP Protocol
        ++icmp;
        print_icmp_packet( buffer , size);
        break;

    case 2:  //IGMP Protocol
        ++igmp;
        break;

    case 6:  //TCP Protocol
        ++tcp;
        print_tcp_packet(buffer , size);
        break;

    case 17: //UDP Protocol
        ++udp;
        print_udp_packet(buffer , size);
        break;

    default: //Some Other Protocol like ARP etc.
        ++others;
        break;
   }
printf(" TCP : %d   UDP : %d   ICMP : %d   IGMP : %d   Others : %d   Total : %d\r",tcp, ,    udp , icmp , igmp , others , total);
}

void print_ethernet_header(unsigned char* Buffer, int Size)
{
struct ethhdr *eth = (struct ethhdr *)Buffer;

fprintf(logfile , "\n");
fprintf(logfile , "Ethernet Header\n");
fprintf(logfile , "   |-Destination Address : %.2X-%.2X-%.2X-%.2X-%.2X-%.2X \n",       

eth->h_dest[0] , eth->h_dest[1] , eth->h_dest[2] , eth->h_dest[3] , eth->h_dest[4] ,      eth->h_dest[5] );
fprintf(logfile , "   |-Source Address      : %.2X-%.2X-%.2X-%.2X-%.2X-%.2X \n",        

eth->h_source[0] , eth->h_source[1] , eth->h_source[2] , eth->h_source[3] , 
eth->h_source[4] , eth->h_source[5] );
fprintf(logfile , "   |-Protocol            : %u \n",(unsigned short)eth->h_proto);

}

void print_ip_header(unsigned char* Buffer, int Size)
{
print_ethernet_header(Buffer , Size);

unsigned short iphdrlen;

struct iphdr *iph = (struct iphdr *)(Buffer  + sizeof(struct ethhdr) );
iphdrlen =iph->ihl*4;

memset(&source, 0, sizeof(source));
source.sin_addr.s_addr = iph->saddr;

memset(&dest, 0, sizeof(dest));
dest.sin_addr.s_addr = iph->daddr;

fprintf(logfile , "\n");
fprintf(logfile , "IP Header\n");
fprintf(logfile , "   |-IP Version        : %d\n",(unsigned int)iph->version);

fprintf(logfile , "   |-Type Of Service   : %d\n",(unsigned int)iph->tos);
fprintf(logfile , "   |-IP Total Length   : %d  Bytes(Size ofPacket)",   
                                                             ntohs(iph->tot_len));
fprintf(logfile , "   |-Identification    : %d\n",ntohs(iph->id));

fprintf(logfile , "   |-TTL      : %d\n",(unsigned int)iph->ttl);
fprintf(logfile , "   |-Protocol : %d\n",(unsigned int)iph->protocol);
fprintf(logfile , "   |-Checksum : %d\n",ntohs(iph->check));
fprintf(logfile , "   |-Source IP        : %s\n",inet_ntoa(source.sin_addr));
fprintf(logfile , "   |-Destination IP   : %s\n",inet_ntoa(dest.sin_addr));

}

void print_tcp_packet(unsigned char* Buffer, int Size)
{
unsigned short iphdrlen;
struct iphdr *iph = (struct iphdr *)( Buffer  + sizeof(struct ethhdr) );
iphdrlen = iph->ihl*4;     
struct tcphdr *tcph=(struct tcphdr*)(Buffer + iphdrlen + sizeof(struct ethhdr));

int header_size =  sizeof(struct ethhdr) + iphdrlen + tcph->doff*4;

fprintf(logfile , "\n\n***********************TCP Packet*************************\n"); 

print_ip_header(Buffer,Size);

fprintf(logfile , "\n");
fprintf(logfile , "TCP Header\n");
fprintf(logfile , "   |-Source Port      : %u\n",ntohs(tcph->source));
fprintf(logfile , "   |-Destination Port : %u\n",ntohs(tcph->dest));
fprintf(logfile , "   |-Sequence Number    : %u\n",ntohl(tcph->seq));
fprintf(logfile , "   |-Acknowledge Number : %u\n",ntohl(tcph->ack_seq));
fprintf(logfile , "   |-Header Length      : %d DWORDS or %d BYTES\n" ,(unsigned i

fprintf(logfile , "   |-Urgent Flag          : %d\n",(unsigned int)tcph->urg);
fprintf(logfile , "   |-Acknowledgement Flag : %d\n",(unsigned int)tcph->ack);
fprintf(logfile , "   |-Push Flag            : %d\n",(unsigned int)tcph->psh);
fprintf(logfile , "   |-Reset Flag           : %d\n",(unsigned int)tcph->rst);
fprintf(logfile , "   |-Synchronise Flag     : %d\n",(unsigned int)tcph->syn);
fprintf(logfile , "   |-Finish Flag          : %d\n",(unsigned int)tcph->fin);
fprintf(logfile , "   |-Window         : %d\n",ntohs(tcph->window));
fprintf(logfile , "   |-Checksum       : %d\n",ntohs(tcph->check));
fprintf(logfile , "   |-Urgent Pointer : %d\n",tcph->urg_ptr);
fprintf(logfile , "\n");
fprintf(logfile , "                        DATA Dump                         ");
fprintf(logfile , "\n");

fprintf(logfile , "IP Header\n");
PrintData(Buffer,iphdrlen);

fprintf(logfile , "TCP Header\n");
PrintData(Buffer+iphdrlen,tcph->doff*4);

fprintf(logfile , "Data Payload\n");   
PrintData(Buffer + header_size , Size - header_size );

fprintf(logfile , "\n###########################################################");

}

void print_udp_packet(unsigned char *Buffer , int Size)
{     
unsigned short iphdrlen;     
struct iphdr *iph = (struct iphdr *)(Buffer +  sizeof(struct ethhdr));
iphdrlen = iph->ihl*4;     
struct udphdr *udph = (struct udphdr*)(Buffer + iphdrlen  + sizeof(struct ethhdr));

int header_size =  sizeof(struct ethhdr) + iphdrlen + sizeof udph;

fprintf(logfile , "\n\n***********************UDP Packet*************************\n");

print_ip_header(Buffer,Size);          

fprintf(logfile , "\nUDP Header\n");
fprintf(logfile , "   |-Source Port      : %d\n" , ntohs(udph->source));
fprintf(logfile , "   |-Destination Port : %d\n" , ntohs(udph->dest));
fprintf(logfile , "   |-UDP Length       : %d\n" , ntohs(udph->len));
fprintf(logfile , "   |-UDP Checksum     : %d\n" , ntohs(udph->check));

fprintf(logfile , "\n");
fprintf(logfile , "IP Header\n");
PrintData(Buffer , iphdrlen);

fprintf(logfile , "UDP Header\n");
PrintData(Buffer+iphdrlen , sizeof udph);

fprintf(logfile , "Data Payload\n");   

//Move the pointer ahead and reduce the size of string
PrintData(Buffer + header_size , Size - header_size);

fprintf(logfile , "\n###########################################################");
}

void print_icmp_packet(unsigned char* Buffer , int Size)
{
unsigned short iphdrlen;     
struct iphdr *iph = (struct iphdr *)(Buffer  + sizeof(struct ethhdr));
iphdrlen = iph->ihl * 4;

struct icmphdr *icmph = (struct icmphdr *)(Buffer + iphdrlen  + sizeof(struct ethhdr));

int header_size =  sizeof(struct ethhdr) + iphdrlen + sizeof icmph;

fprintf(logfile , "\n\n***********************ICMP Packet*************************\n");

print_ip_header(Buffer , Size);

fprintf(logfile , "\n");

fprintf(logfile , "ICMP Header\n");
fprintf(logfile , "   |-Type : %d",(unsigned int)(icmph->type));

if((unsigned int)(icmph->type) == 11)
{
    fprintf(logfile , "  (TTL Expired)\n");
}
else if((unsigned int)(icmph->type) == ICMP_ECHOREPLY)
{
    fprintf(logfile , "  (ICMP Echo Reply)\n");
}

fprintf(logfile , "   |-Code : %d\n",(unsigned int)(icmph->code));
fprintf(logfile , "   |-Checksum : %d\n",ntohs(icmph->checksum));
//fprintf(logfile , "   |-ID       : %d\n",ntohs(icmph->id));
//fprintf(logfile , "   |-Sequence : %d\n",ntohs(icmph->sequence));
fprintf(logfile , "\n");

fprintf(logfile , "IP Header\n");
PrintData(Buffer,iphdrlen);

fprintf(logfile , "UDP Header\n");
PrintData(Buffer + iphdrlen , sizeof icmph);

fprintf(logfile , "Data Payload\n");   

//Move the pointer ahead and reduce the size of string
PrintData(Buffer + header_size , (Size - header_size) );

fprintf(logfile , "\n###########################################################");
}


int gopromiscous()
{

    int fd;
    struct ifreq eth;

    fd = socket(AF_INET, SOCK_PACKET, htons(0x800));

    strcpy(eth.ifr_name, "eth0");

    ioctl(fd, SIOCGIFFLAGS, &eth);

    eth.ifr_flags |= IFF_PROMISC;

    ioctl(fd, SIOCSIFFLAGS, &eth);
    printf("\n Entered Promiscuous Mode Successfully\n");

  }

void PrintData (unsigned char* data , int Size)
{
int i , j;
for(i=0 ; i < Size ; i++)
{
    if( i!=0 && i%16==0)   //if one line of hex printing is complete...
    {
        fprintf(logfile , "         ");
        for(j=i-16 ; j<i ; j++)
        {
            if(data[j]>=32 && data[j]<=128)
                fprintf(logfile , "%c",(unsigned char)data[j]); 
            else fprintf(logfile , "."); 
        }
        fprintf(logfile , "\n");
    }

    if(i%16==0) fprintf(logfile , "   ");
        fprintf(logfile , " %02X",(unsigned int)data[i]);

    if( i==Size-1)  //print the last spaces
    {
        for(j=0;j<15-i%16;j++)
        {
          fprintf(logfile , "   "); //extra spaces
        }

        fprintf(logfile , "         ");

        for(j=i-i%16 ; j<=i ; j++)
        {
            if(data[j]>=32 && data[j]<=128)
            {
              fprintf(logfile , "%c",(unsigned char)data[j]);
            }
            else
            {
              fprintf(logfile , ".");
            }
        }

        fprintf(logfile ,  "\n" );
    }
  }
}
Improve this question
2
  • To start with open file in binary mode with "wb" in fopen("sniff_data.txt","wb"). You have to decide and write format for data in the file. There isn't specific handler for binary file. Commented Nov 6, 2013 at 6:55
  • Whichever format you choose, what matters most is not how you are going to write it, but how you are going to read again later. And binary format without any structure in it is going to be total disaster. Commented Nov 6, 2013 at 6:56

2 Answers 2

Reset to default
1
  1. Open your logging file in binary mode ("wb" as mode argument to fopen()).

  2. Use fwrite() to write the data to the logging file:

    if (fwrite(buffer, data_size, 1, logfile) != 1)
    ...short write...problems...

  3. Close the logging file.

Note that on Unix systems, the b flag is optional (it does no harm, but neither does it do any good). On Windows, the b flag matters. For portable code, use the b flag for opening binary files.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

and also do i need to change the file name to be saved as 'sniff_data.bin' ?
what does that '...short write..problems..' mean ? i really dint understand. sorry if i have asked stupid questions .
i have done with the solutions given by you, but i cant open the file . why?
The 'short write...problems' means that the attempt to write the data was unsuccessful (fwrite() failed), so that information which you hoped to log is not logged successfully. The file name can be anything you like on Unix (nothing obliges you to place text into a file named plaintext.txt on Unix, though it isn't kind to put binary data there). On Windows, you might reasonably use a .bin extension, but I'm not sure that's mandated anywhere. I don't know why you can't open the file. Is it for reading or writing that it fails? What's the error in errno (strerror(errno))?
1 
logfile = fopen("sniff_data.txt","wb");

"wb" is write in binary mode.

Improve this answer

1 Comment

dont i have to change the extension of the file i mean 'sniff_data.bin' ??

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.