/*
Gcc-lbsd-O3-O linuxanti. c
*/
/*
Network promiscuous Ethernet detector.
Linux 2.0.x/2.1.x, libc5 & glibc
-----------------------------------------
(C) 1998 savage@apostols.org
-----------------------------------------
Scan your subnet, and detect promiscuous
Windows & linuxes. It really works, not a joke.
-----------------------------------------
$ ID: neped. C, V 1.4 22:31:52 savage exp $
*/
# Include
# Include/* For nonblocking */
# Include
# Include/* Basic socket Definitions */
# Include/* For ifreq */
# Include/* iNet (3) functions */
# Define eth_p_arp 0x0806
# Define max_pack_len 2000
# Define ether_header_len 14
# Define arprequest 1
# Define arpreply 2
# Define Perr (s) fprintf (stderr, S)
Struct arp_struct
{
U_char dst_mac [6];
U_char src_mac [6];
U_short pkt_type;
U_short hw_type;
U_short pro_type;
U_char hw_len;
U_char pro_len;
U_short arp_op;
U_char sender_eth [6];
U_char sender_ip [4];
U_char target_eth [6];
U_char target_ip [4];
};
Union
{
U_char full_packet [max_pack_len];
Struct arp_struct arp_pkt;
}
A;
# Define full_packet A. full_packet
# Define arp_pkt A. arp_pkt
Char *
Inetaddr (u_int32_t IP)
{
Struct in_addr in;
In. s_addr = IP;
Return inet_ntoa (in );
}
Char *
Hwaddr (u_char * s)
{
Static char Buf [30];
Sprintf (BUF, "% 02x: % 02x: % 02x: % 02x: % 02x: % 02x", s [0], s [1], s [2], s [3],
S [4], s [5]);
Return Buf;
}
Void
Main (INT argc, char ** argv)
{
Int REC;
Int Len, from_len, rsflags;
Struct ifreq if_data;
Struct sockaddr from;
U_int8_t mymac [6];
U_int32_t myip, mynetmask, mybroadcast, IP, dip, SIP;
If (getuid ()! = 0)
{
Perr ("You must be root to run this program! /N ");
Exit (0 );
}
If (argc! = 2)
{
Fprintf (stderr, "Usage: % s eth0/N", argv [0]);
Exit (0 );
}
If (Rec = socket (af_inet, sock_packet, htons (eth_p_arp) <0)
{
Perror ("socket ");
Exit (0 );
}
Printf ("----------------------------------------------------------/N ");
Strcpy (if_data.ifr_name, argv [1]);
If (IOCTL (REC, siocgifhwaddr, & if_data) <0 ){
Perr ("can't get HW addres of my interface! /N ");
Exit (1 );
}
Memcpy (mymac, if_data.ifr_hwaddr.sa_data, 6 );
Printf (">; my hw addr: % s/n", hwaddr (mymac ));
If (IOCTL (REC, siocgifaddr, & if_data) <0 ){
Perr ("Can't Get IP addres of my interface! /N ");
Exit (1 );
}
Memcpy (void *) & IP, (void *) & if_data.ifr_addr.sa_data + 2, 4 );
Myip = ntohl (IP );
Printf (">; my ip addr: % s/n", inetaddr (IP ));
If (IOCTL (REC, siocgifnetmask, & if_data) <0)
Perr ("can't get netmask addres of my interface! /N ");
Memcpy (void *) & IP, (void *) & if_data.ifr_netmask.sa_data + 2, 4 );
Mynetmask = ntohl (IP );
Printf (">; my netmask: % s/n", inetaddr (IP ));
If (IOCTL (REC, siocgifbrdaddr, & if_data) <0)
Perr ("can't get broadcast addres of my interface! /N ");
Memcpy (void *) & IP, (void *) & if_data.ifr_broadaddr.sa_data + 2, 4 );
Mybroadcast = ntohl (IP );
Printf (">; my broadcast: % s/n", inetaddr (IP ));
If (rsflags = fcntl (REC, f_getfl) =-1)
{
Perror ("fcntl f_getfl ");
Exit (1 );
}
If (fcntl (REC, f_setfl, rsflags | o_nonblock) =-1)
{
Perror ("fcntl f_setfl ");
Exit (1 );
}
Printf ("----------------------------------------------------------/N ");
Printf (">; scanning.../N ");
For (DIP = (myip & mynetmask) + 1; dip <mybroadcast; dip ++)
{
Bzero (full_packet, max_pack_len );
Memcpy (arp_pkt.dst_mac, "/255/255/255/255/255/0", 6);/* FF: 00
*/
/* Only change this line! */
Memcpy (arp_pkt.src_mac, mymac, 6 );
Arp_pkt.pkt_type = htons (eth_p_arp );
Arp_pkt.hw_type = htons (0x0001 );
Arp_pkt.hw_len = 6;
Arp_pkt.pro_type = htons (0x0800 );
Arp_pkt.pro_len = 4;
Arp_pkt.arp_op = htons (arprequest );
Memcpy (arp_pkt.sender_eth, mymac, 6 );
IP = htonl (myip );
Memcpy (arp_pkt.sender_ip, & IP, 4 );
Memcpy (arp_pkt.tar get_eth, "/0/0/0/0/0/0", 6 );
IP = htonl (DIP );
Memcpy (arp_pkt.tar get_ip, & IP, 4 );
Strcpy (from. sa_data, argv [1]);
From. sa_family = 1;
If (sendto (REC, full_packet, sizeof (struct arp_struct), 0, & from,
Sizeof (from) <0)
Perror ("sendto ");
Usleep (50 );
Len = recvfrom (REC, full_packet, max_pack_len, 0, & from, & from_len );
If (LEN <= ether_header_len)
Continue;
Memcpy (& IP, arp_pkt.target_ip, 4 );
Memcpy (& sip, arp_pkt.sender_ip, 4 );
If (ntohs (arp_pkt.arp_op) = arpreply
& Amp; ntohl (IP) = myip
& (Dip-ntohl (SIP) >;= 0)
& (Dip-ntohl (SIP) <= 2 ))
{
Printf ("*>; host % s, % s ***** promiscuous mode detected !!! /N ",
Inetaddr (SIP ),
Hwaddr (arp_pkt.sender_eth ));
}
}
Printf (">; end./N ");
Exit (0 );
}
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
