-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathwireshark.cpp
92 lines (77 loc) · 1.75 KB
/
wireshark.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#include<stdio.h>
#include <pcap/pcap.h>
#include <unistd.h>
#include <string.h>
int output;
/*
* Standard libpcap format.
*/
#define TCPDUMP_MAGIC 0xa1b2c3d4
void write_pcap_header(void)
{
struct pcap_file_header hdr;
hdr.magic = TCPDUMP_MAGIC;
hdr.version_major = PCAP_VERSION_MAJOR;
hdr.version_minor = PCAP_VERSION_MINOR;
hdr.thiszone = 0;
hdr.sigfigs = 3; /* milliseconds */
hdr.snaplen = 100;
hdr.linktype = DLT_USER0;
write(output,&hdr, sizeof(hdr));
}
#if defined( _POSIX_SOURCE) || defined(__APPLE__)
static pid_t ws_pid;
extern "C" pid_t popen2(const char *shell_cmd, int *p_fd_in, int *p_fd_out);
#endif
#pragma pack(1)
struct pcap_pkthdr_safe
{
unsigned int tv_sec;
unsigned int tv_usec;
bpf_u_int32 caplen; /* length of portion present */
bpf_u_int32 len; /* length this packet (off wire) */
};
#ifndef ETH_HLEN
#define ETH_HLEN 14
#endif
void write_wiresark(unsigned char *f, unsigned char len,int rfspeed)
{
struct pcap_pkthdr_safe pkt;
static size_t rx_count = 0;
char buf[1500];
char* p;
//struct ether_header* eth = (struct ether_header*) buf;
memset(buf, 0, sizeof(buf));
p=buf;
*p++ = rfspeed;
*p++ = 0;
*p++ = 0;
memcpy(p, (char*) f, len);
pkt.tv_sec = 0;
pkt.tv_usec = 0;
pkt.caplen = len + 3;
pkt.len = pkt.caplen;
write(output,&pkt, sizeof(pkt));
write(output,&buf, pkt.caplen);
#if defined( _POSIX_SOURCE)
syncfs(output);
#endif
rx_count++;
printf("Got %6u\r", (unsigned int)rx_count);
fflush(stderr);
}
int open_wirreshark()
{
int dummy;
if(!output)
{
ws_pid = popen2("wireshark -k -i -",&output,&dummy);
if(output==0)
{
perror("Unable to open wireshark\n");
return 1;
}
}
write_pcap_header();
return 0;
}