/* sniffy.c - smallest tcp packet sniffer out
 * non-promisc, interface independent
 * logs packets in <destip>.<destport> files
 * (c) 1999 by Mixter - http://members.xoom.com/i0wnu */

#include <signal.h>
#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <linux/if_ether.h>

#define BUFFER_SIZE 65535

char *getip (u_long in);

int 
main ()
{
  int rawSocket, check;
  char filename[256];
  FILE *fp;
  struct
    {
      struct iphdr ip;
      struct tcphdr tcp;
      char data[BUFFER_SIZE - sizeof (struct iphdr) - sizeof (struct tcphdr)];
    }
  Packet;

  if (geteuid ())
    {
      fprintf (stderr, "no superuser priviledges, sorry...\n");
      exit (-1);
    }

  switch (check = fork ())
    {
    case 0:
      break;
    default:
      printf ("sniffy by Mixter - going into background (%d)\n", check);
      exit (0);
    }

  rawSocket = socket (AF_INET, SOCK_RAW, IPPROTO_TCP);

  while (rawSocket)
    {
      check = read (rawSocket, &Packet, sizeof (Packet));
      if (check > 1 && Packet.ip.protocol == IPPROTO_TCP)
	{
	  snprintf (filename, sizeof (filename), "%s.%d",
		  getip (Packet.ip.daddr), ntohs (Packet.tcp.dest));
	  fp = fopen (filename, "a");

	  fprintf (fp, "%s.%d > %s.%d: tcp %d\n",
		 getip (Packet.ip.saddr), ntohs (Packet.tcp.source),
		   getip (Packet.ip.daddr), ntohs (Packet.tcp.dest),
		   strlen (Packet.data));
	  fprintf (fp, "%s\n", Packet.data);

	  fclose (fp);
          usleep(100000);
	}
    }

  fprintf (stderr, "raw socket error!\n");
  return 0;
}

char *
getip (u_long in)
{
  struct in_addr s;
  s.s_addr = in;
  return inet_ntoa (s);
}