Example 10-2 shows the complete code for the Arpsniff tool we have been discussing. You should be able to compile this on most Linux distributions as follows:

                  gcc -o arpsniff arpsniff.c -lpcap

The -lpcap option instructs gcc to link the final binary tool against the pcap library.

Note that this has been developed on Gentoo Linux on x86, and with the removal of the pcap_breakloop call on Red Hat Enterprise Linux on x86. Although it should work on other Linux variants, it might not work on other Unix-like systems without a little tweaking.

Example 10-2. Arpsniff source code

#include <stdio.h> #include <unistd.h> #include <signal.h> #include <net/if.h> #include <pcap.h> #include <netinet/if_ether.h> /* ugly shortcut -- Ethernet packet headers are 14 bytes */ #define ETH_HEADER_SIZE 14 /* for the sake of clarity we'll use globals for a few things */ char *device; /* device to sniff on */ int verbose = 0; /* verbose output about device */ pcap_t *handle; /* handle for the opened pcap session */ /* gracefully handle a Control C */ void ctrl_c ( ) { printf ("Exiting\n"); pcap_breakloop (handle); /* tell pcap_loop or pcap_dispatch to stop capturing */ pcap_close(handle); exit (0); } /* usage */ void usage (char *name) { printf ("%s - simple ARP sniffer\n", name); printf ("Usage: %s [-i interface] [-l] [-v]\n", name); printf (" -i interface to sniff on\n"); printf (" -l list available interfaces\n"); printf (" -v print verbose info\n\n"); exit (1); } /* callback function to process ...

Get Network Security Tools now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.