Jump to content
Sign in to follow this  
Maelstrom

Help with some packet capturing

Recommended Posts

Maelstrom

Hello all,

Today I got bored, and decided to try and make a wireshark imposter in autoit.  I have no idea why I had to do it, I just know I had to.  So I got started, and found the WinPcap UDF for autoit.  I got started with it, but I am having some problems with it, that I cannot figure out.

This code should throw me the string that contains the current data for the devices that WinPcap can listen on:

#include <Winpcap.au3>
#include <Array.au3>

$start = _PcapSetup()
$devices = _PcapGetDeviceList()

MsgBox(0, "Winpcap test", _ArrayToString($devices))

But it returns me a blank array, obviously not the usable driver list.

Could someone help me out here, I am having som trouble lol.

Share this post


Link to post
Share on other sites
JohnOne

Why do you think that code should "throw you the string"?

I why do you think it's funny that you are "having som trouble"?

EDIT; There was a winpcap udf on here but I cannot find it any more.

Edited by JohnOne

AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites
Maelstrom

Why do you think that code should "throw you the string"?

I why do you think it's funny that you are "having som trouble"?

EDIT; There was a winpcap udf on here but I cannot find it any more.

Sorry if I wasn't clear.  Forgive me, english is not my first language.

My problem is simple.  Two functions from the winpcap UDF are not working the way expected by me.

This is the _PcapSetup() function

Func _PcapSetup()   ; return WinPCAP version as full text or -1 if winpcap is not installed, and opens dll
    If Not FileExists(@SystemDir & "\wpcap.dll") Then return -1
    global $Pcap_dll=DllOpen ( @SystemDir & "\wpcap.dll" )
    global $Pcap_errbuf = DLLStructCreate("char[256]")
    Global $Pcap_ptrhdr=0
    Global $Pcap_ptrpkt=0
    Global $Pcap_statV      ; Total volume captured
    Global $Pcap_statN      ; Total number of packets captured
    Global $Pcap_starttime  ; Start time of Capture
    global $Pcap_timebias = (2^32 - RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation", "ActiveTimeBias")) * 60
    Local $v = DllCall($Pcap_dll, "str:cdecl", "pcap_lib_version")
    if (@error > 0) Then return -1  
    return $v[0]
EndFunc

This is the _PcapGetDeviceList

Func _PcapGetDeviceList() ; returns 2D array with pcap devices (name;desc;mac;ipv4_addr;ipv4_netmask;ipv4_broadaddr;ipv6_addr;ipv6_netmask;ipv6_broadaddr;flags) or -1 if error
    Local $alldevs=DLLStructCreate("ptr")
    Local $r=DllCall($Pcap_dll, "int:cdecl", "pcap_findalldevs_ex", "str", "rpcap://", "ptr", 0, "ptr", DllStructGetPtr($alldevs), "ptr", DllStructGetPtr($Pcap_errbuf))
    if (@error > 0) Then return -1
    if $r[0]=-1 Then return -1
    Local $next=DllStructGetData($alldevs,1)
    Local $list[1][14]
    Local $i=0;
    while ($next<>0)
        Local $pcap_if = DllStructCreate("ptr next;ptr name;ptr desc;ptr addresses;uint flags",$next)
        Local $len_name = DllCall("kernel32.dll", "int", "lstrlen", "ptr", DllStructGetData($pcap_if,2))  
        Local $len_desc = DllCall("kernel32.dll", "int", "lstrlen", "ptr", DllStructGetData($pcap_if,3))    
        $list[$i][0]=DllStructGetData(DllStructCreate("char["&($len_name[0]+1)&"]",DllStructGetData($pcap_if,2)),1) 
        $list[$i][1]=DllStructGetData(DllStructCreate("char["&($len_desc[0]+1)&"]",DllStructGetData($pcap_if,3)),1) 
        Local $next_addr=DllStructGetData($pcap_if,"addresses")
        
        ; retrieve mac address
        Local $device=StringTrimLeft($list[$i][0],8)
        Local $snames = DllStructCreate("char Name["&(StringLen($device)+1)&"]")
        DllStructSetData($snames,1,$device)
        Local $handle=DllCall("packet.dll", "ptr:cdecl", "PacketOpenAdapter", "ptr", DllStructGetPtr($snames))  
        If IsPtr($handle[0]) Then
            Local $packetoiddata = DllStructCreate("ulong oid;ulong length;ubyte data[6]")
            DllStructSetData($packetoiddata,1,0x01010102)  ; OID_802_3_CURRENT_ADDRESS
            DllStructSetData($packetoiddata,2,6)
            Local $status=DllCall("packet.dll", "byte:cdecl", "PacketRequest", "ptr", $handle[0],"byte",0,"ptr",DllStructGetPtr($packetoiddata))
            If $status[0] Then
                Local $mac=DllStructGetData($packetoiddata,3)
                $list[$i][6]=StringMid($mac,3,2)&":"&StringMid($mac,5,2)&":"&StringMid($mac,7,2)&":"&StringMid($mac,9,2)&":"&StringMid($mac,11,2)&":"&StringMid($mac,13,2)
            EndIf       
            Local $nettype = DllStructCreate("uint type;uint64 speed")
            $status=DllCall("packet.dll", "byte:cdecl", "PacketGetNetType", "ptr", $handle[0], "ptr", DllStructGetPtr($nettype)) 
            If $status[0] Then
                $list[$i][5]=DllStructGetData($nettype,2)
            EndIf
            DllCall("packet.dll", "none:cdecl", "PacketCloseAdapter", "ptr", $handle[0])
        EndIf
        
        ; retrieve lintypes
        Local $pcap=_PcapStartCapture($list[$i][0],"host 1.2.3.4",0,32)
        If IsPtr($pcap) Then
            Local $types=_PcapGetLinkType($pcap)
            If IsArray($types) Then
                $list[$i][2]=$types[0]
                $list[$i][3]=$types[1]
                $list[$i][4]=$types[2]
            EndIf
            _PcapStopCapture($pcap)
        EndIf
        
        ; retrieve ip addresses
        while $next_addr<>0
            Local $pcap_addr = DllStructCreate("ptr next;ptr addr;ptr netmask;ptr broadaddr;ptr dst",$next_addr)            
            Local $j,$addr
            For $j=2 to 4
                $addr=_PcapSock2addr(DllStructGetData($pcap_addr,$j))
                If StringLen($addr)>15 Then 
                    $list[$i][$j+8]=$addr
                ElseIf StringLen($addr)>6 Then 
                    $list[$i][$j+5]=$addr
                EndIf
            Next
            $next_addr=DllStructGetData($pcap_addr,1)
        Wend
        
        $list[$i][13]=DllStructGetData($pcap_if,5)
        $next=DllStructGetData($pcap_if,1)
        $i+=1
        if $next<>0 Then Redim $list[$i+1][14]  
    Wend
    DllCall($Pcap_dll, "none:cdecl", "pcap_freealldevs", "ptr", DllStructGetData($alldevs,1))
    return $list
EndFunc

Does this clarify much for you?

Share this post


Link to post
Share on other sites
Maelstrom

What does _PcapSetup() return?

 

it is returning the string "4.1.3" like it should.

Share this post


Link to post
Share on other sites
Rajat231

HI,

I am also facing same issue while using func PcapGetDeviceList()

 

#include <Array.au3>
#include <Winpcap.au3>
;Comment: need Winpcap.au3
;Comment: opensource.grisambre.net/pcapau3/
; Comment:Displaying your device list with full information
$winpcap=_PcapSetup()   ; initialize winpcap
$pcap_devices=_PcapGetDeviceList()  ; get devices list
_ArrayDisplay($pcap_devices,"Devices list",-1,1) ; display it
_PcapFree() ;

 

The outcome is basically showing only one interface data (rather all interfaces) that too in off-format but the expectation is to get all the list of interfaces

 

Row|Col 0
[0]|rpcap://\Device\NPF_{2C3FCA5C-235F-4B65-B580-6313D58D76D1}
[1]|Network adapter 'VMware Virtual Ethernet Adapter' on local host
[2]|1
[3]|EN10MB
[4]|Ethernet
[5]|100000000
[6]|00:50:56:xx:xx:xx
[7]|192.168.xx.1
[8]|255.255.255.0
[9]|255.255.255.255
[10]|
[11]|
[12]|
[13]|0

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×