Sniffer - ICMP v1.0

• To be able to read from the raw socket the reply, use instead of IPPROTO_RAW - IPPROTO_ICMP: socket (AF_INET, SOCK_RAW, IPPROTO_ICMP);

• Do not "cook" IP-header - delete that code. Thus, with IPPROTO_ICMP the application is in charge only for ICMP packet, header and data, not for the IPheader.

• "Cook" and add only ICMP, whereas kernel will add IPv4 header by itself.

• Remove setsockopt() IP_HDRINCL since we are not "cooking" the IP-header

• When receiving, though, we are getting the whole IP packet and must extract the
  ICMP reply.

• Note, that you get a copy of all ICMP packets sent to the host and should filter
  the relevant.

• Check the sent ICMP packet in Wireshark. If the checksum is not correct (zero),
  you missed to remove IP-header offset in ICMP-header checksum copying or
  calculations.

Sniffer - HeaderDecode v1.0

This sniffer receives all of the IP headers along with any higher protocols such as TCP, UDP, or ICMP. The information is packed into binary form, and as shown above, is quite difficult to understand. We are now going to work on decoding the IP portion of a packet so that we can pull useful information out such as the protocol type (TCP, UDP, ICMP), and the source and destination IP addresses. This will be the foundation for you to start creating further protocol parsing later on. If we examine what an actual packet looks like on the network, you will have an understanding of how we need to decode the incoming packets. Refer to Figure 3-1 for the makeup of an IP header.

SnifferBasic v1.3

What is this tool?

A sniffer (also known as network analyzer or packet analyzer) is a software or hardware that can intercept and log traffic on a network. The tool captures each packet that flows across the infrastructure and analyzes its content.

MailSniffer v0.3

• A simple mail sniffer