Skip to content

Latest commit

 

History

History
129 lines (110 loc) · 3.46 KB

README.markdown

File metadata and controls

129 lines (110 loc) · 3.46 KB

Phpcap

The phpcap extension is a wrapper over libpcap for PHP.

Usage example:

/* Find possible devices and their associated addresses, if any */
var_dump(phpcap_findalldevs());
/*
array(4) {
  ["eth0"]=>
  array(3) {
    [0]=>
    string(7) "2.0.0.0"
    [1]=>
    string(14) "192.168.35.171"
    [2]=>
    string(7) "0.0.0.0"
  }
  ["wlan0"]=>
  array(2) {
    [0]=>
    string(7) "3.0.0.0"
    [1]=>
    string(7) "0.0.0.0"
  }
  ["any"]=>
  array(0) {
  }
  ["lo"]=>
  array(3) {
    [0]=>
    string(7) "1.0.0.0"
    [1]=>
    string(9) "127.0.0.1"
    [2]=>
    string(7) "0.0.0.0"
  }
}
*/

/* Create a resource with a device, you should need root access */
$r = phpcap_create('eth0');

/* Or create a resource in promiscuous mode */
$r = phpcap_create('eth0', PHPCAP_DEV_PROMISC);

/* If your device is wireless, you could use RFMON mode as well */
$r = phpcap_create('wlan0', PHPCAP_DEV_PROMISC | PHPCAP_DEV_RFMON);

/* You can set a filter for certain packets 
   Filter will be set for every future dispatch() call
   Filter syntax is pcap syntax, have a look at tcpdump man page for more info */
phpcap_setfilter($r, 'port 80');   // only capture packets on port 80

/* Use pcap_dispatch((resource) $pcap, (callback) $function, (int) $num_of_packet)
   to call a callback on each captured packet. */
phpcap_dispatch($r, function($rawpacket, $capture) { });

/* Use the last parameter to limit the number of packets to capture.
   The phpcap_dispatch() returns TRUE on success, FALSE otherwise */
phpcap_dispatch($r, function($rawpacket, $capture) { }, 150);

/* The callback is passed the raw packet as first argument, you can play with raw data : */
phpcap_dispatch($r, function($rawpacket) { 
          var_dump( unpack('H12macdest/H12macsrc/H4ethtype/H24/a4ipsrc/a4ipdest',$rawpacket) 
                                         });

/* Better use the second parameter which provides parsed data : */
phpcap_dispatch($r, function($rawpacket, $capture) { var_dump($capture) });
/*
array(4) {
  ["ether_type"]=>
  string(5) "Ox806"
  ["source_host"]=>
  string(11) "0:9:f:9:0:5"
  ["destination_host"]=>
  string(16) "ff:ff:ff:ff:ff:ff"
}
*/

/* If the packet is of type IP (0x800), then more info are available : */
phpcap_dispatch($r, function($rawpacket, $capture) { var_dump($capture) });
/*
array(4) {
  ["ether_type"]=>
  string(5) "Ox800"
  ["source_host"]=>
  string(11) "0:9:f:9:0:5"
  ["destination_host"]=>
  string(16) "b4:99:ba:56:7e:0"
  ["destination_ip"]=>
  string(12) "109.13.10.68"
  ["source_ip"]=>
  string(13) "101.46.99.111"
}
*/

/* You can reset a filter you previously set */
phpcap_resetfilter($r);

/* If you want to exit the callback, use phpcap_dispatch_break((resource) $pcap); */
phpcap_dispatch($r, function($packet, $cap) use ($r) { var_dump($cap); if(/*something*/) { phpcap_dispatch_break($r); }});

/* Time to get some stats : */
var_dump(phpcap_stats($r));
/*
array(2) {
  ["received_packets"]=>
  int(48)
  ["dropped_packets"]=>
  int(3)
}
*/

/* Finally, you may clean the resource with : */
phpcap_close($r);

Few notes :

Code is highly under development.