From 3558170cdd7ccbdd020e0089c623c3318b561a93 Mon Sep 17 00:00:00 2001
From: eenblam <ben.a.elam@gmail.com>
Date: Mon, 10 Sep 2018 13:13:01 -0700
Subject: [PATCH] Don't drop ICMPv4 packets in sniffer

Fixes https://github.com/bettercap/caplets/issues/11 insofar as the
packets are now logged, but it doesn't provide useful interpretation of
the payload yet.
---
 modules/net_sniff_parsers.go | 35 +++++++++++++++++++++++++++++++++--
 1 file changed, 33 insertions(+), 2 deletions(-)

diff --git a/modules/net_sniff_parsers.go b/modules/net_sniff_parsers.go
index 88030c31..309dba18 100644
--- a/modules/net_sniff_parsers.go
+++ b/modules/net_sniff_parsers.go
@@ -69,6 +69,31 @@ func udpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
 	}
 }
 
+// icmpParser logs ICMPv4 events when verbose, and does nothing otherwise.
+//
+// A useful improvement would be to log the ICMP code
+// and add meaningful interpretation of the payload based on code.
+func icmpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
+	if verbose {
+		icmp := pkt.Layer(layers.LayerTypeICMPv4)
+		layerType := icmp.LayerType().String()
+		NewSnifferEvent(
+			pkt.Metadata().Timestamp,
+			layerType,
+			vIP(ip.SrcIP),
+			vIP(ip.DstIP),
+			SniffData{
+				"Size": len(ip.Payload),
+			},
+			"%s %s > %s %s",
+			core.W(core.BG_DGRAY+core.FG_WHITE, layerType),
+			vIP(ip.SrcIP),
+			vIP(ip.DstIP),
+			core.Dim(fmt.Sprintf("%d bytes", len(ip.Payload))),
+		).Push()
+	}
+}
+
 func unkParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
 	if verbose {
 		NewSnifferEvent(
@@ -105,8 +130,14 @@ func mainParser(pkt gopacket.Packet, verbose bool) bool {
 
 		tlayer := pkt.TransportLayer()
 		if tlayer == nil {
-			log.Debug("Missing transport layer skipping packet.")
-			return false
+			_, icmpOk := pkt.Layer(layers.LayerTypeICMPv4).(*layers.ICMPv4)
+			if icmpOk {
+				icmpParser(ip, pkt, verbose)
+				return true
+			} else {
+				log.Debug("Missing transport layer skipping packet.")
+				return false
+			}
 		}
 
 		if tlayer.LayerType() == layers.LayerTypeTCP {