Don't drop ICMPv4 packets in sniffer

Fixes https://github.com/bettercap/caplets/issues/11 insofar as the packets are now logged, but it doesn't provide useful interpretation of the payload yet.
2025-08-22 22:34:22 -07:00 · 2018-09-10 13:13:01 -07:00 · 2018-09-10 13:13:01 -07:00 · 3558170cdd
commit 3558170cdd
parent fc3e54a84c
1 changed files with 33 additions and 2 deletions
--- a/modules/net_sniff_parsers.go
+++ b/modules/net_sniff_parsers.go
@ -69,6 +69,31 @@ func udpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
 	}
 }

+// icmpParser logs ICMPv4 events when verbose, and does nothing otherwise.
+//
+// A useful improvement would be to log the ICMP code
+// and add meaningful interpretation of the payload based on code.
+func icmpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
+	if verbose {
+		icmp := pkt.Layer(layers.LayerTypeICMPv4)
+		layerType := icmp.LayerType().String()
+		NewSnifferEvent(
+			pkt.Metadata().Timestamp,
+			layerType,
+			vIP(ip.SrcIP),
+			vIP(ip.DstIP),
+			SniffData{
+				"Size": len(ip.Payload),
+			},
+			"%s %s > %s %s",
+			core.W(core.BG_DGRAY+core.FG_WHITE, layerType),
+			vIP(ip.SrcIP),
+			vIP(ip.DstIP),
+			core.Dim(fmt.Sprintf("%d bytes", len(ip.Payload))),
+		).Push()
+	}
+}
+
 func unkParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
 	if verbose {
 		NewSnifferEvent(
@ -105,9 +130,15 @@ func mainParser(pkt gopacket.Packet, verbose bool) bool {

 		tlayer := pkt.TransportLayer()
 		if tlayer == nil {
+			_, icmpOk := pkt.Layer(layers.LayerTypeICMPv4).(*layers.ICMPv4)
+			if icmpOk {
+				icmpParser(ip, pkt, verbose)
+				return true
+			} else {
 				log.Debug("Missing transport layer skipping packet.")
 				return false
 			}
+		}

 		if tlayer.LayerType() == layers.LayerTypeTCP {
 			tcpParser(ip, pkt, verbose)