-
Notifications
You must be signed in to change notification settings - Fork 0
/
packet.c
99 lines (84 loc) · 2.32 KB
/
packet.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#include "packet.h"
#include<time.h>
char *get_tcp_info(const u_char *packet, char *buf);
const struct sniff_ethernet *ethernet; /* The ethernet header [1] */
const struct sniff_ip *ip; /* The IP header */
const struct sniff_tcp *tcp;
const char *payload;
int size_ip;
int size_tcp;
int size_payload;
char tmp[15];
void got_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *packet) {
char data_buf[2048] = "";
ethernet = (struct sniff_ethernet*)(packet);
ip = (struct sniff_ip*)(packet + SIZE_ETHERNET);
size_ip = IP_HL(ip)*4;
if(size_ip < 20) {
fprintf(stderr, "Invalid IP header length: %u bytes\n", size_ip);
return;
}
/*
const struct tm *tm = localtime(&(h->ts.tv_sec));
if(tm == NULL) {
fprintf(stderr, "ERROR");
return;
}
if(strftime(tmp, sizeof(tmp), "%Y%m%d-%H:%M:%S", tm) == 0) {
fprintf(stderr, "ERROR");
return;
}
*/
sprintf(data_buf, "%d", h->ts.tv_sec);
strcat(data_buf, "-");
sprintf(tmp, "%d", h->ts.tv_usec);
strsccat(data_buf,tmp);
sprintf(tmp, "%d", h->caplen);
strsccat(data_buf, tmp);
strsccat(data_buf, inet_ntoa(ip->ip_src));
strsccat(data_buf, inet_ntoa(ip->ip_dst));
/* determine protocol */
switch(ip->ip_p) {
case IPPROTO_TCP:
strsccat(data_buf, "TCP");
get_tcp_info(packet, data_buf);
break;
case IPPROTO_UDP:
strsccat(data_buf, "UDP");
break;
case IPPROTO_ICMP:
strsccat(data_buf, "ICMP");
break;
case IPPROTO_IP:
strsccat(data_buf, "IP");
break;
default:
strsccat(data_buf, "Others");
break;
}
printf("%s\n", data_buf);
return;
}
char *get_tcp_info(const u_char *packet, char *buf) {
tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip);
size_tcp = TH_OFF(tcp)*4;
if(size_tcp < 20) {
fprintf(stderr, "Invalid TCP hader length: %u bytes\n", size_tcp);
return;
}
sprintf(tmp, "%d", ntohs(tcp->th_sport));
strsccat(buf, tmp);
sprintf(tmp, "%d", ntohs(tcp->th_dport));
strsccat(buf, tmp);
if((tcp ->th_flags & TH_FIN) && (tcp->th_flags & TH_ACK)) {
strsccat(buf, "FA");
} else {
strsccat(buf, " ");
}
payload = (packet + SIZE_ETHERNET + size_ip + size_tcp);
size_payload = ntohs(ip->ip_len) - (size_ip + size_tcp);
if(size_payload > 0 ) {
print_http(payload, buf);
}
return buf;
}