[转载]一个Linux下抓包软件(源码)
信息来源:elfhack.whitecell.org
1
//
有记录几种攻击的功能,具体什么攻击看了程序就知道了。:)
2
//
myxray.c V0.2
3
#include
<
sys
/
socket.h
>
4
#include
<
sys
/
types.h
>
5
#include
<
stdio.h
>
6
#include
<
errno.h
>
7
#include
<
sys
/
ioctl.h
>
8
#include
<
net
/
if
.h
>
9
#include
<
signal.h
>
10
#include
<
netinet
/
ip.h
>
11
#include
<
netinet
/
in
.h
>
12
#include
<
string
.h
>
13
#include
<
arpa
/
inet.h
>
14
#include
<
netinet
/
if_ether.h
>
15
#include
<
netinet
/
ip_icmp.h
>
16
#include
<
time.h
>
17
#include
<
netinet
/
igmp.h
>
18
#define
__FAVOR_BSD
19
#include
<
netinet
/
tcp.h
>
20
#include
<
netdb.h
>
21
#include
<
netinet
/
udp.h
>
22
#define
PACKET_SIZE 4096
23
#define
ETH_HW_ADDR_LEN 6
24
#define
IP_ADDR_LEN 4
25
#define
LOWCOUNTER 10
26
#define
MAX(a,b) ((a)>(b)?(a):(b))
27
struct
arp_packet
28
{
29
u_char targ_hw_addr[ETH_HW_ADDR_LEN];
30
u_char src_hw_addr[ETH_HW_ADDR_LEN];
31
u_short frame_type;
32
u_short hw_type;
33
u_short prot_type;
34
u_char hw_addr_size;
35
u_char prot_addr_size;
36
u_short op;
37
u_char sndr_hw_addr[ETH_HW_ADDR_LEN];
38
u_char sndr_ip_addr[IP_ADDR_LEN];
39
u_char rcpt_hw_addr[ETH_HW_ADDR_LEN];
40
u_char rcpt_ip_addr[IP_ADDR_LEN];
41
u_char padding[
18
];
42
}
;
43
void
leave();
44
char
*
hwaddr (unsigned
char
*
,
char
*
);
45
void
writearpbuf(FILE
*
,
char
*
,
int
);
//
写一个arpbuf到fd中
46
void
writetcpbuf(FILE
*
,
char
*
,
int
);
47
void
writeudpbuf(FILE
*
,
char
*
,
int
);
48
void
writeigmpbuf(FILE
*
,
char
*
,
int
);
49
void
writeicmpbuf(FILE
*
,
char
*
,
int
);
50
51
int
fd_recv
=
-
1
;
52
time_t one,two,temptime;
53
char
arpbufone[PACKET_SIZE];
54
char
tcpbufone[PACKET_SIZE];
55
char
udpbufone[PACKET_SIZE];
56
char
igmpbufone[PACKET_SIZE];
57
char
icmpbufone[PACKET_SIZE];
58
int
arpcounter
=
0
,tcpcounter
=
0
,igmpcounter
=
0
,icmpcounter
=
0
,udpcounter
=
0
;
59
char
writebuf[PACKET_SIZE];
60
FILE
*
waringfd;
61
unsigned
int
total
=
0
,totalarp
=
0
,disarp
=
0
,totaltcp
=
0
,distcp
=
0
,
62
totaludp
=
0
,disudp
=
0
,totalicmp
=
0
,disicmp
=
0
,totaligmp
=
0
,disigmp
=
0
;
63
struct
ifreq ifr,ifr_old;
64
65
main(
int
argc,
char
*
argv[])
66
{
67
char
device[]
=
"
eth0
"
;
//
ethernet device name
68
char
protocol[
16
];
69
u_char buf_recv[PACKET_SIZE];
//
buffer for receive
70
int
ihl;
71
int
ethprotol;
72
int
ipfragoff,df,mf;
73
int
protol;
74
char
buf1[
20
],buf2[
20
],buf3[
20
],buf4[
20
];
75
char
strptr[
255
];
76
char
*
srcaddr,
*
dstaddr;
77
struct
ethhdr
*
eth ;
78
struct
arp_packet
*
arphead;
79
struct
udphdr
*
udp;
80
struct
icmp
*
icmphdr;
81
struct
iphdr
*
ip;
82
struct
tcphdr
*
tcp1;
83
char
*
flagsmes;
84
int
flags;
85
struct
igmp
*
igmp1;
86
struct
in_addr in1;
87
struct
in_addr in2;
88
int
from_len, datalen;
89
struct
sockaddr from;
90
int
arpenable
=
0
;
91
int
tcpenable
=
0
;
92
int
icmpenable
=
0
;
93
int
igmpenable
=
0
;
94
int
loenable
=
0
;
95
int
udpenable
=
0
;
96
char
*
tcpflag
=
NULL;
97
int
c;
98
char
*
dstip
=
NULL;
99
char
*
srcip
=
NULL;
100
extern
char
*
optarg;
101
extern
int
optind;
102
const
char
103
message[]
=
104
"
-a
105
display arp packet
106
-
t
107
display tcp packet
108
-
f one of RST FIN SYN PUSH ACK URG
109
display only tcpflag tcp packet
110
-
u
111
display udp packet
112
-
i
113
display icmp packet
114
-
g
115
display igmp packet
116
-
A
117
display all packet
118
-
l
119
also display lo layer packet
120
-
s srcip
121
display srcip packet
122
-
d dstip
123
display dstip packet
124
Welcome to use myxray which writed by sztcww Good Luck
"
;
125
126
if
(argc
==
1
)
{
127
printf(
"
%s\n
"
,message);
128
exit(
-
1
);
129
}
130
131
while
((c
=
getopt(argc, argv,
"
Aatugil?s:d:f:
"
))
!=
EOF)
132
switch
(c)
{
133
case
'
A
'
:
134
tcpenable
=
1
;
135
udpenable
=
1
;
136
icmpenable
=
1
;
137
igmpenable
=
1
;
138
arpenable
=
1
;
139
break
;
140
case
'
d
'
:
141
dstip
=
optarg;
142
break
;
143
case
'
s
'
:
144
srcip
=
optarg;
145
break
;
146
case
'
f
'
:
147
tcpflag
=
optarg;
148
break
;
149
case
'
a
'
:
150
arpenable
=
1
;
151
break
;
152
case
'
t
'
:
153
tcpenable
=
1
;
154
break
;
155
case
'
i
'
:
156
icmpenable
=
1
;
157
break
;
158
case
'
g
'
:
159
igmpenable
=
1
;
160
break
;
161
case
'
u
'
:
162
udpenable
=
1
;
163
break
;
164
case
'
l
'
:
165
loenable
=
1
;
166
break
;
167
case
'
?
'
:
168
printf(
"
%s\n
"
,message);
169
exit(
-
1
);
170
}
171
172
if
( (waringfd
=
fopen(
"
myxray.waring
"
,
"
a+
"
))
==
NULL)
173
{
174
perror(
"
fopen
"
);
175
exit(
-
1
);
176
}
177
fd_recv
=
socket(AF_INET, SOCK_PACKET, htons(
0x0003
));
178
if
(fd_recv
<
0
)
{ perror(
"
packet socket error
"
); exit(
-
1
); }
179
strcpy(ifr.ifr_name, device);
180
if
(ioctl(fd_recv, SIOCGIFFLAGS,
&
ifr)
<
0
)
181
{
182
perror(
"
ioctl SIOCGIFFLAGS error
"
);
183
if
(fd_recv
>=
0
) close(fd_recv);
184
exit(
-
1
);
185
}
186
ifr_old
=
ifr;
187
ifr.ifr_flags
|=
IFF_PROMISC;
188
if
(ioctl(fd_recv, SIOCSIFFLAGS,
&
ifr)
<
0
)
189
{
190
perror(
"
ioctl SIOCSIFFLAGS error
"
);
191
if
(fd_recv
>=
0
) close(fd_recv);
192
exit(
-
1
);
193
}
194
195
signal(SIGINT, leave);
196
signal(SIGTERM, leave);
197
198
one
=
time(NULL);
199
AGAIN:
200
bzero(
&
from,
sizeof
(from));
201
from_len
=
sizeof
(from);
202
bzero(buf_recv, PACKET_SIZE);
203
datalen
=
recvfrom(fd_recv, (
char
*
)buf_recv,
4096
,
0
,
&
from,
&
from_len);
204
if
(datalen
<
0
)
205
{
206
perror(
"
recvfrom error
"
);
207
exit(
-
1
);
208
}
209
total
++
;
210
buf_recv[datalen]
=
'
\0
'
;
211
if
(loenable
==
0
)
212
if
(strcmp(device, from.sa_data)
!=
0
)
goto
AGAIN;
213
eth
=
(
struct
ethhdr
*
)buf_recv;
214
ethprotol
=
ntohs(eth
->
h_proto);
215
if
(ethprotol
==
0x0806
)
216
{
217
arphead
=
(
struct
arp_packet
*
)buf_recv;
218
memcpy(
&
in1,arphead
->
sndr_ip_addr, IP_ADDR_LEN);
219
memcpy(
&
in2,arphead
->
rcpt_ip_addr, IP_ADDR_LEN);
220
srcaddr
=
inet_ntoa(in1);
221
dstaddr
=
(
char
*
)inet_ntop(AF_INET,
&
in2,strptr,
sizeof
(strptr));
222
223
totalarp
++
;
224
225
if
( (
!
memcmp(srcaddr,dstaddr,MAX(strlen(srcaddr),strlen(dstaddr))))
&&
226
(memcmp(hwaddr(arphead
->
rcpt_hw_addr,buf1),
"
00:00:00:00:00:00
"
,
17
)) )
227
writearpbuf(waringfd,buf_recv,
1
);
228
/**/
/*
纪录arp包中srcaddr,dstaddr相同的数据包
*/
229
else
230
{
231
if
( memcmp(buf_recv,arpbufone,datalen)
==
0
) arpcounter
++
;
232
else
233
{
234
if
(arpcounter
>
LOWCOUNTER)
235
/**/
/*
纪录连续抓到的,arpcounter>LOWCOUNTER的arp包
*/
236
{
237
writearpbuf(waringfd,arpbufone,arpcounter
+
1
);
238
}
239
memcpy(arpbufone,buf_recv,datalen);
240
arpcounter
=
0
;
241
}
//
end else
242
}
//
end else
243
}
244
if
((ethprotol
==
0x0806
)
&&
(arpenable))
245
{
//
arp
246
if
( ( (dstip
==
NULL)
||
(strcmp(dstaddr,dstip)
==
0
) )
&&
247
((srcip
==
NULL)
||
(strcmp(srcaddr,srcip)
==
0
) ) )
248
{
249
temptime
=
time(NULL);
250
printf(
"
Recorded %sethhdr\nsrchw:%s--->dsthw:%s proto:%xH\n
"
,
251
ctime(
&
temptime),hwaddr(eth
->
h_source,buf1),hwaddr(eth
->
h_dest,buf2),ethprotol);
252
printf(
"
arphdr\nhwtype:%d protol:%xH hw_size:%d pro_size:%d op:%d\ns_ha:% s s_ip:%s\nd_ha:%s d_ip:%s\n
"
,
253
ntohs(arphead
->
hw_type),ntohs(arphead
->
prot_type),
254
arphead
->
hw_addr_size, arphead
->
prot_addr_size,
255
ntohs(arphead
->
op), hwaddr(arphead
->
sndr_hw_addr,buf1),
256
srcaddr, hwaddr(arphead
->
rcpt_hw_addr,buf2),dstaddr);
257
printf(
"
-----------------------------------------------------------\n
"
);
258
disarp
++
;
259
}
260
goto
AGAIN;
261
}
//
end arp
262
263
if
(ethprotol
==
0x0800
)
264
{
//
ip
265
ip
=
(
struct
iphdr
*
)
&
buf_recv[
14
];
266
ihl
=
(
int
)ip
->
ihl
<<
2
;
267
in1.s_addr
=
ip
->
saddr;
268
in2.s_addr
=
ip
->
daddr;
269
srcaddr
=
inet_ntoa(in1);
270
dstaddr
=
(
char
*
)inet_ntop(AF_INET,
&
in2,strptr,
sizeof
(strptr));
271
//
iphdr
272
protol
=
ip
->
protocol;
273
ipfragoff
=
ntohs(ip
->
frag_off);
274
df
=
ipfragoff
&
IP_DF;
275
mf
=
ipfragoff
&
IP_MF;
276
if
(df
!=
0
) df
=
1
;
277
if
(mf
!=
0
) mf
=
1
;
278
279
protol
=
ip
->
protocol;
280
281
switch
(protol)
282
{
283
case
6
:totaltcp
++
;
284
tcp1
=
(
struct
tcphdr
*
)
&
buf_recv[
14
+
ihl];
285
flags
=
tcp1
->
th_flags;
286
if
(flags
&
TH_PUSH) flagsmes
=
"
PUSH
"
;
287
if
(flags
&
TH_ACK) flagsmes
=
"
ACK
"
;
288
if
(flags
&
TH_URG) flagsmes
=
"
URG
"
;
289
if
(flags
&
TH_FIN) flagsmes
=
"
FIN
"
;
290
if
(flags
&
TH_SYN) flagsmes
=
"
SYN
"
;
291
if
(flags
&
TH_RST) flagsmes
=
"
RST
"
;
292
293
if
(
!
memcmp(buf_recv,tcpbufone,datalen))
294
tcpcounter
++
;
295
else
296
{
297
if
(tcpcounter
>
LOWCOUNTER)
298
{
299
writetcpbuf(waringfd,tcpbufone,tcpcounter);
300
}
301
tcpcounter
=
0
;
302
memcpy(tcpbufone,buf_recv,datalen);
303
}
304
break
;
305
case
1
: totalicmp
++
;
306
icmphdr
=
(
struct
icmp
*
)
&
buf_recv[
14
+
ihl];
307
if
(
!
memcmp(buf_recv,icmpbufone,datalen))
308
icmpcounter
++
;
309
else
310
{
311
if
(icmpcounter
>
LOWCOUNTER)
312
{
313
writeicmpbuf(waringfd,icmpbufone,icmpcounter);
314
}
315
icmpcounter
=
0
;
316
memcpy(icmpbufone,buf_recv,datalen);
317
}
318
break
;
319
case
17
:totaludp
++
;
320
udp
=
(
struct
udphdr
*
)
&
buf_recv[
14
+
ihl];
321
if
(
!
memcmp(buf_recv,udpbufone,datalen))
322
udpcounter
++
;
323
else
324
{
325
if
(udpcounter
>
LOWCOUNTER)
326
{
327
writeudpbuf(waringfd,udpbufone,udpcounter);
328
}
329
udpcounter
=
0
;
330
memcpy(udpbufone,buf_recv,datalen);
331
}
332
break
;
333
case
2
:totaligmp
++
;
334
igmp1
=
(
struct
igmp
*
)
&
buf_recv[
14
+
ihl];
335
if
(
!
memcmp(inet_ntoa(igmp1
->
igmp_group),
"
0.0.0.0
"
,
7
))
336
writeigmpbuf(waringfd,buf_recv,
1
);
337
else
338
{
339
if
(
!
memcmp(buf_recv,igmpbufone,datalen))
340
igmpcounter
++
;
341
else
342
{
343
if
(igmpcounter
>
LOWCOUNTER)
344
{
345
writeigmpbuf(waringfd,igmpbufone,igmpcounter); }
346
igmpcounter
=
0
;
347
memcpy(igmpbufone,buf_recv,datalen);
348
}
349
}
350
break
;
351
}
352
353
if
(((dstip
==
NULL)
||
(strcmp(dstaddr,dstip)
==
0
))
&&
354
((srcip
==
NULL)
||
(strcmp(srcaddr,srcip)
==
0
)))
355
{
356
if
((protol
==
6
)
&&
(tcpenable))
357
{
//
tcp
358
if
(tcpflag
!=
NULL)
359
if
(strcmp(tcpflag,flagsmes))
goto
AGAIN;
360
//
do with ethhdr data
361
temptime
=
time(NULL);
362
printf(
"
Recorded %sethhdr\nsrchw:%s--->dsthw:%s proto:%xH\n
"
,
363
ctime(
&
temptime),hwaddr(eth
->
h_source,buf1), hwaddr(eth
->
h_dest,buf2),
364
ethprotol);
365
//
iphdr
366
printf(
"
iphdr\nver:%d ihl:%d tos:%d tot_len:%d id:%d df:%d mf:%d fragoff:%d TTL:%d proto:%d\nsrcaddr:%s dstaddr:%s\n
"
,
367
ip
->
version,ip
->
ihl, ip
->
tos,ntohs(ip
->
tot_len),
368
ntohs(ip
->
id),df,mf,ipfragoff
&
IP_OFFMASK,ip
->
ttl,
369
protol,srcaddr,dstaddr);
370
//
tcphdr
371
printf(
"
tcphdr\nsrcport:%d dstport:%d seq:%u ack:%u off:%d flag:%s win:%d\n
"
,
372
ntohs(tcp1
->
th_sport),ntohs(tcp1
->
th_dport),
373
ntohl(tcp1
->
th_seq),ntohl(tcp1
->
th_ack),tcp1
->
th_off,
374
flagsmes,ntohs(tcp1
->
th_win));
375
printf(
"
-----------------------------------------------------------\n
"
);
376
distcp
++
;
377
}
//
end tcp
378
379
if
((protol
==
1
)
&&
(icmpenable))
380
{
//
icmp
381
temptime
=
time(NULL);
382
printf(
"
Recorded %sethhdr\nsrchw:%s--->dsthw:%s proto:%xH\n
"
,
383
ctime(
&
temptime),hwaddr(eth
->
h_source,buf1), hwaddr(eth
->
h_dest,buf2),
384
ethprotol);
385
printf(
"
iphdr\nver:%d ihl:%d tos:%d tot_len:%d id:%d df:%d mf:%d fragoff:%d TTL:%d proto:%d\nsrcaddr:%s dstaddr:%s\n
"
,
386
ip
->
version,ip
->
ihl, ip
->
tos,ntohs(ip
->
tot_len),
387
ntohs(ip
->
id),df,mf,ipfragoff
&
IP_OFFMASK,ip
->
ttl,
388
protol,srcaddr,dstaddr);
389
printf(
"
icmp\ntype:%d code:%d\n
"
,icmphdr
->
icmp_type,
390
icmphdr
->
icmp_code);
391
printf(
"
-----------------------------------------------------------\n
"
);
392
disicmp
++
;
393
}
//
end icmp
394
395
if
((protol
==
17
)
&&
(udpenable))
396
{
//
udphdr
397
temptime
=
time(NULL);
398
printf(
"
Recored %sethhdr\nsrchw:%s--->dsthw:%s proto:%xH\n
"
,
399
ctime(
&
temptime),hwaddr(eth
->
h_source,buf1), hwaddr(eth
->
h_dest,buf2),
400
ethprotol);
401
402
printf(
"
iphdr\nver:%d ihl:%d tos:%d tot_len:%d id:%d df:%d mf:%d fragoff:%d TTL:%d proto:%d\nsrcaddr:%s dstaddr:%s\n
"
,
403
ip
->
version,ip
->
ihl, ip
->
tos,ntohs(ip
->
tot_len),
404
ntohs(ip
->
id),df,mf,ipfragoff
&
IP_OFFMASK,ip
->
ttl,
405
protol,srcaddr,dstaddr);
406
407
printf(
"
udphdr\nsport:%d dsport:%d len:%d\n
"
,
408
ntohs(udp
->
uh_sport), ntohs(udp
->
uh_dport),
409
ntohs(udp
->
uh_ulen));
410
printf(
"
-----------------------------------------------------------\n
"
);
411
disudp
++
;
412
}
//
end udp
413
414
if
((protol
==
2
)
&&
(igmpenable))
415
{
//
igmp
416
temptime
=
time(NULL);
417
printf(
"
Recored %sethhdr\nsrchw:%s--->dsthw:%s proto:%xH\n
"
,
418
ctime(
&
temptime),hwaddr(eth
->
h_source,buf1), hwaddr(eth
->
h_dest,buf2),
419
ethprotol);
420
421
printf(
"
iphdr\nver:%d ihl:%d tos:%d tot_len:%d id:%d df:%d mf:%d fragoff:%d TTL:%d proto:%d\nsrcaddr:%s dstaddr:%s\n
"
,
422
ip
->
version,ip
->
ihl, ip
->
tos,ntohs(ip
->
tot_len),
423
ntohs(ip
->
id),df,mf,ipfragoff
&
IP_OFFMASK,ip
->
ttl,
424
protol,srcaddr,dstaddr);
425
426
printf(
"
igmphdr\ntype:%d code:%d group_addr:%s\n
"
,
427
igmp1
->
igmp_type,igmp1
->
igmp_code,
428
inet_ntoa(igmp1
->
igmp_group));
429
430
printf(
"
-----------------------------------------------------------\n
"
);
431
disigmp
++
;
432
}
//
end igmp
433
434
fflush(stdout);
435
}
//
endif strcmp
436
}
//
endif ip
437
438
goto
AGAIN;
439
440
}
//
end main
441
442
char
*
443
hwaddr (unsigned
char
*
s,
char
*
d)
444
{
445
sprintf (d,
"
%02X:%02X:%02X:%02X:%02X:%02X
"
, s[
0
], s[
1
], s[
2
], s[
3
],
446
s[
4
], s[
5
]);
447
return
d;
448
}
449
450
void
leave()
451
{
452
if
(ioctl(fd_recv, SIOCSIFFLAGS,
&
ifr_old)
<
0
)
{
453
perror(
"
ioctl SIOCSIFFLAGS error
"
);
454
}
455
if
(fd_recv
>
0
) close(fd_recv);
456
two
=
time(NULL);
457
fclose(waringfd);
458
printf(
"
total received %u packets\n
"
,total);
459
printf(
"
tcp packets %u, display %u, speed is %u /second\n
"
,totaltcp,distcp,totaltcp
/
(two
-
one));
460
printf(
"
udp packets %u, display %u, speed is %u /second\n
"
,totaludp,disudp,totaludp
/
(two
-
one));
461
printf(
"
arp packets %u, display %u, speed is %u /second\n
"
,totalarp,disarp,totalarp
/
(two
-
one));
462
printf(
"
icmp packets %u, display %u, speed is %u /second\n
"
,totalicmp,disicmp,totalicmp
/
(two
-
one));
463
printf(
"
igmp packets %u, display %u, speed is %u /second\n
"
,totaligmp,disigmp,totaligmp
/
(two
-
one));
464
465
printf(
"
process terminamted.\n
"
);
466
exit(
0
);
467
}
468
469
void
writearpbuf(FILE
*
fd,
char
*
p,
int
counter)
470
{
471
struct
arp_packet
*
arphead;
472
struct
in_addr in2,in1;
473
char
*
srcaddr,
*
dstaddr;
474
time_t temptime;
475
char
strptr[
255
];
476
char
buf1[
20
],buf2[
20
],buf3[
20
],buf4[
20
];
477
int
ethprotol;
478
temptime
=
time(NULL);
479
arphead
=
(
struct
arp_packet
*
)p;
480
ethprotol
=
ntohs(arphead
->
frame_type);
481
memcpy(
&
in1,arphead
->
sndr_ip_addr, IP_ADDR_LEN);
482
memcpy(
&
in2,arphead
->
rcpt_ip_addr, IP_ADDR_LEN);
483
srcaddr
=
inet_ntoa(in1);
484
dstaddr
=
(
char
*
)inet_ntop(AF_INET,
&
in2,strptr,
sizeof
(strptr));
485
486
snprintf(writebuf,PACKET_SIZE,
"
This arp packet catch %d times continuous\nrecorded %sethhdr\nsrchw:%s--->dsthw:%s proto:%xH
487
arphdr\nhwtype:
%
d protol:
%
xH hw_size:
%
d pro_size:
%
d op:
%
d\ns_ha:
%
s s_ip:
%
s\nd_ha:
%
s d_ip:
%
s
488
-----------------------------------------------------------
\n
"
,counter,ctime(&temptime), hwaddr(arphead->src_hw_addr,buf1),hwaddr(arphead->targ_hw_addr,buf2),ethprotol,
489
ntohs(arphead
->
hw_type),ntohs(arphead
->
prot_type),
490
arphead
->
hw_addr_size, arphead
->
prot_addr_size,
491
ntohs(arphead
->
op), hwaddr(arphead
->
sndr_hw_addr,buf3), srcaddr, hwaddr(arphead
->
rcpt_hw_addr,buf4),dstaddr);
492
fwrite(writebuf,strlen(writebuf),
1
,fd);
493
494
}
495
496
497
void
writetcpbuf(FILE
*
fd,
char
*
p,
int
counter)
498
{
499
struct
ethhdr
*
eth ;
500
struct
iphdr
*
ip;
501
struct
tcphdr
*
tcp1;
502
char
*
flagsmes;
503
int
flags;
504
struct
in_addr in1,in2;
505
int
ethprotol;
506
int
ihl,df,mf,ipfragoff;
507
char
*
srcaddr,
*
dstaddr;
508
int
protol;
509
char
strptr[
255
];
510
char
buf1[
20
],buf2[
20
];
511
eth
=
(
struct
ethhdr
*
)p;
512
ethprotol
=
ntohs(eth
->
h_proto);
513
ip
=
(
struct
iphdr
*
)(p
+
14
);
514
ihl
=
(
int
)ip
->
ihl
<<
2
;
515
in1.s_addr
=
ip
->
saddr;
516
in2.s_addr
=
ip
->
daddr;
517
srcaddr
=
inet_ntoa(in1);
518
dstaddr
=
(
char
*
)inet_ntop(AF_INET,
&
in2,strptr,
sizeof
(strptr));
519
//
iphdr
520
protol
=
ip
->
protocol;
521
ipfragoff
=
ntohs(ip
->
frag_off);
522
df
=
ipfragoff
&
IP_DF;
523
mf
=
ipfragoff
&
IP_MF;
524
if
(df
!=
0
) df
=
1
;
525
if
(mf
!=
0
) mf
=
1
;
526
protol
=
ip
->
protocol;
527
tcp1
=
(
struct
tcphdr
*
)(p
+
14
+
ihl);
528
flags
=
tcp1
->
th_flags;
529
if
(flags
&
TH_PUSH) flagsmes
=
"
PUSH
"
;
530
if
(flags
&
TH_ACK) flagsmes
=
"
ACK
"
;
531
if
(flags
&
TH_URG) flagsmes
=
"
URG
"
;
532
if
(flags
&
TH_FIN) flagsmes
=
"
FIN
"
;
533
if
(flags
&
TH_SYN) flagsmes
=
"
SYN
"
;
534
if
(flags
&
TH_RST) flagsmes
=
"
RST
"
;
535
536
537
temptime
=
time(NULL);
538
snprintf(writebuf,PACKET_SIZE,
"
This tcp packet catch %d times continuous\nrecorded %sethhdr\nsrchw:%s--->dsthw:%s proto:%xH
539
iphdr\nver:
%
d ihl:
%
d tos:
%
d tot_len:
%
d id:
%
d df:
%
d mf:
%
d fragoff:
%
d TTL:
%
d proto:
%
d\nsrcaddr:
%
s dstaddr:
%
s
540
tcphdr\nsrcport:
%
d dstport:
%
d seq:
%
u ack:
%
u off:
%
d flag:
%
s win:
%
d
541
-----------------------------------------------------------
\n
"
,counter+1,ctime(&temptime),
542
hwaddr(eth
->
h_source,buf1), hwaddr(eth
->
h_dest,buf2),
543
ethprotol,ip
->
version,ip
->
ihl,
544
ip
->
tos,ntohs(ip
->
tot_len), ntohs(ip
->
id),df,mf,
545
ipfragoff
&
IP_OFFMASK,ip
->
ttl,protol,srcaddr,dstaddr,
546
ntohs(tcp1
->
th_sport),ntohs(tcp1
->
th_dport),
547
ntohl(tcp1
->
th_seq),ntohl(tcp1
->
th_ack),tcp1
->
th_off,
548
flagsmes,ntohs(tcp1
->
th_win));
549
550
fwrite(writebuf,strlen(writebuf),
1
,fd);
551
552
553
}
554
void
writeigmpbuf(FILE
*
fd,
char
*
p,
int
counter)
555
{
556
struct
ethhdr
*
eth ;
557
struct
iphdr
*
ip;
558
struct
in_addr in1,in2;
559
int
ethprotol;
560
int
ihl,df,mf,ipfragoff;
561
char
*
srcaddr,
*
dstaddr;
562
int
protol;
563
char
strptr[
255
];
564
char
buf1[
20
],buf2[
20
];
565
struct
igmp
*
igmp1;
566
567
eth
=
(
struct
ethhdr
*
)p;
568
ethprotol
=
ntohs(eth
->
h_proto);
569
ip
=
(
struct
iphdr
*
)(p
+
14
);
570
ihl
=
(
int
)ip
->
ihl
<<
2
;
571
in1.s_addr
=
ip
->
saddr;
572
in2.s_addr
=
ip
->
daddr;
573
srcaddr
=
inet_ntoa(in1);
574
dstaddr
=
(
char
*
)inet_ntop(AF_INET,
&
in2,strptr,
sizeof
(strptr));
575
//
iphdr
576
protol
=
ip
->
protocol;
577
ipfragoff
=
ntohs(ip
->
frag_off);
578
df
=
ipfragoff
&
IP_DF;
579
mf
=
ipfragoff
&
IP_MF;
580
if
(df
!=
0
) df
=
1
;
581
if
(mf
!=
0
) mf
=
1
;
582
protol
=
ip
->
protocol;
583
igmp1
=
(
struct
igmp
*
)(p
+
14
+
ihl);
584
585
temptime
=
time(NULL);
586
snprintf(writebuf,PACKET_SIZE,
"
This packet catch %d times continuous\nrecorded %sethhdr\nsrchw:%s--->dsthw:%s proto:%xH
587
iphdr\nver:
%
d ihl:
%
d tos:
%
d tot_len:
%
d id:
%
d df:
%
d mf:
%
d fragoff:
%
d TTL:
%
d proto:
%
d\nsrcaddr:
%
s dstaddr:
%
s
588
igmphdr\ntype:
%
d code:
%
d group_addr:
%
s
589
-----------------------------------------------------------
\n
"
,counter+1,ctime(&temptime),
590
hwaddr(eth
->
h_source,buf1), hwaddr(eth
->
h_dest,buf2),
591
ethprotol,ip
->
version,ip
->
ihl,
592
ip
->
tos,ntohs(ip
->
tot_len), ntohs(ip
->
id),df,mf,
593
ipfragoff
&
IP_OFFMASK,ip
->
ttl,protol,srcaddr,dstaddr,
594
igmp1
->
igmp_type,igmp1
->
igmp_code,inet_ntoa(igmp1
->
igmp_group));
595
fwrite(writebuf,strlen(writebuf),
1
,fd);
596
597
598
}
599
void
writeudpbuf(FILE
*
fd,
char
*
p,
int
counter)
600
{
601
struct
ethhdr
*
eth ;
602
struct
iphdr
*
ip;
603
struct
in_addr in1,in2;
604
int
ethprotol;
605
int
ihl,df,mf,ipfragoff;
606
char
*
srcaddr,
*
dstaddr;
607
int
protol;
608
char
strptr[
255
];
609
char
buf1[
20
],buf2[
20
];
610
struct
udphdr
*
udp;
611
612
eth
=
(
struct
ethhdr
*
)p;
613
ethprotol
=
ntohs(eth
->
h_proto);
614
ip
=
(
struct
iphdr
*
)(p
+
14
);
615
ihl
=
(
int
)ip
->
ihl
<<
2
;
616
in1.s_addr
=
ip
->
saddr;
617
in2.s_addr
=
ip
->
daddr;
618
srcaddr
=
inet_ntoa(in1);
619
dstaddr
=
(
char
*
)inet_ntop(AF_INET,
&
in2,strptr,
sizeof
(strptr));
620
//
iphdr
621
protol
=
ip
->
protocol;
622
ipfragoff
=
ntohs(ip
->
frag_off);
623
df
=
ipfragoff
&
IP_DF;
624
mf
=
ipfragoff
&
IP_MF;
625
if
(df
!=
0
) df
=
1
;
626
if
(mf
!=
0
) mf
=
1
;
627
protol
=
ip
->
protocol;
628
udp
=
(
struct
udphdr
*
)(p
+
14
+
ihl);
629
630
temptime
=
time(NULL);
631
snprintf(writebuf,PACKET_SIZE,
"
This udp packet catch %d times continuous\nrecorded %sethhdr\nsrchw:%s--->dsthw:%s proto:%xH
632
iphdr\nver:
%
d ihl:
%
d tos:
%
d tot_len:
%
d id:
%
d df:
%
d mf:
%
d fragoff:
%
d TTL:
%
d proto:
%
d\nsrcaddr:
%
s dstaddr:
%
s
633
udphdr\nsport:
%
d dsport:
%
d len:
%
d
634
-----------------------------------------------------------
\n
"
,counter+1,ctime(&temptime),
635
hwaddr(eth
->
h_source,buf1), hwaddr(eth
->
h_dest,buf2),
636
ethprotol,ip
->
version,ip
->
ihl,
637
ip
->
tos,ntohs(ip
->
tot_len), ntohs(ip
->
id),df,mf,
638
ipfragoff
&
IP_OFFMASK,ip
->
ttl,protol,srcaddr,dstaddr,
639
ntohs(udp
->
uh_sport), ntohs(udp
->
uh_dport),ntohs(udp
->
uh_ulen));
640
641
fwrite(writebuf,strlen(writebuf),
1
,fd);
642
643
}
644
645
void
writeicmpbuf(FILE
*
fd,
char
*
p,
int
counter)
646
{
647
struct
ethhdr
*
eth ;
648
struct
iphdr
*
ip;
649
struct
in_addr in1,in2;
650
int
ethprotol;
651
int
ihl,df,mf,ipfragoff;
652
char
*
srcaddr,
*
dstaddr;
653
int
protol;
654
char
strptr[
255
];
655
char
buf1[
20
],buf2[
20
];
656
struct
icmp
*
icmphdr;
657
eth
=
(
struct
ethhdr
*
)p;
658
ethprotol
=
ntohs(eth
->
h_proto);
659
ip
=
(
struct
iphdr
*
)(p
+
14
);
660
ihl
=
(
int
)ip
->
ihl
<<
2
;
661
in1.s_addr
=
ip
->
saddr;
662
in2.s_addr
=
ip
->
daddr;
663
srcaddr
=
inet_ntoa(in1);
664
dstaddr
=
(
char
*
)inet_ntop(AF_INET,
&
in2,strptr,
sizeof
(strptr));
665
//
iphdr
666
protol
=
ip
->
protocol;
667
ipfragoff
=
ntohs(ip
->
frag_off);
668
df
=
ipfragoff
&
IP_DF;
669
mf
=
ipfragoff
&
IP_MF;
670
if
(df
!=
0
) df
=
1
;
671
if
(mf
!=
0
) mf
=
1
;
672
protol
=
ip
->
protocol;
673
icmphdr
=
(
struct
icmp
*
)(p
+
14
+
ihl);
674
675
temptime
=
time(NULL);
676
snprintf(writebuf,PACKET_SIZE,
"
This icmp packet catch %d times continuous\nrecorded %sethhdr\nsrchw:%s--->dsthw:%s proto:%xH
677
iphdr\nver:
%
d ihl:
%
d tos:
%
d tot_len:
%
d id:
%
d df:
%
d mf:
%
d fragoff:
%
d TTL:
%
d proto:
%
d\nsrcaddr:
%
s dstaddr:
%
s
678
icmp\ntype:
%
d code:
%
d
679
-----------------------------------------------------------
\n
"
,counter+1,ctime(&temptime),
680
hwaddr(eth
->
h_source,buf1), hwaddr(eth
->
h_dest,buf2),
681
ethprotol,ip
->
version,ip
->
ihl,
682
ip
->
tos,ntohs(ip
->
tot_len), ntohs(ip
->
id),df,mf,
683
ipfragoff
&
IP_OFFMASK,ip
->
ttl,protol,srcaddr,dstaddr,
684
icmphdr
->
icmp_type,icmphdr
->
icmp_code);
685
fwrite(writebuf,strlen(writebuf),
1
,fd);
686
687
688
689
}
690
691
|