Beispiel #1
0
/***************************************************************************
 * Test the banner1 detection system by throwing random frames at it
 ***************************************************************************/
void
banner1_test(const char *filename)
{
    struct PcapFile *cap;
    unsigned link_type;

    cap = pcapfile_openread(filename);
    if (cap == NULL) {
        fprintf(stderr, "%s: can't open capture file\n", filename);
        return;
    }

    link_type = pcapfile_datalink(cap);

    for (;;) {
        int packets_read;
        unsigned secs;
        unsigned usecs;
        unsigned origlength;
        unsigned length;
        unsigned char px[65536];
        struct PreprocessedInfo parsed;
        unsigned x;


        packets_read = pcapfile_readframe(
                    cap,    /* capture dump file */
                    &secs, &usecs,
                    &origlength, &length,
                    px, sizeof(px));
        if (packets_read == 0)
            break;


        x = preprocess_frame(px, length, link_type, &parsed);
        if (x == 0)
            continue;

    }

    pcapfile_close(cap);
}
Beispiel #2
0
int
pcap2zone(int argc, char *argv[])
{
    struct Pcap2Zone pcap2zone[1];
    struct Catalog *catalog;
    int i;

    /*
     * Create a catalog/database
     */
    catalog = catalog_create();
    pcap2zone->db = catalog;

    /* 
     * Initialize it with a pseudo-SOA record for the root zone
     */
    {
        static const struct DomainPointer root = {(const unsigned char*)"\0",1};
    	struct ZoneFileParser *parser;
        parser = zonefile_begin(
                    root,           /* origin */
                    60,             /* TTL */
                    10000,          /* filesize */
                    "<pcap2zone>",  /* filename */
                    zonefile_load,  /* callback */
                    catalog         /* callback data */
                    );
        LOAD("$TTL 60\r\n"
             "@    IN    SOA   ns hostmaster (\r\n"
             "                     2003080800 ; sn = serial number\r\n"
             "                     172800     ; ref = refresh = 2d\r\n"
             "                     15m        ; ret = update retry = 15m\r\n"
             "                     1209600    ; ex = expiry = 2w\r\n"
             "                     1H         ; nx = nxdomain ttl = 1h\r\n"
             "                     )\r\n", parser);
        zonefile_end(parser);

    }

    
    
    for (i=2; i<argc; i++) {
        const char *filename = argv[i];
        struct Tracker tracker[1];
        struct PcapFile *p;
        //uint64_t filesize;

        memset(tracker, 0, sizeof(tracker[0]));
        //filesize = 
            tracker_get_filesize(tracker, filename);

        p = pcapfile_openread(filename);
        if (p == NULL) {
            perror(filename);
            continue;
        }
               

        for (;;) {
            unsigned char buf[65536];
            int x;
            unsigned secs;
            unsigned usecs;
            unsigned original_length;
            unsigned bytes_read;

            x = pcapfile_readframe(
	            p,
                &secs, &usecs,
                &original_length, &bytes_read,
                buf, 
                sizeof(buf)
	            );
            if (x <= 0)
                break;


            {
                struct PreprocessedInfo info;
                unsigned x;

                
                x = preprocess_frame(
                    buf, 
                    bytes_read,
                    1,
                    &info);


                if (x && info.found == FOUND_DNS && info.port_src == 53)
                    grab_dns_response(catalog, buf, info.found_offset, bytes_read);

            }

            tracker_report(tracker, bytes_read);
        }

        pcapfile_close(p);
    }


    return Success;
}