Example #1
0
static void decode_packet(unsigned char *buf, int len)
{
	struct ether_header *eh = (void *) buf;
	char src[18], dst[18];
	uint16_t type;

	snprintf(dst, sizeof(dst), "%02x:%02x:%02x:%02x:%02x:%02x",
				eh->ether_dhost[0], eh->ether_dhost[1],
				eh->ether_dhost[2], eh->ether_dhost[3],
				eh->ether_dhost[4], eh->ether_dhost[5]);

	snprintf(src, sizeof(src), "%02x:%02x:%02x:%02x:%02x:%02x",
				eh->ether_shost[0], eh->ether_shost[1],
				eh->ether_shost[2], eh->ether_shost[3],
				eh->ether_shost[4], eh->ether_shost[5]);

	type = ntohs(eh->ether_type);

	printf("> type 0x%04x src %s dst %s <\n", type, src, dst);

	switch (type) {
	case ETHERTYPE_IP:
		decode_ip(buf + 14, len - 14);
		break;
	case ETHERTYPE_LOOPBACK:
		dump_packet(buf, len);
		break;
	}
}
// 包处理回调函数,对于每个嗅探到的数据包
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
	ip_header *ih;
	u_int ip_len;

	// 返回IP首部的位置
	ih = (ip_header *) (pkt_data +
		14); //以太网的首部长度是14

	// IP首部长度
	ip_len = (ih->ver_ihl & 0xf) * 4;

	printf("%s  ",check_protocol(ih->proto));

	// 输出源地址IP和目的地址IP
	printf("%d.%d.%d.%d -> %d.%d.%d.%d  ",
		ih->saddr.byte1,
		ih->saddr.byte2,
		ih->saddr.byte3,
		ih->saddr.byte4,
		ih->daddr.byte1,
		ih->daddr.byte2,
		ih->daddr.byte3,
		ih->daddr.byte4
		);

	decode_ip((char*)(pkt_data+14+ip_len),ih->proto);
	printf("\n");
}
Example #3
0
static void m_nick( char *origin, char **argv, int argc, int srv )
{
	if( !srv )
	{
		if( ircd_srv.protocol & PROTOCOL_NICKv2 )
		{
			if( ircd_srv.protocol & PROTOCOL_NICKIP )
			{
				char ip[25];

				ircsnprintf( ip, 25, "%d", ntohl( decode_ip( argv[9] ) ) );
				do_nick( argv[0], argv[1], argv[2], argv[3], argv[4], argv[5], 
					ip, argv[6], argv[7], argv[8], argv[10], NULL, NULL );
			}
			else
			{
				do_nick( argv[0], argv[1], argv[2], argv[3], argv[4], argv[5], 
					NULL, argv[6], argv[7], argv[8], argv[9], NULL, NULL );
			}
		}
		else
		{
			do_nick( argv[0], argv[1], argv[2], argv[3], argv[4], argv[5], 
				NULL, argv[6], NULL, NULL, argv[9], NULL, NULL );
		}
	}
	else
	{
		do_nickchange( origin, argv[0], NULL );
	}
}
Example #4
0
static void decode_icmp(const uint8_t *packet, size_t pk_len, int pk_layer) {
	union {
		const struct myicmphdr *i;
		const uint8_t *d;
	} ic_u; /* ;] */
	uint8_t type=0, code=0;
	uint16_t chksum=0;

	ic_u.d=packet;

	if (pk_len < 4) {
		ERR("short icmp header");
		return;
	}

	type=ic_u.i->type;
	code=ic_u.i->code;
	chksum=ntohs(ic_u.i->checksum);

	if (ISDBG(M_PKT) || GET_SNIFF()) {
		INF("ICMP: type %u code %u chksum %04x%s", type, code, chksum, "[?]");
	}

	if (type == 3 || type == 5 || type == 11) {
		/*
		 * dest unreachable, the packet that generated this error should be after the icmpheader
		 * redirect message, same as with unreachable
		 * time exceeded, same as with above
		 */

		if (pk_len > sizeof(struct myicmphdr)) { /* there _could_ be data there, try to process it */
			const uint8_t *newpacket=NULL;
			size_t newpk_len=0;

			newpacket=packet + sizeof(struct myicmphdr);
			newpk_len=pk_len - sizeof(struct myicmphdr);

			decode_ip(newpacket, newpk_len, (pk_layer + 1));
		}
	}
	else if (type == 0 || type == 8) {
		/* pings ignore */
		DBG(M_PKT, "Ignoring ping request or response");
	}

	if (pk_layer == 2) {
		r_u.i.type=type;
		r_u.i.subtype=code;

		report_push();
	}

	return;
}
void caught_packet(u_char *user_args, const struct pcap_pkthdr *cap_header, const u_char *packet) {
    int tcp_header_length, total_header_size, pkt_data_len;
    u_char *pkt_data;

    int total_header_size2;

    //structs of the packet (different protocol headers)
    struct ether_header *ETHERheader;
    struct ip *IPheader;
    struct tcphdr *TCPheader;
    //copy of the packet
    char * packet_copy;
    packet_copy = malloc(cap_header->len);
    if (packet_copy <= 0 )
        exit(-1);

    memcpy(packet_copy,packet,cap_header->len);

    printf("==== Got a %d byte packet ====\n", cap_header->len);


    decode_ethernet(packet,ETHERheader,packet_copy);
    decode_ip(packet+ETHER_HDR_LEN,IPheader,packet_copy+ETHER_HDR_LEN);
    tcp_header_length = decode_tcp(packet+ETHER_HDR_LEN+sizeof(struct ip_hdr),TCPheader, packet_copy+ETHER_HDR_LEN+sizeof(struct ip));

    total_header_size = ETHER_HDR_LEN+sizeof(struct ip_hdr)+tcp_header_length;
    total_header_size2 = ETHER_HDR_LEN+sizeof(struct ip)+tcp_header_length;

    printf("total_header_size:%d \n total_header_size2:%d \n",total_header_size,total_header_size2);

    pkt_data = (u_char *)packet + total_header_size;  // pkt_data points to the data portion
    pkt_data_len = cap_header->len - total_header_size;
    if(pkt_data_len > 0) {
        printf("\t\t\t%u bytes of packet data\n", pkt_data_len);
        //dump(pkt_data, pkt_data_len);
        dump(packet, cap_header->len);
    } else {
        printf("\t\t\tNo Packet Data\n");
        dump(packet, cap_header->len);
    }

    printf("before ipspoof3\n");
    //ipspoof3( inet_ntoa(IPheader->ip_src), inet_ntoa(IPheader->ip_dst), "0022433967e9",ETHERheader,IPheader,TCPheader,(u_char *)packet_copy + total_header_size, pkt_data_len);


    ipspoof4( "", "192.168.1.13", "701a04d83403", (char *)packet, cap_header->len);


    printf(" after ipspoof3  \n");

    free(packet_copy);
}
Example #6
0
void parse_packet(uint8_t *notused, const struct pcap_pkthdr *phdr, const uint8_t *packet) {
	size_t pk_len=0;
	int pk_layer=0;
	extern pcap_dumper_t *pdump;

	if (packet == NULL || phdr == NULL) {
		ERR("%s is null", packet == NULL ? "packet" : "pcap header");
		return;
	}

	/* when you forget to put this here, it makes for really dull pcap log files */
	if (s->pcap_dumpfile) {
		pcap_dump((uint8_t *)pdump, phdr, packet);
	}

	pk_len=phdr->caplen;

	if (pk_len <= s->ss->header_len) {
		ERR("this packet is too short " STFMT ", header length is %u", pk_len, s->ss->header_len);
		return;
	}

	if (ISDBG(M_PKT) || GET_SNIFF()) {
		INF("got packet with length %u (cap %u) with header length at %u", phdr->len, phdr->caplen, s->ss->header_len);
	}

	pk_len -= s->ss->header_len;
	packet += s->ss->header_len;
	pk_layer++;

	switch (s->ss->mode) {
		case MODE_ARPSCAN:
			report_init(REPORT_TYPE_ARP, &phdr->ts);
			packet_init(packet, pk_len);
			decode_arp(packet, pk_len, pk_layer);	/* the pcap filter should be arp only */
			break;

		case MODE_TCPSCAN:
		case MODE_UDPSCAN:
		case MODE_ICMPSCAN:
		case MODE_IPSCAN:
			report_init(REPORT_TYPE_IP, &phdr->ts);
			packet_init(packet, pk_len);
			decode_ip(packet, pk_len, pk_layer);	/* the pcap filter should be ip only */
			break;

	}

	return;
}
Example #7
0
static void slice_icmp(const uint8_t *packet, size_t pk_len, packetlayers_t *plz, int pk_layer) {
	union {
		const struct myicmphdr *i;
		const uint8_t *d;
	} ic_u; /* ;] */
	uint8_t type=0, code=0;
	uint16_t chksum=0;

	assert(plz != NULL);
	assert(packet != NULL);
	ic_u.d=packet;

	if (pk_len < 4) {
		return;
	}

	type=ic_u.i->type;
	code=ic_u.i->code;
	chksum=ntohs(ic_u.i->checksum);

	if (type == 3 || type == 5 || type == 11) {
		/* dest unreachable, the packet that generated this error should be after the icmpheader	*/
		/* redirect message, same as with unreachable							*/
		/* time exceeded, same as with above								*/

		if (pk_len > sizeof(struct myicmphdr)) { /* there _could_ be data there, try to process it */
			const uint8_t *newpacket=NULL;
			size_t newpk_len=0;

			newpacket=packet + sizeof(struct myicmphdr);
			newpk_len=pk_len - sizeof(struct myicmphdr);

			decode_ip(newpacket, newpk_len, (pk_layer + 1));
		}
	}
	else if (type == 0 || type == 8) {
		/* pings ignore */
	}

	if (pk_layer == 2) {
		r_u.i.type=type;
		r_u.i.subtype=code;

		report_push();
	}

	return;
}
Example #8
0
static inline int
bind_dlt_raw(int proto, const unsigned char *pkt, unsigned len,
    Packet *packet)
{
    int ret = -1;

    switch (proto) {
    case DLT_RAW_IP4:
        ret = decode_ip(pkt, len, packet);
        break;

    case DLT_RAW_IP6:
        ret = decode_ip6(pkt, len, packet);
        break;
    }

    return ret;
}
Example #9
0
static int cmd_syslog(const char *args[])
{
	char b1[32], b2[32];

	if (args[0] && !strcmp(args[0], "off")) {
		syslog_addr.daddr = 0;
		return 0;
	}
	if (!args[1]) {
		pp_printf("use: syslog <ipaddr> <macaddr> (or just \"off\"\n");
		return -1;
	}
	decode_ip(args[0], (void *)&syslog_addr.daddr);
	decode_mac(args[1], syslog_mac);
	pp_printf("Syslog parameters: %s, %s\n",
		  format_ip(b1, (void *)&syslog_addr.daddr),
		  format_mac(b2, syslog_mac));
	tics = 0; /* send the first frame immediately to the new host */
	return 0;
}
Example #10
0
void caught_packet(u_char *user_args, const struct pcap_pkthdr *cap_header, const u_char *packet) {
   int tcp_header_length, total_header_size, pkt_data_len;
   u_char *pkt_data;

   printf("==== %d バイトのパケットを取得しました ====\n", cap_header->len);


   decode_ethernet(packet);
   decode_ip(packet+ETHER_HDR_LEN);
   tcp_header_length = decode_tcp(packet+ETHER_HDR_LEN+sizeof(struct ip_hdr));

   total_header_size = ETHER_HDR_LEN+sizeof(struct ip_hdr)+tcp_header_length;
   pkt_data = (u_char *)packet + total_header_size;  // pkt_dataはデータ部分を指す
   pkt_data_len = cap_header->len - total_header_size;
   if(pkt_data_len > 0) {
      printf("\t\t\t%u バイトのパケットデータ\n", pkt_data_len);
      dump(pkt_data, pkt_data_len);
   } else
      printf("\t\t\tパケットデータがありません\n");
}
Example #11
0
/* main processing function */
void proc_packet(const u_char *data, u_int size)
{	
	struct ip_stat istat;
	u_int data_offs;
	u_int tcp_hdr_sz;
	u_int udp_hdr_sz;
	
	/* print captured bytes */
	printf("\n\nBytes Captured = [ %d ]\n", size);
	
	/* print L2 information */
	decode_ethernet(data);

	/* obtain IP protocol number for further decoding */
	decode_ip(data + ETHER_HDR_LEN, &istat);
	
	switch(istat.ip_prot) {
	case 1:
		decode_icmp(data + ETHER_HDR_LEN + istat.ip_len);
		data_offs = ETHER_HDR_LEN + istat.ip_len;
		break;
	case 6:
		tcp_hdr_sz = decode_tcp(data + ETHER_HDR_LEN + istat.ip_len);
		data_offs = ETHER_HDR_LEN + istat.ip_len + tcp_hdr_sz;
		break;
	case 17:
		udp_hdr_sz = decode_udp(data + ETHER_HDR_LEN + istat.ip_len);
		data_offs = ETHER_HDR_LEN + istat.ip_len + udp_hdr_sz;
		break;
	default:
		break;
	}


	/* print raw encapsulated data */
	praw(data + data_offs, size);
				

}