Example #1
0
void print_packet(const uint8_t *packet, unsigned int len)
{

	assert(packet);

	printf("\n");
	print_eth_hdr(packet, len);
	printf("\n");

	eth_hdr *eth = (eth_hdr *)packet;
	if (ntohs(eth->eth_type) == ETH_TYPE_ARP) {
		print_arp_hdr(packet, len);
		printf("\n");
	} else if (ntohs(eth->eth_type) == ETH_TYPE_IP) {
		ip_hdr *ip = get_ip_hdr(packet, len);
		indent(1);
		printf("IPv4 Packet (%d bytes)\n", len - sizeof(eth_hdr));
		print_ip_hdr(packet, len);
		switch(ip->ip_p) {
			case 1:
			{ print_icmp_load(packet, len); break; }
			case 6:
			{ print_tcp_load(packet, len); break; }
			case 89:
			{ print_pwospf_load(packet, len); break; }
			default:
			{ printf("UNRECOGNIZABLE PROTOCOL\n"); break;}
		}
	}
}
Example #2
0
void handle_packet(const u_char *packet)
{
	int i;
	uint16_t pkt_size, payload_size;

	struct iphdr *ip;				/* The IP header */
	struct tcphdr *tcp;				/* The TCP header */
	char *payload;					/* Packet payload */

	int vector_size = 18;
	int substrvec[vector_size];
	const char *submatchstr;

	ip = (struct iphdr*)(packet + SIZE_ETHERNET);

	if (ip->protocol != IPPROTO_TCP)
	{
		/* We are only interested in TCP traffic */

		if (debug_mode >= 3)
		{
			fprintf(stderr, "-- Skipping non TCP packet\n");
		}

		return;
	}

	if ((ip->ihl * 4) < 20)
	{
		if (debug_mode >= 3)
		{
			fprintf(stderr, "-- Skipping Invalid IP header\n");
		}

		return;
	}

	tcp = (struct tcphdr*)(packet + SIZE_ETHERNET + (ip->ihl * 4));

	if ((tcp->doff * 4) < 20)
	{
		if (debug_mode >= 3)
		{
			fprintf(stderr, "-- Skipping Invalid TCP header\n");
		}

		return;
	}

	if (debug_mode >= 4)
	{
		print_ip_hdr(ip);
		print_tcp_hdr(tcp);
	}

	pkt_size = ntohs(ip->tot_len);
	payload_size = pkt_size - ((ip->ihl * 4) + (tcp->doff * 4));
	payload = (char *)(packet + SIZE_ETHERNET + (ip->ihl * 4) + (tcp->doff * 4));

	if (ntohl(tcp->ack_seq) == prev_package.ack_nr &&
			ip->saddr == prev_package.s_ip && ip->daddr == prev_package.d_ip)
	{
		if ((prev_package.payload_size + payload_size) > (1500 * PKT_HISTORY_SIZE) + 1)
		{
			if (debug_mode >= 3)
			{
				fprintf(stderr, "-- Dropping packet due to full packet buffer\n");
			}

			return;
		}

		prev_package.payload_size += payload_size;
		strncat(prev_package.payload, payload, payload_size);

		payload = prev_package.payload;
		payload_size = prev_package.payload_size;
	}
	else
	{
		if (prev_package.payload_size > 0)
		{
			memset(&prev_package, 0x00, sizeof(struct pPackageT));
		}

		prev_package.ack_nr = ntohl(tcp->ack_seq);
		prev_package.s_ip = ip->saddr;
		prev_package.d_ip = ip->daddr;

		prev_package.payload_size += payload_size;
		strncat(prev_package.payload, payload, payload_size);

//		if (pkt_size >= 1500)
//		{
//			if (debug_mode >= 3)
//			{
//				fprintf(stderr, "-- Skipping due to 1500bytes\n");
//			}
//
//			return;
//		}
	}

	if (debug_mode >= 5)
	{
	    fprintf(stderr, "Payload (%u): \n", payload_size);

	    for (i = 0; i < payload_size; i++)
	    {
	    	if (isprint(payload[i]) || payload[i] == 10)
	    	{
	    		fprintf(stderr, "%c", payload[i]);
	    	}
	    	else
	    	{
	    		fprintf(stderr, ".");
	    	}
	    }

	    fprintf(stderr, "\n--\n");
	}

	int pcre_match = pcre_exec(re, ree, payload, payload_size, 0, 0, substrvec, vector_size);

	if (debug_mode)
	{
		fprintf(stderr, ">> pcre: %d\n", pcre_match);
	}

	if(pcre_match < 0)
	{
//		switch (pcre_match)
//		{
//			case PCRE_ERROR_NOMATCH:
//			case PCRE_ERROR_NULL:
//			case PCRE_ERROR_BADOPTION:
//			case PCRE_ERROR_BADMAGIC:
//			case PCRE_ERROR_UNKNOWN_NODE:
//			case PCRE_ERROR_NOMEMORY:
//				return;
//				break;
//		}
		return;
	}

	if (pcre_match == 0)
	{
		if (debug_mode >= 3)
		{
			fprintf(stderr, "PCRE Matched but too many substrings returned\n");
		}

		pcre_match = (vector_size / 3);
	}

	if (pcre_match >= 2)
	{
		pcre_get_substring(payload, substrvec, pcre_match, 1, &(submatchstr));
		char *clean_str = clean_xml(submatchstr);

		fprintf(stdout, "%s\n", clean_str);

		// Free up the stuff
		free (clean_str);

		pcre_free_substring(submatchstr);
		memset(&prev_package, 0x00, sizeof(struct pPackageT));
	}
}