int sniff_arp_fromwire(const byte *packet, size_t length) {
const struct ether_arp *header = (struct ether_arp *)packet;
uint16_t arphrd = ntohs(header->arp_hrd);
uint16_t arppro = ntohs(header->arp_pro);
uint16_t arpop = ntohs(header->arp_op);
LOG_PRINTF(ARP, "-- ARP (%lu bytes)\n", length);
LOG_PRINTF_INDENT(ARP, 2, "hrd: %u [%s]\n", arphrd, totext(ARP_ARRAY_HRD, arphrd)); // format of hardware address
LOG_PRINTF_INDENT(ARP, 2, "pro: 0x%04x [%s]\n", arppro, totext(ARP_ARRAY_PRO, arppro)); // format of protocol address
LOG_PRINTF_INDENT(ARP, 2, "hln: %u\n", header->arp_hln); // length of hardware address
LOG_PRINTF_INDENT(ARP, 2, "pln: %u\n", header->arp_pln); // length of protocol address
LOG_PRINTF_INDENT(ARP, 2, "op : %u [%s]\n", arpop, totext(ARP_ARRAY_OP, arpop));
LOG_PRINTF_INDENT(ARP, 2, "sha: %s\n", ether_ntoa((struct ether_addr *)&header->arp_sha)); // sender hardware address
LOG_PRINTF_INDENT(ARP, 2, "spa: %s\n", inet_ntoa(*(struct in_addr *)&header->arp_spa)); // sender protocol address
LOG_PRINTF_INDENT(ARP, 2, "tha: %s\n", ether_ntoa((struct ether_addr *)&header->arp_tha)); // target hardware address
LOG_PRINTF_INDENT(ARP, 2, "tpa: %s\n", inet_ntoa(*(struct in_addr *)&header->arp_tpa)); // target protocol address
return 0;
}
int sniff_udp_fromwire(const byte *packet, size_t length) {
const struct udphdr *header = (struct udphdr *)packet;
uint16_t sport = ntohs(header->uh_sport);
uint16_t dport = ntohs(header->uh_dport);
LOG_PRINTF(UDP, "-- UDP (%lu bytes)\n", length);
LOG_PRINTF_INDENT(UDP, 2, "\tsport: %u\n", sport); // source port
LOG_PRINTF_INDENT(UDP, 2, "\tdport: %u\n", dport); // destination port
LOG_PRINTF_INDENT(UDP, 2, "\tulen : %u\n", ntohs(header->uh_ulen)); // udp length
LOG_PRINTF_INDENT(UDP, 2, "\tsum : %u\n", header->uh_sum); // udp checksum
packet = (byte *)PTR_ADD(packet, UDP_HDR_LEN);
length = ntohs(header->uh_ulen) - UDP_HDR_LEN;
if (sport == 53 || dport == 53) {
sniff_dns_fromwire(packet, length);
}
#if LOG_ENABLED(UDP_DATA)
LOG_PRINTF(UDP_DATA, "showing %lu bytes:\n", length);
dump_hex(stdout, packet, length, 0);
#endif
return 0;
}
int sniff_icmp_fromwire(const byte *packet, size_t length) {
const struct icmp *header = (struct icmp *)packet;
LOG_PRINTF(ICMP, "-- ICMP (%lu bytes)\n", length);
if (length < ICMP_MINLEN || header->icmp_type > ICMP_MAXTYPE) {
LOG_PRINTF_INDENT(ICMP, 2, "\tinvalid packet\n");
return -1;
}
LOG_PRINTF_INDENT(ICMP, 2, "\ttype : %u\n", header->icmp_type); // type of message
LOG_PRINTF_INDENT(ICMP, 2, "\tcode : %u\n", header->icmp_code); // type sub code
LOG_PRINTF_INDENT(ICMP, 2, "\tcksum : %u\n", ntohs(header->icmp_cksum)); // ones complement cksum of struct
if (header->icmp_type == ICMP_ECHOREPLY || header->icmp_type == ICMP_ECHO) {
LOG_PRINTF_INDENT(ICMP, 2, "\tid : %u\n", ntohs(header->icmp_id));
LOG_PRINTF_INDENT(ICMP, 2, "\tseq : %u\n", ntohs(header->icmp_seq));
} else if (header->icmp_type == ICMP_UNREACH) {
if (header->icmp_code == ICMP_UNREACH_NEEDFRAG) {
LOG_PRINTF_INDENT(ICMP, 2, "\tpmvoid : %u\n", ntohs(header->icmp_pmvoid));
LOG_PRINTF_INDENT(ICMP, 2, "\tnextmtu: %u\n", ntohs(header->icmp_nextmtu));
} else {
LOG_PRINTF_INDENT(ICMP, 2, "\tvoid : %u\n", ntohl(header->icmp_void));
}
} else if (header->icmp_type == ICMP_REDIRECT) {
LOG_PRINTF_INDENT(ICMP, 2, "\tgwaddr : %s\n", inet_ntoa(*(struct in_addr *)&(header->icmp_gwaddr)));
} else if (header->icmp_type == ICMP_TIMXCEED) {
LOG_PRINTF_INDENT(ICMP, 2, "\tvoid : %u\n", ntohl(header->icmp_void));
}
return 0;
}