pcap_parser_file *
pcap_file_open(char *filename)
{
char errbuf[PCAP_ERRBUF_SIZE];
pcap_parser_file *thefile;
struct stat result;
thefile = malloc(sizeof(pcap_parser_file));
thefile->packetnum = 0;
thefile->dnspacketnum = 0;
if (stat(filename, &result) != 0) {
fatal("File %s does not exist or is not accessible: %s", filename, strerror(errno));
}
thefile->size = result.st_size;
thefile->creation = result.st_ctime;
thefile->firstpacket.tv_sec = 0;
thefile->firstpacket.tv_usec = 0;
thefile->lastpacket.tv_sec = 0;
thefile->lastpacket.tv_usec = 0;
thefile->handle = pcap_open_offline(filename, errbuf);
if (thefile->handle == NULL) {
fatal("Couldn't open file %s: %s\n", filename, errbuf);
}
thefile->datalink = pcap_datalink(thefile->handle);
thefile->snaplen = pcap_snapshot(thefile->handle);
if (verbose) {
fprintf(stdout,
"Analyzing %s, version %i.%i, type %s, max packet size %u bytes...\n",
filename, pcap_major_version(thefile->handle),
pcap_minor_version(thefile->handle),
pcap_datalink_val_to_description(thefile->datalink),
thefile->snaplen);
}
return thefile;
}
int main (int argc, char** argv)
{
char ebuf[PCAP_ERRBUF_SIZE];
pcap_t* plik=NULL;
int snaplen=-1;
if (argc!=2)
{
printf( "Zla liczba argumentow\n" );
printf( "Podaj nazwe pliku zrzutu\n" );
exit(0);
}
if (!(plik=pcap_open_offline(argv[1], ebuf)))
{
perror(ebuf);
exit(1);
}
printf( "Wersja pcap, z ktora zapisano plik: %d.%d\n",
pcap_major_version(plik),
pcap_minor_version(plik));
if (pcap_is_swapped(plik))
printf( "Plik ma odwrocony porzadek bajtow\n" );
else
printf( "Plik ma porzadek bajtow taki jak w komputerze\n" );
snaplen = pcap_snapshot(plik);
printf( "Maksymalna dlugosc zapisywanych danych pakietu: %d\n",
snaplen);
pcap_close(plik);
return 0;
}
int
main (int argc, char *argv[])
{
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *descriptor;
int snaplen;
if (argc < 2)
{
printf ("Uzyj: %s plik_zrzutu\n", argv[0]);
return 0;
}
descriptor = pcap_open_offline (argv[1], errbuf);
if (descriptor == NULL)
{
fprintf (stderr, "%s\n", errbuf);
exit (EXIT_FAILURE);
}
printf ("Wersja pcap, z ktora zapisano plik: %d.%d\n",
pcap_major_version (descriptor), pcap_minor_version (descriptor));
if (pcap_is_swapped (descriptor))
printf ("Plik ma odwrocony porzadek bajtow.\n");
else
printf ("Plik ma porzadek bajtow taki jak w komputerze.\n");
snaplen = pcap_snapshot (descriptor);
printf ("Maksymalna dlugosc zapisywanych danych pakietu: %d\n", snaplen);
pcap_close (descriptor);
return 0;
}
static int null_PCAP_MINOR_VERSION(void *p)
{
#ifdef STATICPCAP
return pcap_minor_version(p);
#endif
UNUSEDPARM(p);
return 0;
}
pread_f *is_tcpdump(char *filename)
{
char errbuf[100];
char *physname = "<unknown>";
int type;
#ifdef __WIN32
if ((pcap = pcap_open_offline(filename, errbuf)) == NULL) {
#else
if ((pcap = pcap_open_offline("-", errbuf)) == NULL) {
#endif /* __WIN32 */
if (debug > 2)
fprintf(stderr,"PCAP said: '%s'\n", errbuf);
rewind(stdin);
return(NULL);
}
if (debug) {
printf("Using 'pcap' version of tcpdump\n");
if (debug > 1) {
printf("\tversion_major: %d\n", pcap_major_version(pcap));
printf("\tversion_minor: %d\n", pcap_minor_version(pcap));
printf("\tsnaplen: %d\n", pcap_snapshot(pcap));
printf("\tlinktype: %d\n", pcap_datalink(pcap));
printf("\tswapped: %d\n", pcap_is_swapped(pcap));
}
}
/* check the phys type (pretend everything is ethernet) */
memset(ð_header,0,EH_SIZE);
switch (type = pcap_datalink(pcap)) {
case 100:
case PCAP_DLT_EN10MB:
/* OK, we understand this one */
physname = "Ethernet";
break;
case PCAP_DLT_IEEE802:
/* just pretend it's normal ethernet */
physname = "Ethernet";
break;
case PCAP_DLT_SLIP:
eth_header.ether_type = htons(ETHERTYPE_IP);
physname = "Slip";
break;
case PCAP_DLT_PPP:
eth_header.ether_type = htons(ETHERTYPE_IP);
physname = "PPP or HDLC PPP";
break;
case PCAP_DLT_FDDI:
eth_header.ether_type = htons(ETHERTYPE_IP);
physname = "FDDI";
break;
case PCAP_DLT_NULL:
eth_header.ether_type = htons(ETHERTYPE_IP);
physname = "NULL";
break;
case PCAP_DLT_ATM_RFC1483:
eth_header.ether_type = htons(ETHERTYPE_IP);
physname = "ATM, LLC/SNAP encapsulated";
break;
case PCAP_DLT_RAW:
eth_header.ether_type = htons(ETHERTYPE_IP);
physname = "RAW_IP";
break;
case PCAP_DLT_LINUX_SLL:
/* linux cooked socket type */
eth_header.ether_type = htons(ETHERTYPE_IP);
physname = "Linux Cooked Socket";
break;
case PCAP_DLT_IEEE802_11:
eth_header.ether_type = htons(ETHERTYPE_IP);
physname = "IEEE802_11";
break;
case PCAP_DLT_IEEE802_11_RADIO:
eth_header.ether_type = htons(ETHERTYPE_IP);
physname = "IEEE802_11_RADIO";
break;
case PCAP_DLT_PRISM2:
eth_header.ether_type = htons(ETHERTYPE_IP);
physname = "PRISM2";
break;
case PCAP_DLT_C_HDLC:
eth_header.ether_type = htons(ETHERTYPE_IP);
physname = "Cisco HDLC";
break;
default:
fprintf(stderr,"tcptrace did not understand link format (%d)!\n",type);
fprintf(stderr,
"\t If you can give us a capture file with this link format\n\
\t or even better, a patch to decipher this format, we shall add it in, \n\
\t in a future release.\n");
rewind(stdin);
return(NULL);
}
if (debug)
fprintf(stderr,"Tcpdump format, physical type is %d (%s)\n",
type, physname);
/* set up some stuff */
ip_buf = MallocZ(IP_MAXPACKET);
return(pread_tcpdump);
}
/* support for writing a new pcap file */
void
PcapSavePacket(
char *filename,
struct ip *pip,
void *plast)
{
static MFILE *f_savefile = NULL;
struct pcap_pkthdr phdr;
int wlen;
if (f_savefile == NULL) {
struct pcap_file_header fhdr;
/* try to open the file */
if ((f_savefile = Mfopen(filename, "w")) == NULL) {
perror(filename);
exit(-1);
}
/* make up the header info it wants */
/* this comes from version 2.4, no pcap routine handy :-( */
fhdr.magic = TCPDUMP_MAGIC;
fhdr.version_major = PCAP_VERSION_MAJOR;
fhdr.version_minor = PCAP_VERSION_MINOR;
fhdr.thiszone = 0; /* don't have this info, just make it up */
fhdr.snaplen = 1000000; /* don't have this info, just make it up */
fhdr.linktype = PCAP_DLT_EN10MB; /* always Ethernet (10Mb) */
fhdr.sigfigs = 0;
/* write the header */
Mfwrite((char *)&fhdr, sizeof(fhdr), 1, f_savefile);
if (debug)
fprintf(stderr,"Created pcap save file '%s'\n", filename);
}
/* create the packet header */
/* (copying time structure in 2 steps to avoid RedHat brain damage) */
phdr.ts.tv_sec = current_time.tv_sec;
phdr.ts.tv_usec = current_time.tv_usec;
phdr.caplen = (char *)plast - (char *)pip + 1;
phdr.caplen += EH_SIZE; /* add in the ether header */
phdr.len = EH_SIZE + ntohs(PIP_LEN(pip)); /* probably this */
/* write the packet header */
Mfwrite(&phdr, sizeof(phdr), 1, f_savefile);
/* write a (bogus) ethernet header */
memset(ð_header,0,EH_SIZE);
eth_header.ether_type = htons(ETHERTYPE_IP);
Mfwrite(ð_header, sizeof(eth_header), 1, f_savefile);
/* write the IP/TCP parts */
wlen = phdr.caplen - EH_SIZE; /* remove the ether header */
Mfwrite(pip, wlen, 1, f_savefile);
}
#else /* GROK_TCPDUMP */
void
PcapSavePacket(
char *filename,
struct ip *pip,
void *plast)
{
fprintf(stderr,"\
Sorry, packet writing only supported with the pcap library\n\
compiled into the program (See GROK_TCPDUMP)\n");
exit(-2);
}