/* dump_UDP_packet()
*
* This routine parses a packet, expecting Ethernet, IP, and UDP headers.
* It extracts the UDP source and destination port numbers along with the UDP
* packet length by casting structs over a pointer that we move through
* the packet. We can do this sort of casting safely because libpcap
* guarantees that the pointer will be aligned.
*
* The "ts" argument is the timestamp associated with the packet.
*
* Note that "capture_len" is the length of the packet *as captured by the
* tracing program*, and thus might be less than the full length of the
* packet. However, the packet pointer only holds that much data, so
* we have to be careful not to read beyond it.
*/
void dump_UDP_packet(const unsigned char *packet, struct timeval ts,
unsigned int capture_len)
{
struct ip *ip;
struct UDP_hdr *udp;
unsigned int IP_header_length;
/* For simplicity, we assume Ethernet encapsulation. */
if (capture_len < sizeof(struct ether_header))
{
/* We didn't even capture a full Ethernet header, so we
* can't analyze this any further.
*/
too_short(ts, "Ethernet header");
return;
}
/* Skip over the Ethernet header. */
packet += sizeof(struct ether_header);
capture_len -= sizeof(struct ether_header);
if (capture_len < sizeof(struct ip))
{ /* Didn't capture a full IP header */
too_short(ts, "IP header");
return;
}
ip = (struct ip*) packet;
IP_header_length = ip->ip_hl * 4; /* ip_hl is in 4-byte words */
if (capture_len < IP_header_length)
{ /* didn't capture the full IP header including options */
too_short(ts, "IP header with options");
return;
}
if (ip->ip_p != IPPROTO_UDP)
{
problem_pkt(ts, "non-UDP packet");
return;
}
/* Skip over the IP header to get to the UDP header. */
packet += IP_header_length;
capture_len -= IP_header_length;
if (capture_len < sizeof(struct UDP_hdr))
{
too_short(ts, "UDP header");
return;
}
udp = (struct UDP_hdr*) packet;
printf("%s UDP src_port=%d dst_port=%d length=%d\n",
timestamp_string(ts), ntohs(udp->uh_sport),
ntohs(udp->uh_dport), ntohs(udp->uh_ulen));
}
int get_packet_meta(const unsigned char *packet, struct timeval ts, unsigned int capture_len,
struct packet_meta *out)
{
/* For simplicity, we assume Ethernet encapsulation. */
if (capture_len < sizeof(struct ether_header))
{
/* We didn't even capture a full Ethernet header, so we
* can't analyze this any further.
*/
too_short(ts, "Ethernet header");
return 0;
}
/* Skip over the Ethernet header. */
packet += sizeof(struct ether_header);
capture_len -= sizeof(struct ether_header);
if (capture_len < sizeof(struct ip))
{ /* Didn't capture a full IP header */
too_short(ts, "IP header");
return 0;
}
struct ip *ip = (struct ip*) packet;
unsigned int IP_header_length = ip->ip_hl * 4; /* ip_hl is in 4-byte words */
if (capture_len < IP_header_length)
{ /* didn't capture the full IP header including options */
too_short(ts, "IP header with options");
return 0;
}
out->ipv4_src = ip->ip_src.s_addr;
out->ipv4_dst = ip->ip_src.s_addr;
/* Skip over the IP header to get to next layer. */
packet += IP_header_length;
capture_len -= IP_header_length;
if (ip->ip_p == IPPROTO_TCP)
{
// out->protocol = IPPROTO_TCP;
if (capture_len < sizeof(struct tcphdr))
{
too_short(ts, "TCP header");
return 0;
}
struct tcphdr *tcp = (struct tcphdr *) packet;
out->dst_port = ntohs(tcp->th_dport);
out->src_port = ntohs(tcp->th_sport);
return 1;
}
else if (ip->ip_p == IPPROTO_UDP)
{
// out->protocol = IPPROTO_UDP;
if (capture_len < sizeof(struct UDP_hdr))
{
too_short(ts, "UDP header");
return 0;
}
struct UDP_hdr *udp = (struct UDP_hdr*) packet;
out->dst_port = ntohs(udp->uh_dport);
out->src_port = ntohs(udp->uh_sport);
return 1;
}
else
{
puts("not UDP nor TCP, skip unknown protocol");
return 0;
}
}
void dump_TCP_packet(const unsigned char *packet, struct timeval ts,
unsigned int capture_len)
{
struct ip *ip;
struct TCP_hdr *tcp;
unsigned int IP_header_length;
unsigned int TCP_hdr_len = sizeof(struct TCP_hdr);
/* For simplicity, we assume Ethernet encapsulation. */
if (capture_len < sizeof(struct ether_header))
{
/* We didn't even capture a full Ethernet header, so we
* can't analyze this any further.
*/
too_short(ts, "Ethernet header");
return;
}
/* Skip over the Ethernet header. */
packet += sizeof(struct ether_header);
capture_len -= sizeof(struct ether_header);
if (capture_len < sizeof(struct ip))
{ /* Didn't capture a full IP header */
too_short(ts, "IP header");
return;
}
ip = (struct ip*) packet;
IP_header_length = ip->ip_hl * 4; /* ip_hl is in 4-byte words */
if (capture_len < IP_header_length)
{ /* didn't capture the full IP header including options */
too_short(ts, "IP header with options");
return;
}
if (ip->ip_p != IPPROTO_TCP)
{
problem_pkt(ts, "non-TCP packet");
return;
}
/* Skip over the IP header to get to the UDP header.*/
packet += IP_header_length;
capture_len -= IP_header_length;
if (capture_len < sizeof(struct TCP_hdr))
{
too_short(ts, "TCP header");
return;
}
tcp = (struct TCP_hdr*) packet;
printf("%s UDP src_port=%d dst_port=%d length=%d\n",
timestamp_string(ts), ntohs(tcp->th_sport),
ntohs(tcp->th_dport), ntohs(tcp->th_seqnum));
switch(ntohs(udp->uh_sport))
{
case TELNET:
//Source port telnet
packet += TCP_hdr_len;
capture_len -= t TCP_hdr;
process_telnet(packet, capture_len);
break;
case HTTP:
break;
default:
//Unknown source port
break;
}
switch(ntohs(udp->uh_dport))
{
case TELNET:
//Dest port telnet
break;
case HTTP:
break;
default:
//Unknown dest port
break;
}
}
