/* Print the UDP header for UDP packets */ void print_udp_packet(u_char *Buffer, int Size) { int iphdrlen = 0, data_size = 0; iphdr = (IPV4_HDR *)(Buffer + sizeof(ETHER_HDR)); iphdrlen = iphdr->ip_header_len * 4; udpheader = (UDP_HDR*)(Buffer + iphdrlen + sizeof(ETHER_HDR)); data = (Buffer + sizeof(ETHER_HDR)+iphdrlen + sizeof(UDP_HDR)); data_size = (Size - sizeof(ETHER_HDR)-iphdrlen - sizeof(UDP_HDR)); fprintf(logfile, "\n\n***********************UDP Packet*************************\n"); PrintIpHeader(Buffer, Size); fprintf(logfile, "\nUDP Header\n"); fprintf(logfile, " |-Source Port : %d\n", ntohs(udpheader->source_port)); fprintf(logfile, " |-Destination Port : %d\n", ntohs(udpheader->dest_port)); fprintf(logfile, " |-UDP Length : %d\n", ntohs(udpheader->udp_length)); fprintf(logfile, " |-UDP Checksum : %d\n", ntohs(udpheader->udp_checksum)); fprintf(logfile, "\n"); fprintf(logfile, "IP Header\n"); PrintData((u_char*)iphdr, iphdrlen); fprintf(logfile, "UDP Header\n"); PrintData((u_char*)udpheader, sizeof(UDP_HDR)); fprintf(logfile, "Data Payload\n"); PrintData(data, data_size); fprintf(logfile, "\n###########################################################\n"); }
void PrintUdpPacket(unsigned char *Buffer,int Size) { unsigned short iphdrlen; iphdr = (IPV4_HDR *)Buffer; iphdrlen = iphdr->ip_header_len*4; udpheader = (UDP_HDR *)(Buffer + iphdrlen); fprintf(logfile,"\n\n***********************UDP Packet*************************\n"); PrintIpHeader(Buffer,Size); fprintf(logfile,"\nUDP Header\n"); fprintf(logfile," |-Source Port : %d\n",ntohs(udpheader->source_port)); fprintf(logfile," |-Destination Port : %d\n",ntohs(udpheader->dest_port)); fprintf(logfile," |-UDP Length : %d\n",ntohs(udpheader->udp_length)); fprintf(logfile," |-UDP Checksum : %d\n",ntohs(udpheader->udp_checksum)); fprintf(logfile,"\n"); fprintf(logfile,"IP Header\n"); PrintData(Buffer,iphdrlen); fprintf(logfile,"UDP Header\n"); PrintData(Buffer+iphdrlen,sizeof(UDP_HDR)); fprintf(logfile,"Data Payload\n"); PrintData(Buffer+iphdrlen+sizeof(UDP_HDR) ,(Size - sizeof(UDP_HDR) - iphdr->ip_header_len*4)); fprintf(logfile,"\n###########################################################"); }
/* Print the TCP header for TCP packets */ void PrintTcpPacket(u_char* Buffer, int Size) { unsigned short iphdrlen; int header_size = 0, tcphdrlen, data_size; iphdr = (IPV4_HDR *)(Buffer + sizeof(ETHER_HDR)); iphdrlen = iphdr->ip_header_len * 4; tcpheader = (TCP_HDR*)(Buffer + iphdrlen + sizeof(ETHER_HDR)); tcphdrlen = tcpheader->data_offset * 4; data = (Buffer + sizeof(ETHER_HDR)+iphdrlen + tcphdrlen); data_size = (Size - sizeof(ETHER_HDR)-iphdrlen - tcphdrlen); fprintf(logfile, "\n\n***********************TCP Packet*************************\n"); PrintIpHeader(Buffer, Size); fprintf(logfile, "\n"); fprintf(logfile, "TCP Header\n"); fprintf(logfile, " |-Source Port : %u\n", ntohs(tcpheader->source_port)); fprintf(logfile, " |-Destination Port : %u\n", ntohs(tcpheader->dest_port)); fprintf(logfile, " |-Sequence Number : %u\n", ntohl(tcpheader->sequence)); fprintf(logfile, " |-Acknowledge Number : %u\n", ntohl(tcpheader->acknowledge)); fprintf(logfile, " |-Header Length : %d DWORDS or %d BYTES\n", (unsigned int)tcpheader->data_offset, (unsigned int)tcpheader->data_offset * 4); fprintf(logfile, " |-CWR Flag : %d\n", (unsigned int)tcpheader->cwr); fprintf(logfile, " |-ECN Flag : %d\n", (unsigned int)tcpheader->ecn); fprintf(logfile, " |-Urgent Flag : %d\n", (unsigned int)tcpheader->urg); fprintf(logfile, " |-Acknowledgement Flag : %d\n", (unsigned int)tcpheader->ack); fprintf(logfile, " |-Push Flag : %d\n", (unsigned int)tcpheader->psh); fprintf(logfile, " |-Reset Flag : %d\n", (unsigned int)tcpheader->rst); fprintf(logfile, " |-Synchronise Flag : %d\n", (unsigned int)tcpheader->syn); fprintf(logfile, " |-Finish Flag : %d\n", (unsigned int)tcpheader->fin); fprintf(logfile, " |-Window : %d\n", ntohs(tcpheader->window)); fprintf(logfile, " |-Checksum : %d\n", ntohs(tcpheader->checksum)); fprintf(logfile, " |-Urgent Pointer : %d\n", tcpheader->urgent_pointer); fprintf(logfile, "\n"); fprintf(logfile, " DATA Dump "); fprintf(logfile, "\n"); fprintf(logfile, "IP Header\n"); PrintData((u_char*)iphdr, iphdrlen); fprintf(logfile, "TCP Header\n"); PrintData((u_char*)tcpheader, tcphdrlen); fprintf(logfile, "Data Payload\n"); PrintData(data, data_size); fprintf(logfile, "\n###########################################################\n"); }
void PrintIcmpPacket(u_char* Buffer, int Size) { int iphdrlen = 0, icmphdrlen = 0, data_size = 0; iphdr = (IPV4_HDR *)(Buffer + sizeof(ETHER_HDR)); iphdrlen = iphdr->ip_header_len * 4; icmpheader = (ICMP_HDR*)(Buffer + iphdrlen + sizeof(ETHER_HDR)); data = (Buffer + sizeof(ETHER_HDR)+iphdrlen + sizeof(ICMP_HDR)); data_size = (Size - sizeof(ETHER_HDR)-iphdrlen - sizeof(ICMP_HDR)); fprintf(logfile, "\n\n***********************ICMP Packet*************************\n"); PrintIpHeader(Buffer, Size); fprintf(logfile, "\n"); fprintf(logfile, "ICMP Header\n"); fprintf(logfile, " |-Type : %d", (unsigned int)(icmpheader->type)); if ((unsigned int)(icmpheader->type) == 11) { fprintf(logfile, " (TTL Expired)\n"); } else if ((unsigned int)(icmpheader->type) == 0) { fprintf(logfile, " (ICMP Echo Reply)\n"); } fprintf(logfile, " |-Code : %d\n", (unsigned int)(icmpheader->code)); fprintf(logfile, " |-Checksum : %d\n", ntohs(icmpheader->checksum)); fprintf(logfile, " |-ID : %d\n", ntohs(icmpheader->id)); fprintf(logfile, " |-Sequence : %d\n", ntohs(icmpheader->seq)); fprintf(logfile, "\n"); fprintf(logfile, "IP Header\n"); PrintData((u_char*)iphdr, iphdrlen); fprintf(logfile, "ICMP Header\n"); PrintData((u_char*)icmpheader, sizeof(ICMP_HDR)); fprintf(logfile, "Data Payload\n"); PrintData(data, data_size); fprintf(logfile, "\n###########################################################\n"); }
void PrintIcmpPacket(char* Buffer , int Size) { unsigned short iphdrlen; iphdr = (IPV4_HDR *)Buffer; iphdrlen = iphdr->ip_header_len*4; icmpheader=(ICMP_HDR*)(Buffer+iphdrlen); fprintf(logfile,"\n\n***********************ICMP Packet*************************\n"); PrintIpHeader(Buffer); fprintf(logfile,"\n"); fprintf(logfile,"ICMP Header\n"); fprintf(logfile," |-Type : %d",(unsigned int)(icmpheader->type)); if((unsigned int)(icmpheader->type)==11) { fprintf(logfile," (TTL Expired)\n"); } else if((unsigned int)(icmpheader->type)==0) { fprintf(logfile," (ICMP Echo Reply)\n"); } fprintf(logfile," |-Code : %d\n",(unsigned int)(icmpheader->code)); fprintf(logfile," |-Checksum : %d\n",ntohs(icmpheader->checksum)); fprintf(logfile," |-ID : %d\n",ntohs(icmpheader->id)); fprintf(logfile," |-Sequence : %d\n",ntohs(icmpheader->seq)); fprintf(logfile,"\n"); fprintf(logfile,"IP Header\n"); PrintData(Buffer,iphdrlen); fprintf(logfile,"UDP Header\n"); PrintData(Buffer+iphdrlen,sizeof(ICMP_HDR)); fprintf(logfile,"Data Payload\n"); PrintData(Buffer+iphdrlen+sizeof(ICMP_HDR) , (Size - sizeof(ICMP_HDR) - iphdr->ip_header_len*4)); fprintf(logfile,"\n###########################################################"); }
int AnalyzeIp(u_char *data, int size) { u_char *ptr = NULL; int lest = 0; struct iphdr *iphdr = NULL; // IPヘッダ u_char *option = NULL; // ヘッダオプション int optionLen = 0; // ヘッダオプションサイズ int len = 0; unsigned short sum = 0; ptr = data; // IPヘッダの先頭ポインタ lest = size; if (lest < sizeof(struct iphdr)) { ExitWithTooLittleLengthError("iphdr", lest); } iphdr = (struct iphdr *) ptr; // IPヘッダの先頭ポインタ ptr += sizeof(struct iphdr); // IPヘッダオプションの先頭ポインタ lest -= sizeof(struct iphdr); // ヘッダオプションサイズを求める(パディングを含む) optionLen = iphdr->ihl * 4 - sizeof(struct iphdr); if (optionLen > 0) { if (optionLen >= 1500) { fprintf(stderr, "IP optionLen(%d):too big\n", optionLen); } option = ptr; // IPヘッダオプションの先頭ポインタ ptr += optionLen; // ペイロードの先頭ポインタ lest -= optionLen; } if (checkIPchecksum(iphdr, option, optionLen) == 0) { ExitWithBadChecksumError("ip"); } PrintIpHeader(iphdr, option, optionLen, stdout); if (iphdr->protocol == IPPROTO_ICMP) { // ペイロードサイズを取得する // tot_lenはペイロードを含めたIPヘッダのサイズ len = ntohs(iphdr->tot_len) - iphdr->ihl * 4; sum = checksum(ptr, len); // ペイロードのチェックサムを取得する if (sum != 0 && sum != 0xFFFF) { ExitWithBadChecksumError("icmp"); } AnalyzeIcmp(ptr, lest); } else if (iphdr->protocol == IPPROTO_TCP) { // ペイロードサイズを取得する len = ntohs(iphdr->tot_len) - iphdr->ihl * 4; if (checkIPDATAchecksum(iphdr, ptr, len) == 0) { ExitWithBadChecksumError("tcp"); } AnalyzeTcp(ptr, lest); } else if (iphdr->protocol == IPPROTO_UDP) { struct udphdr *udphdr; udphdr = (struct udphdr *) ptr; len = ntohs(iphdr->tot_len) - iphdr->ihl * 4; if (udphdr->check != 0 && checkIPDATAchecksum(iphdr, ptr, len) == 0) { ExitWithBadChecksumError("udp"); } AnalyzeUdp(ptr, lest); } return 0; }
int AnalyzeIp(u_char *data,int size) { u_char *ptr; int lest; struct iphdr *iphdr; u_char *option; int optionLen,len; unsigned short sum; ptr=data; lest=size; if(lest<sizeof(struct iphdr)){ if(fil[2] == 1 || fil[3] == 1 || fil[4] == 1 || fil [6] == 1){ fprintf(stderr,"lest(%d)<sizeof(struct iphdr)\n",lest); } return(-1); } iphdr=(struct iphdr *)ptr; ptr+=sizeof(struct iphdr); lest-=sizeof(struct iphdr); optionLen=iphdr->ihl*4-sizeof(struct iphdr); if(optionLen>0){ if(optionLen>=1500){ if(fil[2] == 1 || fil[3] == 1 || fil[4] == 1 || fil[6] == 1){ fprintf(stderr,"IP optionLen(%d):too big\n",optionLen); } return(-1); } option=ptr; ptr+=optionLen; lest-=optionLen; } if(checkIPchecksum(iphdr,option,optionLen)==0){ fprintf(stderr,"bad ip checksum\n"); return(-1); } if(fil[6] == 1){ PrintIpHeader(iphdr,option,optionLen,stdout); } if(iphdr->protocol==IPPROTO_ICMP){ len=ntohs(iphdr->tot_len)-iphdr->ihl*4; sum=checksum(ptr,len); if(sum!=0&&sum!=0xFFFF){ fprintf(stderr,"bad icmp checksum\n"); return(-1); } AnalyzeIcmp(ptr,lest); } else if(iphdr->protocol==IPPROTO_TCP){ len=ntohs(iphdr->tot_len)-iphdr->ihl*4; if(checkIPDATAchecksum(iphdr,ptr,len)==0){ fprintf(stderr,"bad tcp checksum\n"); return(-1); } AnalyzeTcp(ptr,lest); } else if(iphdr->protocol==IPPROTO_UDP){ struct udphdr *udphdr; udphdr=(struct udphdr *)ptr; len=ntohs(iphdr->tot_len)-iphdr->ihl*4; if(udphdr->check!=0&&checkIPDATAchecksum(iphdr,ptr,len)==0){ fprintf(stderr,"bad udp checksum\n"); return(-1); } AnalyzeUdp(ptr,lest); } return(0); }