void caught_packet(u_char *user_args, const struct pcap_pkthdr *cap_header, const u_char *packet) {
int tcp_header_length, total_header_size, pkt_data_len;
u_char *pkt_data;
int total_header_size2;
//structs of the packet (different protocol headers)
struct ether_header *ETHERheader;
struct ip *IPheader;
struct tcphdr *TCPheader;
//copy of the packet
char * packet_copy;
packet_copy = malloc(cap_header->len);
if (packet_copy <= 0 )
exit(-1);
memcpy(packet_copy,packet,cap_header->len);
printf("==== Got a %d byte packet ====\n", cap_header->len);
decode_ethernet(packet,ETHERheader,packet_copy);
decode_ip(packet+ETHER_HDR_LEN,IPheader,packet_copy+ETHER_HDR_LEN);
tcp_header_length = decode_tcp(packet+ETHER_HDR_LEN+sizeof(struct ip_hdr),TCPheader, packet_copy+ETHER_HDR_LEN+sizeof(struct ip));
total_header_size = ETHER_HDR_LEN+sizeof(struct ip_hdr)+tcp_header_length;
total_header_size2 = ETHER_HDR_LEN+sizeof(struct ip)+tcp_header_length;
printf("total_header_size:%d \n total_header_size2:%d \n",total_header_size,total_header_size2);
pkt_data = (u_char *)packet + total_header_size; // pkt_data points to the data portion
pkt_data_len = cap_header->len - total_header_size;
if(pkt_data_len > 0) {
printf("\t\t\t%u bytes of packet data\n", pkt_data_len);
//dump(pkt_data, pkt_data_len);
dump(packet, cap_header->len);
} else {
printf("\t\t\tNo Packet Data\n");
dump(packet, cap_header->len);
}
printf("before ipspoof3\n");
//ipspoof3( inet_ntoa(IPheader->ip_src), inet_ntoa(IPheader->ip_dst), "0022433967e9",ETHERheader,IPheader,TCPheader,(u_char *)packet_copy + total_header_size, pkt_data_len);
ipspoof4( "", "192.168.1.13", "701a04d83403", (char *)packet, cap_header->len);
printf(" after ipspoof3 \n");
free(packet_copy);
}
void caught_packet(u_char *user_args, const struct pcap_pkthdr *cap_header, const u_char *packet) {
int tcp_header_length, total_header_size, pkt_data_len;
u_char *pkt_data;
printf("==== %d バイトのパケットを取得しました ====\n", cap_header->len);
decode_ethernet(packet);
decode_ip(packet+ETHER_HDR_LEN);
tcp_header_length = decode_tcp(packet+ETHER_HDR_LEN+sizeof(struct ip_hdr));
total_header_size = ETHER_HDR_LEN+sizeof(struct ip_hdr)+tcp_header_length;
pkt_data = (u_char *)packet + total_header_size; // pkt_dataはデータ部分を指す
pkt_data_len = cap_header->len - total_header_size;
if(pkt_data_len > 0) {
printf("\t\t\t%u バイトのパケットデータ\n", pkt_data_len);
dump(pkt_data, pkt_data_len);
} else
printf("\t\t\tパケットデータがありません\n");
}
/* main processing function */
void proc_packet(const u_char *data, u_int size)
{
struct ip_stat istat;
u_int data_offs;
u_int tcp_hdr_sz;
u_int udp_hdr_sz;
/* print captured bytes */
printf("\n\nBytes Captured = [ %d ]\n", size);
/* print L2 information */
decode_ethernet(data);
/* obtain IP protocol number for further decoding */
decode_ip(data + ETHER_HDR_LEN, &istat);
switch(istat.ip_prot) {
case 1:
decode_icmp(data + ETHER_HDR_LEN + istat.ip_len);
data_offs = ETHER_HDR_LEN + istat.ip_len;
break;
case 6:
tcp_hdr_sz = decode_tcp(data + ETHER_HDR_LEN + istat.ip_len);
data_offs = ETHER_HDR_LEN + istat.ip_len + tcp_hdr_sz;
break;
case 17:
udp_hdr_sz = decode_udp(data + ETHER_HDR_LEN + istat.ip_len);
data_offs = ETHER_HDR_LEN + istat.ip_len + udp_hdr_sz;
break;
default:
break;
}
/* print raw encapsulated data */
praw(data + data_offs, size);
}
void update_st_stats(struct pkt_record *pkt)
{
struct pkt_record *table_entry;
struct pkt_list_entry *ple, *tmp, *titer;
struct timeval max_age = {.tv_sec = 0, .tv_usec = 5E5 };
/* maintain a long-term history of packets */
ple = malloc(sizeof(struct pkt_list_entry));
ple->pkt = *pkt;
DL_APPEND(st_pkt_list_head, ple);
DL_FOREACH_SAFE(st_pkt_list_head, titer, tmp)
{
if (has_aged(ple, titer, max_age)) {
HASH_FIND(hh, st_flow_table, &(titer->pkt.flow),
sizeof(struct flow), table_entry);
assert(table_entry);
table_entry->len -= titer->pkt.len;
if (0 == table_entry->len) {
HASH_DEL(st_flow_table, table_entry);
}
DL_DELETE(st_pkt_list_head, titer);
free(titer);
} else {
break;
}
}
/* Update the flow accounting table */
/* id already in the hash? */
HASH_FIND(hh, st_flow_table, &(pkt->flow), sizeof(struct flow),
table_entry);
if (!table_entry) {
table_entry =
(struct pkt_record *)malloc(sizeof(struct pkt_record));
memset(table_entry, 0, sizeof(struct pkt_record));
memcpy(table_entry, pkt, sizeof(struct pkt_record));
HASH_ADD(hh, st_flow_table, flow, sizeof(struct flow),
table_entry);
} else {
table_entry->len += pkt->len;
}
HASH_SORT(st_flow_table, bytes_cmp);
}
void update_lt_stats(struct pkt_record *pkt)
{
struct pkt_record *table_entry;
struct pkt_list_entry *ple, *tmp, *titer;
struct timeval max_age = {.tv_sec = 60, .tv_usec = 0 };
/* maintain a long-term history of packets */
ple = malloc(sizeof(struct pkt_list_entry));
ple->pkt = *pkt;
DL_APPEND(lt_pkt_list_head, ple);
DL_FOREACH_SAFE(lt_pkt_list_head, titer, tmp)
{
if (has_aged(ple, titer, max_age)) {
HASH_FIND(hh, lt_flow_table, &(titer->pkt.flow),
sizeof(struct flow), table_entry);
assert(table_entry);
table_entry->len -= titer->pkt.len;
if (0 == table_entry->len) {
HASH_DEL(lt_flow_table, table_entry);
}
DL_DELETE(lt_pkt_list_head, titer);
free(titer);
} else {
break;
}
}
/* Update the flow accounting table */
/* id already in the hash? */
HASH_FIND(hh, lt_flow_table, &(pkt->flow), sizeof(struct flow),
table_entry);
if (!table_entry) {
table_entry =
(struct pkt_record *)malloc(sizeof(struct pkt_record));
memset(table_entry, 0, sizeof(struct pkt_record));
memcpy(table_entry, pkt, sizeof(struct pkt_record));
HASH_ADD(hh, lt_flow_table, flow, sizeof(struct flow),
table_entry);
} else {
table_entry->len += pkt->len;
}
HASH_SORT(lt_flow_table, bytes_cmp);
}
void update_stats_tables(struct pkt_record *pkt)
{
update_st_stats(pkt);
update_lt_stats(pkt);
}
void handle_packet(uint8_t *user, const struct pcap_pkthdr *pcap_hdr,
const uint8_t *wirebits)
{
static const struct pkt_record ZeroPkt = { 0 };
struct pkt_record *pkt;
char errstr[DECODE_ERRBUF_SIZE];
pkt = malloc(sizeof(struct pkt_record));
*pkt = ZeroPkt;
if (0 == decode_ethernet(pcap_hdr, wirebits, pkt, errstr)) {
update_stats_tables(pkt);
} else {
mvprintw(ERR_LINE_OFFSET, 0, "%-80s", errstr);
}
free(pkt);
}
void grab_packets(int fd, pcap_t *handle)
{
struct timespec timeout_ts = {.tv_sec = 0, .tv_nsec = 1E8 };
struct pollfd fds[] = {
{.fd = fd, .events = POLLIN, .revents = POLLHUP }
};
int ch;
while (1) {
if (ppoll(fds, 1, &timeout_ts, NULL)) {
pcap_dispatch(handle, 10000, handle_packet, NULL);
}
if ((ch = getch()) == ERR) {
/* normal case - no input */
;
} else {
switch (ch) {
case 'q':
endwin(); /* End curses mode */
return;
}
}
print_top_n(5);
refresh(); /* ncurses screen update */
}
}
void init_curses()
{
initscr(); /* Start curses mode */
raw(); /* Line buffering disabled */
keypad(stdscr, TRUE); /* We get F1, F2 etc.. */
noecho(); /* Don't echo() while we do getch */
nodelay(stdscr, TRUE);
}
