示例#1
0
int
main(int argc, char *argv[])
{
    struct hooks_t hooks;
    struct files_t files;
    //int c;

    /* TODO: Parse command line arguments */
    parse_commandline(argc, argv);
    
    /* TODO: Initialize hooks and files lists */
    TAILQ_INIT(&hooks);
    TAILQ_INIT(&files);
        
    /* TODO: Load hooks */
    set_hooks(&hooks);
    
     // TODO: Continuously check directory and timestamps
    //while(true){
        char *timestamp = timestamp_string();
        check_directory(directory, &hooks, &files, recursive,(time_t) timestamp);
        sleep(1);
    //}
    
    return (EXIT_SUCCESS);
}
示例#2
0
/* dump_UDP_packet()
 *
 * This routine parses a packet, expecting Ethernet, IP, and UDP headers.
 * It extracts the UDP source and destination port numbers along with the UDP
 * packet length by casting structs over a pointer that we move through
 * the packet.  We can do this sort of casting safely because libpcap
 * guarantees that the pointer will be aligned.
 *
 * The "ts" argument is the timestamp associated with the packet.
 *
 * Note that "capture_len" is the length of the packet *as captured by the
 * tracing program*, and thus might be less than the full length of the
 * packet.  However, the packet pointer only holds that much data, so
 * we have to be careful not to read beyond it.
 */
void dump_UDP_packet(const unsigned char *packet, struct timeval ts,
        unsigned int capture_len)
{
    struct ip *ip;
    struct UDP_hdr *udp;
    unsigned int IP_header_length;

    /* For simplicity, we assume Ethernet encapsulation. */

    if (capture_len < sizeof(struct ether_header))
    {
        /* We didn't even capture a full Ethernet header, so we
         * can't analyze this any further.
         */
        too_short(ts, "Ethernet header");
        return;
    }

    /* Skip over the Ethernet header. */
    packet += sizeof(struct ether_header);
    capture_len -= sizeof(struct ether_header);

    if (capture_len < sizeof(struct ip))
    { /* Didn't capture a full IP header */
        too_short(ts, "IP header");
        return;
    }

    ip = (struct ip*) packet;
    IP_header_length = ip->ip_hl * 4;       /* ip_hl is in 4-byte words */

    if (capture_len < IP_header_length)
    { /* didn't capture the full IP header including options */
        too_short(ts, "IP header with options");
        return;
    }

    if (ip->ip_p != IPPROTO_UDP)
    {
        problem_pkt(ts, "non-UDP packet");
        return;
    }

    /* Skip over the IP header to get to the UDP header. */
    packet += IP_header_length;
    capture_len -= IP_header_length;

    if (capture_len < sizeof(struct UDP_hdr))
    {
        too_short(ts, "UDP header");
        return;
    }

    udp = (struct UDP_hdr*) packet;

    printf("%s UDP src_port=%d dst_port=%d length=%d\n", 
            timestamp_string(ts), ntohs(udp->uh_sport), 
            ntohs(udp->uh_dport), ntohs(udp->uh_ulen));
}
示例#3
0
void too_short(struct timeval ts, const char *truncated_hdr)
	{
	fprintf(stderr, "packet with timestamp %s is truncated and lacks a full %s\n",
		timestamp_string(ts), truncated_hdr);
	}
示例#4
0
void problem_pkt(struct timeval ts, const char *reason)
	{
	fprintf(stderr, "%s: %s\n", timestamp_string(ts), reason);
	}
示例#5
0
void dump_TCP_packet(const unsigned char *packet, struct timeval ts,
        unsigned int capture_len)
{
    struct ip *ip;
    struct TCP_hdr *tcp;
    unsigned int IP_header_length;
    unsigned int TCP_hdr_len = sizeof(struct TCP_hdr);

    /* For simplicity, we assume Ethernet encapsulation. */

    if (capture_len < sizeof(struct ether_header))
    {
        /* We didn't even capture a full Ethernet header, so we
         * can't analyze this any further.
         */
        too_short(ts, "Ethernet header");
        return;
    }

    /* Skip over the Ethernet header. */
    packet += sizeof(struct ether_header);
    capture_len -= sizeof(struct ether_header);

    if (capture_len < sizeof(struct ip))
    { /* Didn't capture a full IP header */
        too_short(ts, "IP header");
        return;
    }

    ip = (struct ip*) packet;
    IP_header_length = ip->ip_hl * 4;       /* ip_hl is in 4-byte words */

    if (capture_len < IP_header_length)
    { /* didn't capture the full IP header including options */
        too_short(ts, "IP header with options");
        return;
    }

    if (ip->ip_p != IPPROTO_TCP)
    {
        problem_pkt(ts, "non-TCP packet");
        return;
    }

    /* Skip over the IP header to get to the UDP header.*/
    packet += IP_header_length;
    capture_len -= IP_header_length;

    if (capture_len < sizeof(struct TCP_hdr))
    {
        too_short(ts, "TCP header");
        return;
    }

    tcp = (struct TCP_hdr*) packet;

    printf("%s UDP src_port=%d dst_port=%d length=%d\n", 
            timestamp_string(ts), ntohs(tcp->th_sport), 
            ntohs(tcp->th_dport), ntohs(tcp->th_seqnum));
    switch(ntohs(udp->uh_sport))
    {
        case TELNET:
            //Source port telnet
            packet += TCP_hdr_len;
            capture_len -= t TCP_hdr;
            process_telnet(packet, capture_len);
            break;
        case HTTP:
            break;
        default:
            //Unknown source port
            break;
    }
    switch(ntohs(udp->uh_dport))
    {
        case TELNET:
            //Dest port telnet
            break;
        case HTTP:
            break;
        default:
            //Unknown dest port
            break;
    }
}