📄 ngrep.c

📁 ngrep strives to provide most of GNU grep s common features, applying them to the network layer. ngr
💻 C
📖 第 1 页 / 共 2 页
字号:
上一页 12
      if (fragmented) 	printf(" %s%d@%d:%d\n", frag_offset?"+":"", ntohs(ip_packet->ip_id),	       frag_offset, len);       else printf("\n");      if (pd_dump) {	pcap_dump((u_char*)pd_dump, h, p);	if (!quiet) dump(data, len);      } else dump(data, len);    }  }  break;  case IPPROTO_UDP: {    struct udphdr* udp = (struct udphdr *)(((char *)ip_packet) + ip_hl);    unsigned udphdr_offset = (fragmented)?0:sizeof(struct udphdr);     if (!quiet) {      printf("#");       fflush(stdout);    }    data = ((char*)udp) + udphdr_offset;
   	if ((len = ntohs(ip_packet->ip_len)) < h->caplen) 
		len -= ip_hl + udphdr_offset;
	else len = h->caplen - link_offset - ip_hl - udphdr_offset;

	if (len > limitlen) len = limitlen;

    if (((len || show_empty) && (((int)(*match_func)(data, len)) != invert_match))	|| keep_matching) {       if (!live_read && want_delay)	dump_delay(h);      printf("\nU ");      if (print_time) 	print_time(h);      if (udphdr_offset || !frag_offset) {#ifdef HAVE_DUMB_UDPHDR	printf("%s:%d -", inet_ntoa(ip_packet->ip_src), ntohs(udp->source));	printf("> %s:%d", inet_ntoa(ip_packet->ip_dst), ntohs(udp->dest));#else	printf("%s:%d -", inet_ntoa(ip_packet->ip_src), ntohs(udp->uh_sport));	printf("> %s:%d", inet_ntoa(ip_packet->ip_dst), ntohs(udp->uh_dport));#endif      } else {	printf("%s -", inet_ntoa(ip_packet->ip_src));	printf("> %s", inet_ntoa(ip_packet->ip_dst));      }      if (fragmented) 	printf(" %s%d@%d:%d\n", frag_offset?"+":"", ntohs(ip_packet->ip_id),	       frag_offset, len);       else printf("\n");      if (pd_dump) {	pcap_dump((u_char*)pd_dump, h, p);	if (!quiet) dump(data, len);      } else dump(data, len);    }  }  break;  case IPPROTO_ICMP: {    struct icmp* ic = (struct icmp *)(((char *)ip_packet) + ip_hl);    unsigned icmphdr_offset = fragmented?0:4;    if (!quiet) {      printf("#");       fflush(stdout);    }    data = ((char*)ic) + icmphdr_offset;
   	if ((len = ntohs(ip_packet->ip_len)) < h->caplen) 
		len -= ip_hl + icmphdr_offset;
	else len = h->caplen - link_offset - ip_hl - icmphdr_offset;

	if (len > limitlen) len = limitlen;

    if (((len || show_empty) && (((int)(*match_func)(data, len)) != invert_match))	|| keep_matching) {       if (!live_read && want_delay)	dump_delay(h);      printf("\nI ");      if (print_time) 	print_time(h);      printf("%s -", inet_ntoa(ip_packet->ip_src));      printf("> %s", inet_ntoa(ip_packet->ip_dst));      if (icmphdr_offset || !frag_offset) 	printf(" %d:%d", ic->icmp_type, ic->icmp_code);      if (fragmented) 	printf(" %s%d@%d:%d\n", frag_offset?"+":"", ntohs(ip_packet->ip_id),	       frag_offset, len);       else printf("\n");      if (pd_dump) {	pcap_dump((u_char*)pd_dump, h, p);	if (!quiet) dump(data, len);      } else dump(data, len);    }  }  break;    }  if (match_after && keep_matching)    keep_matching--;}int re_match_func(char *data, int len) {  switch (re_search(&pattern, data, len, 0, len, 0)) {  case -2:     perror("she's dead, jim\n");    clean_exit(-2);  case -1:    return 0;  }    if (max_matches && ++matches > max_matches)    clean_exit(0);  if (match_after && keep_matching != match_after)    keep_matching = match_after;  return 1;}int bin_match_func(char *data, int len) {  int stop = len - match_len;  int i = 0;  if (stop < 0)    return 0;  while (i <= stop)     if (!memcmp(data+(i++), bin_data, match_len)) {      if (max_matches && ++matches > max_matches)	clean_exit(0);      if (match_after && keep_matching != match_after)	keep_matching = match_after;      return 1;    }  return 0;}int blank_match_func(char *data, int len) {  if (max_matches && ++matches > max_matches)    clean_exit(0);  return 1;}void dump(char *data, int len) {    if (len > 0) {    int width = show_hex?16:70;    char *str = data;    int j, i = 0;    while (i < len) {      printf("  ");      if (show_hex) 	for (j = 0; j < width; j++) {	  if (i+j < len) 	    printf("%02x ", (unsigned char)str[j]);	  else printf("   ");	  if ((j+1) % (width/2) == 0)	    printf("   ");	}      for (j = 0; j < width; j++) 	if (i+j < len) 	  printf("%c", isprint(str[j])?str[j]:'.');	else printf(" ");            str += width;      i += j;      printf("\n");    }  }}char *get_filter(char **argv) {  char **arg = argv, *theirs, *mine;  char *from, *to;  int len = 0;  if (!*arg)    return NULL;  while (*arg)     len += strlen(*arg++) + 1;   if (!(theirs = (char*)malloc(len + 1)) ||       !(mine = (char*)malloc(len + sizeof(IP_ONLY))))    return NULL;  memset(theirs, 0, len + 1);  memset(mine, 0, len + sizeof(IP_ONLY));  arg = argv;  to = theirs;  while ((from = *arg++)) {    while ((*to++ = *from++));    *(to-1) = ' ';  }  sprintf(mine, IP_ONLY, theirs);  free(theirs);  return mine;}void clean_exit(int sig) {  struct pcap_stat s;  if (!quiet && sig >= 0) printf("exit\n");  if (pattern.translate) free(pattern.translate);  if (pattern.fastmap) free(pattern.fastmap);  if (bin_data) free(bin_data);    if (!quiet && sig >= 0 && !read_file && pd && !pcap_stats(pd, &s))     printf("%d received, %d dropped\n", s.ps_recv, s.ps_drop);  if (pd) pcap_close(pd);  if (pd_dump) pcap_dump_close(pd_dump);#ifdef WIN32  if (delay_socket) close(delay_socket);  WSACleanup();#endif  exit(sig);}int strishex(char *str) {  char *s;  if ((s = strchr(str, 'x')))     s++;  else s = str;  while (*s)     if (!isxdigit(*s++))      return 0;  return 1;}void print_time_absolute(struct pcap_pkthdr *h) {  struct tm *t = localtime(&h->ts.tv_sec);  printf("%02d/%02d/%02d %02d:%02d:%02d.%06d ",	 t->tm_year+1900, t->tm_mon+1, t->tm_mday, t->tm_hour,	 t->tm_min, t->tm_sec, h->ts.tv_usec);}void print_time_diff(struct pcap_pkthdr *h) {   unsigned secs, usecs;  if (!prev_ts.tv_sec && !prev_ts.tv_usec) {    prev_ts.tv_sec = h->ts.tv_sec;    prev_ts.tv_usec = h->ts.tv_usec;  }  secs = h->ts.tv_sec - prev_ts.tv_sec;  if (h->ts.tv_usec >= prev_ts.tv_usec)    usecs = h->ts.tv_usec - prev_ts.tv_usec;  else {    secs--;     usecs = 1000000 - (prev_ts.tv_usec - h->ts.tv_usec);  }  printf("+%d.%06d ", secs, usecs);  prev_ts.tv_sec = h->ts.tv_sec;  prev_ts.tv_usec = h->ts.tv_usec;}void dump_delay(struct pcap_pkthdr *h) {  unsigned long secs, usecs;  if (!prev_delay_ts.tv_sec && !prev_delay_ts.tv_usec) {    prev_delay_ts.tv_sec = h->ts.tv_sec;    prev_delay_ts.tv_usec = h->ts.tv_usec;  }  secs = h->ts.tv_sec - prev_delay_ts.tv_sec;  if (h->ts.tv_usec >= prev_delay_ts.tv_usec)    usecs = h->ts.tv_usec - prev_delay_ts.tv_usec;  else {    secs--;     usecs = 1000000 - (prev_delay_ts.tv_usec - h->ts.tv_usec);  }#ifdef WIN32  {	    // grevious hack, yes, but windows sucks.  sorry. :(   --jordan    if ((delay_socket = socket(AF_INET, SOCK_STREAM, 6)) == -1) {      fprintf(stderr, "delay socket creation failed, disabling -D\n");      Sleep(3000); // give them time to read the message      want_delay = 0;      return;    }    FD_ZERO(&delay_fds);    FD_SET(delay_socket, &delay_fds);    delay_tv.tv_sec = secs;    delay_tv.tv_usec = usecs;    if (select(0, &delay_fds, 0, 0, &delay_tv) == -1)       fprintf(stdout, "WSAGetLastError = %d\n", WSAGetLastError());    close(delay_socket);    delay_socket = 0; // in case someone ^C's out of me  }#else  sleep(secs);  usleep(usecs);#endif  prev_delay_ts.tv_sec = h->ts.tv_sec;  prev_delay_ts.tv_usec = h->ts.tv_usec;}void usage(int e) {#ifdef WIN32  printf("usage: ngrep <-LhXViwqpevxlDtT> <-IO pcap_dump> <-n num> <-d dev> <-A num>\n"	     "                                <-s snaplen> <-S limitlen> <match expression>\n"		 "                                <bpf filter>\n");
#else  printf("usage: ngrep <-hXViwqevxlDtT> <-IO pcap_dump> <-n num> <-d dev> <-A num>\n"	     "                              <match expression> <bpf filter>\n");#endif  exit(e);}void version(void) {  printf("ngrep: %s\n", ver);  exit(0);}#ifdef WIN32void *GetAdapterFromList(void *device, int index) {  int n = 1;  DWORD dwVersion = GetVersion();  DWORD dwWindowsMajorVersion = (DWORD)(LOBYTE(LOWORD(dwVersion)));  if (dwVersion >= 0x80000000 && dwWindowsMajorVersion >= 4) {    char *t = (char *)device;    while (*t != '\0') {      if (n++ == index)	return t;      while (*t != '\0')	t++;      t++;     }    return NULL;  } else {    wchar_t *t = (wchar_t *)device;    while (*t != '\0') {      if (n++ == index)	return t;      while (*t != '\0')	t++;      t++;     }    return NULL;  }}void PrintDeviceList(void) {  // apparently pcap_lookupdev returns a string that is:  //   1. delimited by nulls  //   2. terminated by a double null  // windows port of libpcap indicates there might  // be a description somewhere, but I couldn't figure out how   // reproduce them.  --jordan  int n = 1;  char *device;  DWORD dwVersion = GetVersion();  DWORD dwWindowsMajorVersion = (DWORD)(LOBYTE(LOWORD(dwVersion)));  if ((device = pcap_lookupdev(pc_err)) == NULL) {    perror(pc_err);    return;  }  if (dwVersion >= 0x80000000 && dwWindowsMajorVersion >= 4) {    const char *t = (char *)device;    printf("interface\tdevice\n");    printf("---------\t------\n");    while (*t != '\0') {      printf("%9d\t", n++);      printf("%s\n", t);      while (*t != '\0')	t++;      t++;     }  } else {               const wchar_t *t = (wchar_t *)device;    printf("interface\tdevice\n");    printf("---------\t------\n");    while (*t != '\0') {      printf("%9d\t", n++);      printf("%S\n", t);      while (*t != '\0')	t++;      t++;     }  }}int init_winsock(void) {  WORD wVersionRequested = MAKEWORD(2, 0);  WSADATA wsaData;  if (WSAStartup(wVersionRequested, &wsaData)) {    fprintf(stderr, "fatal: unable to find a usable winsock\n");    return 0;  }  // we want at least major version 2  if (LOBYTE(wsaData.wVersion) < 2) {    fprintf(stderr, "fatal: unable to find winsock 2.0 or greater (found %d.%d)\n",	    LOBYTE(wsaData.wVersion), HIBYTE(wsaData.wVersion));    WSACleanup();    return 0;  }	  return 1;}	unsigned short swap_int16(short s) {  return (((unsigned short)s & 0xFF) << 8) | ((unsigned short)s >> 8);}#endif
上一页 12
💿 文件大小 196 K
👤 上传用户 sunyuang
📂 所属分类 Internet/网络编程
🏷️ 相关标签

#applying #features #network #strives
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -