icmp.c

Nast是一个基于Libnet 和Libpcap的sniffer包和LAN分析器。它可以在通常模式或混合模式下检查通过网络接口的数据包

/*
    nast

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

*/

#include "include/nast.h"

void handle_ICMP (u_short d, u_short x, FILE *output, FILE *ldd)
{
   struct libnet_ipv4_hdr *ip;
   struct libnet_icmpv4_hdr *icmp;
   u_short size_ip, size_icmp, size_buf;

   size_ip = LIBNET_IPV4_H;
   size_icmp = LIBNET_ICMPV4_H; /* base ICMP header lenght */
   size_buf = 0;
   
   ip = (struct libnet_ipv4_hdr *) (packet+offset);
   icmp = (struct libnet_icmpv4_hdr *) (packet+size_ip+offset);

   fprintf(output, "\n---[ ICMP ]----------------------------------------------------------\n");
   fprintf(output, "%s -> %s\n", inet_ntoa(ip->ip_src), inet_ntoa(ip->ip_dst));
   fprintf(output, "Version: %d\t", ip->ip_v);
   fprintf(output, "Lenght: %d\t", ntohs(ip->ip_len));
   fprintf(output, "TTL: %d\n", ip->ip_ttl);
   fprintf(output, "Type: ");

   switch((icmp->icmp_type))
     {
      case 0:
	fprintf(output, "Echo reply\n");
	size_icmp+=4;
	break;
      case 3:
	fprintf(output, "Dest_unreach: ");
	size_icmp+=4;
	switch (icmp->icmp_code)
	  {
	   case 0:
	     fprintf(output, "Network Unreachable\n");
	     break;
	   case 1:
	     fprintf(output, "Host Unreachable\n");
	     break;
	   case 2:
	     fprintf(output, "Protocol Unreachable\n");
	     break;
	   case 3:
	     fprintf(output, "Port Unreachable\n");
	     break;
	   case 4:
	     fprintf(output, "Fragmentation neded (DF)\n");
	     break;
	   case 5:
	     fprintf(output, "Source route failed\n");
	     break;
	   case 6:
	     fprintf(output, "Destination network unknown\n");
	     break;
	   case 7:
	     fprintf(output, "Destination host unknown\n");
	     break;
	   case 8:
	     fprintf(output, "Source host isolated\n");
	     break;
	   case 9:
	     fprintf(output, "Destination network administratively prohibited\n");
	     break;
	   case 10:
	     fprintf(output, "Destination host administratively prohibited\n");
	     break;
	   case 11:
	     fprintf(output, "Network unreacjable(tOS)\n");
	     break;
	   case 12:
	     fprintf(output, "Host Unreachable (tOS)\n");
	     break;
	   case 13:
	     fprintf(output, "Communication administratively prohibited\n");
	     break;
	   case 14:
	     fprintf(output, "Host precedence violation\n");
	     break;
	   case 15:
	     fprintf(output, "Precedence cutoff in effect\n");
	     break;
	   default:
	     fprintf(output, "Unknown - error?\n");
	     break;
	  }
	break;
      case 4:
	fprintf(output, "Source quench\n");
	size_icmp+=4;
	break;
      case 5:
	fprintf(output, "Redirect: ");
	size_icmp+=4;
	switch(icmp->icmp_code)
	  {
	   case 0:
	     fprintf(output, "Redirect for network\n");
	     break;
	   case 1:
	     fprintf(output, "Redirect for host\n");
	     break;
	   case 2:
	     fprintf(output, "Redircet for tos & network\n");
	     break;
	   case 3:
	     fprintf(output, "Redirect for tos & host\n");
	     break;
	   default:
	     fprintf(output, "Unknown - error?\n");
	     break;

	  }
	break;
      case 8:
	fprintf(output, "Echo request\n");
	size_icmp+=4;
	break;
      case 11:
	fprintf(output, "Time exceeded: ");
	size_icmp+=4;
	switch (icmp->icmp_code)
	  {
	   case 0:
	     fprintf(output, "TTL (0) during transit\n");
	     break;
	   case 1:
	     fprintf(output,"TTL (0) during reassembly\n");
	     break;
	   default:
	     fprintf(output, "Unknown - error?\n");
	     break;
	  }
	break;
      case 12:
	fprintf(output, "Parameter problem: ");
	switch (icmp->icmp_code)
	  {
	   case 0:
	     fprintf(output, "IP header bad\n");
	     break;
	   case 1:
	     fprintf(output, "Requiring option missing\n");
	     break;
	  }
	break;
      case 13:
	fprintf(output, "Timestamp\n");
	size_icmp+=16;
	break;
      case 14:
	fprintf(output, "Timestamp reply\n");
	size_icmp+=16;
	break;
      case 15:
	fprintf(output, "Information\n");
	break;
      case 16:
	fprintf(output, "Information reply\n");
	break;
      case 17:
	fprintf(output, "Address mask\n");
	size_icmp+=8;
	break;
      case 18:
	fprintf(output,"Address mask reply\n");
	size_icmp+=8;
	break;
      default:
	fprintf(output, "%i\n", icmp->icmp_type);
	break;
     }

   size_buf = ntohs(ip->ip_len) - size_ip - size_icmp;

   if (size_buf)
     {
	buf = (char *) (packet + size_ip + size_icmp + offset);

	if (d)
	  {
	     fprintf(output, "\n---[ ICMP Data ]-----------------------------------------------------\n");
	     data_sniffo (buf, size_buf, output);
	     fprintf (output, "\n");
	  }

	if (x)
	  {
	     fprintf(output, "\n---[ ICMP Hex-Ascii Data ]-------------------------------------------");
	     print_ascii_hex (buf, size_buf, output);
	     fprintf(output, "\n");
	  }

        /* log data (payload only) */
	if (ldd)
	  {
	     fprintf(ldd, "%s -> %s ICMP\n", inet_ntoa(ip->ip_src), inet_ntoa(ip->ip_dst));
       	     data_sniffo (buf, size_buf, ldd);
	     fprintf(ldd, "\n");

	  }
     }
}