📄 parser.cpp
字号:
else if ((version == 3) && (message == IGMP_MEMBERSHIP_REPORT_V3))
{
USHORT numrecs,
numsources,
i, j;
UCHAR rectype, auxdatalen;
hdr += 2; // skip reserved
memcpy(&numrecs, hdr, 2);
numrecs = htons(numrecs);
hdr += 2;
printf(" Number of Group Records: %d\n", numrecs);
for(i=0; i < numrecs ;i++)
{
memcpy(&rectype, hdr, 1);
hdr += 1;
memcpy(&auxdatalen, hdr, 1);
hdr += 1;
memcpy(&numsources, hdr, 2);
numsources = ntohs(numsources);
hdr += 2;
memcpy(&(addr.sin_addr.s_addr), hdr, 4);
hdr += 4;
printf(" Record Type: %d\n", rectype);
printf(" Aux Data Len: %d\n", auxdatalen);
printf(" Source Count: %d\n", numsources);
printf(" Group Addr: %s\n", inet_ntoa(addr.sin_addr));
for(j=0; j < numsources ;j++)
{
memcpy(&(addr.sin_addr.s_addr), hdr, 4);
hdr += 4;
printf(" Source IP: %s\n", inet_ntoa(addr.sin_addr));
}
}
}
return 0;
}
//
// Function: DecodeUDPHeader
//
// Description:
// This function takes a buffer which points to a UDP
// header and prints it out in a readable form.
//
int DecodeUDPHeader(WSABUF *wsabuf, DWORD iphdrlen)
{
BYTE *hdr = (BYTE *)(wsabuf->buf + iphdrlen);
unsigned short shortval,
udp_src_port,
udp_dest_port,
udp_len,
udp_chksum;
memcpy(&shortval, hdr, 2);
udp_src_port = ntohs(shortval);
hdr += 2;
memcpy(&shortval, hdr, 2);
udp_dest_port = ntohs(shortval);
hdr += 2;
memcpy(&shortval, hdr, 2);
udp_len = ntohs(shortval);
hdr += 2;
memcpy(&shortval, hdr, 2);
udp_chksum = ntohs(shortval);
printf(" UDP HEADER\n");
printf(" Source Port: %-05d | Dest Port: %-05d\n",
udp_src_port, udp_dest_port);
printf(" UDP Len: %-05d | ChkSum: 0x%08x\n",
udp_len, udp_chksum);
return 0;
}
//
// Function: DecodeTCPHeader
//
// Description:
// This function takes a buffer pointing to a TCP header
// and prints it out in a readable form.
//
int DecodeTCPHeader(WSABUF *wsabuf, DWORD iphdrlen)
{
BYTE *hdr = (BYTE *)(wsabuf->buf + iphdrlen);
unsigned short shortval;
unsigned int longval;
printf(" TCP HEADER\n");
memcpy(&shortval, hdr, 2);
shortval = ntohs(shortval);
printf(" Src Port : %d\n", shortval);
hdr += 2;
memcpy(&shortval, hdr, 2);
shortval = ntohs(shortval);
printf(" Dest Port : %d\n", shortval);
hdr += 2;
memcpy(&longval, hdr, 4);
longval = ntohl(longval);
printf(" Seq Num : %d\n", longval);
hdr += 4;
memcpy(&longval, hdr, 4);
longval = ntohl(longval);
printf(" ACK Num : %d\n", longval);
hdr += 4;
printf(" Header Len : %d (bytes %d)\n", HI_WORD(*hdr),
(HI_WORD(*hdr) * 4));
memcpy(&shortval, hdr, 2);
shortval = ntohs(shortval) & 0x3F;
printf(" Flags : ");
if (shortval & 0x20)
printf("URG ");
if (shortval & 0x10)
printf("ACK ");
if (shortval & 0x08)
printf("PSH ");
if (shortval & 0x04)
printf("RST ");
if (shortval & 0x02)
printf("SYN ");
if (shortval & 0x01)
printf("FIN ");
printf("\n");
hdr += 2;
memcpy(&shortval, hdr, 2);
shortval = ntohs(shortval);
printf(" Window size: %d\n", shortval);
hdr += 2;
memcpy(&shortval, hdr, 2);
shortval = ntohs(shortval);
printf(" TCP Chksum : %d\n", shortval);
hdr += 2;
memcpy(&shortval, hdr, 2);
shortval = ntohs(shortval);
printf(" Urgent ptr : %d\n", shortval);
return 0;
}
//
// Function: DecodeIPHeader
//
// Description:
// This function takes a pointer to an IP header and prints
// it out in a readable form.
//
int DecodeIPHeader(WSABUF *wsabuf, unsigned int srcip, unsigned short srcport,
unsigned int destip, unsigned short destport)
{
BYTE *hdr = (BYTE *)wsabuf->buf,
*nexthdr = NULL;
unsigned short shortval;
SOCKADDR_IN srcaddr,
destaddr;
unsigned short ip_version,
ip_hdr_len,
ip_tos,
ip_total_len,
ip_id,
ip_flags,
ip_ttl,
ip_frag_offset,
ip_proto,
ip_hdr_chksum,
ip_src_port,
ip_dest_port;
unsigned int ip_src,
ip_dest;
BOOL bPrint = TRUE;
ip_version = HI_WORD(*hdr);
ip_hdr_len = LO_WORD(*hdr) * 4;
nexthdr = (BYTE *)(wsabuf->buf + ip_hdr_len);
hdr++;
ip_tos = *hdr;
hdr++;
memcpy(&shortval, hdr, 2);
ip_total_len = ntohs(shortval);
hdr += 2;
memcpy(&shortval, hdr, 2);
ip_id = ntohs(shortval);
hdr += 2;
ip_flags = ((*hdr) >> 5);
memcpy(&shortval, hdr, 2);
ip_frag_offset = ((ntohs(shortval)) & 0x1FFF);
hdr += 2;
ip_ttl = *hdr;
hdr++;
ip_proto = *hdr;
hdr++;
memcpy(&shortval, hdr, 2);
ip_hdr_chksum = ntohs(shortval);
hdr += 2;
memcpy(&srcaddr.sin_addr.s_addr, hdr, 4);
ip_src = ntohl(srcaddr.sin_addr.s_addr);
hdr += 4;
memcpy(&destaddr.sin_addr.s_addr, hdr, 4);
ip_dest = ntohl(destaddr.sin_addr.s_addr);
hdr += 4;
//
// If packet is UDP, TCP, or IGMP read ahead and
// get the port values.
//
if (((ip_proto == 2) ||
(ip_proto == 6) ||
(ip_proto == 17)) &&
bFilter)
{
memcpy(&ip_src_port, nexthdr, 2);
ip_src_port = ntohs(ip_src_port);
memcpy(&ip_dest_port, nexthdr+2, 2);
ip_dest_port = ntohs(ip_dest_port);
if ((srcip == ip_src) ||
(srcport == ip_src_port) ||
(destip == ip_dest) ||
(destport == ip_dest_port))
{
bPrint = TRUE;
}
else
{
bPrint = FALSE;
}
}
else if (bFilter)
bPrint = FALSE;
// Print IP Hdr
//
if (bPrint)
{
printf("IP HEADER\n");
printf(" IP Version: %-10d | IP Header Len: %2d bytes | IP TOS: %X%X (hex)\n",
ip_version, ip_hdr_len, HI_WORD(ip_tos), LO_WORD(ip_tos));
printf(" IP Total Len: %-05d bytes | Identification: 0x%08X | IP Flags: %X (hex)\n",
ip_total_len, ip_id, ip_flags);
printf(" Frag Offset: 0x%08X | TTL: %-10d | Protocol: %-10s \n",
ip_frag_offset, ip_ttl, szProto[ip_proto]);
printf(" Hdr Checksum: 0x%08X\n", ip_hdr_chksum);
printf(" Src Addr: %-15s\n", inet_ntoa(srcaddr.sin_addr));
printf(" Dest Addr: %-15s\n", inet_ntoa(destaddr.sin_addr));
}
else
return ip_hdr_len;
switch (ip_proto)
{
case 2: // IGMP
DecodeIGMPHeader(wsabuf, ip_hdr_len, ip_total_len);
break;
case 6: // TCP
DecodeTCPHeader(wsabuf, ip_hdr_len);
break;
case 17: // UDP
DecodeUDPHeader(wsabuf, ip_hdr_len);
break;
default:
printf(" No decoder installed for protocol\n");
break;
}
printf("\n");
return ip_hdr_len;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -