📄 log.c
字号:
void PrintArpHeader(FILE * fp, Packet * p)
{
struct in_addr ip_addr;
char timestamp[23];
bzero((char *) timestamp, 23);
ts_print((struct timeval *) & p->pkth->ts, timestamp);
/* dump the timestamp */
fwrite(timestamp, 22, 1, fp);
if(ntohs(p->ah->ea_hdr.ar_pro) != ETHERNET_TYPE_IP)
{
fprintf(fp, "ARP #%d for protocol #%.4X (%d) hardware #%d (%d)\n",
ntohs(p->ah->ea_hdr.ar_op), ntohs(p->ah->ea_hdr.ar_pro),
p->ah->ea_hdr.ar_pln, ntohs(p->ah->ea_hdr.ar_hrd),
p->ah->ea_hdr.ar_hln);
return;
}
switch(ntohs(p->ah->ea_hdr.ar_op))
{
case ARPOP_REQUEST:
bcopy((void *)p->ah->arp_tpa, (void *) &ip_addr, sizeof(ip_addr));
fprintf(fp, "ARP who-has %s", inet_ntoa(ip_addr));
if(memcmp((char *) ezero, (char *) p->ah->arp_tha, 6) != 0)
{
fprintf(fp, " (%X:%X:%X:%X:%X:%X)", p->ah->arp_tha[0],
p->ah->arp_tha[1], p->ah->arp_tha[2], p->ah->arp_tha[3],
p->ah->arp_tha[4], p->ah->arp_tha[5]);
}
bcopy((void *)p->ah->arp_spa, (void *) &ip_addr, sizeof(ip_addr));
fprintf(fp, " tell %s", inet_ntoa(ip_addr));
if(memcmp((char *) p->eh->ether_src, (char *) p->ah->arp_sha, 6) != 0)
{
fprintf(fp, " (%X:%X:%X:%X:%X:%X)", p->ah->arp_sha[0],
p->ah->arp_sha[1], p->ah->arp_sha[2], p->ah->arp_sha[3],
p->ah->arp_sha[4], p->ah->arp_sha[5]);
}
break;
case ARPOP_REPLY:
bcopy((void *)p->ah->arp_spa, (void *) &ip_addr, sizeof(ip_addr));
fprintf(fp, "ARP reply %s", inet_ntoa(ip_addr));
if(memcmp((char *) p->eh->ether_src, (char *) p->ah->arp_sha, 6) != 0)
{
fprintf(fp, " (%X:%X:%X:%X:%X:%X)", p->ah->arp_sha[0],
p->ah->arp_sha[1], p->ah->arp_sha[2], p->ah->arp_sha[3],
p->ah->arp_sha[4], p->ah->arp_sha[5]);
}
fprintf(fp, " is-at %X:%X:%X:%X:%X:%X", p->ah->arp_sha[0],
p->ah->arp_sha[1], p->ah->arp_sha[2], p->ah->arp_sha[3],
p->ah->arp_sha[4], p->ah->arp_sha[5]);
if(memcmp((char *) p->eh->ether_dst, (char *) p->ah->arp_tha, 6) != 0)
{
fprintf(fp, " (%X:%X:%X:%X:%X:%X)", p->ah->arp_tha[0],
p->ah->arp_tha[1], p->ah->arp_tha[2], p->ah->arp_tha[3],
p->ah->arp_tha[4], p->ah->arp_tha[5]);
}
break;
case ARPOP_RREQUEST:
fprintf(fp, "RARP who-is %X:%X:%X:%X:%X:%X tell %X:%X:%X:%X:%X:%X",
p->ah->arp_tha[0], p->ah->arp_tha[1], p->ah->arp_tha[2],
p->ah->arp_tha[3], p->ah->arp_tha[4], p->ah->arp_tha[5],
p->ah->arp_sha[0], p->ah->arp_sha[1], p->ah->arp_sha[2],
p->ah->arp_sha[3], p->ah->arp_sha[4], p->ah->arp_sha[5]);
break;
case ARPOP_RREPLY:
bcopy((void *)p->ah->arp_tpa, (void *) &ip_addr, sizeof(ip_addr));
fprintf(fp, "RARP reply %X:%X:%X:%X:%X:%X at %s",
p->ah->arp_tha[0], p->ah->arp_tha[1], p->ah->arp_tha[2],
p->ah->arp_tha[3], p->ah->arp_tha[4], p->ah->arp_tha[5],
inet_ntoa(ip_addr));
break;
default:
fprintf(fp, "Unknown operation: %d", ntohs(p->ah->ea_hdr.ar_op));
break;
}
fprintf(fp, "\n\n");
}
/****************************************************************************
*
* Function: PrintIPHeader(FILE *)
*
* Purpose: Dump the IP header info to the specified stream
*
* Arguments: fp => stream to print to
*
* Returns: void function
*
***************************************************************************/
void PrintIPHeader(FILE * fp, Packet * p)
{
if(p->iph == NULL)
{
fprintf(fp, "IP header truncated\n");
return;
}
if(p->frag_flag)
{
/* just print the straight IP header */
fputs(inet_ntoa(p->iph->ip_src), fp);
fwrite(" -> ", 4, 1, fp);
fputs(inet_ntoa(p->iph->ip_dst), fp);
}
else
{
if(p->iph->ip_proto != IPPROTO_TCP && p->iph->ip_proto != IPPROTO_UDP)
{
/* just print the straight IP header */
fputs(inet_ntoa(p->iph->ip_src), fp);
fwrite(" -> ", 4, 1, fp);
fputs(inet_ntoa(p->iph->ip_dst), fp);
}
else
{
if(!pv.obfuscation_flag)
{
/* print the header complete with port information */
fputs(inet_ntoa(p->iph->ip_src), fp);
fprintf(fp, ":%d -> ", p->sp);
fputs(inet_ntoa(p->iph->ip_dst), fp);
fprintf(fp, ":%d", p->dp);
}
else
{
/* print the header complete with port information */
fprintf(fp, "xxx.xxx.xxx.xxx:%d -> xxx.xxx.xxx.xxx:%d", p->sp, p->dp);
}
}
}
if(!pv.show2hdr_flag)
{
fputc('\n', fp);
}
else
{
fputc(' ', fp);
}
fprintf(fp, "%s TTL:%d TOS:0x%X ID:%d IpLen:%d DgmLen:%d",
protocol_names[p->iph->ip_proto],
p->iph->ip_ttl,
p->iph->ip_tos,
ntohs(p->iph->ip_id),
p->iph->ip_hlen << 2, ntohs(p->iph->ip_len));
/* print the reserved bit if it's set */
if(p->rf)
{
fprintf(fp, " RB");
}
/* printf more frags/don't frag bits */
if(p->df)
fprintf(fp, " DF");
if(p->mf)
fprintf(fp, " MF");
fputc('\n', fp);
/* print IP options */
if(p->ip_option_count != 0)
{
PrintIpOptions(fp, p);
}
/* print fragment info if necessary */
if(p->frag_flag)
{
fprintf(fp, "Frag Offset: 0x%X Frag Size: 0x%X",
(p->frag_offset & 0xFFFF), p->dsize);
fputc('\n', fp);
}
}
/****************************************************************************
*
* Function: PrintTCPHeader(FILE *)
*
* Purpose: Dump the TCP header info to the specified stream
*
* Arguments: fp => file stream to print data to
*
* Returns: void function
*
***************************************************************************/
void PrintTCPHeader(FILE * fp, Packet * p)
{
char tcpFlags[9];
if(p->tcph == NULL)
{
fprintf(fp, "TCP header truncated\n");
return;
}
/* print TCP flags */
CreateTCPFlagString(p, tcpFlags);
fwrite(tcpFlags, 8, 1, fp); /* We don't care about the NULL */
/* print other TCP info */
fprintf(fp, " Seq: 0x%lX Ack: 0x%lX Win: 0x%X TcpLen: %d",
(u_long) ntohl(p->tcph->th_seq),
(u_long) ntohl(p->tcph->th_ack),
ntohs(p->tcph->th_win), p->tcph->th_off << 2);
if((p->tcph->th_flags & TH_URG) != 0)
{
fprintf(fp, " UrgPtr: 0x%X\n", (u_int16_t) ntohs(p->tcph->th_urp));
}
else
{
fputc((int) '\n', fp);
}
/* dump the TCP options */
if(p->tcp_option_count != 0)
{
PrintTcpOptions(fp, p);
}
}
/* Input is packet and an nine-byte (including NULL) character array. Results
* are put into the character array.
*/
void CreateTCPFlagString(Packet * p, char *flagBuffer)
{
memset(flagBuffer, '\0', 9);
/* parse TCP flags */
*flagBuffer++ = (p->tcph->th_flags & TH_RES1) ? '1' : '*';
*flagBuffer++ = (p->tcph->th_flags & TH_RES2) ? '2' : '*';
*flagBuffer++ = (p->tcph->th_flags & TH_URG) ? 'U' : '*';
*flagBuffer++ = (p->tcph->th_flags & TH_ACK) ? 'A' : '*';
*flagBuffer++ = (p->tcph->th_flags & TH_PUSH) ? 'P' : '*';
*flagBuffer++ = (p->tcph->th_flags & TH_RST) ? 'R' : '*';
*flagBuffer++ = (p->tcph->th_flags & TH_SYN) ? 'S' : '*';
*flagBuffer++ = (p->tcph->th_flags & TH_FIN) ? 'F' : '*';
};
/****************************************************************************
*
* Function: PrintUDPHeader(FILE *)
*
* Purpose: Dump the UDP header to the specified file stream
*
* Arguments: fp => file stream
*
* Returns: void function
*
***************************************************************************/
void PrintUDPHeader(FILE * fp, Packet * p)
{
if(p->udph == NULL)
{
fprintf(fp, "UDP header truncated\n");
return;
}
/* not much to do here... */
fprintf(fp, "Len: %d\n", ntohs(p->udph->uh_len));
}
/****************************************************************************
*
* Function: PrintICMPHeader(FILE *)
*
* Purpose: Print ICMP header
*
* Arguments: fp => file stream
*
* Returns: void function
*
***************************************************************************/
void PrintICMPHeader(FILE * fp, Packet * p)
{
if(p->icmph == NULL)
{
fprintf(fp, "ICMP header truncated\n");
return;
}
fprintf(fp, "Type:%d Code:%d ", p->icmph->type, p->icmph->code);
switch(p->icmph->type)
{
case ICMP_ECHOREPLY:
fprintf(fp, "ID:%d Seq:%d ", ntohs(p->ext->id), ntohs(p->ext->seqno));
fwrite("ECHO REPLY\n", 10, 1, fp);
break;
case ICMP_DEST_UNREACH:
fwrite("DESTINATION UNREACHABLE: ", 25, 1, fp);
switch(p->icmph->code)
{
case ICMP_NET_UNREACH:
fwrite("NET UNREACHABLE", 15, 1, fp);
break;
case ICMP_HOST_UNREACH:
fwrite("HOST UNREACHABLE", 16, 1, fp);
break;
case ICMP_PROT_UNREACH:
fwrite("PROTOCOL UNREACHABLE", 20, 1, fp);
break;
case ICMP_PORT_UNREACH:
fwrite("PORT UNREACHABLE", 16, 1, fp);
break;
case ICMP_FRAG_NEEDED:
fwrite("FRAGMENTATION NEEDED", 20, 1, fp);
break;
case ICMP_SR_FAILED:
fwrite("SOURCE ROUTE FAILED", 19, 1, fp);
break;
case ICMP_NET_UNKNOWN:
fwrite("NET UNKNOWN", 11, 1, fp);
break;
case ICMP_HOST_UNKNOWN:
fwrite("HOST UNKNOWN", 12, 1, fp);
break;
case ICMP_HOST_ISOLATED:
fwrite("HOST ISOLATED", 13, 1, fp);
break;
case ICMP_NET_ANO:
fwrite("NET ANO", 7, 1, fp);
break;
case ICMP_HOST_ANO:
fwrite("HOST ANO", 8, 1, fp);
break;
case ICMP_NET_UNR_TOS:
fwrite("NET UNREACHABLE TOS", 19, 1, fp);
break;
case ICMP_HOST_UNR_TOS:
fwrite("HOST UNREACHABLE TOS", 20, 1, fp);
break;
case ICMP_PKT_FILTERED:
fwrite("PACKET FILTERED", 15, 1, fp);
break;
case ICMP_PREC_VIOLATION:
fwrite("PREC VIOLATION", 14, 1, fp);
break;
case ICMP_PREC_CUTOFF:
fwrite("PREC CUTOFF", 12, 1, fp);
break;
default:
fwrite("UNKNOWN", 7, 1, fp);
break;
}
{
Packet orig_p;
bzero((char *) &orig_p, sizeof(Packet));
orig_p.iph = p->orig_iph;
orig_p.tcph = p->orig_tcph;
orig_p.udph = p->orig_udph;
orig_p.sp = p->orig_sp;
orig_p.dp = p->orig_dp;
if(orig_p.iph != NULL)
{
fprintf(fp, "\n** ORIGINAL DATAGRAM DUMP:\n");
PrintIPHeader(fp, &orig_p);
switch(orig_p.iph->ip_proto)
{
case IPPROTO_TCP:
if(orig_p.tcph != NULL)
PrintTCPHeader(fp, &orig_p);
break;
case IPPROTO_UDP:
if(orig_p.udph != NULL)
PrintUDPHeader(fp, &orig_p);
break;
case IPPROTO_ICMP:
if(orig_p.icmph != NULL)
PrintICMPHeader(fp, &orig_p);
break;
default:
fprintf(fp, "Protocol: 0x%X (unknown or header truncated)", orig_p.iph->ip_proto);
break;
} /* switch */
fprintf(fp, "** END OF DUMP");
}
/* if (orig_p.iph..) */
else
{
fprintf(fp, "\nORIGINAL DATAGRAM TRUNCATED");
}
}
break;
case ICMP_SOURCE_QUENCH:
fwrite("SOURCE QUENCH", 13, 1, fp);
break;
case ICMP_REDIRECT:
fwrite("REDIRECT", 8, 1, fp);
break;
case ICMP_ECHO:
fprintf(fp, "ID:%d Seq:%d ", ntohs(p->ext->id), ntohs(p->ext->seqno));
fwrite("ECHO", 4, 1, fp);
break;
case ICMP_TIME_EXCEEDED:
fwrite("TTL EXCEEDED", 12, 1, fp);
break;
case ICMP_PARAMETERPROB:
fwrite("PARAMETER PROBLEM", 17, 1, fp);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -