📄 linux-nids.c
字号:
#include "stdio.h"#include "string.h"#include "nids.h"#include <linux/kd.h>#include <sys/types.h>#include <sys/socket.h>#include <netinet/in.h>#include <netinet/in_systm.h>#include <arpa/inet.h>#include <stdio.h>#include <fcntl.h>#include <sys/stat.h>#include <unistd.h>struct scan{ u_int addr; unsigned short port; u_char flags;};/*�����Ǽ���ɨ��ʱ�õ���ɨ���������ݽṹ*/struct host{ struct host* next; /*��һ����������*/ struct host* prev; /*ǰһ����������*/ u_int addr; /*��ַ*/ int modtime; /*ʱ��*/ int n_packets; /*����*/ struct scan* packets; /*ɨ����Ϣ*/};/*������IPЭ���ײ������ݽṹ*/struct ip_header{#if defined (WORDS_BIGENDIAN)unsigned char ip_version:4, ip_header_length:4;#elseunsigned char ip_header_length:4,ip_version:4;#endifunsigned char ip_tos;unsigned short ip_length;unsigned short ip_id;unsigned short ip_off;unsigned char ip_ttl;unsigned char ip_protocol;unsigned short ip_checksum;struct in_addr ip_source_address;struct in_addr ip_destination_address;};struct tcp_header{ unsigned char th_sport; /*Դ�˿ں�*/ unsigned char th_dport; /*Ŀ�Ķ˿ں�*/ unsigned short th_seq; /*���к�*/ unsigned short th_ack; /*ȷ�Ϻ�*/#ifdef WORDS_BIGENDIAN unsigned int th_off : 4, /*����ƫ��*/ th_x2 : 4; /*����*/#else unsigned int th_x2 : 4, /*����*/ th_off : 4; /*����ƫ��*/#endif unsigned int th_flags; unsigned char th_win; /*���ڴ�С*/ unsigned char th_sum; /*У����*/ unsigned char th_urp; /*����ָ��*/};struct udp_header{unsigned short udp_source_port;unsigned short udp_destination_port;unsigned short udp_length;unsigned short udp_checksum;};char ascii_string[10000];void sound_alarm(){ int fd = open("/dev/tty10", O_RDONLY);char *ch1="100";char *ch2="2000"; ioctl(fd, KDMKTONE, (atoi(ch1)<<16)+(1193180/atoi(ch2)));}char* char_to_ascii(char ch){char*string;ascii_string[0]=0;string=ascii_string;if(isgraph(ch)){*string++=ch;}else if(ch=='\n' || ch=='\r'){*string++=ch;}else{*string++='.';}*string=0;return ascii_string;}void udp_protocol_packet_callback ( u_char * packet_content){struct udp_header* udp_protocol;unsigned short source_port;u_short destination_port;u_short length;udp_protocol=(struct udp_header *) (packet_content + 20);source_port=ntohs(udp_protocol->udp_source_port);destination_port=ntohs(udp_protocol->udp_destination_port);length=ntohs(udp_protocol->udp_length);printf("-----------UDP protocol header------\n");printf("source_port:%d\n",source_port);printf("destination_port:%d\n",destination_port);switch(destination_port){case 138:printf("NETBIOS DATAGRAM SERBICE\n");break;case 137:printf("NETBIOS name SERBICE\n");break;case 139:printf("NETBIOS session SERBICE\n");break;case 53:printf("name-domain SERBICE\n");break;default:break;}printf("length :%d\n",length);printf("udp_checksum :%d\n",ntohs(udp_protocol->udp_checksum));}void ip_protocol_packet_callback(u_char* packet_content){struct ip_header*ip_protocol;u_int header_length;u_int offset;u_char tos;unsigned short checksum;printf("--------- IP protocol header------\n");ip_protocol=(struct ip_header*)(packet_content);checksum=ntohs(ip_protocol->ip_checksum);header_length=ip_protocol->ip_header_length*4;tos=ip_protocol->ip_tos;offset=ntohs(ip_protocol->ip_off);printf("ip_version:%d\n",ip_protocol->ip_version);printf("header_length:%d\n",header_length);printf("TOS:%d\n",tos);printf("ip_length:%d\n",ntohs(ip_protocol->ip_length));printf("ip_id:%d\n",ntohs(ip_protocol->ip_id));printf("offset:%d\n",(offset&0x1fff)*8);printf("ip_ttl:%d\n",ip_protocol->ip_ttl);printf("protocol:%d\n",ip_protocol->ip_protocol);switch(ip_protocol->ip_protocol){case 6:printf("uplayer protocal is TCP\n");break;case 17:printf("uplayer protocal is UDP\n");break;case 1:printf("uplayer protocal is ICMP\n");break;default:break;}printf("checksum:%d\n",checksum);printf("ip_source_address:%d\n",inet_ntoa(ip_protocol->ip_source_address));printf("ip_destination_address:%d\n",inet_ntoa(ip_protocol->ip_destination_address));switch(ip_protocol->ip_protocol){case 17:udp_protocol_packet_callback(packet_content);break;default:break;}}void udp_callback(struct tuple4* addr,char* buf,int len,struct ip* iph){int i;char content[65535];char content_urgent[65535];char tcp_content[65535];char buffer[1024];strcpy(buffer,inet_ntoa(*((struct in_addr*)&(addr->saddr))));sprintf(buffer+strlen(buffer),":%i",addr->source);strcat(buffer,"->");strcat(buffer,inet_ntoa(*((struct in_addr*)&(addr->daddr))));sprintf(buffer+strlen(buffer),":%i",addr->dest);strcat(buffer,"\n");printf("-------BEGIN--------\n");printf("%s",buffer);ip_protocol_packet_callback(iph);printf("------UDP DATA------");for(i=0;i<len;i++){if(i%50==0){printf("\n");}printf("%s",char_to_ascii(buf[i]));}printf("\n");printf("-----------END----------\n");printf("\n");return ;}void tcp_protocol_callback(struct tcp_stream* tcp_connection,void** arg){int i;char address_string[1024];char content[65535];char content_urgent[65535];struct tuple4 ip_and_port=tcp_connection->addr;strcpy(address_string,inet_ntoa(*((struct in_addr *)&(ip_and_port.saddr))));sprintf(address_string+strlen(address_string),":%i",ip_and_port.source);strcat(address_string,"<--->");strcat(address_string,inet_ntoa(*((struct in_addr *)&(ip_and_port.daddr))));sprintf(address_string+strlen(address_string),":%i",ip_and_port.dest);strcat(address_string,"\n");switch(tcp_connection->nids_state){case NIDS_JUST_EST:tcp_connection->client.collect++;tcp_connection->server.collect++;tcp_connection->server.collect_urg++;tcp_connection->client.collect_urg++;printf("%s TCP connection build\n",address_string);return;case NIDS_CLOSE:printf("------------------------\n");printf("%s TCP close !\n",address_string);return;case NIDS_RESET:printf("------------------------\n");printf("%sTCP connection closed by RSE \n",address_string);return;case NIDS_DATA://���µ����ݵ���{struct half_stream* hlf;//��ʾtcp��ӵ�һ�ε���Ϣ�������ǿͻ��˻�������if (tcp_connection->server.count_new_urg)⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -