-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathparse.c
81 lines (64 loc) · 1.87 KB
/
parse.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#include "parse.h"
int parseIP(u_char *pkt_data)
{
ip_header *ih;
u_int ip_len;
ih = (ip_header *)pkt_data;
ip_len = (ih->ver_ihl & 0xf) << 2;
printf("[IP]%d.%d.%d.%d -> %d.%d.%d.%d\n",
ih->saddr.byte1,
ih->saddr.byte2,
ih->saddr.byte3,
ih->saddr.byte4,
ih->daddr.byte1,
ih->daddr.byte2,
ih->daddr.byte3,
ih->daddr.byte4);
playByte(*(pkt_data + 0)); // 1st : version and len
playByte(*(pkt_data + 1)); // 2nd : service
playByte(*(pkt_data + 6)); // 7th : flag and offset
playByte(*(pkt_data + 7));
playByte(*(pkt_data + 8)); // ttl
playByte(*(pkt_data + 9)); // protocol
return ip_len;
}
void parseARP(u_char *data)
{
playByte(*(data + 0)); // hardware type
playByte(*(data + 1));
playByte(*(data + 2)); // proto type
playByte(*(data + 3));
playByte(*(data + 6)); // op code
playByte(*(data + 7));
printf("ARP OPERATION : 0x%x\n", ntohs(((arp_header *)data)->ar_op));
}
void parseUDP(u_char *data)
{
udp_header *hdr;
hdr = (udp_header *)data;
// length
playByte(*(data + 4));
playByte(*(data + 5));
printf("[UDP]Port %d ---> %d\n", ntohs(hdr->sport), ntohs(hdr->dport));
}
int parseTCP(u_char *data)
{
tcp_header *hdr;
int hdrlen;
hdr = (tcp_header *)data;
playByte(*(data + 12)); // offset
playByte(*(data + 13)); // flag
playByte(*(data + 14)); // window size
playByte(*(data + 15));
playByte(*(data + 17)); // urgent pointer
printf("[TCP]Port %d ---> %d\n", ntohs(hdr->source), ntohs(hdr->dest));
hdrlen = (hdr->doff) << 2;
return hdrlen;
}
void parseICMP(u_char *data)
{
icmp_header *hdr;
hdr = (icmp_header *)data;
playByte(*(data + 0)); // type and code
printf("[ICMP]TYPE -- 0x%x || CODE -- 0x%x\n", ntohs(hdr->type), ntohs(hdr->code));
}