CODE: #include "nids.h" #include "pcap.h" #include "libnet.h" /* ----------------------------------------------------------------------------------------------------------------------- UDP協議首部的數據結構 ----------------------------------------------------------------------------------------------------------------------- */ struct udp_header { unsigned short udp_source_port; unsigned short udp_destination_port; unsigned short udp_length; unsigned short udp_checksum; }; /* ----------------------------------------------------------------------------------------------------------------------- ICMP協議首部的數據結構 ----------------------------------------------------------------------------------------------------------------------- */ struct icmp_header { unsigned int icmp_type; unsigned int icmp_code; unsigned char icmp_checksum; unsigned char icmp_id; unsigned char icmp_sequence; }; /* ----------------------------------------------------------------------------------------------------------------------- IP協議首部的數據結構 ----------------------------------------------------------------------------------------------------------------------- */ struct ip_header { #if defined(WORDS_BIGENDIAN) unsigned char ip_version: 4, /* 版本 */ ip_header_length: 4; /* 首部長度 */ #else unsigned char ip_header_length: 4, ip_version: 4; #endif unsigned char ip_tos; /* 服務類型 */ unsigned short ip_length; /* 總長度 */ unsigned short ip_id; /* 標識 */ unsigned short ip_off; /* 標誌和偏移 */ unsigned char ip_ttl; /* 生存時間 */ unsigned char ip_protocol; /* 協議類型 */ unsigned short ip_checksum; /* 校驗和 */ struct in_addr ip_souce_address; /* 源IP地址 */ struct in_addr ip_destination_address; /* 目的IP地址 */ }; /* ----------------------------------------------------------------------------------------------------------------------- TCP協議首部 ----------------------------------------------------------------------------------------------------------------------- */ struct tcp_header { unsigned char tcp_source_port; /* 源埠號 */ unsigned char tcp_destination_port; /* 目的埠號 */ unsigned short tcp_sequence; /* 學列碼 */ unsigned short tcp_acknowledgement; /* 確認號 */ #ifdef WORDS_BIGENDIAN unsigned int tcp_offset: 4, /* 數據偏移 */ tcp_reserved: 4; /* 保留 */ #else unsigned int tcp_reserved: 4, /* 保留 */ tcp_offset: 4; /* 數據偏移 */ #endif unsigned int tcp_flags; /* 標誌 */ unsigned char tcp_windows; /* 窗口大小 */ unsigned char tcp_checksum; /* 校驗和 */ unsigned char tcp_urgent_pointer; /* 緊急指針 */ }; char ascii_string[10000]; char *char_to_ascii(char ch) { char *string; ascii_string[0] = 0; string = ascii_string; if (isgraph(ch)) *string++ = ch; else if (ch == ' ') *string++ = ch; else if (ch == '\n' || ch == '\r') *string++ = ch; else *string++ = '.'; *string = 0; return ascii_string; } /* ======================================================================================================================= 下面是分析ICMP協議的函數 ======================================================================================================================= */ void icmp_protocol_packet_callback(const u_char *packet_content) { struct icmp_header *icmp_protocol; icmp_protocol = (struct icmp_header*)(packet_content + 14+20); printf("---------- ICMP協議 ----------\n"); printf("ICMP類型:%d\n", icmp_protocol->icmp_type); switch (icmp_protocol->icmp_type) /* ICMP類型 */ { case 8: printf("ICMP回顯請求協議\n"); printf("ICMP代碼:%d\n", icmp_protocol->icmp_code); printf("序列碼:%d\n", icmp_protocol->icmp_sequence); printf("標識符:%d\n", icmp_protocol->icmp_id); break; case 0: printf("ICMP回顯應答協議\n"); printf("ICMP代碼:%d\n", icmp_protocol->icmp_code); printf("標識符:%d\n", icmp_protocol->icmp_id); printf("序列碼:%d\n", icmp_protocol->icmp_sequence); break; default: break; } printf("ICMP校驗和:%d\n", ntohs(icmp_protocol->icmp_checksum)); /* 獲取校驗和 */ return ; } /* ======================================================================================================================= 下面是分析TCP協議的函數 ======================================================================================================================= */ void tcp_protocol_packet_callback(const u_char *packet_content) { struct tcp_header *tcp_protocol; u_char flags; int header_length; u_short source_port; u_short destination_port; u_short windows; u_short urgent_pointer; u_int sequence; u_int acknowledgement; unsigned char checksum; tcp_protocol = (struct tcp_header*)(packet_content + 14+20); source_port = ntohs(tcp_protocol->tcp_source_port); /* 獲取源埠號 */ destination_port = ntohs(tcp_protocol->tcp_destination_port); /* 獲取目的埠號 */ header_length = tcp_protocol->tcp_offset *4; /* 獲取首部長度 */ sequence = ntohl(tcp_protocol->tcp_sequence); /* 獲取序列碼 */ acknowledgement = ntohl(tcp_protocol->tcp_acknowledgement); /* 獲取確認號 */ windows = ntohs(tcp_protocol->tcp_windows); /* 獲取窗口大小 */ urgent_pointer = ntohs(tcp_protocol->tcp_urgent_pointer); /* 獲取緊急指針 */ flags = tcp_protocol->tcp_flags; checksum = ntohs(tcp_protocol->tcp_checksum); printf("------- TCP協議 -------\n"); printf("源埠號:%d\n", source_port); printf("目的埠號:%d\n", destination_port); switch (destination_port) { case 80: printf("上層協議為HTTP協議\n"); break; case 21: printf("上層協議為FTP協議\n"); break; case 23: printf("上層協議為TELNET協議\n"); break; case 25: printf("上層協議為SMTP協議\n"); break; case 110: printf("上層協議POP3協議\n"); break; default: break; } printf("序列碼:%u\n", sequence); printf("確認號:%u\n", acknowledgement); printf("首部長度:%d\n", header_length); printf("保留:%d\n", tcp_protocol->tcp_reserved); printf("標記:"); if (flags &0x08) printf("PSH "); if (flags &0x10) printf("ACK "); if (flags &0x02) printf("SYN "); if (flags &0x20) printf("URG "); if (flags &0x01) printf("FIN "); if (flags &0x04) printf("RST "); printf("\n"); printf("窗口大小:%d\n", windows); printf("校驗和:%d\n", checksum); printf("緊急指針:%d\n", urgent_pointer); } /* ======================================================================================================================= 下面是分析UPD協議的函數 ======================================================================================================================= */ void udp_protocol_packet_callback(u_char *packet_content) { struct udp_header *udp_protocol; u_short source_port; u_short destination_port; u_short length; udp_protocol = (struct udp_header*)(packet_content + 20); source_port = ntohs(udp_protocol->udp_source_port); /* 獲取源埠號 */ destination_port = ntohs(udp_protocol->udp_destination_port); /* 獲取目的埠號 */ length = ntohs(udp_protocol->udp_length); printf("---------- UDP協議首部 ----------\n"); printf("源埠:%d\n", source_port); printf("目的埠:%d\n", destination_port); switch (destination_port) { case 138: printf("NETBIOS Datagram Service\n"); break; case 137: printf("NETBIOS Name Service\n"); break; case 139: printf("NETBIOS session service\n"); break; case 53: printf("name-domain server \n"); break; default: break; } printf("長度:%d\n", length); printf("校驗和:%d\n", ntohs(udp_protocol->udp_checksum)); } /* ======================================================================================================================= 下面是分析IP協議的函數 ======================================================================================================================= */ void ip_protocol_packet_callback(u_char *packet_content) { struct ip_header *ip_protocol; u_int header_length; u_int offset; u_char tos; unsigned short checksum; printf("---------- IP協議首部 ----------\n"); ip_protocol = (struct ip_header*)(packet_content); checksum = ntohs(ip_protocol->ip_checksum); /* 獲取校驗和 */ header_length = ip_protocol->ip_header_length *4; /* 獲取首部長度 */ tos = ip_protocol->ip_tos; offset = ntohs(ip_protocol->ip_off); printf("IP版本:%d\n", ip_protocol->ip_version); printf("首部長度:%d\n", header_length); printf("TOS:%d\n", tos); printf("總長度:%d\n", ntohs(ip_protocol->ip_length)); printf("標識:%d\n", ntohs(ip_protocol->ip_id)); printf("偏移:%d\n", (offset &0x1fff) *8); printf("生存時間:%d\n", ip_protocol->ip_ttl); printf("協議:%d\n", ip_protocol->ip_protocol); switch (ip_protocol->ip_protocol) /* 判斷上層協議類型 */ { case 6: printf("上層協議為TCP\n"); break; case 17: printf("上層協議為UDP\n"); break; case 1: printf("上層協議為ICMP\n"); break; default: break; } printf("校驗和:%d\n", checksum); printf("源IP地址:%s\n", inet_ntoa(ip_protocol->ip_souce_address)); printf("目的IP地址:%s\n", inet_ntoa(ip_protocol->ip_destination_address)); switch (ip_protocol->ip_protocol) { case 17: udp_protocol_packet_callback(packet_content); break; /* 上層協議為UDP協議,調用分析UDP協議的函數 */ case 6: tcp_protocol_packet_callback(packet_content); break; /* 上層協議為TCP協議,調用分析TCP協議的函數 */ case 1: icmp_protocol_packet_callback(packet_content); break; /* 上層協議為ICMP協議,調用分析ICMP協議的函數 */ default: break; } } /* ======================================================================================================================= 下面是回調函數 ======================================================================================================================= */ void ip_callback(struct ip *a_packet, int len) { ip_protocol_packet_callback(a_packet); /* 調用分析IP協議的函數 */ } /* ======================================================================================================================= 主函數 ======================================================================================================================= */ void main() { if (!nids_init()) /* Libnids初始化 */ { printf("出現錯誤:%s\n", nids_errbuf); exit(1); } nids_register_ip_frag(ip_callback); /* 註冊分析IP協議的回調函數 */ nids_run(); /* 進入循環捕獲數據包的狀態 */ } |
ip.pdf |
[火星人 ] [求助] libnids編譯出錯已經有472次圍觀