바이트별로 노가다 작업을 통한 패킷 분석-ㅅ-;

2009. 9. 16. 10:32 in 공부합시다/소켓프로그래밍

말그대로 제목과 같음

400바이트 이상의 패킷을 캡쳐했을때만 정보 표시 하도록 구현

#include <stdio.h>
#include <pcap/pcap.h>
#include <netinet/in.h>
void HexView(u_char* ucData, int len);
void PrintIPHeader(u_char* ucData);
int main()
{
char errbuf[PCAP_ERRBUF_SIZE];
char* spNetDevName = pcap_lookupdev(errbuf);
u_char* ucData;
int iDataLink;
int retv;
struct pcap_pkthdr stPInfo;
pcap_t* pDes;
if(0 == spNetDevName)
{
printf("Error : [%s]\n", errbuf);
return 100;
}
else
{
printf("Network Devie Name : [%s]\n", spNetDevName);
}
pDes = pcap_open_live(spNetDevName, 1500, 1, 0, errbuf);
if(0 == pDes)
{
printf("Error : [%s]\n", errbuf);
return 101;
}
else
{
iDataLink = pcap_datalink(pDes);
}
if(DLT_EN10MB == iDataLink)
{
printf("2Layer Type : [Ethernet (10Mb)]\n", iDataLink);
}
do
{
ucData = pcap_next(pDes, &stPInfo);
printf("Cap Length : %d Bytes\n", stPInfo.caplen);
printf("Length : %d Bytes\n", stPInfo.len);
if(400 > stPInfo.caplen) continue;
printf("=========================================================================\n");
printf("Destination MAC Address : %02X:%02X:%02X:%02X:%02X:%02X\n",
*ucData, *(ucData+1), *(ucData+2), *(ucData+3), *(ucData+4),
*(ucData+5));
printf("Source MAC Address : %02X:%02X:%02X:%02X:%02X:%02X\n",
*(ucData+6), *(ucData+7), *(ucData+9), *(ucData+10), *(ucData+11),
*(ucData+12));
PrintIPHeader(ucData+14);
HexView(ucData, stPInfo.caplen);
}while(stPInfo.caplen < 400);
pcap_close(pDes);
return 0;
}
void PrintIPHeader(u_char* ucData)
{
u_char* p = ucData;
u_char uctemp;
uint16_t ustemp;
uint32_t uitemp;
// IP Version(4bits)
uctemp = *p;
uctemp = uctemp>>4;
if(4 == uctemp)
{
printf("IP Version : IPv4\n");
}
else if(6 == uctemp)
{
printf("IP Version : IPv6\n");
}
else
{
printf("IP Version : %d\n", uctemp);
}
// Header Length(4bits)
uctemp = *p;
uctemp = uctemp & 0x0F;
printf("Header Length : %d Bytes\n", uctemp<<2);
++p;
// Type of Service Flag(8bits)
++p;
// Total Packet Length(16bits)
ustemp = *(uint16_t *)p;
ustemp = ntohs(ustemp);
printf("Total Packet Length : %d Bytes\n", ustemp);
p += 2;
// Fragment Identifier(16bits)
ustemp = *(uint16_t *)p;
ustemp = ntohs(ustemp);
printf("Fragment ID : 0x%04X\n", ustemp);
p += 2;
// Fragmentation Flag(3bits)
uctemp = *p;
printf("Is Fragment ? : ");
if( 0 == ((uctemp>>6)&1) )
{
printf("Yes\n");
}
else
{
printf("No\n");
}
printf("Is Last Fragment ? : ");
if( 0 == ((uctemp>>5)&1) )
{
printf("Yes\n");
}
else
{
printf("No\n");
}
// Fragmentation offset(13bits)
ustemp = *(uint16_t *)p;
ustemp = ntohs(ustemp);
ustemp = ustemp & 0x1F; // 상위 3비트 제거
printf("Fragmentation offset : 0x%04X\n", ustemp);
p += 2;
// Time to Live, TTL(8bits)
printf("Time To Live : %d\n", *p);
++p;
// Protocol Identifier(8bits)
if(0x06 == *p)
{
printf("Protocol : TCP\n");
}
++p;
// Header Checksum(16bits)
ustemp = *(uint16_t *)p;
ustemp = ntohs(ustemp);
printf("Checksum : 0x%04X\n", ustemp);
p += 2;
// Source IP Address(32bits)
uitemp = *(uint32_t *)p;
uitemp = ntohl(uitemp);
printf("Source Ip Address : %d.%d.%d.%d\n",
uitemp>>24, (uitemp>>16)&0xF, (uitemp>>8)&0xF, uitemp&0xF);
p += 4;
// Destination IP Address(32bits)
uitemp = *(uint32_t *)p;
uitemp = ntohl(uitemp);
printf("Destination Ip Address : %d.%d.%d.%d\n",
uitemp>>24, (uitemp>>16)&0xF, (uitemp>>8)&0xF, uitemp&0xF);
p += 4;
}
void HexView(u_char * ucData, int len)
{
int iCntx, iCnty, iCntz;
int addr = 0;
u_char * p = ucData;
printf("=========================================================================\n");
printf("address 0 1 2 3 4 5 6 7 8 9 A B C D E F ASCII code\n");
printf("=========================================================================\n");
for(iCntx = 0, iCntz = 0; iCntx < len/16+1; ++iCntx)
{
printf("%08X ", addr);
for(iCnty = 0; iCnty < 16; ++iCnty)
{
if(iCntz < len)
printf("%02X ", *p);
else
printf("00 ");
++p;
++iCntz;
}
p -= 16;
iCntz -= 16;
for(iCnty = 0; iCnty < 16; ++iCnty)
{
if((0x21 <= *p) && (0x7E >= *p) && (iCntz < len))
printf("%c", *p);
else
printf(".");
++p;
}
putchar('\n');
addr += 16;
}
}
<br />

#include <stdio.h>
#include <pcap/pcap.h>
#include <netinet/in.h>

void HexView(u_char* ucData, int len);
void PrintIPHeader(u_char* ucData);

int main()
{
	char	errbuf[PCAP_ERRBUF_SIZE];
	char*	spNetDevName = pcap_lookupdev(errbuf);
	u_char*	ucData;
	int		iDataLink;
	int		retv;
	struct	pcap_pkthdr stPInfo;
	pcap_t*	pDes;
	
	if(0 == spNetDevName)
	{
		printf("Error : [%s]\n", errbuf);
		return 100;
	}
	else
	{
		printf("Network Devie Name : [%s]\n", spNetDevName);
	}
	pDes = pcap_open_live(spNetDevName, 1500, 1, 0, errbuf);

if(0 == pDes)
	{
		printf("Error : [%s]\n", errbuf);
		return 101;
	}
	else
	{
		iDataLink = pcap_datalink(pDes);
	}

if(DLT_EN10MB == iDataLink)
	{
		printf("2Layer Type : [Ethernet (10Mb)]\n", iDataLink);
	}

do
	{
		ucData = pcap_next(pDes, &stPInfo);

printf("Cap Length              : %d Bytes\n", stPInfo.caplen);
		printf("Length                  : %d Bytes\n", stPInfo.len);
		if(400 > stPInfo.caplen) continue;
		
		printf("=========================================================================\n");
		printf("Destination MAC Address : %02X:%02X:%02X:%02X:%02X:%02X\n",
				*ucData, *(ucData+1), *(ucData+2), *(ucData+3), *(ucData+4),
				*(ucData+5));
		printf("Source MAC Address      : %02X:%02X:%02X:%02X:%02X:%02X\n",
				*(ucData+6), *(ucData+7), *(ucData+9), *(ucData+10), *(ucData+11),
				*(ucData+12));

PrintIPHeader(ucData+14);
		HexView(ucData, stPInfo.caplen);
	}while(stPInfo.caplen < 400);
	
	pcap_close(pDes);

return 0;
}

void PrintIPHeader(u_char* ucData)
{
	u_char* p = ucData;
	u_char uctemp;
	uint16_t ustemp;
	uint32_t uitemp;

// IP Version(4bits)
	uctemp = *p;
	uctemp = uctemp>>4;

if(4 == uctemp)
	{
		printf("IP Version              : IPv4\n");
	}
	else if(6 == uctemp)
	{
		printf("IP Version              : IPv6\n");
	}
	else
	{
		printf("IP Version              : %d\n", uctemp);
	}

// Header Length(4bits)
	uctemp = *p;
	uctemp = uctemp & 0x0F;
	printf("Header Length           : %d Bytes\n", uctemp<<2);
	++p;

// Type of Service Flag(8bits)
	++p;

// Total Packet Length(16bits)
	ustemp = *(uint16_t *)p;
	ustemp = ntohs(ustemp);
	printf("Total Packet Length     : %d Bytes\n", ustemp);
	p += 2;

// Fragment Identifier(16bits)
	ustemp = *(uint16_t *)p;
	ustemp = ntohs(ustemp);
	printf("Fragment ID             : 0x%04X\n", ustemp);
	p += 2;

// Fragmentation Flag(3bits)
	uctemp = *p;
	printf("Is Fragment ?           : ");
	if( 0 == ((uctemp>>6)&1) )
	{
		printf("Yes\n");
	}
	else
	{
		printf("No\n");
	}

printf("Is Last Fragment ?      : ");
	if( 0 == ((uctemp>>5)&1) )
	{
		printf("Yes\n");
	}
	else
	{
		printf("No\n");
	}

// Fragmentation offset(13bits)
	ustemp = *(uint16_t *)p;
	ustemp = ntohs(ustemp);
	ustemp = ustemp & 0x1F;		// 상위 3비트 제거
	printf("Fragmentation offset    : 0x%04X\n", ustemp);
	p += 2;

// Time to Live, TTL(8bits)
	printf("Time To Live            : %d\n", *p);
	++p;

// Protocol Identifier(8bits)
	if(0x06 == *p)
	{
		printf("Protocol                : TCP\n");
	}
	++p;

// Header Checksum(16bits)
	ustemp = *(uint16_t *)p;
	ustemp = ntohs(ustemp);
	printf("Checksum                : 0x%04X\n", ustemp);
	p += 2;
	
	// Source IP Address(32bits)
	uitemp = *(uint32_t *)p;
	uitemp = ntohl(uitemp);
	printf("Source Ip Address       : %d.%d.%d.%d\n",
			uitemp>>24, (uitemp>>16)&0xF, (uitemp>>8)&0xF, uitemp&0xF);
	p += 4;

// Destination IP Address(32bits)
	uitemp = *(uint32_t *)p;
	uitemp = ntohl(uitemp);
	printf("Destination Ip Address  : %d.%d.%d.%d\n",
			uitemp>>24, (uitemp>>16)&0xF, (uitemp>>8)&0xF, uitemp&0xF);
	p += 4;
	
}

void HexView(u_char * ucData, int len)
{
	int iCntx, iCnty, iCntz;
	int addr = 0;
	u_char * p = ucData;
	
	printf("=========================================================================\n");
	printf("address   0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F    ASCII code\n");
	printf("=========================================================================\n");
	
	for(iCntx = 0, iCntz = 0; iCntx < len/16+1; ++iCntx)
	{
		printf("%08X ", addr);
		
		for(iCnty = 0; iCnty < 16; ++iCnty)
		{
			if(iCntz < len)
				printf("%02X ", *p);
			else
				printf("00 ");
			++p;
			++iCntz;
		}
		p -= 16;
		iCntz -= 16;
		
		for(iCnty = 0; iCnty < 16; ++iCnty)
		{
			if((0x21 <= *p) && (0x7E >= *p) && (iCntz < len))
				printf("%c", *p);
			else
				printf(".");
			++p;
		}
		putchar('\n');
		addr += 16;
	}
}
<br />

실행화면

저작자표시 비영리 변경금지

'공부합시다 > 소켓프로그래밍' 카테고리의 다른 글

TCP 헤더 분석 (3)	2009.09.18
ether_header 구조체와 iphdr 구조체를 이용한 패킷 분석 (0)	2009.09.16
패킷 캡쳐로 살펴본 이더넷 프레임 (0)	2009.09.15
이더넷 프레임의 구조 (0)	2009.09.15
pcap_t, pcap_pkthdr 구조체 (0)	2009.08.21

Posted by 클란심

내 블로그 - 관리자 홈 전환	`Q` `Q`
새 글 쓰기	`W` `W`

글 수정 (권한 있는 경우)	`E` `E`
댓글 영역으로 이동	`C` `C`

이 페이지의 URL 복사	`S` `S`
맨 위로 이동	`T` `T`
티스토리 홈 이동	`H` `H`
단축키 안내	`Shift` + `/` `⇧` + `/`

블로그가 뭔가염? 먹는건가염? 우걱우걱

바이트별로 노가다 작업을 통한 패킷 분석-ㅅ-;

'공부합시다 > 소켓프로그래밍' 카테고리의 다른 글

Category

My Link

Tag Cloud

Recent Article

Recent Comment

티스토리툴바

단축키

내 블로그

블로그 게시글

모든 영역