/* data spans multiple lines */
for ( ;; ) {
/* compute current line length */
line_len = line_width % len_rem;
/* print line */
print_hex_ascii_line(ch, line_len, offset);
/* compute total remaining */
len_rem = len_rem - line_len;
/* shift pointer to remaining bytes to print */
ch = ch + line_len;
/* add offset */
offset = offset + line_width;
/* check if we have line width chars or less */
if (len_rem <= line_width) {
/* print last line and get out */
print_hex_ascii_line(ch, len_rem, offset);
break;
}
}
return;
}
/*
putting buffer into buffer.txt
*/
void put_in_file(const u_char *buff,int len)
{
u_char tmp[MAX_S];
FILE *buffer;
memcpy(tmp,buff,len);
buffer=fopen("buffer.txt","ab");//append binary
if(buffer==NULL)
printf("FILE OPEN/CREATE FAIL\n");
else{
fwrite(tmp,sizeof(u_char),len,buffer);
fwrite("\n",sizeof(char),1,buffer);
fclose(buffer);
}
}
/*
* dissect/print data packet
*/
void
got_data_package(u_char *args,const struct pcap_pkthdr *header,const u_char *packet,int size_header)
{
const u_char *payload; /* Packet payload */
int size_payload;
/* define/compute payload (segment) offset */
payload = (u_char *)(packet + size_header);
/* compute tcp payload (segment) size */
const struct db_ip *ip;
ip = (struct db_ip*)(packet + SIZE_ETHERNET);
size_payload = ntohs(ip->ip_len) - (size_header-SIZE_ETHERNET);//data len=total len-size_ip-size_tcp
/*
* Print payload data; it might be binary, so don't just
* treat it as a string.
*/
if (size_payload > 0) {
printf(" Payload (%d bytes):\n", size_payload);
print_payload(payload, size_payload);
}
return;
}
/*
* dissect/print mysql packet
*/
void
got_mysql_package(u_char *args,const struct pcap_pkthdr *header,const u_char *packet,int size_tcp)
{
struct db_mysql *mysql;
int size_mysql;
u_short pa_num;
u_short qry;
u_short hlen;
mysql=(struct db_mysql*)(packet+size_tcp);
hlen=ntohs(mysql->mysql_header_length);
pa_num=ntohs(mysql->packet_num);
qry=ntohs(mysql->qry);
printf("********************MYSQL Protocol*************************\n");
printf("Unknown:%02x\n",mysql->unknow1);
printf("Header length:%d----------%02x\n",hlen,mysql->mysql_header_length);
printf("Packet Number:%d---------%02x\n",pa_num,mysql->packet_num);
printf("Query :%d----------------%02x\n*****************************\n",qry,mysql->qry);
printf("Unknown:%02x\n",mysql->q1);
printf("Unknown:%02x\n",mysql->q2);
printf("Unknown:%02x\n",mysql->q3);
/*handle the mysql data */
size_mysql=size_tcp+sizeof(mysql);
got_data_package(args,header,packet,size_mysql);
return;
}
/*
* dissect/print tns packet
*/
void
got_tns_package(u_char *args,const struct pcap_pkthdr *header,const u_char *packet,int size_tcp)
{
int i;
struct db_tns *tns;
u_char *buff;
tns=(struct db_tns*)(packet+size_tcp);
printf("********************ORACLE TNS Protocol*************************\n"); printf("size_tcp:%d\n",size_tcp);
if(size_tcp==header->len)
printf("The TNS Packet is empty\n");
else{
printf("Length:%d\n",ntohs(tns->length));
printf("Packet checksum:0x%02x\n",tns->packet_checksum);
printf("Type:%02x\n",tns->type);
printf("Flag:%02x\n",tns->flag);
printf("Header Checksum:0x%02x\n",tns->header_checksum);
int size_data=size_tcp+sizeof(struct db_tns);
switch (tns->type)
{
case 0x01: //analyzing connect packet
{
printf("connect package\n");
struct db_tns_connect* con;
con=(struct db_tns_connect*)(packet+size_data);
printf("version::%d\n",ntohs(con->ns_vr));
printf("version(compatible):%d\n",ntohs(con->ns_compatible_ver));
printf("Service Options:%02x\n",ntohs(con->ser_opt));
// printf("Service Options2:%04x\n",con->ser_opt2);
printf("Session Data Unit Size:%d\n",ntohs(con->SDU_size));
printf("Max Trans Data Unit:%d\n",ntohs(con->TDU_size));
printf("NT Protocol characteristics1:%04x\n",ntohs(con->NT_protocol_ch));
// printf("NT Protocol characteristics2:%02x\n",con->NT_protocol_ch2);
printf("Max packets:%d\n",ntohs(con->max_packets));
printf("Hardware:%02x\n",con->hardware);
printf("lentgh of Connect Data:%d\n",ntohs(con->data_length));
printf("Offset of Connect Data:%d\n",ntohs(con->offset));
printf("Max Receivable Connect Data:%d\n",ntohl(con->max_data));
printf("Flags 0:%02x\n",con->flag0);
printf("Flags 1:%02x\n",con->flag1);