printf("Trace Cross Facility Item 1:%08x\n",con->item);
printf("Trace Cross Facility Item 2:%08x\n",con->item2);
printf("Trace Unique Connect ID:%16x\n",ntohs(con->id));
// print_payload(con->buff,strlen(con->buff));
buff=(u_char *)(packet+size_data+sizeof(struct db_tns_connect)-2);//-2 =offset?
printf("BUFFER LEN:%d\n",strlen(buff));
put_in_file(buff,strlen(buff));
break;
}
case 0x02://analyzing accept package
{
printf("accept package\n");
struct db_tns_accept* con;
con=(struct db_tns_accept*)(packet+size_data);
printf("Version:%d\n",ntohs(con->ns_vr));
printf("Service Options:%02x\n",ntohs(con->ser_opt));
printf("Session Data Unit Size:%d\n",ntohs(con->SDU_size));
printf("Max Trans Data Unit:%d\n",ntohs(con->TDU_size));
printf("Hardware:%02x\n",con->hardware);
printf("Accept Data Length:%d\n",ntohs(con->data_length));
printf("Offset to Accept Data:%d\n",ntohs(con->offset));
printf("Flags 0:%02x\n",con->flag0);
printf("Flags 1:%02x\n",con->flag1);
break;
}
case 0x03:
{
printf("ack package\n");
break;
}
case 0x04:
{
printf("reject package\n");
struct db_tns_reject* con;
con=(struct db_tns_reject*)(packet+size_data);
printf("User Refuse Reason 0:%02x\n",con->usr_refuse_reason);
printf("System Refuse Reason 0:%02x\n",con->sys_refuse_reason);
printf("Data Length:%d\n",ntohs(con->data_length));
break;
}
case 0x05:
{
printf("redirect package\n");
struct db_tns_redirect* con;
con=(struct db_tns_redirect*)(packet+size_data);
printf("Data Length:%d\n",ntohs(con->data_length));
printf("Data:%02x\n",con->data);//?
break;
}
case 0x06:
{ printf("data package\n");
//need to analyse data packages?
break;
}
case 0x09: printf("abort package\n");break;
case 0x0b:printf("resend package,no content in this type of packet\n");break;
case 0x0c:
{
printf("marker package\n");
struct db_tns_marker* con;
con=(struct db_tns_marker*)(packet+size_data);
printf("Marker Type:%02x\n",con->type);
printf("Marker Data Type:%02x\n",con->data_byte0);
printf("Marker Data Type:%02x\n",con->data_byte1);
break;
}
case 0x0d:printf("attention package\n");break;
case 0x0e:printf("control package\n");break;
default:break;
}}
return;
}
/*
* dissect/print udp packet
*/
void
got_udp_package(u_char *args,const struct pcap_pkthdr *header,const u_char *packet,int size_ip)
{
struct db_udp *udp;
int size_udp;
u_short sport;
u_short dport;
u_short length;
udp=(struct db_udp*)(packet+size_ip);
sport=ntohs(udp->udp_source_port);
dport=ntohs(udp->udp_destination_port);
length=ntohs(udp->udp_length);
printf("-------UDP Protocol (Transport Layer)---------\n");
printf("Source Port:%d\n",sport);
printf("Destination Port:%d\n",dport);
printf("Length:%d\n",length);
printf("Checksum:%d\n",ntohs(udp->udp_checksum));
size_udp=length+size_ip;
if(sport==3306 || dport==3306)
{
printf("mysql protocol\n");
got_mysql_package(args,header,packet,size_udp);
}
else if(sport==1521 || dport==1521)
{
printf("Oracle tns protocol\n");
got_tns_package(args,header,packet,size_udp);
}
else if(sport==1433 || dport==1433)
printf("SQLSERVER tds protocol\n");
else got_data_package(args,header,packet,size_udp);
return;
}