/*
* dissect/print tcp packet
*/
void
got_tcp_package(u_char *args,const struct pcap_pkthdr *header,const u_char *packet,int size_ip)
{
const struct db_tcp *tcp; /* The TCP header */
int size_tcp;
u_char flags;
u_short windows;
u_short urgent_pointer;
u_int sequence;
u_int acknowledgement;
u_int16_t checksum;
u_short sport;
u_short dport;
/* define/compute tcp header offset */
tcp = (struct db_tcp*)(packet + size_ip);
size_tcp = TH_OFF(tcp)*4;
if (size_tcp < 20) {
printf(" * Invalid TCP header length: %u bytes\n", size_tcp);
return;
}
sequence=ntohl(tcp->th_seq);
acknowledgement=ntohl(tcp->th_ack);
windows=ntohs(tcp->th_win);
urgent_pointer=ntohs(tcp->th_urp);
flags=tcp->th_flags;
checksum=ntohs(tcp->th_sum);
sport=ntohs(tcp->th_sport);
dport=ntohs(tcp->th_dport);
printf("-------TCP Protocol (Transport Layer)---------\n");
printf(" Src port: %d\n", sport);
printf(" Dst port: %d\n", dport);
printf("Sequence Number:%u\n Acknowledgement Number:%u\n Header Length:%d\n Reserved:%d\n",sequence,acknowledgement,size_tcp,tcp->th_offx2);
printf("Flags:");
if(flags & 0x08) printf("PSH");
if(flags & 0x10) printf("ACK");
if(flags & 0x02) printf("SYN");
if(flags & 0x20) printf("URG");
if(flags & 0x01) printf("FIN");
if(flags & 0x04) printf("RST");
printf("\n");
printf("Window Size:%d\n",windows);
printf("Checksum:%d\n",checksum);
printf("Urgent Pointer:%d\n",urgent_pointer);
size_tcp=size_tcp+size_ip;
if(sport==3306 || dport==3306)
{
printf("mysql protocol\n");
got_mysql_package(args,header,packet,size_tcp);
}
else if(sport==1521 || dport==1521)
{
printf("Oracle tns protocol\n");
got_tns_package(args,header,packet,size_tcp);
}
else if(sport==1433 || dport==1433)
printf("SQLSERVER tds protocol\n");
else got_data_package(args,header,packet,size_tcp);
return;
}
/*
* dissect/print ip packet
*/
void
got_ip_package(u_char *args,const struct pcap_pkthdr *header,const u_char *packet)
{
const struct db_ip *ip; /* The IP header */
int size_ip;
u_int offset;
u_char tos;
u_int16_t checksum;
/* define/compute ip header offset */
ip = (struct db_ip*)(packet + SIZE_ETHERNET);
size_ip = IP_HL(ip)*4;
if (size_ip < 20) {
printf("*Invalid IP header length: %u bytes\n", size_ip);
return;
}
checksum=ntohs(ip->ip_sum);
tos=ip->ip_tos;
offset=ntohs(ip->ip_off);
/* print source and destination IP addresses */
printf("-------IP Protocol (Network Layer)---------\n");
printf("IP Version:%d\n",IP_V(ip));
printf("Header Length:%d\n",size_ip);
printf("TOS:%d\n",tos);
printf("Total length:%d\n",ntohs(ip->ip_len));
printf("Identification:%d\n",ntohs(ip->ip_id));
printf("Offset:%d\n",(offset & 0x1fff)*8);
printf("TTL:%d\n",ip->ip_ttl);
printf("Header checksum:%d\n",checksum);
printf(" From: %s", inet_ntoa(ip->ip_src));
printf(" To: %s\n", inet_ntoa(ip->ip_dst));
/* determine protocol */
size_ip=size_ip+SIZE_ETHERNET;
switch(ip->ip_p) {
case IPPROTO_TCP:
got_tcp_package(args,header,packet,size_ip);
break;
case IPPROTO_UDP:
got_udp_package(args,header,packet,size_ip);
break;
default:
printf(" Protocol: unknown\n");
break;
}
return;
}
/*
* dissect/print ethernet packet
*/
void
got_ethernet_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
static int count = 1; /* packet counter */
/* declare pointers to packet headers */
const struct db_ethernet *ethernet; /* The ethernet header [1] */
u_short ethernet_type;
u_char *mac_string;
printf("================The %d package is captured.======================\n",count);
count++;