123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907 |
- #include <stdio.h>
- #include <stdlib.h>
- #include<string.h>
- #include <time.h>
- //#include <process.h>
- #include "parser.h"
- #define printit
- extern BOOL bFilter;
- extern int iline;
- extern char * author;
- extern char myipname[];
- extern int justheader;
- extern int gre,sortbysize,fromip,toip;
- int nomac=1;
- int mostird=0;
- char mypbuff[2048];
- // accounting variables
- #define MAXHASH 0xffff
- #define MAXTCPPORT 4096
- unsigned long *iph=NULL; //[MAXHASH];
- typedef struct {
- unsigned short from;
- unsigned short to;
- unsigned long byte;
- unsigned short pkt;
- unsigned short sport;
- unsigned short dport;
- } ta;
- ta *acc = NULL;
- unsigned long tcppb[MAXTCPPORT];
- unsigned long tcppp[MAXTCPPORT];
- unsigned long typp[255];
- unsigned long typb[255];
- unsigned long udpb,tcpb,udpp,tcpp;
- time_t elapsed=0;
- int iCycle=10;
- int iScreen=1;
- int iFile=0;
- long lNum=0;
- char filename[128];
- char intlist[128];
- int iRun=1;
- int iDetail=0;
- FILE *f=NULL;
- int iProto=0;
- int iSum=0;
- char execname[255];
- char pbuf[8196];
- char str[255];
- extern char pattern[];
- #ifndef LINUX
- int iLnxplus=0; // Windows buffer without the MAC frame !
- #else
- int iLnxplus=14; // Linux plus IP header len =14 !!!
- #endif
- //
- // A list of protocol types in the IP protocol header
- //
- char *szProto[255] = {"IP", // 0
- "ICMP", // 1
- "IGMP", // 2
- "GGP", // 3
- "IP", // 4
- "ST", // 5
- "TCP", // 6
- "UCL", // 7
- "EGP", // 8
- "IGP", // 9
- "BBN-RCC-MON", // 10
- "NVP-II", // 11
- "PUP", // 12
- "ARGUS", // 13
- "EMCON", // 14
- "XNET", // 15
- "CHAOS", // 16
- "UDP", // 17
- "MUX", // 18
- "DCN-MEAS", // 19
- "HMP", // 20
- "PRM", // 21
- "XNS-IDP", // 22
- "TRUNK-1", // 23
- "TRUNK-2", // 24
- "LEAF-1", // 25
- "LEAF-2", // 26
- "RDP", // 27
- "IRTP", // 28
- "ISO-TP4", // 29
- "NETBLT", // 30
- "MFE-NSP", // 31
- "MERIT-INP", // 32
- "SEP", // 33
- "3PC", // 34
- "IDPR", // 35
- "XTP", // 36
- "DDP", // 37
- "IDPR-CMTP", // 38
- "TP++", // 39
- "IL", // 40
- "SIP", // 41
- "SDRP", // 42
- "SIP-SR", // 43
- "SIP-FRAG", // 44
- "IDRP", // 45
- "RSVP", // 46
- "GRE", // 47
- "MHRP", // 48
- "BNA", // 49
- "IPSEC-ESP", // 50
- "IPSEC-AH", // 51
- "I-NLSP", // 52
- "SWIPE", // 53
- "NHRP", // 54
- "?55?", // 55
- "?56?", // 56
- "SKIO", // 57
- "V6ICMP", // 58
- "V6NoNXT", // 59
- "V6OPT", // 60
- "int.host", // 61
- "CFTP", // 62
- "loc.net", // 63
- "SAT-EXPAK", // 64
- "KRYPTOLAN", // 65
- "RVD", // 66
- "IPPC", // 67
- "dist.fs", // 68
- "SAT-MON", // 69
- "VISA", // 70
- "IPCV", // 71
- "CPNX", // 72
- "CPHB", // 73
- "WSN", // 74
- "PVP", // 75
- "BR-SAT-MON", // 76
- "SUN-ND", // 77
- "WB-MON", // 78
- "WB-EXPAK", // 79
- "ISO-IP", // 80
- "VMTP", // 81
- "SECURE-VMTP",// 82
- "VINES", // 83
- "TTP", // 84
- "NSFNET-IGP", // 85
- "DGP", // 86
- "TCF", // 87
- "IGRP", // 88
- "OSPF", // 89
- "Sprite-RPC", // 90
- "LARP", // 91
- "MTP", // 92
- "AX.25", // 93
- "IPIP", // 94
- "MICP", // 95
- "SCC-SP", // 96
- "ETHERIP", // 97
- "ENCAP", // 98
- "priv.enc", // 99
- "GMTP" // 99
- };
- //
- // The types of IGMP messages
- //
- char *szIgmpType[] = {"",
- "Host Membership Query",
- "HOst Membership Report",
- "",
- "",
- "",
- "Version 2 Membership Report",
- "Leave Group",
- "",
- ""
- };
- //
- // Function: PrintRawBytes
- //
- // Description:
- // This function simply prints out a series of bytes
- // as hexadecimal digits.
- //
- void PrintRawBytes(BYTE *ptr, DWORD len)
- {
- int i,j;
- // if (! iFile) {
- *(ptr+len)=0;
- if ((*pattern==0) || strstr(ptr,pattern) ) {
- fprintf(iFile?f:stdout,"%s",pbuf);
- fprintf(iFile?f:stdout," " );
- while (len > 0) {
- for(i=0; i < 16; i++) {
- fprintf(iFile?f:stdout,"%x%x ", HI_WORD(*ptr), LO_WORD(*ptr));
- len--;
- ptr++;
- if (len == 0) {j=i++; while(++j < 16) fprintf(iFile?f:stdout," "); break; }
- }
- fprintf(iFile?f:stdout," ");
- for(j=0; j < i; j++) fprintf(iFile?f:stdout,"%c",isprint(*(ptr-i+j))?*(ptr-i+j):'.');
- if (len) fprintf(iFile?f:stdout,"\n ");
- }
- // } else {
- // fwrite(ptr,sizeof(BYTE),len,f);
- // }
- }
- }
- static char *ICMPTypeTable[]={
- "Echo Reply", "ICMP 1", "ICMP 2", "Dest Unreachable","SrcQuench", "Redirect", "6", "7","Echo Request","9","10",
- "Time Exceed", "ParamPrblm", "Timestamp", "Timestamp reply","InfoRqst", "InfoRply"
- };
- static char *Dstunreach[]={
- "net unreach.","host unreach.","protocol unreach.","port unreach.",
- "frag needed","source route?","",""
- };
- int DecodeICMPHeader(WSABUF *wsabuf, DWORD iphdrlen) {
- BYTE *hdr = (BYTE *)((BYTE *)wsabuf->buf + iphdrlen + iLnxplus );
- unsigned short type,code,chksum,
- id,
- seq;
- unsigned long resptime,r1,r2;
- BYTE *hhh;
- SOCKADDR_IN addr;
- type=*hdr++; code=*hdr++;
- sprintf(str," Type:%-12s Code:%3d,",ICMPTypeTable[type],code);
- strcat(pbuf,str);
- memcpy(&chksum, hdr, 2);
- hdr += 2; hhh=hdr;
- memcpy(&id, hdr, 2);
- hdr += 2;
- memcpy(&seq, hdr, 2);
- hdr+=2;
- // memcpy(&resptime, hdr, 4);
- // hdr+=4;
- switch (type) {
- case 3:
- memcpy(&addr.sin_addr.s_addr, hdr+16, 4);
- if (code==4 ) sprintf(str,"frag needed-Max MTU:%u at %-15s\n",ntohs(seq), inet_ntoa(addr.sin_addr));
- else sprintf(str,"%s at %-15s\n",Dstunreach[code&7],inet_ntoa(addr.sin_addr));
- hdr+=iphdrlen;
- break;
- case 11:
- memcpy(&addr.sin_addr.s_addr, hdr+16, 4);
- sprintf(str,"%s at %-15s\n",code?"frag reass. exceed":"ttl exceed",inet_ntoa(addr.sin_addr));
- hdr+=iphdrlen;
- break;
- case 12:
- memcpy(&addr.sin_addr.s_addr, hdr+16, 4);
- sprintf(str," err:%d at %-15s\n",id,inet_ntoa(addr.sin_addr));
- hdr+=iphdrlen;
- break;
- case 4:
- memcpy(&addr.sin_addr.s_addr, hdr+16, 4);
- sprintf(str," wait for %-15s\n",ntohs(id),inet_ntoa(addr.sin_addr));
- hdr+=iphdrlen;
- break;
- case 5:
- memcpy(&addr.sin_addr.s_addr, hhh, 4);
- sprintf(str," from gw: %-15s\n",inet_ntoa(addr.sin_addr));
- hdr+=iphdrlen;
- break;
- case 0:
- case 8:
- sprintf(str," Id:%3u Seq:%3u\n",ntohs(id),ntohs(seq));
- break;
- case 13:
- case 14:
- memcpy(&resptime, hdr, 4);
- hdr+=4;
- memcpy(&r1, hdr, 4);
- hdr+=4;
- memcpy(&r2, hdr, 4);
- hdr+=4;
- sprintf(str," Id:%3u Seq:%3d Rec/Tr %ld/%ld ms\n",ntohs(id),ntohs(seq),ntohl(r1)-ntohl(resptime),ntohl(r2)-ntohl(resptime));
- break;
- case 15:
- case 16:
- sprintf(str," Id:%3u Seq:%3d\n",ntohs(id),ntohs(seq));
- break;
- }
- strcat(pbuf,str);
- return hdr-(BYTE *)(wsabuf->buf + iphdrlen + iLnxplus);
- }
- //
- // Function: DecodeIGMPHeader
- //
- // Description:
- // This function takes a pointer to a buffer containing
- // an IGMP packet and prints it out in a readable form.
- //
- int DecodeIGMPHeader(WSABUF *wsabuf, DWORD iphdrlen) {
- BYTE *hdr = (BYTE *)((BYTE *)wsabuf->buf + iphdrlen + iLnxplus);
- unsigned short chksum,
- version,
- type,
- maxresptime;
- SOCKADDR_IN addr;
- version = HI_WORD(*hdr);
- type = LO_WORD(*hdr);
- hdr++;
- maxresptime = *hdr;
- hdr++;
- memcpy(&chksum, hdr, 2);
- chksum = ntohs(chksum);
- hdr += 2;
- memcpy(&(addr.sin_addr.s_addr), hdr, 4);
- sprintf(str," IGMP HEADER:\n");
- strcat(pbuf,str);
- if ((type == 1) || (type == 2)) version = 1;
- else version = 2;
- sprintf(str," IGMP Version = %d\n IGMP Type = %s\n",version, szIgmpType[type]);
- strcat(pbuf,str);
- if (version == 2) {
- sprintf(str," Max Resp Time = %d\n", maxresptime);
- strcat(pbuf,str);
- }
- sprintf(str," IGMP Grp Addr = %s\n", inet_ntoa(addr.sin_addr));
- strcat(pbuf,str);
- return 8;
- }
- //
- // Function: DecodeUDPHeader
- //
- // Description:
- // This function takes a buffer which points to a UDP
- // header and prints it out in a readable form.
- //
- int DecodeUDPHeader(WSABUF *wsabuf, DWORD iphdrlen) {
- BYTE *hdr = (BYTE *)((BYTE *)wsabuf->buf + iphdrlen + iLnxplus);
- unsigned short shortval,
- udp_src_port,
- udp_dest_port,
- udp_len,
- udp_chksum;
- memcpy(&shortval, hdr, 2);
- udp_src_port = ntohs(shortval);
- hdr += 2;
- memcpy(&shortval, hdr, 2);
- udp_dest_port = ntohs(shortval);
- hdr += 2;
- memcpy(&shortval, hdr, 2);
- udp_len = ntohs(shortval);
- hdr += 2;
- memcpy(&shortval, hdr, 2);
- udp_chksum = ntohs(shortval);
- hdr += 2;
- sprintf(str," UDP: SPort: %-05d | DPort: %-05d",udp_src_port, udp_dest_port);
- strcat(pbuf,str);
- sprintf(str," | Len: %-05d | CSum: 0x%08x\n",udp_len, udp_chksum);
- strcat(pbuf,str);
- return hdr-(BYTE *)(wsabuf->buf + iphdrlen + iLnxplus);
- }
- //
- // Function: DecodeTCPHeader
- //
- // Description:
- // This function takes a buffer pointing to a TCP header
- // and prints it out in a readable form.
- //
- int DecodeTCPHeader(WSABUF *wsabuf, DWORD iphdrlen) {
- BYTE *hdr = (BYTE *)((BYTE *)wsabuf->buf + iphdrlen + iLnxplus);
- unsigned short shortval;
- unsigned long longval;
- memcpy(&shortval, hdr, 2);
- shortval = ntohs(shortval);
- sprintf(str," TCP: SPort: %u", shortval);
- strcat(pbuf,str);
- hdr += 2;
- memcpy(&shortval, hdr, 2);
- shortval = ntohs(shortval);
- sprintf(str," DPort: %u", shortval);
- strcat(pbuf,str);
- hdr += 2;
- memcpy(&longval, hdr, 4);
- longval = ntohl(longval);
- sprintf(str," Seq: %lX", longval);
- strcat(pbuf,str);
- hdr += 4;
- memcpy(&longval, hdr, 4);
- longval = ntohl(longval);
- sprintf(str," ACK: %lX", longval);
- strcat(pbuf,str);
- hdr += 4;
- // printf(" Header Len : %d (bytes %d)\n", HI_WORD(*hdr), (HI_WORD(*hdr) * 4));
- memcpy(&shortval, hdr, 2);
- shortval = ntohs(shortval) & 0x3F;
- sprintf(str," Flags: ");
- strcat(pbuf,str);
- if (shortval & 0x20) strcat(pbuf,"URG ");
- if (shortval & 0x10) strcat(pbuf,"ACK ");
- if (shortval & 0x08) strcat(pbuf,"PSH ");
- if (shortval & 0x04) strcat(pbuf,"RST ");
- if (shortval & 0x02) strcat(pbuf,"SYN ");
- if (shortval & 0x01) strcat(pbuf,"FIN ");
- strcat(pbuf,"\n");
- hdr += 2;
- memcpy(&shortval, hdr, 2);
- shortval = ntohs(shortval);
- // printf(" Window size: %d\n", shortval);
- hdr += 2;
- memcpy(&shortval, hdr, 2);
- shortval = ntohs(shortval);
- // printf(" TCP Chksum : %d\n", shortval);
- hdr += 2;
- memcpy(&shortval, hdr, 2);
- shortval = ntohs(shortval);
- hdr += 2;
- // printf(" Urgent ptr : %d\n", shortval);
- return hdr-(BYTE *)(wsabuf->buf + iphdrlen + iLnxplus);
- }
- int DecodeGREHeader(WSABUF *wsabuf, DWORD iphdrlen,DWORD bytesret,
- unsigned int srcip, unsigned short srcport, unsigned long srcnet,unsigned int destip, unsigned short destport, unsigned long destnet,
- unsigned short xport,unsigned int xip, unsigned long xnet)
- {
- BYTE *hdr = (BYTE *)((BYTE *)wsabuf->buf + iphdrlen + iLnxplus);
- unsigned short shortval;
- unsigned long longval;
- int ipe;
- BYTE *orihdr;
- char *sstr;
- SOCKADDR_IN srcaddr;
- orihdr=hdr;
- memcpy(&shortval, hdr, 2);
- shortval = ntohs(shortval);
- sprintf(str," GRE Flag: %u Prot:", shortval);
- strcat(mypbuff,str);
- hdr += 2;
- memcpy(&shortval, hdr, 2);
- shortval = ntohs(shortval);
- ipe=0;
- sstr=str;
- // sprintf(str," Prot: %u", shortval);
- switch ( shortval ) {
- case 4: sstr="SNA";
- break;
- case 0xfe: sstr="OSI";
- break;
- case 0x200: sstr="PUP";
- break;
- case 0x600: sstr="XNS";
- break;
- case 0x800: sstr="IP";
- ipe=1;
- break;
- case 0x804: sstr="Chaos";
- break;
- case 0x806: sstr="ARP";
- break;
- case 0x6558: sstr="Tr.bridge";
- break;
- default: sprintf(str,"%u", shortval);
- break;
- }
- hdr += 2;
- strcat(mypbuff,sstr);
- if (ipe && gre) {
- int plusment,jj,protoment;
- plusment=iLnxplus;
- protoment=iProto;
- if (iProto==47) iProto=0;
- iLnxplus+=4;
- nomac=0;
- iLnxplus=plusment+24;
- DecodeIPHeader(wsabuf,srcip,srcport,srcnet,destip,destport,destnet,bytesret,xport,xip,xnet);
- nomac=1;
- iLnxplus=plusment;
- iProto=protoment;
- }
- return -1;
- // return hdr-(BYTE *)(wsabuf->buf + iphdrlen + iLnxplus);
- }
- int ClearIPAcc() {
- unsigned long i;
- ta *tai;
- for(i=0;i<MAXHASH;i++) *(iph + i)=0;
- tai=acc;
- for(i=0;i<MAXHASH;i++) { tai->from=tai->to=0; tai++; }
- for (i=0;i<MAXTCPPORT; i++) tcppb[i]=tcppp[i]=0;
- udpb=udpp=tcpp=tcpb=0;
- for (i=0;i<255; i++) typp[i]=0;
- for (i=0;i<255; i++) typb[i]=0;
- return 0;
- };
- int InitIPAcc() {
- acc=malloc(MAXHASH*sizeof(ta));
- iph=malloc(MAXHASH*sizeof(long));
- if (!acc || !iph ) return 0;
- ClearIPAcc();
- time(&elapsed);
- return 1;
- }
- int bytesort(const void *s1, const void *s2) { // sorting tale in byte order
- ta *d1;
- ta *d2;
- d1= (ta *)s1; d2=(ta *)s2;
- if (d1->byte > d2->byte) return -1;
- if (d1->byte < d2->byte) return 1;
- return 0;
- }
- int countsort(const void *s1, const void *s2) { // sorting tale in packet count order
- ta *d1;
- ta *d2;
- d1= (ta *)s1; d2=(ta *)s2;
- if (d1->pkt > d2->pkt) return -1;
- if (d1->pkt < d2->pkt) return 1;
- return 0;
- }
- int CloseIPAcc( long ti) {
- unsigned long i;
- ta *tai;
- SOCKADDR_IN srcaddr;
- SOCKADDR_IN dstaddr;
- float ff;
- char str[16];
- unsigned long j,k,l;
- int lin=0;
- int linn;
- time(&elapsed);
- if (iFile) f=fopen(filename,"w+");
- k=0;
- if (sortbysize) qsort(acc,MAXHASH,sizeof(ta),bytesort);
- else qsort(acc,MAXHASH,sizeof(ta),countsort);
- ff=0.0;
- for (i=0;i<255;i++) ff+=typb[i];
- for (i=0; i<MAXHASH; i++) {
- tai=acc + i;
- if ((tai->from!=0) && (tai->to!=0)) ++k;
- }
- if (iScreen) {
- #ifndef LINUX
- system("cls");
- #else
- system("clear");
- // printf("\033[1~");
- #endif
- printf("%-16s Speed: %5.2f Kbit/s , %ld IP pairs / %ld secs. %s@%s.hu",myipname,ff/ti/1024*8,k,ti,author,author);
- printf("\nProt:"); j=0; ++lin;
- while (1) {
- l=k=0;
- for (i=0;i<100;i++) if ( typb[i]>k) { k=typb[i]; l=i; }
- if (k==0) break;
- if ((j>0) && ((j%3)==0)) { printf("\n "); ++lin; }
- if (k>1024*1024) printf(" %-8.8s:%5.1fk/%-6.1f M",szProto[l],(float)typp[l]/1024,(float)k/(1024*1024));
- else if (k>1024) printf(" %-8.8s:%5ld/%-6.1f k",szProto[l],typp[l],(float)k/1024);
- else printf(" %-8.8s:%5ld/%-8ld",szProto[l],typp[l],k);
- typb[l]=0;
- ++j;
- }
- printf("\nPort:"); j=0; ++lin;
- k=0; linn=lin;
- while (1) {
- l=k=0;
- for (i=0;i<MAXTCPPORT;i++) if (tcppb[i]>k) { k=tcppb[i]; l=i; }
- if (k==0) break;
- if (j && (j%4)==0) {
- if (lin >= linn+1) break;
- printf("\n ");
- ++lin;
- }
- if (k>1024*1024) printf(" %04d:%4.1fk/%-5.1f M",l,(float)tcppp[l]/1024,(float)k/(1024*1024));
- else if (k>1024) printf(" %04d:%4ld/%-5.1f k",l,tcppp[l],(float)k/1024);
- else printf(" %04d:%4ld/%-7ld",l,tcppp[l],k);
- tcppb[l]=0;
- ++j;
- }
- } else if (f) {
- fprintf(f,"%-16s Speed: %5.2f Kbit/s , %ld IP pairs / %ld secs. %s@%s.hu",myipname,ff/ti/1024*8,k,ti,author,author);
- fprintf(f,"\nProt:"); j=0;
- while (1) {
- l=k=0;
- for (i=0;i<100;i++) if ( typb[i]>k) { k=typb[i]; l=i; }
- if (k==0) break;
- if (k>1024*1024) fprintf(f," %-8.8s:%5.1fk/%-6.1f M",szProto[l],(float)typp[l]/1024,(float)k/(1024*1024));
- else if (k>1024) fprintf(f," %-8.8s:%5ld/%-6.1f k",szProto[l],typp[l],(float)k/1024);
- else fprintf(f," %-8.8s:%5ld/%-8ld",szProto[l],typp[l],k);
- typb[l]=0;
- ++j;
- }
- printf("\nPort:"); j=0;
- k=0; linn=lin;
- while (1) {
- l=k=0;
- for (i=0;i<MAXTCPPORT;i++) if (tcppb[i]>k) { k=tcppb[i]; l=i; }
- if (k==0) break;
- if (k>1024*1024) fprintf(f," %04d:%4.1fk/%-5.1f M",l,(float)tcppp[l]/1024,(float)k/(1024*1024));
- else if (k>1024) fprintf(f," %04d:%4ld/%-5.1f k",l,tcppp[l],(float)k/1024);
- else fprintf(f," %04d:%4ld/%-7ld",l,tcppp[l],k);
- tcppb[l]=0;
- ++j;
- }
- }
- for (i=0; i<MAXHASH; i++) {
- tai=acc + i;
- if ((tai->from!=0) && (tai->to!=0)) { ++k;
- if (!iSum) {
- dstaddr.sin_addr.s_addr = htonl(*(iph+tai->from));
- srcaddr.sin_addr.s_addr = htonl(*(iph+(tai->to)));
- strcpy(str,inet_ntoa(dstaddr.sin_addr));
- if (iScreen && (++lin<iline) ) printf("\n%-15s\t%-15s\t%5d pkt, %10ld byte :%7.2f Kbps",str,inet_ntoa(srcaddr.sin_addr),tai->pkt,tai->byte,((float)tai->byte)/ti/1024*8);
- if (f) fprintf(f,"%-15s\t%-15s\t%d\t%ld\n",str,inet_ntoa(srcaddr.sin_addr),tai->pkt,tai->byte);
- }
- }
- }
- if (iScreen) printf("\n");
- #ifdef LINUX
- if (iScreen) fflush(stdout);
- #endif
- ClearIPAcc();
- if (f) {
- char cmdline[255];
- fclose(f);
- // if (*execname) _spawnle(_P_NOWAIT,execname,execname,filename);
- // if (*execname) _execl(execname,execname);
- if (*execname) {
- #ifndef LINUX
- sprintf(cmdline,"%s %s",execname,filename);
- #else
- sprintf(cmdline,"%s %s",execname,filename);
- #endif
- system(cmdline);
- // iRun=0;
- }
- }
- f=NULL;
- return 0;
- }
- unsigned short FindIPHash( unsigned long ip ) {
- unsigned short hashval;
- unsigned long *ipt;
- hashval = (unsigned short)(((ip&0xFFFF0000)>>16) ^ (ip&0x0000FFFF));
- ipt=iph + hashval;
- while (*ipt != 0 && (*ipt!=ip)) { ipt++; hashval++; }
- if (*ipt==0) *ipt=ip;
- return hashval;
- }
- unsigned short SetIPAcc( unsigned long src, unsigned long dst, unsigned long byte, unsigned short typ, unsigned short sport, unsigned short dport) {
- unsigned short from,to,hash;
- ta *tai;
- hash=0;
- if (src) {
- if (fromip) from=FindIPHash(src); else from=-1;
- if (toip) to=FindIPHash(dst); else to=-1;
- hash=from^to;
- tai=acc + hash;
- while ( ((tai->from!=from) && (tai->to!=to)) && ((tai->from!=0) && (tai->to!=0)) ) {tai++; hash++; }
- if ((tai->from==0)&&(tai->to==0)) {
- tai->byte=byte; tai->from=from; tai->to=to; tai->pkt=1;
- } else { tai->byte+=byte; tai->pkt++; }
- typp[typ]++;
- typb[typ]+=byte;
- if ((sport>0) && (sport<MAXTCPPORT)) { tcppp[sport]++; tcppb[sport]+=byte; }
- if ((dport>0) && (dport<MAXTCPPORT)) { tcppp[dport]++; tcppb[dport]+=byte; }
- }
- return hash;
- }
- //
- // Function: DecodeIPHeader
- //
- // Description:
- // This function takes a pointer to an IP header and prints
- // it out in a readable form.
- //
- int DecodeIPHeader(WSABUF *wsabuf, unsigned int srcip, unsigned short srcport, unsigned long srcnet,
- unsigned int destip, unsigned short destport, unsigned long destnet, DWORD bytesret,
- unsigned short xport,unsigned int xip, unsigned long xnet)
- {
- BYTE *hdr = (BYTE *)wsabuf->buf,
- *nexthdr = NULL,
- *ohdr;
- unsigned short shortval;
- SOCKADDR_IN srcaddr,
- destaddr;
- unsigned short ip_version,
- ip_hdr_len,
- ip_tos,
- ip_total_len,
- ip_id,
- ip_flags,
- ip_ttl,
- ip_frag_offset,
- ip_proto,
- ip_hdr_chksum,
- ip_src_port,
- ip_dest_port;
- unsigned int ip_src,
- ip_dest;
- BOOL bPrint = FALSE;
- char ip_prtype=0;
- int j;
- time_t tt;
- struct tm *tmm;
- ohdr=hdr;
- if (iLnxplus) ip_prtype=*(hdr+iLnxplus-1);
- if (ip_prtype) return 0;
- hdr += iLnxplus;
- ip_version = HI_WORD(*hdr);
- ip_hdr_len = LO_WORD(*hdr) * 4;
- nexthdr = (BYTE *)((BYTE *)hdr + ip_hdr_len);
- hdr++;
- ip_tos = *hdr;
- hdr++;
- memcpy(&shortval, hdr, 2);
- ip_total_len = ntohs(shortval);
- hdr += 2;
- memcpy(&shortval, hdr, 2);
- ip_id = ntohs(shortval);
- hdr += 2;
- ip_flags = ((*hdr) >> 5);
- memcpy(&shortval, hdr, 2);
- ip_frag_offset = ((ntohs(shortval)) & 0x1FFF);
- hdr += 2;
- ip_ttl = *hdr;
- hdr++;
- ip_proto = *hdr;
- hdr++;
- memcpy(&shortval, hdr, 2);
- ip_hdr_chksum = ntohs(shortval);
- hdr += 2;
- memcpy(&srcaddr.sin_addr.s_addr, hdr, 4);
- ip_src = ntohl(srcaddr.sin_addr.s_addr);
- hdr += 4;
- memcpy(&destaddr.sin_addr.s_addr, hdr, 4);
- ip_dest = ntohl(destaddr.sin_addr.s_addr);
- hdr += 4;
- //
- // If packet is UDP, TCP, or IGMP read ahead and
- // get the port values.
- //
- ip_src_port=ip_dest_port=0;
- if (((ip_proto == 2) ||
- (ip_proto == 6) ||
- (ip_proto == 17)) ) //&& bFilter)
- {
- memcpy(&ip_src_port, nexthdr, 2);
- ip_src_port = ntohs(ip_src_port);
- memcpy(&ip_dest_port, nexthdr+2, 2);
- ip_dest_port = ntohs(ip_dest_port);
- };
- bPrint = 0;
- // xaok= (xip!=0) && (((xip&xnet)==(ip_src&xnet))||((xip&xnet)==(ip_dest&xnet)));
- // saok= ((srcip==0)||((srcip&srcnet)==(ip_src&srcnet)));
- // daok = ((destip==0)||((destip&destnet)==(ip_dest&destnet)));
- // xpok=(xport!=0) && ((xport==ip_src_port)||(xport==ip_dest_port));
- // spok=((srcport==0)||(srcport == ip_src_port));
- // dpok=((destport==0)||(destport == ip_dest_port));
- //printf("\nf:%d xa:%d sa:%d da:%d xp:%d sp:%d dp:%d",bFilter,xaok,saok,daok,xpok,spok,dpok);
- // if (!bFilter || ( (xaok||(saok&&daok)) && (xpok||(spok&&dpok)))) {
- if ((!bFilter) || ((ip_proto==47)&&gre) ||
- (
- ((iProto==0)||(ip_proto==iProto)) &&
- (
- ((xip!=0) && (((xip&xnet)==(ip_src&xnet))||((xip&xnet)==(ip_dest&xnet)))
- ) || (
- ((srcip==0) || ((srcip&srcnet)==(ip_src&srcnet))) && ((destip==0)||((destip&destnet)==(ip_dest&destnet)))
- )
- )
- &&
- (
- ((xport!=0) && ((xport==ip_src_port)||(xport==ip_dest_port))
- ) || (
- ((srcport==0)||(srcport == ip_src_port))&&((destport==0)||(destport == ip_dest_port))
- )
- )
- )
- ) {
- if (! iDetail) {
- if ((ip_proto==47)&&gre) {
- *mypbuff=0;
- DecodeGREHeader(wsabuf, ip_hdr_len, bytesret,
- srcip,srcport,srcnet,destip,destport,destnet,xport,xip,xnet);
- // SetIPAcc(0,0,0,0,0,0);
- return ip_hdr_len;
- }
- SetIPAcc(ip_src,ip_dest,ip_total_len,ip_proto,ip_src_port,ip_dest_port);
- }
- else bPrint=TRUE;
- // printf("%d %ld %ld %ld %ld",ip_proto,xip,xip&xnet,ip_src&xnet,ip_dest&xnet);
- } else {
- if (! iDetail) SetIPAcc(0,0,0,0,0,0);
- // else bPrint=TRUE;
- }
- time(&tt);
- if ((!iSum && ( tt-elapsed > iCycle)) || !iRun || mostird) {
- mostird=0;
- if (! iDetail) CloseIPAcc(tt-elapsed-1);
- else {
- time(&elapsed);
- if (f) fclose(f);
- if (iFile) f=fopen(filename,"a");
- }
- }
- if (lNum) { if (--lNum <= 0) iRun=0; }
- //
- *pbuf=0;
- if (bPrint) {
- tmm=localtime(&tt);
- if (! nomac ) {
- strcpy(pbuf,mypbuff);
- } else {
- sprintf(str,"\n%4.4d.%2.2d.%2.2d %2.2d:%2.2d:%2.2d ",
- tmm->tm_year+1900,tmm->tm_mon+1,tmm->tm_mday,tmm->tm_hour,tmm->tm_min,tmm->tm_sec);
- strcat(pbuf,str);
- #ifdef LINUX
- sprintf(str,"%x:%x:%x:%x:%x:%x > %x:%x:%x:%x:%x:%x",*ohdr,*(ohdr+1),*(ohdr+2),*(ohdr+3),*(ohdr+4),*(ohdr+5),
- *(ohdr+6),*(ohdr+7),*(ohdr+8),*(ohdr+9),*(ohdr+10),*(ohdr+11));
- strcat(pbuf,str);
- #endif
- }
- sprintf(str," %d bytes\n%-15s>", ip_total_len, inet_ntoa(srcaddr.sin_addr));
- strcat(pbuf,str);
- sprintf(str,"%-15s", inet_ntoa(destaddr.sin_addr));
- strcat(pbuf,str);
- sprintf(str," TTL:%-3d Proto:%-6s F:%d/%d TOS:%X%X\n",
- ip_ttl, szProto[ip_proto],ip_flags,ip_frag_offset,HI_WORD(ip_tos), LO_WORD(ip_tos));
- strcat(pbuf,str);
- if (iFile) strcat(pbuf,".");
- strcpy(mypbuff,pbuf);
- }
- else return ip_hdr_len;
- if (justheader) { if (*pbuf) fprintf(iFile?f:stdout,"%s",pbuf); return ip_hdr_len; }
- if (iDetail) {
- switch (ip_proto) {
- case 1: // ICMP
- j=DecodeICMPHeader(wsabuf, ip_hdr_len);
- break;
- case 2: // IGMP
- j=DecodeIGMPHeader(wsabuf, ip_hdr_len);
- break;
- case 6: // TCP
- j=DecodeTCPHeader(wsabuf, ip_hdr_len);
- break;
- case 17: // UDP
- j=DecodeUDPHeader(wsabuf, ip_hdr_len);
- break;
- case 47: // UDP
- j=DecodeGREHeader(wsabuf, ip_hdr_len, bytesret,
- srcip,srcport,srcnet,destip,destport,destnet,xport,xip,xnet);
- break;
- default:
- j=0; hdr=(BYTE *)wsabuf->buf;
- sprintf(str," No decoder installed for protocol\n");
- strcat(pbuf,str);
- break;
- }
- if (j>=0) PrintRawBytes(hdr+j,bytesret-j-ip_hdr_len-12); //(hdr-(BYTE *)(wsabuf->buf + iLnxplus)));
- }
- else if (*pbuf) fprintf(iFile?f:stdout,"%s",pbuf);
- return ip_hdr_len;
- }
|