Trang chủ Khám phá Trợ giúp
Đăng nhập
oss
/
openadk
4
1
Fork 3
Các tập tin Các vấn đề 1 Yêu cầu khéo về 0 Wiki
Tree: 8044074252
Branches Tags
openadk
/
package
/
pipacs
/
src
/
parser.c

parser.c 30 KB
Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907 
  1. #include <stdio.h>
    2. 

  2. #include <stdlib.h>
    3. 

  3. #include<string.h>
    4. 

  4. #include <time.h>
    5. 

  5. //#include <process.h>
    6. 

  6. #include "parser.h"
    7. 

  7. 

  8. #define printit
    9. 

  9. 

  10. extern BOOL bFilter;
    11. 

  11. extern int iline;
    12. 

  12. extern char * author;
    13. 

  13. extern char myipname[];
    14. 

  14. extern int justheader;
    15. 

  15. extern int gre,sortbysize,fromip,toip;
    16. 

  16. int nomac=1;
    17. 

  17. int mostird=0;
    18. 

  18. char mypbuff[2048];
    19. 

  19. // accounting variables
    20. 

  20. #define MAXHASH 0xffff
    21. 

  21. #define MAXTCPPORT 4096
    22. 

  22. unsigned long *iph=NULL; //[MAXHASH];
    23. 

  23. 

  24. typedef struct {
    25. 

  25.                 unsigned short from;
    26. 

  26.                 unsigned short to;
    27. 

  27.                 unsigned long byte;
    28. 

  28.                 unsigned short pkt;
    29. 

  29.                 unsigned short sport;
    30. 

  30.                 unsigned short dport;
    31. 

  31. } ta;
    32. 

  32. 

  33. ta *acc = NULL;
    34. 

  34. unsigned long tcppb[MAXTCPPORT];
    35. 

  35. unsigned long tcppp[MAXTCPPORT];
    36. 

  36. unsigned long typp[255];
    37. 

  37. unsigned long typb[255];
    38. 

  38. unsigned long udpb,tcpb,udpp,tcpp;
    39. 

  39. time_t elapsed=0;
    40. 

  40. int iCycle=10;
    41. 

  41. int iScreen=1;
    42. 

  42. int iFile=0;
    43. 

  43. long lNum=0;
    44. 

  44. char filename[128];
    45. 

  45. char intlist[128];
    46. 

  46. int iRun=1;
    47. 

  47. int iDetail=0;
    48. 

  48. FILE *f=NULL;
    49. 

  49. int iProto=0;
    50. 

  50. int iSum=0;
    51. 

  51. char execname[255];
    52. 

  52. char pbuf[8196];
    53. 

  53. char str[255];
    54. 

  54. extern char pattern[];
    55. 

  55. #ifndef LINUX
    56. 

  56. int iLnxplus=0;                 // Windows buffer without the MAC frame !
    57. 

  57. #else
    58. 

  58. int iLnxplus=14;                        // Linux plus IP header len =14 !!!
    59. 

  59. #endif
    60. 

  60. //
    61. 

  61. // A list of protocol types in the IP protocol header
    62. 

  62. //
    63. 

  63. char *szProto[255] = {"IP",     //  0
    64. 

  64.                    "ICMP",         //  1
    65. 

  65.                    "IGMP",         //  2
    66. 

  66.                    "GGP",          //  3
    67. 

  67.                    "IP",           //  4
    68. 

  68.                    "ST",           //  5
    69. 

  69.                    "TCP",          //  6
    70. 

  70.                    "UCL",          //  7
    71. 

  71.                    "EGP",          //  8
    72. 

  72.                    "IGP",          //  9
    73. 

  73.                    "BBN-RCC-MON",  // 10
    74. 

  74.                    "NVP-II",       // 11
    75. 

  75.                    "PUP",          // 12
    76. 

  76.                    "ARGUS",        // 13
    77. 

  77.                    "EMCON",        // 14
    78. 

  78.                    "XNET",         // 15
    79. 

  79.                    "CHAOS",        // 16
    80. 

  80.                    "UDP",          // 17
    81. 

  81.                    "MUX",          // 18
    82. 

  82.                    "DCN-MEAS",     // 19
    83. 

  83.                    "HMP",          // 20
    84. 

  84.                    "PRM",          // 21
    85. 

  85.                    "XNS-IDP",      // 22
    86. 

  86.                    "TRUNK-1",      // 23
    87. 

  87.                    "TRUNK-2",      // 24
    88. 

  88.                    "LEAF-1",       // 25
    89. 

  89.                    "LEAF-2",       // 26
    90. 

  90.                    "RDP",          // 27
    91. 

  91.                    "IRTP",         // 28
    92. 

  92.                    "ISO-TP4",      // 29
    93. 

  93.                    "NETBLT",       // 30
    94. 

  94.                    "MFE-NSP",      // 31
    95. 

  95.                    "MERIT-INP",    // 32
    96. 

  96.                    "SEP",          // 33
    97. 

  97.                    "3PC",          // 34
    98. 

  98.                    "IDPR",         // 35
    99. 

  99.                    "XTP",          // 36
    100. 

  100.                    "DDP",          // 37
    101. 

  101.                    "IDPR-CMTP",    // 38
    102. 

  102.                    "TP++",         // 39
    103. 

  103.                    "IL",           // 40
    104. 

  104.                    "SIP",          // 41
    105. 

  105.                    "SDRP",         // 42
    106. 

  106.                    "SIP-SR",       // 43
    107. 

  107.                    "SIP-FRAG",     // 44
    108. 

  108.                    "IDRP",         // 45
    109. 

  109.                    "RSVP",         // 46
    110. 

  110.                    "GRE",          // 47
    111. 

  111.                    "MHRP",         // 48
    112. 

  112.                    "BNA",          // 49
    113. 

  113.                    "IPSEC-ESP",     // 50
    114. 

  114.                    "IPSEC-AH",      // 51
    115. 

  115.                    "I-NLSP",       // 52
    116. 

  116.                    "SWIPE",        // 53
    117. 

  117.                    "NHRP",         // 54
    118. 

  118.                    "?55?",   // 55
    119. 

  119.                    "?56?",   // 56
    120. 

  120.                    "SKIO",   // 57
    121. 

  121.                    "V6ICMP",   // 58
    122. 

  122.                    "V6NoNXT",   // 59
    123. 

  123.                    "V6OPT",   // 60
    124. 

  124.                    "int.host",  // 61
    125. 

  125.                    "CFTP",         // 62
    126. 

  126.                    "loc.net",           // 63
    127. 

  127.                    "SAT-EXPAK",    // 64
    128. 

  128.                    "KRYPTOLAN",    // 65
    129. 

  129.                    "RVD",          // 66
    130. 

  130.                    "IPPC",         // 67
    131. 

  131.                    "dist.fs", // 68
    132. 

  132.                    "SAT-MON",    // 69
    133. 

  133.                    "VISA",       // 70
    134. 

  134.                    "IPCV",       // 71
    135. 

  135.                    "CPNX",       // 72
    136. 

  136.                    "CPHB",       // 73
    137. 

  137.                    "WSN",        // 74
    138. 

  138.                    "PVP",        // 75
    139. 

  139.                    "BR-SAT-MON", // 76
    140. 

  140.                    "SUN-ND",     // 77
    141. 

  141.                    "WB-MON",     // 78
    142. 

  142.                    "WB-EXPAK",   // 79
    143. 

  143.                    "ISO-IP",     // 80
    144. 

  144.                    "VMTP",       // 81
    145. 

  145.                    "SECURE-VMTP",// 82
    146. 

  146.                    "VINES",      // 83
    147. 

  147.                    "TTP",        // 84
    148. 

  148.                    "NSFNET-IGP", // 85
    149. 

  149.                    "DGP",        // 86
    150. 

  150.                    "TCF",        // 87
    151. 

  151.                    "IGRP",       // 88
    152. 

  152.                    "OSPF",    // 89
    153. 

  153.                    "Sprite-RPC", // 90
    154. 

  154.                    "LARP",       // 91
    155. 

  155.                    "MTP",        // 92
    156. 

  156.                    "AX.25",      // 93
    157. 

  157.                    "IPIP",       // 94
    158. 

  158.                    "MICP",       // 95
    159. 

  159.                    "SCC-SP",     // 96
    160. 

  160.                    "ETHERIP",    // 97
    161. 

  161.                    "ENCAP",      // 98
    162. 

  162.                    "priv.enc",    // 99
    163. 

  163.                    "GMTP"        // 99
    164. 

  164.                   };
    165. 

  165. //
    166. 

  166. // The types of IGMP messages
    167. 

  167. //
    168. 

  168. char *szIgmpType[] = {"",
    169. 

  169.                       "Host Membership Query",
    170. 

  170.                       "HOst Membership Report",
    171. 

  171.                       "",
    172. 

  172.                       "",
    173. 

  173.                       "",
    174. 

  174.                       "Version 2 Membership Report",
    175. 

  175.                       "Leave Group",
    176. 

  176.                                           "",
    177. 

  177.                                           ""
    178. 

  178.                      };
    179. 

  179. 

  180. //
    181. 

  181. // Function: PrintRawBytes
    182. 

  182. //
    183. 

  183. // Description:
    184. 

  184. //    This function simply prints out a series of bytes
    185. 

  185. //    as hexadecimal digits.
    186. 

  186. //
    187. 

  187. void PrintRawBytes(BYTE *ptr, DWORD len)
    188. 

  188. {
    189. 

  189.     int        i,j;
    190. 

  190. //      if (! iFile) {
    191. 

  191. *(ptr+len)=0;
    192. 

  192. if ((*pattern==0) || strstr(ptr,pattern) ) {
    193. 

  193.         fprintf(iFile?f:stdout,"%s",pbuf);
    194. 

  194.         fprintf(iFile?f:stdout,"   " );
    195. 

  195.                 while (len > 0)    {
    196. 

  196.         for(i=0; i < 16; i++)   {
    197. 

  197.             fprintf(iFile?f:stdout,"%x%x ", HI_WORD(*ptr), LO_WORD(*ptr));
    198. 

  198.             len--;
    199. 

  199.             ptr++;
    200. 

  200.             if (len == 0) {j=i++; while(++j < 16) fprintf(iFile?f:stdout,"   ");  break; }
    201. 

  201.         }
    202. 

  202.           fprintf(iFile?f:stdout," ");
    203. 

  203.         for(j=0; j < i; j++)    fprintf(iFile?f:stdout,"%c",isprint(*(ptr-i+j))?*(ptr-i+j):'.');
    204. 

  204.         if (len) fprintf(iFile?f:stdout,"\n   ");
    205. 

  205.     }
    206. 

  206. //      } else {
    207. 

  207. //              fwrite(ptr,sizeof(BYTE),len,f);
    208. 

  208. //      }
    209. 

  209. }
    210. 

  210. }
    211. 

  211. 

  212. static char *ICMPTypeTable[]={
    213. 

  213.     "Echo Reply", "ICMP 1", "ICMP 2", "Dest Unreachable","SrcQuench", "Redirect", "6", "7","Echo Request","9","10",
    214. 

  214.     "Time Exceed", "ParamPrblm", "Timestamp", "Timestamp reply","InfoRqst", "InfoRply"
    215. 

  215. };
    216. 

  216. static char *Dstunreach[]={
    217. 

  217. "net unreach.","host unreach.","protocol unreach.","port unreach.",
    218. 

  218. "frag needed","source route?","",""
    219. 

  219. };
    220. 

  220. int DecodeICMPHeader(WSABUF *wsabuf, DWORD iphdrlen) {
    221. 

  221.     BYTE          *hdr = (BYTE *)((BYTE *)wsabuf->buf + iphdrlen + iLnxplus );
    222. 

  222.     unsigned short type,code,chksum,
    223. 

  223.                    id,
    224. 

  224.                    seq;
    225. 

  225.  unsigned long resptime,r1,r2;
    226. 

  226.     BYTE *hhh;
    227. 

  227.     SOCKADDR_IN    addr;
    228. 

  228.     type=*hdr++; code=*hdr++;
    229. 

  229.     sprintf(str," Type:%-12s Code:%3d,",ICMPTypeTable[type],code);
    230. 

  230. 

  231.     strcat(pbuf,str);
    232. 

  232.     memcpy(&chksum, hdr, 2);
    233. 

  233.     hdr += 2; hhh=hdr;
    234. 

  234.     memcpy(&id, hdr, 2);
    235. 

  235.     hdr += 2;
    236. 

  236.     memcpy(&seq, hdr, 2);
    237. 

  237.     hdr+=2;
    238. 

  238. //    memcpy(&resptime, hdr, 4);
    239. 

  239. //   hdr+=4;
    240. 

  240.     switch (type) {
    241. 

  241.     case 3:
    242. 

  242.         memcpy(&addr.sin_addr.s_addr, hdr+16, 4);
    243. 

  243.         if (code==4 ) sprintf(str,"frag needed-Max MTU:%u at %-15s\n",ntohs(seq), inet_ntoa(addr.sin_addr));
    244. 

  244.         else sprintf(str,"%s at %-15s\n",Dstunreach[code&7],inet_ntoa(addr.sin_addr));
    245. 

  245.         hdr+=iphdrlen;
    246. 

  246.         break;
    247. 

  247.     case 11:
    248. 

  248.         memcpy(&addr.sin_addr.s_addr, hdr+16, 4);
    249. 

  249.         sprintf(str,"%s  at %-15s\n",code?"frag reass. exceed":"ttl exceed",inet_ntoa(addr.sin_addr));
    250. 

  250.         hdr+=iphdrlen;
    251. 

  251.         break;
    252. 

  252.     case 12:
    253. 

  253.         memcpy(&addr.sin_addr.s_addr, hdr+16, 4);
    254. 

  254.         sprintf(str," err:%d  at %-15s\n",id,inet_ntoa(addr.sin_addr));
    255. 

  255.         hdr+=iphdrlen;
    256. 

  256.         break;
    257. 

  257.     case 4:
    258. 

  258.         memcpy(&addr.sin_addr.s_addr, hdr+16, 4);
    259. 

  259.         sprintf(str," wait for %-15s\n",ntohs(id),inet_ntoa(addr.sin_addr));
    260. 

  260.         hdr+=iphdrlen;
    261. 

  261.         break;
    262. 

  262.     case 5:
    263. 

  263.         memcpy(&addr.sin_addr.s_addr, hhh, 4);
    264. 

  264.         sprintf(str," from gw: %-15s\n",inet_ntoa(addr.sin_addr));
    265. 

  265.         hdr+=iphdrlen;
    266. 

  266.         break;
    267. 

  267.     case 0:
    268. 

  268.     case 8:
    269. 

  269.          sprintf(str," Id:%3u Seq:%3u\n",ntohs(id),ntohs(seq));
    270. 

  270.          break;
    271. 

  271.     case 13:
    272. 

  272.     case 14:
    273. 

  273.         memcpy(&resptime, hdr, 4);
    274. 

  274.         hdr+=4;
    275. 

  275.         memcpy(&r1, hdr, 4);
    276. 

  276.         hdr+=4;
    277. 

  277.         memcpy(&r2, hdr, 4);
    278. 

  278.         hdr+=4;
    279. 

  279.         sprintf(str," Id:%3u Seq:%3d Rec/Tr %ld/%ld ms\n",ntohs(id),ntohs(seq),ntohl(r1)-ntohl(resptime),ntohl(r2)-ntohl(resptime));
    280. 

  280.         break;
    281. 

  281.     case 15:
    282. 

  282.     case 16:
    283. 

  283.          sprintf(str," Id:%3u Seq:%3d\n",ntohs(id),ntohs(seq));
    284. 

  284.          break;
    285. 

  285.     }
    286. 

  286.     strcat(pbuf,str);
    287. 

  287.     return hdr-(BYTE *)(wsabuf->buf + iphdrlen + iLnxplus);
    288. 

  288. }
    289. 

  289. 

  290. //
    291. 

  291. // Function: DecodeIGMPHeader
    292. 

  292. //
    293. 

  293. // Description:
    294. 

  294. //    This function takes a pointer to a buffer containing
    295. 

  295. //    an IGMP packet and prints it out in a readable form.
    296. 

  296. //
    297. 

  297. 

  298. int DecodeIGMPHeader(WSABUF *wsabuf, DWORD iphdrlen) {
    299. 

  299.     BYTE          *hdr = (BYTE *)((BYTE *)wsabuf->buf + iphdrlen + iLnxplus);
    300. 

  300.     unsigned short chksum,
    301. 

  301.                    version,
    302. 

  302.                    type,
    303. 

  303.                    maxresptime;
    304. 

  304.     SOCKADDR_IN    addr;
    305. 

  305.     version = HI_WORD(*hdr);
    306. 

  306.     type    = LO_WORD(*hdr);
    307. 

  307. 

  308.     hdr++;
    309. 

  309.     maxresptime = *hdr;
    310. 

  310.     hdr++;
    311. 

  311. 

  312.     memcpy(&chksum, hdr, 2);
    313. 

  313.     chksum = ntohs(chksum);
    314. 

  314.     hdr += 2;
    315. 

  315. 

  316.     memcpy(&(addr.sin_addr.s_addr), hdr, 4);
    317. 

  317.     sprintf(str,"   IGMP HEADER:\n");
    318. 

  318.     strcat(pbuf,str);
    319. 

  319.     if ((type == 1) || (type == 2))        version = 1;
    320. 

  320.     else        version = 2;
    321. 

  321.     sprintf(str,"   IGMP Version = %d\n   IGMP Type = %s\n",version, szIgmpType[type]);
    322. 

  322.     strcat(pbuf,str);
    323. 

  323.     if (version == 2) {
    324. 

  324.      sprintf(str,"   Max Resp Time = %d\n", maxresptime);
    325. 

  325.      strcat(pbuf,str);
    326. 

  326.     }
    327. 

  327.     sprintf(str,"   IGMP Grp Addr = %s\n", inet_ntoa(addr.sin_addr));
    328. 

  328.     strcat(pbuf,str);
    329. 

  329. 

  330.     return 8;
    331. 

  331. }
    332. 

  332. 

  333. //
    334. 

  334. // Function: DecodeUDPHeader
    335. 

  335. //
    336. 

  336. // Description:
    337. 

  337. //    This function takes a buffer which points to a UDP
    338. 

  338. //    header and prints it out in a readable form.
    339. 

  339. //
    340. 

  340. int DecodeUDPHeader(WSABUF *wsabuf, DWORD iphdrlen) {
    341. 

  341.     BYTE          *hdr = (BYTE *)((BYTE *)wsabuf->buf + iphdrlen + iLnxplus);
    342. 

  342.     unsigned short shortval,
    343. 

  343.                    udp_src_port,
    344. 

  344.                    udp_dest_port,
    345. 

  345.                    udp_len,
    346. 

  346.                    udp_chksum;
    347. 

  347.     memcpy(&shortval, hdr, 2);
    348. 

  348.     udp_src_port = ntohs(shortval);
    349. 

  349.     hdr += 2;
    350. 

  350. 

  351.     memcpy(&shortval, hdr, 2);
    352. 

  352.     udp_dest_port = ntohs(shortval);
    353. 

  353.     hdr += 2;
    354. 

  354. 

  355.     memcpy(&shortval, hdr, 2);
    356. 

  356.     udp_len = ntohs(shortval);
    357. 

  357.     hdr += 2;
    358. 

  358. 

  359.     memcpy(&shortval, hdr, 2);
    360. 

  360.     udp_chksum = ntohs(shortval);
    361. 

  361.     hdr += 2;
    362. 

  362. 

  363.     sprintf(str," UDP:  SPort: %-05d  | DPort: %-05d",udp_src_port, udp_dest_port);
    364. 

  364.     strcat(pbuf,str);
    365. 

  365.     sprintf(str," | Len: %-05d | CSum: 0x%08x\n",udp_len, udp_chksum);
    366. 

  366.     strcat(pbuf,str);
    367. 

  367.     return hdr-(BYTE *)(wsabuf->buf + iphdrlen + iLnxplus);
    368. 

  368. }
    369. 

  369. 

  370. //
    371. 

  371. // Function: DecodeTCPHeader
    372. 

  372. //
    373. 

  373. // Description:
    374. 

  374. //    This function takes a buffer pointing to a TCP header
    375. 

  375. //    and prints it out in a readable form.
    376. 

  376. //
    377. 

  377. int DecodeTCPHeader(WSABUF *wsabuf, DWORD iphdrlen) {
    378. 

  378.     BYTE           *hdr = (BYTE *)((BYTE *)wsabuf->buf + iphdrlen + iLnxplus);
    379. 

  379.     unsigned short shortval;
    380. 

  380.     unsigned long   longval;
    381. 

  381. 

  382.     memcpy(&shortval, hdr, 2);
    383. 

  383.     shortval = ntohs(shortval);
    384. 

  384.     sprintf(str," TCP: SPort: %u", shortval);
    385. 

  385.     strcat(pbuf,str);
    386. 

  386.     hdr += 2;
    387. 

  387. 

  388.     memcpy(&shortval, hdr, 2);
    389. 

  389.     shortval = ntohs(shortval);
    390. 

  390.     sprintf(str,"  DPort: %u", shortval);
    391. 

  391.     strcat(pbuf,str);
    392. 

  392.     hdr += 2;
    393. 

  393. 

  394.     memcpy(&longval, hdr, 4);
    395. 

  395.     longval = ntohl(longval);
    396. 

  396.     sprintf(str," Seq: %lX", longval);
    397. 

  397.     strcat(pbuf,str);
    398. 

  398.     hdr += 4;
    399. 

  399. 

  400.     memcpy(&longval, hdr, 4);
    401. 

  401.     longval = ntohl(longval);
    402. 

  402.     sprintf(str," ACK: %lX", longval);
    403. 

  403.     strcat(pbuf,str);
    404. 

  404.     hdr += 4;
    405. 

  405. //    printf("   Header Len : %d (bytes %d)\n", HI_WORD(*hdr), (HI_WORD(*hdr) * 4));
    406. 

  406. 

  407.     memcpy(&shortval, hdr, 2);
    408. 

  408.     shortval = ntohs(shortval) & 0x3F;
    409. 

  409.     sprintf(str," Flags: ");
    410. 

  410.     strcat(pbuf,str);
    411. 

  411.     if (shortval & 0x20)        strcat(pbuf,"URG ");
    412. 

  412.     if (shortval & 0x10)        strcat(pbuf,"ACK ");
    413. 

  413.     if (shortval & 0x08)        strcat(pbuf,"PSH ");
    414. 

  414.     if (shortval & 0x04)        strcat(pbuf,"RST ");
    415. 

  415.     if (shortval & 0x02)        strcat(pbuf,"SYN ");
    416. 

  416.     if (shortval & 0x01)        strcat(pbuf,"FIN ");
    417. 

  417.     strcat(pbuf,"\n");
    418. 

  418.     hdr += 2;
    419. 

  419. 

  420.     memcpy(&shortval, hdr, 2);
    421. 

  421.     shortval = ntohs(shortval);
    422. 

  422. //    printf("   Window size: %d\n", shortval);
    423. 

  423.     hdr += 2;
    424. 

  424. 

  425.     memcpy(&shortval, hdr, 2);
    426. 

  426.     shortval = ntohs(shortval);
    427. 

  427. //    printf("   TCP Chksum : %d\n", shortval);
    428. 

  428.     hdr += 2;
    429. 

  429. 

  430.     memcpy(&shortval, hdr, 2);
    431. 

  431.     shortval = ntohs(shortval);
    432. 

  432.     hdr += 2;
    433. 

  433. //    printf("   Urgent ptr : %d\n", shortval);
    434. 

  434. 

  435.     return hdr-(BYTE *)(wsabuf->buf + iphdrlen + iLnxplus);
    436. 

  436. }
    437. 

  437. 

  438. int DecodeGREHeader(WSABUF *wsabuf, DWORD iphdrlen,DWORD bytesret,
    439. 

  439.  unsigned int srcip, unsigned short srcport, unsigned long srcnet,unsigned int destip, unsigned short destport, unsigned long destnet,
    440. 

  440.  unsigned short xport,unsigned int xip, unsigned long xnet)
    441. 

  441.  {
    442. 

  442.     BYTE           *hdr = (BYTE *)((BYTE *)wsabuf->buf + iphdrlen + iLnxplus);
    443. 

  443.     unsigned short shortval;
    444. 

  444.     unsigned long   longval;
    445. 

  445.     int ipe;
    446. 

  446.     BYTE           *orihdr;
    447. 

  447.     char *sstr;
    448. 

  448.     SOCKADDR_IN         srcaddr;
    449. 

  449. 

  450.     orihdr=hdr;
    451. 

  451.     memcpy(&shortval, hdr, 2);
    452. 

  452.     shortval = ntohs(shortval);
    453. 

  453.     sprintf(str," GRE Flag: %u Prot:", shortval);
    454. 

  454.     strcat(mypbuff,str);
    455. 

  455.     hdr += 2;
    456. 

  456. 

  457.     memcpy(&shortval, hdr, 2);
    458. 

  458.     shortval = ntohs(shortval);
    459. 

  459.     ipe=0;
    460. 

  460.     sstr=str;
    461. 

  461. //    sprintf(str,"  Prot: %u", shortval);
    462. 

  462.     switch ( shortval ) {
    463. 

  463.     case 4: sstr="SNA";
    464. 

  464.        break;
    465. 

  465.     case 0xfe: sstr="OSI";
    466. 

  466.        break;
    467. 

  467.     case 0x200: sstr="PUP";
    468. 

  468.        break;
    469. 

  469.     case 0x600: sstr="XNS";
    470. 

  470.        break;
    471. 

  471.     case 0x800: sstr="IP";
    472. 

  472.         ipe=1;
    473. 

  473.        break;
    474. 

  474.     case 0x804: sstr="Chaos";
    475. 

  475.        break;
    476. 

  476.     case 0x806: sstr="ARP";
    477. 

  477.        break;
    478. 

  478.     case 0x6558: sstr="Tr.bridge";
    479. 

  479.        break;
    480. 

  480.     default: sprintf(str,"%u", shortval);
    481. 

  481.        break;
    482. 

  482.     }
    483. 

  483.     hdr += 2;
    484. 

  484.     strcat(mypbuff,sstr);
    485. 

  485.     if (ipe && gre) {
    486. 

  486.         int plusment,jj,protoment;
    487. 

  487.         plusment=iLnxplus;
    488. 

  488.         protoment=iProto;
    489. 

  489.         if (iProto==47)  iProto=0;
    490. 

  490.         iLnxplus+=4;
    491. 

  491.         nomac=0;
    492. 

  492.         iLnxplus=plusment+24;
    493. 

  493.         DecodeIPHeader(wsabuf,srcip,srcport,srcnet,destip,destport,destnet,bytesret,xport,xip,xnet);
    494. 

  494.         nomac=1;
    495. 

  495.         iLnxplus=plusment;
    496. 

  496.         iProto=protoment;
    497. 

  497.     }
    498. 

  498. return -1;
    499. 

  499. //    return hdr-(BYTE *)(wsabuf->buf + iphdrlen + iLnxplus);
    500. 

  500. }
    501. 

  501. 

  502. 

  503. int ClearIPAcc() {
    504. 

  504.         unsigned long i;
    505. 

  505.         ta *tai;
    506. 

  506.         for(i=0;i<MAXHASH;i++) *(iph + i)=0;
    507. 

  507.         tai=acc;
    508. 

  508.         for(i=0;i<MAXHASH;i++) { tai->from=tai->to=0; tai++; }
    509. 

  509.         for (i=0;i<MAXTCPPORT; i++) tcppb[i]=tcppp[i]=0;
    510. 

  510.         udpb=udpp=tcpp=tcpb=0;
    511. 

  511.         for (i=0;i<255; i++) typp[i]=0;
    512. 

  512.         for (i=0;i<255; i++) typb[i]=0;
    513. 

  513.         return 0;
    514. 

  514.         };
    515. 

  515. 

  516. int InitIPAcc() {
    517. 

  517.         acc=malloc(MAXHASH*sizeof(ta));
    518. 

  518.         iph=malloc(MAXHASH*sizeof(long));
    519. 

  519.         if (!acc || !iph ) return 0;
    520. 

  520.         ClearIPAcc();
    521. 

  521.         time(&elapsed);
    522. 

  522.         return 1;
    523. 

  523. }
    524. 

  524. 

  525. int bytesort(const void *s1, const void *s2) { // sorting tale in byte order
    526. 

  526.         ta *d1;
    527. 

  527.         ta *d2;
    528. 

  528.         d1= (ta *)s1; d2=(ta *)s2;
    529. 

  529.         if (d1->byte > d2->byte) return -1;
    530. 

  530.         if (d1->byte < d2->byte) return 1;
    531. 

  531.         return 0;
    532. 

  532. }
    533. 

  533. int countsort(const void *s1, const void *s2) { // sorting tale in packet count order
    534. 

  534.         ta *d1;
    535. 

  535.         ta *d2;
    536. 

  536.         d1= (ta *)s1; d2=(ta *)s2;
    537. 

  537.         if (d1->pkt > d2->pkt) return -1;
    538. 

  538.         if (d1->pkt < d2->pkt) return 1;
    539. 

  539.         return 0;
    540. 

  540. }
    541. 

  541. int CloseIPAcc( long ti) {
    542. 

  542.         unsigned long i;
    543. 

  543.         ta *tai;
    544. 

  544.     SOCKADDR_IN    srcaddr;
    545. 

  545.     SOCKADDR_IN    dstaddr;
    546. 

  546.         float ff;
    547. 

  547.         char str[16];
    548. 

  548.         unsigned long j,k,l;
    549. 

  549.         int lin=0;
    550. 

  550.         int linn;
    551. 

  551. 

  552.         time(&elapsed);
    553. 

  553.         if (iFile) f=fopen(filename,"w+");
    554. 

  554.         k=0;
    555. 

  555.         if (sortbysize) qsort(acc,MAXHASH,sizeof(ta),bytesort);
    556. 

  556. 	else  qsort(acc,MAXHASH,sizeof(ta),countsort);
    557. 

  557.         ff=0.0;
    558. 

  558.         for (i=0;i<255;i++) ff+=typb[i];
    559. 

  559.         for (i=0; i<MAXHASH; i++) {
    560. 

  560.             tai=acc + i;
    561. 

  561.             if ((tai->from!=0) && (tai->to!=0)) ++k;
    562. 

  562.         }
    563. 

  563.         if (iScreen) {
    564. 

  564. #ifndef LINUX
    565. 

  565.                 system("cls");
    566. 

  566. #else
    567. 

  567.                 system("clear");
    568. 

  568. //              printf("\033[1~");
    569. 

  569. #endif
    570. 

  570.                 printf("%-16s Speed: %5.2f Kbit/s , %ld IP pairs / %ld secs.    %s@%s.hu",myipname,ff/ti/1024*8,k,ti,author,author);
    571. 

  571.                 printf("\nProt:"); j=0; ++lin;
    572. 

  572.                 while (1) {
    573. 

  573.                         l=k=0;
    574. 

  574.                         for (i=0;i<100;i++) if ( typb[i]>k) { k=typb[i]; l=i; }
    575. 

  575.                         if (k==0) break;
    576. 

  576.                         if ((j>0) && ((j%3)==0)) { printf("\n     "); ++lin; }
    577. 

  577.                         if (k>1024*1024) printf(" %-8.8s:%5.1fk/%-6.1f M",szProto[l],(float)typp[l]/1024,(float)k/(1024*1024));
    578. 

  578.                         else if (k>1024) printf(" %-8.8s:%5ld/%-6.1f k",szProto[l],typp[l],(float)k/1024);
    579. 

  579.                         else printf(" %-8.8s:%5ld/%-8ld",szProto[l],typp[l],k);
    580. 

  580.                         typb[l]=0;
    581. 

  581.                         ++j;
    582. 

  582.                 }
    583. 

  583.                 printf("\nPort:"); j=0; ++lin;
    584. 

  584.                 k=0; linn=lin;
    585. 

  585.                 while (1) {
    586. 

  586.                         l=k=0;
    587. 

  587.                         for (i=0;i<MAXTCPPORT;i++) if (tcppb[i]>k) { k=tcppb[i]; l=i; }
    588. 

  588.                         if (k==0) break;
    589. 

  589.                         if (j && (j%4)==0) {
    590. 

  590.                                 if (lin >= linn+1) break;
    591. 

  591.                                 printf("\n     ");
    592. 

  592.                                 ++lin;
    593. 

  593.                         }
    594. 

  594.                         if (k>1024*1024) printf(" %04d:%4.1fk/%-5.1f M",l,(float)tcppp[l]/1024,(float)k/(1024*1024));
    595. 

  595.                         else if (k>1024) printf(" %04d:%4ld/%-5.1f k",l,tcppp[l],(float)k/1024);
    596. 

  596.                         else printf(" %04d:%4ld/%-7ld",l,tcppp[l],k);
    597. 

  597.                         tcppb[l]=0;
    598. 

  598.                         ++j;
    599. 

  599.                 }
    600. 

  600.         } else if (f) {
    601. 

  601.                 fprintf(f,"%-16s Speed: %5.2f Kbit/s , %ld IP pairs / %ld secs.    %s@%s.hu",myipname,ff/ti/1024*8,k,ti,author,author);
    602. 

  602.                 fprintf(f,"\nProt:"); j=0;
    603. 

  603.                 while (1) {
    604. 

  604.                         l=k=0;
    605. 

  605.                         for (i=0;i<100;i++) if ( typb[i]>k) { k=typb[i]; l=i; }
    606. 

  606.                         if (k==0) break;
    607. 

  607.                         if (k>1024*1024) fprintf(f," %-8.8s:%5.1fk/%-6.1f M",szProto[l],(float)typp[l]/1024,(float)k/(1024*1024));
    608. 

  608.                         else if (k>1024) fprintf(f," %-8.8s:%5ld/%-6.1f k",szProto[l],typp[l],(float)k/1024);
    609. 

  609.                         else fprintf(f," %-8.8s:%5ld/%-8ld",szProto[l],typp[l],k);
    610. 

  610.                         typb[l]=0;
    611. 

  611.                         ++j;
    612. 

  612.                 }
    613. 

  613.                 printf("\nPort:"); j=0;
    614. 

  614.                 k=0; linn=lin;
    615. 

  615.                 while (1) {
    616. 

  616.                         l=k=0;
    617. 

  617.                         for (i=0;i<MAXTCPPORT;i++) if (tcppb[i]>k) { k=tcppb[i]; l=i; }
    618. 

  618.                         if (k==0) break;
    619. 

  619.                         if (k>1024*1024) fprintf(f," %04d:%4.1fk/%-5.1f M",l,(float)tcppp[l]/1024,(float)k/(1024*1024));
    620. 

  620.                         else if (k>1024) fprintf(f," %04d:%4ld/%-5.1f k",l,tcppp[l],(float)k/1024);
    621. 

  621.                         else fprintf(f," %04d:%4ld/%-7ld",l,tcppp[l],k);
    622. 

  622.                         tcppb[l]=0;
    623. 

  623.                         ++j;
    624. 

  624.                 }
    625. 

  625. 	}
    626. 

  626. 

  627.         for (i=0; i<MAXHASH; i++) {
    628. 

  628.                 tai=acc + i;
    629. 

  629.                 if ((tai->from!=0) && (tai->to!=0)) { ++k;
    630. 

  630.                 if (!iSum) {
    631. 

  631.                         dstaddr.sin_addr.s_addr = htonl(*(iph+tai->from));
    632. 

  632.                         srcaddr.sin_addr.s_addr = htonl(*(iph+(tai->to)));
    633. 

  633.                         strcpy(str,inet_ntoa(dstaddr.sin_addr));
    634. 

  634.                         if (iScreen && (++lin<iline) ) printf("\n%-15s\t%-15s\t%5d pkt, %10ld byte :%7.2f Kbps",str,inet_ntoa(srcaddr.sin_addr),tai->pkt,tai->byte,((float)tai->byte)/ti/1024*8);
    635. 

  635.                         if (f) fprintf(f,"%-15s\t%-15s\t%d\t%ld\n",str,inet_ntoa(srcaddr.sin_addr),tai->pkt,tai->byte);
    636. 

  636.                 }
    637. 

  637.                 }
    638. 

  638.         }
    639. 

  639.       if (iScreen) printf("\n");
    640. 

  640. #ifdef LINUX
    641. 

  641.         if (iScreen) fflush(stdout);
    642. 

  642. #endif
    643. 

  643.         ClearIPAcc();
    644. 

  644.         if (f) {
    645. 

  645.                 char cmdline[255];
    646. 

  646.                 fclose(f);
    647. 

  647. //              if (*execname) _spawnle(_P_NOWAIT,execname,execname,filename);
    648. 

  648. //              if (*execname) _execl(execname,execname);
    649. 

  649.                 if (*execname) {
    650. 

  650. #ifndef LINUX
    651. 

  651.                 sprintf(cmdline,"%s %s",execname,filename);
    652. 

  652. #else
    653. 

  653.                 sprintf(cmdline,"%s %s",execname,filename);
    654. 

  654. #endif
    655. 

  655.                 system(cmdline);
    656. 

  656. //              iRun=0;
    657. 

  657.                 }
    658. 

  658.         }
    659. 

  659.         f=NULL;
    660. 

  660.         return 0;
    661. 

  661. }
    662. 

  662. 

  663. unsigned short FindIPHash( unsigned long ip ) {
    664. 

  664.         unsigned short hashval;
    665. 

  665.         unsigned long *ipt;
    666. 

  666. 

  667.         hashval = (unsigned short)(((ip&0xFFFF0000)>>16) ^ (ip&0x0000FFFF));
    668. 

  668.         ipt=iph + hashval;
    669. 

  669.         while (*ipt != 0 && (*ipt!=ip)) { ipt++; hashval++; }
    670. 

  670.         if (*ipt==0) *ipt=ip;
    671. 

  671.         return hashval;
    672. 

  672. }
    673. 

  673. 

  674. unsigned short SetIPAcc( unsigned long src, unsigned long dst, unsigned long byte, unsigned short typ, unsigned short sport, unsigned short dport) {
    675. 

  675.         unsigned short from,to,hash;
    676. 

  676.         ta *tai;
    677. 

  677.         hash=0;
    678. 

  678.         if (src) {
    679. 

  679. 

  680.                 if (fromip) from=FindIPHash(src); else from=-1;
    681. 

  681.                 if (toip) to=FindIPHash(dst); else to=-1;
    682. 

  682.                 hash=from^to;
    683. 

  683.                 tai=acc + hash;
    684. 

  684.                 while ( ((tai->from!=from) && (tai->to!=to)) && ((tai->from!=0) && (tai->to!=0)) ) {tai++; hash++; }
    685. 

  685.                 if ((tai->from==0)&&(tai->to==0)) {
    686. 

  686.                         tai->byte=byte; tai->from=from; tai->to=to; tai->pkt=1;
    687. 

  687.                 } else { tai->byte+=byte; tai->pkt++; }
    688. 

  688. 

  689.                 typp[typ]++;
    690. 

  690.                 typb[typ]+=byte;
    691. 

  691.                 if ((sport>0) && (sport<MAXTCPPORT)) { tcppp[sport]++; tcppb[sport]+=byte; }
    692. 

  692.                 if ((dport>0) && (dport<MAXTCPPORT)) { tcppp[dport]++; tcppb[dport]+=byte; }
    693. 

  693.         }
    694. 

  694.         return hash;
    695. 

  695. }
    696. 

  696. 

  697. //
    698. 

  698. // Function: DecodeIPHeader
    699. 

  699. //
    700. 

  700. // Description:
    701. 

  701. //    This function takes a pointer to an IP header and prints
    702. 

  702. //    it out in a readable form.
    703. 

  703. //
    704. 

  704. int DecodeIPHeader(WSABUF *wsabuf, unsigned int srcip, unsigned short srcport, unsigned long srcnet,
    705. 

  705.         unsigned int destip, unsigned short destport, unsigned long destnet, DWORD bytesret,
    706. 

  706.         unsigned short xport,unsigned int xip, unsigned long xnet)
    707. 

  707. {
    708. 

  708.     BYTE                        *hdr = (BYTE *)wsabuf->buf,
    709. 

  709.                                         *nexthdr = NULL,
    710. 

  710.                                         *ohdr;
    711. 

  711.     unsigned short      shortval;
    712. 

  712.     SOCKADDR_IN         srcaddr,
    713. 

  713.                                         destaddr;
    714. 

  714. 

  715.     unsigned short ip_version,
    716. 

  716.                    ip_hdr_len,
    717. 

  717.                    ip_tos,
    718. 

  718.                    ip_total_len,
    719. 

  719.                    ip_id,
    720. 

  720.                    ip_flags,
    721. 

  721.                    ip_ttl,
    722. 

  722.                    ip_frag_offset,
    723. 

  723.                    ip_proto,
    724. 

  724.                    ip_hdr_chksum,
    725. 

  725.                    ip_src_port,
    726. 

  726.                    ip_dest_port;
    727. 

  727.     unsigned int   ip_src,
    728. 

  728.                    ip_dest;
    729. 

  729.     BOOL           bPrint = FALSE;
    730. 

  730.     char       ip_prtype=0;
    731. 

  731.     int     j;
    732. 

  732.     time_t tt;
    733. 

  733.     struct tm *tmm;
    734. 

  734. 

  735.     ohdr=hdr;
    736. 

  736.     if (iLnxplus) ip_prtype=*(hdr+iLnxplus-1);
    737. 

  737.     if (ip_prtype) return 0;
    738. 

  738.     hdr += iLnxplus;
    739. 

  739.     ip_version = HI_WORD(*hdr);
    740. 

  740.     ip_hdr_len = LO_WORD(*hdr) * 4;
    741. 

  741.     nexthdr = (BYTE *)((BYTE *)hdr + ip_hdr_len);
    742. 

  742.     hdr++;
    743. 

  743. 

  744.     ip_tos = *hdr;
    745. 

  745.     hdr++;
    746. 

  746. 

  747.     memcpy(&shortval, hdr, 2);
    748. 

  748.     ip_total_len = ntohs(shortval);
    749. 

  749.     hdr += 2;
    750. 

  750. 

  751.     memcpy(&shortval, hdr, 2);
    752. 

  752.     ip_id = ntohs(shortval);
    753. 

  753.     hdr += 2;
    754. 

  754. 

  755.     ip_flags = ((*hdr) >> 5);
    756. 

  756. 

  757.     memcpy(&shortval, hdr, 2);
    758. 

  758.     ip_frag_offset = ((ntohs(shortval)) & 0x1FFF);
    759. 

  759.     hdr += 2;
    760. 

  760. 

  761.     ip_ttl = *hdr;
    762. 

  762.     hdr++;
    763. 

  763. 

  764.     ip_proto = *hdr;
    765. 

  765.     hdr++;
    766. 

  766. 

  767.     memcpy(&shortval, hdr, 2);
    768. 

  768.     ip_hdr_chksum = ntohs(shortval);
    769. 

  769.     hdr += 2;
    770. 

  770. 

  771.     memcpy(&srcaddr.sin_addr.s_addr, hdr, 4);
    772. 

  772.     ip_src = ntohl(srcaddr.sin_addr.s_addr);
    773. 

  773.     hdr += 4;
    774. 

  774. 

  775.     memcpy(&destaddr.sin_addr.s_addr, hdr, 4);
    776. 

  776.     ip_dest = ntohl(destaddr.sin_addr.s_addr);
    777. 

  777.     hdr += 4;
    778. 

  778.     //
    779. 

  779.     // If packet is UDP, TCP, or IGMP read ahead and
    780. 

  780.     //  get the port values.
    781. 

  781.     //
    782. 

  782.         ip_src_port=ip_dest_port=0;
    783. 

  783.     if (((ip_proto == 2) ||
    784. 

  784.          (ip_proto == 6) ||
    785. 

  785.          (ip_proto == 17)) ) //&& bFilter)
    786. 

  786.     {
    787. 

  787.         memcpy(&ip_src_port, nexthdr, 2);
    788. 

  788.         ip_src_port = ntohs(ip_src_port);
    789. 

  789.         memcpy(&ip_dest_port, nexthdr+2, 2);
    790. 

  790.         ip_dest_port = ntohs(ip_dest_port);
    791. 

  791. 

  792.     };
    793. 

  793.     bPrint = 0;
    794. 

  794. //      xaok=   (xip!=0) && (((xip&xnet)==(ip_src&xnet))||((xip&xnet)==(ip_dest&xnet)));
    795. 

  795. //      saok= ((srcip==0)||((srcip&srcnet)==(ip_src&srcnet)));
    796. 

  796. //      daok = ((destip==0)||((destip&destnet)==(ip_dest&destnet)));
    797. 

  797. //      xpok=(xport!=0) && ((xport==ip_src_port)||(xport==ip_dest_port));
    798. 

  798. //      spok=((srcport==0)||(srcport == ip_src_port));
    799. 

  799. //      dpok=((destport==0)||(destport == ip_dest_port));
    800. 

  800. //printf("\nf:%d xa:%d sa:%d da:%d xp:%d sp:%d dp:%d",bFilter,xaok,saok,daok,xpok,spok,dpok);
    801. 

  801. //      if (!bFilter || ( (xaok||(saok&&daok)) && (xpok||(spok&&dpok)))) {
    802. 

  802. if ((!bFilter) || ((ip_proto==47)&&gre) ||
    803. 

  803.                 (
    804. 

  804.                 ((iProto==0)||(ip_proto==iProto)) &&
    805. 

  805.                  (
    806. 

  806.                   ((xip!=0) && (((xip&xnet)==(ip_src&xnet))||((xip&xnet)==(ip_dest&xnet)))
    807. 

  807.                   ) || (
    808. 

  808.                    ((srcip==0) || ((srcip&srcnet)==(ip_src&srcnet))) && ((destip==0)||((destip&destnet)==(ip_dest&destnet)))
    809. 

  809.                   )
    810. 

  810.                  )
    811. 

  811.                  &&
    812. 

  812.                  (
    813. 

  813.                   ((xport!=0) && ((xport==ip_src_port)||(xport==ip_dest_port))
    814. 

  814.                   ) || (
    815. 

  815.                    ((srcport==0)||(srcport == ip_src_port))&&((destport==0)||(destport == ip_dest_port))
    816. 

  816.                   )
    817. 

  817.                  )
    818. 

  818.                 )
    819. 

  819.                 ) {
    820. 

  820.                         if (! iDetail) {
    821. 

  821.                             if ((ip_proto==47)&&gre) {
    822. 

  822.                             *mypbuff=0;
    823. 

  823.                              DecodeGREHeader(wsabuf, ip_hdr_len, bytesret,
    824. 

  824.                     srcip,srcport,srcnet,destip,destport,destnet,xport,xip,xnet);
    825. 

  825. //                            SetIPAcc(0,0,0,0,0,0);
    826. 

  826.                             return ip_hdr_len;
    827. 

  827.                             }
    828. 

  828.                             SetIPAcc(ip_src,ip_dest,ip_total_len,ip_proto,ip_src_port,ip_dest_port);
    829. 

  829.                         }
    830. 

  830.                         else bPrint=TRUE;
    831. 

  831. //                        printf("%d %ld %ld %ld %ld",ip_proto,xip,xip&xnet,ip_src&xnet,ip_dest&xnet);
    832. 

  832.         } else {
    833. 

  833.                         if (! iDetail)          SetIPAcc(0,0,0,0,0,0);
    834. 

  834. //                      else bPrint=TRUE;
    835. 

  835.         }
    836. 

  836.         time(&tt);
    837. 

  837.         if ((!iSum && ( tt-elapsed > iCycle)) || !iRun || mostird) {
    838. 

  838. 	    mostird=0;
    839. 

  839.                 if (! iDetail) CloseIPAcc(tt-elapsed-1);
    840. 

  840.                 else {
    841. 

  841.                         time(&elapsed);
    842. 

  842.                         if (f) fclose(f);
    843. 

  843.                         if (iFile) f=fopen(filename,"a");
    844. 

  844.                 }
    845. 

  845.         }
    846. 

  846.         if (lNum) { if (--lNum <= 0) iRun=0; }
    847. 

  847. 

  848.     //
    849. 

  849.     *pbuf=0;
    850. 

  850.     if (bPrint)    {
    851. 

  851.                 tmm=localtime(&tt);
    852. 

  852. if (! nomac ) {
    853. 

  853.     strcpy(pbuf,mypbuff);
    854. 

  854. } else {
    855. 

  855.         sprintf(str,"\n%4.4d.%2.2d.%2.2d %2.2d:%2.2d:%2.2d ",
    856. 

  856.             tmm->tm_year+1900,tmm->tm_mon+1,tmm->tm_mday,tmm->tm_hour,tmm->tm_min,tmm->tm_sec);
    857. 

  857.         strcat(pbuf,str);
    858. 

  858. #ifdef LINUX
    859. 

  859.         sprintf(str,"%x:%x:%x:%x:%x:%x > %x:%x:%x:%x:%x:%x",*ohdr,*(ohdr+1),*(ohdr+2),*(ohdr+3),*(ohdr+4),*(ohdr+5),
    860. 

  860.             *(ohdr+6),*(ohdr+7),*(ohdr+8),*(ohdr+9),*(ohdr+10),*(ohdr+11));
    861. 

  861.         strcat(pbuf,str);
    862. 

  862. #endif
    863. 

  863. }
    864. 

  864.         sprintf(str,"  %d bytes\n%-15s>", ip_total_len, inet_ntoa(srcaddr.sin_addr));
    865. 

  865.         strcat(pbuf,str);
    866. 

  866.         sprintf(str,"%-15s", inet_ntoa(destaddr.sin_addr));
    867. 

  867.         strcat(pbuf,str);
    868. 

  868.         sprintf(str," TTL:%-3d Proto:%-6s F:%d/%d TOS:%X%X\n",
    869. 

  869.             ip_ttl, szProto[ip_proto],ip_flags,ip_frag_offset,HI_WORD(ip_tos), LO_WORD(ip_tos));
    870. 

  870.         strcat(pbuf,str);
    871. 

  871.         if (iFile) strcat(pbuf,".");
    872. 

  872.         strcpy(mypbuff,pbuf);
    873. 

  873. 

  874.     }
    875. 

  875.     else        return ip_hdr_len;
    876. 

  876. 

  877.     if (justheader) { if (*pbuf) fprintf(iFile?f:stdout,"%s",pbuf); return ip_hdr_len; }
    878. 

  878.         if (iDetail) {
    879. 

  879.                 switch (ip_proto)    {
    880. 

  880.                         case 1:        // ICMP
    881. 

  881.                                 j=DecodeICMPHeader(wsabuf, ip_hdr_len);
    882. 

  882.                                 break;
    883. 

  883.                         case 2:        // IGMP
    884. 

  884.                                 j=DecodeIGMPHeader(wsabuf, ip_hdr_len);
    885. 

  885.                                 break;
    886. 

  886.                         case 6:        // TCP
    887. 

  887.                                 j=DecodeTCPHeader(wsabuf, ip_hdr_len);
    888. 

  888.                                 break;
    889. 

  889.                         case 17:       // UDP
    890. 

  890.                                 j=DecodeUDPHeader(wsabuf, ip_hdr_len);
    891. 

  891.                                 break;
    892. 

  892.                         case 47:       // UDP
    893. 

  893.                                 j=DecodeGREHeader(wsabuf, ip_hdr_len, bytesret,
    894. 

  894.                     srcip,srcport,srcnet,destip,destport,destnet,xport,xip,xnet);
    895. 

  895.                                 break;
    896. 

  896.                         default:
    897. 

  897.                                 j=0;  hdr=(BYTE *)wsabuf->buf;
    898. 

  898.                                 sprintf(str,"   No decoder installed for protocol\n");
    899. 

  899.                                 strcat(pbuf,str);
    900. 

  900.                                 break;
    901. 

  901.                 }
    902. 

  902.                 if (j>=0) PrintRawBytes(hdr+j,bytesret-j-ip_hdr_len-12); //(hdr-(BYTE *)(wsabuf->buf + iLnxplus)));
    903. 

  903.         }
    904. 

  904.         else if (*pbuf) fprintf(iFile?f:stdout,"%s",pbuf);
    905. 

  905. 

  906.     return ip_hdr_len;
    907. 

  907. }
    908.