#include <pcap.h> #include <mysql.h> typedef u_int32_t in_addr_t; struct in_addr { in_addr_t s_addr; };
struct ether_header { u_int8_t ether_dhost[6]; u_int8_t ether_shost[6]; u_int16_t ether_type; };
struct ip_header { #if defined(WORDS_BIGENDIAN) u_int8_t ip_version:4,ip_header_length:4; #else u_int8_t ip_header_length:4,ip_version:4; #endif u_int8_t ip_tos; u_int16_t ip_length; u_int16_t ip_id; u_int16_t ip_off; u_int8_t ip_ttl; u_int8_t ip_protocol; u_int16_t ip_checksum; struct in_addr ip_source_address; struct in_addr ip_destination_address; };
struct udp_header { u_int16_t udp_source_port; u_int16_t udp_destination_port; u_int16_t udp_length; u_int16_t udp_checksum; };
struct dns_packet { u_int16_t dns_trans_id; u_int16_t dns_flag; u_int16_t dns_question; u_int16_t dns_answer; u_int16_t dns_authority; u_int16_t dns_additional; u_int8_t *dns_data;
};
/*Mysql */ MYSQL mysql,*sock; MYSQL_RES *res; MYSQL_FIELD *fd; MYSQL_ROW row; u_char sqlString[300];
/*queryType 1=select 2=insert packetType 1=dns */ u_int8_t execQuery(MYSQL *sock,u_char sqlQuery[300],int queryType,int packetType) { u_char sqlString[300]; sprintf(sqlString,sqlQuery,1); if(mysql_query(sock,sqlString)) { fprintf(stderr,"Query failed (%s)\n",mysql_error(sock)); printf("testquery"); return 0; }
if(queryType!=1) return 1; if (!(res=mysql_store_result(sock))) { fprintf(stderr,"Couldn't get result from %s\n", mysql_error(sock)); return 0; }
while (row = mysql_fetch_row(res)) { switch(packetType){ case 1: printf("Ther userid #%d 's username is: %s\n", 1,(((row[1]==NULL)&&(!strlen(row[1]))) ? "NULL" : row[1])); } }
mysql_free_result(res); return 1; }
void dns_protocol_packet_callback(u_char *argument,const struct pcap_pkthdr* packet_header,const u_char* packet_content) { struct udp_header *udp_protocol; struct ip_header *ip_protocol; struct dns_packet *dns_protocol; ip_protocol=(struct ip *)(packet_content+14); u_short source_port; u_short destination_port; u_short length; u_char flag; udp_protocol=(struct udp_header *)(packet_content+14+20); u_char *dns_querydomain; source_port=ntohs(udp_protocol->udp_source_port); destination_port=ntohs(udp_protocol->udp_destination_port); length=ntohs(udp_protocol->udp_length); dns_protocol=(struct dns_packet *)(packet_content+14+20+8); if(ntohs(dns_protocol->dns_flag) == 256) { printf("--------------------------------UDP Protocol------------------------------\n"); u_char sourceIP[20]; u_char destIP[20]; sprintf(sourceIP,"%s",inet_ntoa(ip_protocol->ip_source_address)); sprintf(destIP,"%s",inet_ntoa(ip_protocol->ip_destination_address)); printf("%s\n",sourceIP); printf("%s\n",destIP); u_int8_t *query=&(dns_protocol->dns_data); printf("QueryDomain="); u_int8_t domainname[100]={0}; u_int8_t i=0; while(*query) { domainname[i]=*query; if(*query < 0x30) { printf("%c",'.'); domainname[i]='.'; } else { printf("%c",*query); domainname[i]=*query; } query++; i++; } printf("\n"); printf("%s\n",domainname); u_int16_t *dns_query_type=query+2; u_char sqlstr[300];
sprintf(sqlstr,"insert into dnsPackets(sourceIP,destIP,url,queryType) VALUES('%s','%s','%s',%d)",sourceIP,destIP,domainname,*dns_query_type); execQuery(sock,sqlstr,2,1);
printf("%s\n",sqlstr); switch(*dns_query_type) { case 1: printf("QueryType=A\n");break; case 12: printf("QueryType=PTR\n");break; default: printf("%d\n",*dns_query_type); } } }
void udp_protocol_packet_callback(u_char *argument,const struct pcap_pkthdr* packet_header,const u_char* packet_content) { struct udp_header *udp_protocol; struct ip_header *ip_protocol; struct dns_packet *dns_protocol; u_short source_port; u_short destination_port; udp_protocol=(struct udp_header *)(packet_content+14+20); source_port=ntohs(udp_protocol->udp_source_port); destination_port=ntohs(udp_protocol->udp_destination_port); switch(destination_port) { case 53: dns_protocol_packet_callback(argument,packet_header,packet_content); break; default: break; } }
void ip_protocol_packet_callback(u_char *argument,const struct pcap_pkthdr* packet_header,const u_char* packet_content) { struct ip_header *ip_protocol; u_int header_length; u_int offset; u_char tos; u_int16_t checksum; ip_protocol=(struct ip *)(packet_content+14); checksum=ntohs(ip_protocol->ip_checksum); header_length=ip_protocol->ip_header_length*4; tos=ip_protocol->ip_tos; offset=ntohs(ip_protocol->ip_off); u_char *ip_destination_address=inet_ntoa(ip_protocol->ip_destination_address); switch(ip_protocol->ip_protocol) { case 17: udp_protocol_packet_callback(argument,packet_header,packet_content); break; default:break; } }
void ethernet_protocol_packet_callback(u_char *argument,const struct pcap_pkthdr* packet_header,const u_char* packet_content) { u_short ethernet_type; struct ether_header *ethernet_protocol; u_char *mac_string; static int packet_number=1; ethernet_protocol=(struct ether_header *)packet_content; ethernet_type=ntohs(ethernet_protocol->ether_type); switch(ethernet_type) { case 0x0800: ip_protocol_packet_callback(argument,packet_header,packet_content); break; default:break; } packet_number++; }
main() { /*Init Mysql*/ mysql_init(&mysql);
/*Connecting mysql*/ if(!(sock = mysql_real_connect(&mysql,"localhost","root","","PACKETS",0,NULL,0))) { fprintf(stderr,"Couldn't connect to engine!\n%s\n\n",mysql_error(&mysql)); perror(""); exit(1); }else printf("Mysql Connected.\n");
/*Get Packet*/ pcap_t* pcap_handle; char error_content[PCAP_ERRBUF_SIZE]; char *net_interface; struct bpf_program bpf_filter; char bpf_filter_string[]="udp";
bpf_u_int32 net_mask; bpf_u_int32 net_ip; net_interface=pcap_lookupdev(error_content); pcap_lookupnet(net_interface,&net_ip,&net_mask,error_content); pcap_handle=pcap_open_live(net_interface,BUFSIZ,1,0,error_content); pcap_compile(pcap_handle,&bpf_filter,bpf_filter_string,0,net_ip); pcap_setfilter(pcap_handle,&bpf_filter); pcap_loop(pcap_handle,-1,ethernet_protocol_packet_callback,NULL); pcap_close(pcap_handle);
/*Closing Mysql*/ mysql_close(sock); }
|
评论暂时关闭