-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathparser.h
executable file
·132 lines (100 loc) · 2.3 KB
/
parser.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
/*===================================================
= Ethernet Header Declaration =
===================================================*/
typedef struct eth_2_h
{
u_char dst_addr[6];
u_char src_addr[6];
u_char eth_type[2];
u_char extra[2]; // just for parsing purposes
}Eth_II_hdr;
typedef struct eth_raw_h
{
u_char dst_addr[6];
u_char src_addr[6];
u_char length[2];
u_char ipx_hdr[3];
}eth_raw_h;
typedef struct eth_llc_h
{
u_char dst_addr[6];
u_char src_addr[6];
u_char length[2];
u_char dsap[1];
u_char ssap[1];
u_char control[1];
}eth_llc_h;
typedef struct eth_llc_snap_h
{
u_char dst_addr[6];
u_char src_addr[6];
u_char length[2];
u_char dsap[1];
u_char ssap[1];
u_char control[1];
u_char vendor[3];
u_char eth_type[2];
}eth_llc_snap_h;
/*----- End of Ethernet Header Declaration ------*/
const u_char eth_max[] = {0x06, 0x00}; // 1536
typedef struct arp_h
{
u_char hat[2];
u_char pat[2];
u_char hw_addr_len[1];
u_char proto_addr_len[1];
u_char operations[2];
u_char src_hw_addr[6];
u_char src_proto_addr[4];
u_char target_hw_addr[6];
u_char target_proto_addr[4];
}arp_h;
typedef struct ipv4_h
{
u_char version_ihl[1];
u_char dscp_enc[1];
u_char length[2];
u_char identification[2];
u_char flags_fragment_offset[2];
u_char ttl[1];
u_char protocol[1];
u_char header_chksm[2];
u_char src_ip_addr[4];
u_char dst_ip_addr[4];
u_char options[4]; // if ihl > 5
}ipv4_h;
void parse_eth(u_char * data){
struct eth_2_h * hdr = data;
printf("Dst Addr : ");
print(hdr->dst_addr, 6);
printf("Src Addr : ");
print(hdr->src_addr, 6);
printf("Length / type : ");
print(hdr->eth_type, 2);
int k = memcmp(hdr->eth_type, eth_max, 2);
printf("cmp: %i\n", k);
if ( k >= 0){
printf("Ethernet II\n");
if ( memcmp(hdr->eth_type, arp, 2) == 0 ){
printf(" Got ARP packet!\n");
}
if ( memcmp(hdr->eth_type, ipv4, 2) == 0 ){
printf(" Got IPv4 packet!\n");
ipv4_h * ip = data[14];
printf("Source IP: ");
print_ip(&ip->src_ip_addr);
printf("\n");
}
} else {
// dont perform more analysis than this
if (hdr->extra[0] == 0xFF && hdr->extra[1] == 0xFF)
{
printf("Ethernet RAW\n");
} else if (hdr->extra[0] == 0xAA && hdr->extra[1] == 0xAA)
{
printf("Ethernet LLC/SNAP\n");
} else {
printf("Ethernet LLC\n");
}
}
}