_char *payload, int len)
{
int len_rem = len;
int line_width = 16; /* number of bytes per line */
int line_len;
int offset = 0; /* zero-based offset counter */
const u_char *ch = payload;
if (len <= 0)
return;
/* data fits on one line */
if (len <= line_width) {
print_hex_ascii_line(ch, len, offset);
return;
}
/* data spans multiple lines */
for ( ;; ) {
/* compute current line length */
line_len = line_width % len_rem;
/* print line */
print_hex_ascii_line(ch, line_len, offset);
/* compute total remaining */
len_rem = len_rem - line_len;
/* shift pointer to remaining bytes to print */
ch = ch + line_len;
/* add offset */
offset = offset + line_width;
/* check if we have line width chars or less */
if (len_rem <= line_width) {
/* print last line and get out */
print_hex_ascii_line(ch, len_rem, offset);
break;
}
}
return;
}
/*
putting buffer into buffer.txt
*/
void put_in_file(const u_char *buff,int len)
{
u_char tmp[MAX_S];
FILE *buffer;
memcpy(tmp,buff,len);
buffer=fopen("buffer.txt","ab");//append binary
if(buffer==NULL)
printf("FILE OPEN/CREATE FAIL\n");
else{
fwrite(tmp,sizeof(u_char),len,buffer);
fwrite("\n",sizeof(char),1,buffer);
fclose(buffer);
}
}
/*
* dissect/print data packet
*/
void
got_data_package(u_char *args,const struct pcap_pkthdr *header,const u_char *packet,int size_header)
{
const u_char *payload; /* Packet payload */
int size_payload;
/* define/compute payload (segment) offset */
payload = (u_char *)(packet + size_header);
/* compute tcp payload (segment) size */
const struct db_ip *ip;
ip = (struct db_ip*)(packet + SIZE_ETHERNET);
size_payload = ntohs(ip->ip_len) - (size_header-SIZE_ETHERNET);//data len=total len-size_ip-size_tcp
/*
* Print payload data; it might be binary, so don't just
* treat it as a string.
*/
if (size_payload > 0) {
printf(" Payload (%d bytes):\n", size_payload);
print_payload(payload, size_payload);
}
return;
}
/*
* dissect/print mysql packet
*/
void
got_mysql_package(u_char *args,const struct pcap_pkthdr *header,const u_char *packet,int size_tcp)
{
struct db_mysql *mysql;
int size_mysql;
u_short pa_num;
u_short qry;
u_short hlen;
mysql=(struct db_mysql*)(packet+size_tcp);
hlen=ntohs(mysql->mysql_header_length);
pa_num=ntohs(mysql->packet_num);
qry=ntohs(mysql->qry);
printf("********************MYSQL Protocol*************************\n");
printf("Unknown:%02x\n",mysql->unknow1);
printf("Header length:%d----------%02x\n",hlen,mysql->mysql_header_length);
printf("Packet Number:%d---------%02x\n",pa_num,mysql->packet_num);
printf("Query :%d----------------%02x\n*****************************\n",qry,mysql->qry);
printf("Unknown:%02x\n",mysql->q1);
printf("Unknown:%02x\n",mysql->q2);
printf("Unknown:%02x\n",mysql->q3);
/*handle the mysql data */
size_mysql=size_tcp+sizeof(mysql);
got_data_package(args,header,packet,size_mysql);
return;
}
/*
* dissect/print tns packet
*/
void
got_tns_package(u_char *args,const struct pcap_pkthdr *header,const u_char *packet,int size_tcp)
{
int i;
struct db_tns *tns;
u_char *buff;
tns=(struct db_tns*)(packet+size_tcp);
printf("********************ORACLE TNS Protocol*************************\n"); printf("size_tcp:%d\n",size_tcp);
if(size_tcp==header->len)
printf("The TNS Packet is empty\n");
else{
printf("Length:%d\n",ntohs(tns->len