1 /*
2 nast
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
17
18 */
19
20 #include "n_nast.h"
21
22 #ifdef HAVE_LIBNCURSES
23
24 # define Rst 0
25 # define Fin 1
26
27 int add(u_long ip_src,u_long ip_dst,u_short sport,u_short dport);
28 int del(u_long ip_src,u_long ip_dst,u_short sport,u_short dport, int flag);
29
30 int nconn = 0;
31 int lines = 1;
32
33 int z = 0;
34 int tmp;
35
connection(char * dev,u_long ip_src,u_long ip_dst,u_short sport,u_short dport)36 int connection(char *dev,u_long ip_src,u_long ip_dst,u_short sport,u_short dport)
37 {
38 char errbuf[256];
39 struct libnet_ipv4_hdr *ip;
40 struct libnet_tcp_hdr *tcp;
41 pcap_t* descr;
42 pcap_dumper_t *dumper;
43 int k;
44
45 logd = stdout;
46 nmax = 2;
47 nconn = 0;
48 lines = 1;
49 z=0;
50
51 tcpdl = "STREAM";
52
53 if((descr=pcap_open_live(dev,BUFSIZ,1,0,errbuf)) == NULL)
54 {
55 w_error(1, "pcap_open_live: %s", errbuf);
56 }
57
58 /* create dumper for log the datas */
59 if ((dumper = pcap_dump_open(descr,tcpdl))==NULL)
60 {
61 w_error(1, "pcap_open_live() error: %s\n\n",errbuf);
62 }
63
64 offset=(device(dev,descr));
65
66 for(k=0;k<30;k++)
67 {
68 memset(&c_inf[k], 0, sizeof(c_inf[k]));
69 memset(&sf[k].string, 0, sizeof(sf[k].string));
70 memset(&sf[k].sfilter, 0, sizeof(sf[k].sfilter));
71 }
72
73 init_scr();
74
75 mvwprintw(winfo->win,0,2,"Source");
76 mvwprintw(winfo->win,0,21,"Port");
77 mvwprintw(winfo->win,0,34,"Destination");
78 mvwprintw(winfo->win,0,55,"Port");
79 mvwprintw(winfo->win,0,66,"State");
80 SAFE_SCROLL_REFRESH(winfo);
81
82 while(1)
83 {
84
85 if ((packet = (u_char *) pcap_next (descr, &hdr))!=NULL)
86 {
87 fflush((FILE *)dumper);
88 pcap_dump((u_char *)dumper,&hdr,packet);
89
90 ip = (struct libnet_ipv4_hdr *) (packet + offset);
91 tcp = (struct libnet_tcp_hdr *) (packet + offset + LIBNET_IPV4_H);
92
93 if (ip->ip_p == IPPROTO_TCP)
94 {
95 if (!sport && !dport)
96 {
97 if ( ip->ip_src.s_addr == ip_src && ip->ip_dst.s_addr == ip_dst)
98 {
99 switch(tcp->th_flags)
100 {
101 case TH_SYN:
102 add(ip_src,ip_dst,htons(tcp->th_sport),htons(tcp->th_dport));
103 break;
104 case TH_ACK:
105 break;
106 case TH_RST:
107 del(ip_src,ip_dst,htons(tcp->th_sport),htons(tcp->th_dport),Rst);
108 break;
109 case (TH_ACK|TH_PUSH):
110 break;
111 case (TH_URG|TH_ACK):
112 break;
113 case (TH_FIN|TH_ACK):
114 del(ip_src,ip_dst,htons(tcp->th_sport),htons(tcp->th_dport),Fin);
115 case (TH_RST|TH_ACK):
116 del(ip_src,ip_dst,htons(tcp->th_sport),htons(tcp->th_dport),Rst);
117 break;
118
119 default:
120 break;
121 }
122 }
123 /* caso rovescio */
124 else if ( ip->ip_src.s_addr == ip_dst && ip->ip_dst.s_addr == ip_src )
125 {
126 switch(tcp->th_flags)
127 {
128 case TH_SYN:
129 add(ip_dst,ip_src,htons(tcp->th_sport),htons(tcp->th_dport));
130 break;
131 case TH_ACK:
132 break;
133 case TH_RST:
134 del(ip_dst,ip_src,htons(tcp->th_sport),htons(tcp->th_dport),Rst);
135 break;
136 case (TH_ACK|TH_PUSH):
137 break;
138 case (TH_URG|TH_ACK):
139 break;
140 case (TH_FIN|TH_ACK):
141 del(ip_dst,ip_src,htons(tcp->th_sport),htons(tcp->th_dport),Fin);
142 case (TH_RST|TH_ACK):
143 del(ip_dst,ip_src,htons(tcp->th_sport),htons(tcp->th_dport),Rst);
144 break;
145
146 default:
147 break;
148 }
149 }
150 }
151 }
152
153 }
154
155 }
156
157 pcap_close(descr);
158 pcap_dump_close(dumper);
159
160 return 0;
161 }
162
add(u_long ip_src,u_long ip_dst,u_short sport,u_short dport)163 int add(u_long ip_src,u_long ip_dst,u_short sport,u_short dport)
164 {
165 int i;
166 for(i=0;i<30;i++)
167 if((ip_src==c_inf[i].s_ip && ip_dst==c_inf[i].d_ip && sport==c_inf[i].s_port && dport==c_inf[i].d_port) || (ip_src==c_inf[i].d_ip && ip_dst==c_inf[i].s_ip && sport==c_inf[i].d_port && dport==c_inf[i].s_port))
168 return(0); /*ce l'ho gi� (duplicato)*/
169
170 for(i=0;i<30;i++)/*cerco spazio vuoto*/
171 {
172 if(c_inf[i].s_ip)continue;
173 else
174 {
175 c_inf[i].s_ip = ip_src;
176 c_inf[i].d_ip = ip_dst;
177 c_inf[i].s_port = sport;
178 c_inf[i].d_port = dport;
179
180 mvwprintw(winfo->win,lines,2,"%s",libnet_addr2name4(c_inf[i].s_ip, LIBNET_DONT_RESOLVE));
181 mvwprintw(winfo->win,lines,21,"%d",c_inf[i].s_port);
182 mvwprintw(winfo->win,lines,34,"%s",libnet_addr2name4(c_inf[i].d_ip, LIBNET_DONT_RESOLVE));
183 mvwprintw(winfo->win,lines,55,"%d",c_inf[i].d_port);
184 mvwprintw(winfo->win,lines,66,"Open");
185 SAFE_SCROLL_REFRESH(winfo);
186
187 sprintf(sf[z].string, "%2s%12d%20s%12d Open",libnet_addr2name4(c_inf[i].s_ip, LIBNET_DONT_RESOLVE),c_inf[i].s_port,libnet_addr2name4(c_inf[i].d_ip, LIBNET_DONT_RESOLVE),c_inf[i].d_port);
188 /* create the filter for tcp stream*/
189 sprintf(sf[z].sfilter,"host %s and port %d and host %s and port %d",libnet_addr2name4(c_inf[i].s_ip, LIBNET_DONT_RESOLVE),c_inf[i].s_port,libnet_addr2name4(c_inf[i].d_ip, LIBNET_DONT_RESOLVE),c_inf[i].d_port);
190 c_inf[i].lin=lines;
191
192 sf[i].cont=z;
193 nconn++;
194 lines++;
195 z++;
196 ++nmax;
197 return(1);
198 }
199
200
201 }
202 return(0);
203 }
204
del(u_long ip_src,u_long ip_dst,u_short sport,u_short dport,int flag)205 int del(u_long ip_src,u_long ip_dst,u_short sport,u_short dport, int flag)
206 {
207 int i;
208
209 for(i=0;i<30;i++)
210 {
211 if(ip_src==c_inf[i].s_ip && ip_dst==c_inf[i].d_ip && sport==c_inf[i].s_port && dport==c_inf[i].d_port)
212 { if(flag){
213 mvwprintw(winfo->win,c_inf[i].lin,2,"%s",libnet_addr2name4(c_inf[i].s_ip, LIBNET_DONT_RESOLVE));
214 mvwprintw(winfo->win,c_inf[i].lin,21,"%d",c_inf[i].s_port);
215 mvwprintw(winfo->win,c_inf[i].lin,34,"%s",libnet_addr2name4(c_inf[i].d_ip, LIBNET_DONT_RESOLVE));
216 mvwprintw(winfo->win,c_inf[i].lin,55,"%d",c_inf[i].d_port);
217 mvwprintw(winfo->win,c_inf[i].lin,66,"Closed");
218
219 sprintf(sf[sf[i].cont].string,"%2s%12d%20s%14d Closed",
220 libnet_addr2name4(c_inf[i].s_ip, LIBNET_DONT_RESOLVE),c_inf[i].s_port,libnet_addr2name4(c_inf[i].d_ip, LIBNET_DONT_RESOLVE),c_inf[i].d_port);
221 }
222 else
223 {
224 mvwprintw(winfo->win,c_inf[i].lin,2,"%s",libnet_addr2name4(c_inf[i].s_ip, LIBNET_DONT_RESOLVE));
225 mvwprintw(winfo->win,c_inf[i].lin,21,"%d",c_inf[i].s_port);
226 mvwprintw(winfo->win,c_inf[i].lin,34,"%s",libnet_addr2name4(c_inf[i].d_ip, LIBNET_DONT_RESOLVE));
227 mvwprintw(winfo->win,c_inf[i].lin,55,"%d",c_inf[i].d_port);
228 mvwprintw(winfo->win,c_inf[i].lin,66,"Resetted");
229
230 sprintf(sf[sf[i].cont].string, "%2s%12d%20s%13d Resetted",libnet_addr2name4(c_inf[i].s_ip, LIBNET_DONT_RESOLVE),c_inf[i].s_port,libnet_addr2name4(c_inf[i].d_ip, LIBNET_DONT_RESOLVE),c_inf[i].d_port);
231 }
232 sprintf(sf[sf[i].cont].sfilter,"host %s and port %d and host %s and port %d",libnet_addr2name4(c_inf[i].s_ip, LIBNET_DONT_RESOLVE),c_inf[i].s_port,libnet_addr2name4(c_inf[i].d_ip, LIBNET_DONT_RESOLVE),c_inf[i].d_port);
233 SAFE_SCROLL_REFRESH(winfo);
234 //wrefresh(winfo->win);
235 memset(&c_inf[i], 0, sizeof(c_inf[i]));
236 nconn--;
237
238 }
239 else if(ip_src==c_inf[i].d_ip && ip_dst==c_inf[i].s_ip && sport==c_inf[i].d_port && dport==c_inf[i].s_port)
240 { if(flag){
241 mvwprintw(winfo->win,c_inf[i].lin,2,"%s",libnet_addr2name4(c_inf[i].s_ip, LIBNET_DONT_RESOLVE));
242 mvwprintw(winfo->win,c_inf[i].lin,21,"%d",c_inf[i].s_port);
243 mvwprintw(winfo->win,c_inf[i].lin,34,"%s",libnet_addr2name4(c_inf[i].d_ip, LIBNET_DONT_RESOLVE));
244 mvwprintw(winfo->win,c_inf[i].lin,55,"%d",c_inf[i].d_port);
245 mvwprintw(winfo->win,c_inf[i].lin,66,"Closed");
246
247 sprintf(sf[sf[i].cont].string, "%2s%12d%20s%14d Closed",libnet_addr2name4(c_inf[i].s_ip, LIBNET_DONT_RESOLVE),c_inf[i].s_port,libnet_addr2name4(c_inf[i].d_ip, LIBNET_DONT_RESOLVE),c_inf[i].d_port);
248 }
249 else
250 {
251 mvwprintw(winfo->win,c_inf[i].lin,2,"%s",libnet_addr2name4(c_inf[i].s_ip, LIBNET_DONT_RESOLVE));
252 mvwprintw(winfo->win,c_inf[i].lin,21,"%d",c_inf[i].s_port);
253 mvwprintw(winfo->win,c_inf[i].lin,34,"%s",libnet_addr2name4(c_inf[i].d_ip, LIBNET_DONT_RESOLVE));
254 mvwprintw(winfo->win,c_inf[i].lin,55,"%d",c_inf[i].d_port);
255 mvwprintw(winfo->win,c_inf[i].lin,66,"Resetted");
256
257 sprintf(sf[sf[i].cont].string, "%2s%12d%20s%13d Resetted",libnet_addr2name4(c_inf[i].s_ip, LIBNET_DONT_RESOLVE),c_inf[i].s_port,libnet_addr2name4(c_inf[i].d_ip, LIBNET_DONT_RESOLVE),c_inf[i].d_port);
258 }
259 sprintf(sf[sf[i].cont].sfilter,"host %s and port %d and host %s and port %d",libnet_addr2name4(c_inf[i].s_ip, LIBNET_DONT_RESOLVE),c_inf[i].s_port,libnet_addr2name4(c_inf[i].d_ip, LIBNET_DONT_RESOLVE),c_inf[i].d_port);
260 SAFE_SCROLL_REFRESH(winfo);
261 memset(&c_inf[i], 0, sizeof(c_inf[i]));
262 nconn--;
263
264 }
265
266 }
267 return -1;
268 }
269
270 #endif
271
272