1 /*
2 nast
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
17
18 */
19
20 #include "include/nast.h"
21
22 /* handle a tcp packet */
handle_TCP(u_short d,u_short x,FILE * output,FILE * ldd)23 void handle_TCP (u_short d, u_short x, FILE *output, FILE *ldd)
24 {
25 struct libnet_ipv4_hdr *ip;
26 struct libnet_tcp_hdr *tcp;
27 struct servent *service;
28 u_char flags;
29 u_short size_ip, size_tcp, size_buf;
30
31
32 size_ip = LIBNET_IPV4_H;
33 size_buf = 0;
34 buf = NULL;
35
36 ip = (struct libnet_ipv4_hdr *) (packet+offset);
37 tcp = (struct libnet_tcp_hdr *) (packet+size_ip+offset);
38
39 size_tcp = (tcp->th_off) * 4;
40
41 n_print("princ",line_s,row_s,lg,"\n---[ TCP ]-----------------------------------------------------------\n");
42 service = getservbyport(htons(ntohs(tcp->th_sport)), "tcp");
43 n_print("princ",line_s=line_s+2,row_s,lg,"%s:%d(%s)",inet_ntoa(ip->ip_src),ntohs(tcp->th_sport),(service) ? service->s_name : "unknown");
44 service = getservbyport(htons(ntohs(tcp->th_dport)), "tcp");
45 n_print("princ",line_s,28,lg," -> ");
46 n_print("princ",line_s,33,lg,"%s:%d(%s)\n",inet_ntoa(ip->ip_dst),ntohs(tcp->th_dport),(service) ? service->s_name : "unknown");
47 n_print("princ",++line_s,row_s,lg,"TTL: %d \t", ip->ip_ttl);
48 n_print("princ",line_s,10,lg,"Window: %d\t", ntohs(tcp->th_win));
49 n_print("princ",line_s,25,lg,"Version: %d\t", ip->ip_v);
50 n_print("princ",line_s,39,lg,"Lenght: %d\n", ntohs(ip->ip_len));
51 n_print("princ",++line_s,row_s,lg,"FLAGS: ");
52
53 /*modifed by embyte */
54 flags = tcp->th_flags;
55 row_s = 8;
56
57 if (flags & TH_FIN) /*se mascherando con il fin ottengo 1 vuol dire che c�(l'and �1 se tutti e due sono 1) */
58 n_print("princ",line_s,++row_s,lg,"F");
59 else
60 n_print("princ",line_s,++row_s,lg,"-");
61 if (flags & TH_SYN)
62 n_print("princ",line_s,++row_s,lg,"S");
63 else
64 n_print("princ",line_s,++row_s,lg,"-");
65 if (flags & TH_RST)
66 n_print("princ",line_s,++row_s,lg,"R");
67 else
68 n_print("princ",line_s,++row_s,lg,"-");
69 if (flags & TH_PUSH)
70 n_print("princ",line_s,++row_s,lg,"P");
71 else
72 n_print("princ",line_s,++row_s,lg,"-");
73 if (flags & TH_ACK)
74 n_print("princ",line_s,++row_s,lg,"A");
75 else
76 n_print("princ",line_s,++row_s,lg,"-");
77 if (flags & TH_URG)
78 n_print("princ",line_s,++row_s,lg,"U");
79 else
80 n_print("princ",line_s,++row_s,lg,"-");
81 if (flags & 0x80)
82 n_print("princ",line_s,++row_s,lg,"U");
83 else
84 n_print("princ",line_s,++row_s,lg,"-");
85 if (flags & 0x40)
86 n_print("princ",line_s,++row_s,lg,"E");
87
88 n_print("princ",line_s,16,lg,"\tSEQ: %u - ACK: %u\n", ntohl(tcp->th_seq),ntohl(tcp->th_ack));
89 n_print("princ",++line_s,0,lg,"Packet Number: %d",npkt);
90
91 if(!graph)
92 printf("\n");
93 row_s=0;
94 ++line_s;
95
96
97 size_buf = ntohs(ip->ip_len) - size_ip - size_tcp;
98
99 if (size_buf)
100 {
101 buf = (char *) (packet + offset + size_ip + size_tcp);
102
103 if (d)
104 {
105 n_print("princ",line_s,row_s,lg,"\n---[ TCP Data ]------------------------------------------------------\n");
106 data_sniffo (buf, size_buf, output);
107 }
108
109 if (x)
110 {
111 n_print("princ",line_s,row_s,lg,"\n---[ TCP Hex-Ascii Data ]--------------------------------------------");
112 print_ascii_hex (buf, size_buf, output);
113 }
114
115 /* log data (payload only) */
116 if (ldd)
117 {
118
119 service = getservbyport(htons(ntohs(tcp->th_sport)), "tcp");
120 fprintf(ldd, "%s:%d(%s) -> ",inet_ntoa(ip->ip_src),ntohs(tcp->th_sport),(service) ? service->s_name : "unknown");
121 service = getservbyport(htons(ntohs(tcp->th_dport)), "tcp");
122 fprintf(ldd, "%s:%d(%s) TCP\n",inet_ntoa(ip->ip_dst),ntohs(tcp->th_dport),(service) ? service->s_name : "unknown");
123
124 data_sniffo (buf, size_buf, ldd);
125 fprintf(ldd, "\n");
126
127 }
128 }
129 row_s = 0;
130 }
131