Implementation of Pcap.
Implementation of Frame was hard.
I want a good library of Frame.
The following code of Frame.
// Ethernet header
struct ethernet {
u_char ether_dhost[ETHER_ADDR_LEN];
u_char ether_shost[ETHER_ADDR_LEN];
u_short ether_type;
};
void Int2IPAddress(u_int32_t i){
// Octet convert
int b0 = (i >> 24) & 0xff;
int b1 = (i >> 16) & 0xff;
int b2 = (i >> 8) & 0xff;
int b3 = i & 0xff;
printf("%d.%d.%d.%d", b3, b2, b1, b0);
}
// IP header
struct ip {
u_char ip_vhl;
u_char ip_tos;
u_short ip_len;
u_short ip_id;
u_short ip_off;
#define IP_RF 0x8000
#define IP_DF 0x4000
#define IP_MF 0x2000
#define IP_OFFMASK 0x1fff
u_char ip_ttl;
u_char ip_p;
u_short ip_sum;
u_int32_t ip_src;
u_int32_t ip_dst;
};
// TCP header
struct tcp {
u_short th_sport;
u_short th_dport;
u_int32_t th_seq;
u_int32_t th_ack;
u_char th_offx2;
#define TH_OFF(th) (((th)->th_offx2 & 0xf0) >> 4)
u_char th_flags;
#define TH_FIN 0x01
#define TH_SYN 0x02
#define TH_RST 0x04
#define TH_PUSH 0x08
#define TH_ACK 0x10
#define TH_URG 0x20
#define TH_ECE 0x40
#define TH_CWR 0x80
#define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)
u_short th_win;
u_short th_sum;
u_short th_urp;
};
bool UnixTime2ReadableTime(time_t _time, char *buf, int num){
struct tm *ts;
ts = localtime(&_time);
// Format and print the time, "ddd yyyy-mm-dd hh:mm:ss zzz"
strftime(buf, num, "%a %Y-%m-%d %H:%M:%S, %Z", ts);
printf("%s\n", buf);
return true;
}Outcome(ex. ping 192.168.11.5):
Packet # 20
Packet size: 98 bytes
Epoch Time: 1422304568:570533000 seconds
Tue 2015-01-27 05:36:08, JST
IP:
ip size is 20 bytes
ip version 4
ip length 5 (*4) bytes
ttl = 64, protocol = icmp
src address: 192.168.11.6
dest address: 192.168.11.5
TCP:
seq number: 117471027 ack number: 771016276
src port: 0 dest port: 59150
BINARY:
b8 e8 56 1b 81 de b0 c7 45 ee 2d 24 08 00 45 00
00 54 de 3b 00 00 40 01 05 12 c0 a8 0b 06 c0 a8
0b 05 00 00 0e e7 33 77 00 07 54 c6 f4 2d 00 08
89 9b 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15
16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25
26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35
36 37
ASCII:
??Vް?E?-ET?;@??
??
?3wT????
!"#$%&'()*+,-./01234567In this case of IP length, ip_vhl & 0x0f.
Next, I want to develop UDP, PUP and etc.
=ref.=
C function, local variables error
NOOOOOOOOOOOOOOOOO!!
error code:
char * func(){
char c[80]
return c;
}if char*, function return only array(head) pointer.
therefore, data (place) is delete. because local variable.
correct:
void func(char *c){
c[0] = "a";
return;
}Actually, an error code can be executed.
In this case, I think it's memory leak.
fuck.
C char array
Sizeof of "Pointer Char = char *c" and "Array Char = char c" are different.
In the case of
char*c, return byte of array.
vice versa
char c, return pointer size.
The following experiment:
#include <stdio.h>
void func( char* ary, char list[] )
{
printf( "func:ary = %d\n", sizeof( ary ) );
printf( "func:list = %d\n", sizeof( list ) );
}
int main()
{
char* str = "aiueo";
char ary[8];
char* p = ary;
printf( "ary = %d\n", sizeof( ary ) );
printf( "p = %d\n", sizeof( p ) );
printf( "str = %d\n", sizeof( str ) );
func( ary, ary );
for ( ;; ) { ; }
return 0;
}Outcome:
ary = 8 p = 4 str = 4 func:ary = 4 func:list = 4
Fuck
Automation of Compile with ruby
A general procedure of programming is as follows.
Coding -> make -> execution.
This is troublesome.
So, I would like to automate this.
The following program detects a update of a file and carries out make -> execution automatically.
require 'fssm' require 'shell' $sh = Shell.new def update_action(base,file) puts base + "/" + file + " was updated at " + `date` $sh.transact { puts `make` } sleep(1) $sh.transact { puts `./main` } end Rubydir = File.expand_path(File.dirname(__FILE__)) FSSM.monitor(Rubydir,'**/*') do update do |base,file| update_action(base, file) end end
The following is required:
gem install fssm
gem install shell
fssm is file monitoring.
Enjoy!
Programming with pcap(libpcap) Tutorial
=Environment=
OSX Yosemite(10.10.x)
Terminal (default)
gcc
make
=Confirmation of pcap=
1. Open Terminal
open default terminal
2. Check Pcap (libpcap)
Firest make sure you have the latest Pcap (libpcap) installed on your OSX.
$ man pcap
PCAP(3PCAP)
NAME
pcap - Packet Capture library
SYNOPSIS
#include <pcap/pcap.h>
DESCRIPTION
The Packet Capture library provides a high level interface to packet capture systems. All packets on the net-
work, even those destined for other hosts, are accessible through this mechanism. It also supports saving cap-
tured packets to a ``savefile'', and reading packets from a ``savefile''.important:
#include <pcap/pcap.h>
When Pcap(libpcap) doesn't exist, I recommend OS X re-install.
3.Programming
$ vi main.c
#include <stdio.h>
#include <pcap.h>
int main(int argc, char *argv[])
{
char *dev, errbuf[PCAP_ERRBUF_SIZE];
dev = pcap_lookupdev(errbuf);
if (dev == NULL) {
fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
return(2);
}
printf("Device: %s\n", dev);
return(0);
}$vi makefile
# Makefile for main.c main: main.c gcc -lpcap -Wall -O2 -o main main.c
$make
$./main
Enjoy!
=Ref.=
Hello
Hello, my name is Oneiroi.
It's a pleasure to meet you.
ENGRISSYU no benkyou no tameni hajime mashita.
Do - Zo Yoroshiku Onegaishimasu :)
