================================ Outline ====================================
TCP analyzer
----------------------------------------------------------------------------
접속 시 SYN에 1이 연속으로 두 번 캡쳐 된다.
/*** 소스 ***/
#include <stdio.h>
#include <netinet/in.h>
#include <pcap/pcap.h>
#include <net/ethernet.h>
#include <arpa/inet.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
int main(void)
{
char* cpNICName;
char caErrMSG[PCAP_ERRBUF_SIZE];
int iCnt;
unsigned char const * ucpData;
pcap_t* stpDS;
struct pcap_pkthdr stInfo;
struct tcphdr * stTcp;
struct ip * stpIp;
cpNICName = pcap_lookupdev(caErrMSG);
if(0 == cpNICName)
{
printf("ERRMSG : [%s]\n",caErrMSG);
return 100;
}
stpDS = pcap_open_live(cpNICName, ETH_DATA_LEN, 1, 0, caErrMSG);
printf("Packet Monitoring Start....\n");
getchar();
while(1)
{
ucpData = pcap_next(stpDS, &stInfo);
if(ETH_P_IP != ntohs(*(unsigned short*)(ucpData+12))) // 2byte 二쇱냼
{
continue;
}
if(IPPROTO_TCP != *(ucpData+23))
{
continue;
}
stpIp = (struct ip *) (ucpData + sizeof(struct ether_header));
stTcp = (struct tcphdr *)(ucpData + sizeof(struct ether_header)
+ ((*(ucpData+ sizeof(struct ether_header)) & 0x0F) * 4));
printf("=============================================\n");
printf("[%s:%d] ---> [%s:%d]\n"
, inet_ntoa(stpIp -> ip_src)
, ntohs(stTcp -> source)
, inet_ntoa(stpIp -> ip_dst)
, ntohs(stTcp -> dest)
);
printf("SYN[%d] ACK[%d] Seq[%010u] Ack[%010u]\n"
, stTcp -> syn
, stTcp -> ack
, ntohl(stTcp -> seq)
, ntohl(stTcp -> ack_seq)
);
}
pcap_close(stpDS);
return 0;
}
|
Three-way Hand Shake... yeah
