// TCP Unpackler INT Decodetcppack (int ibufsize) {tcp_header * ptcpheader; int i; int tentport; dword dwriten = 0; char chinfo [100]; MEMSET (chinfo, 0, 100); PTCPHEADER = (TCP_HEADER *) TcpBuf; // calculate the part length TCP header int TcpHeaderLen = pTcpHeader-> th_lenres >> 4; TcpHeaderLen * = sizeof (unsigned long); char * TcpData = TcpBuf TcpHeaderLen; // if it is determined that the filter-sensitive string Whether it contains if (strSensitive) IF ((TCPDATA, STRSENSITIVE)) == null) return true; / / to filter the port isourcePort = NTOHS (PTCPHEADER-> TH_SPORT); IDESTPORT = NTOHS (ptcpheader-> th_dport); if (iPortfilter) && (iSourceport! = iportfilter) && (IDestport! = iportfilter) Return true; // Output Printf ("% s", szprotocol); Printf ("% 15s:% 5D ->% 15s:% 5D) ", szsourceip, iSourceport, szdestip, idestport); Printf (" TTL =% 3D ", ITTL); sprintf (chinfo," / r / n% s% 15S:% 5D ->% 15S:% 5D TTL =% 3D ", SZPROTOCOL, SZSOURCEIP, ISOURCEPORT, SZDestip, Idestport, ITTL); // Judgment TCP flag NSigned char flagmask = 1; for (i = 0; i <6; i ) {f ((ptcpheader-> th_flag) & flagmask ) {Printf ("% C ", Tcpflag [i]); strncat (chinfo, & tcpflag [i], 1);} else {printf (" - "); strcat (chinfo," - ");} flagmask = flagmask << 1;} printf "Bytes =% 4D", IBUFSIZE); Char Temp [12]; Sprintf (Temp, "Bytes =% 4D", IBUFSIZE); STRCAT (CHINFO, TEMP); :: Writefile (Hfile, chinfo, Strlen (chinfo), & dwwriten, null; :: Writefile (HPARSE, Chinfo, Strlen (chinfo), & dwwriten, null; printf ("/ n"); // Data analysis for packets greater than 40 bytes (ip_header TCP_Header = 40 ) && (iBUFSIZE>
40)) {// Analyze TCP Data Section IF ((! Strsensitive) || (TCPDATA, STRSENSITIVE))) {Printf ("[DATA] / N"); :: Writefile (Hfile, "/ R / N [DATA] / R / N ", SIZEOF (" / R / N [DATA] / R / N "), & DWRITEN, NULL); :: Writefile (HPARSE," / R / N [DATA] / R / N " SIZEOF ("/ R / N [DATA] / R / N"), & DWWRITEN, NULL; Printf ("% s", tcpdata); :: Writefile (Hfile, Tcpdata, Strlen (TCPDATA), & DWWRITEN, NULL :: Writefile (HPARSE, TCPDATA, STRLEN (TCPDATA), & DWWRITEN, NULL); Printf ("/ N [Data End] / N / N / N"); :: Writefile (HFile, "/ R / N [data END] / R / N / R / N ", SIZEOF (" / R / N [Data end] / R / N / R / N "), & dwwriten, null; :: writefile (hparse," [data end] / R / N ", SIZEOF (" [Data end] / r / n "), & dwwriten, null;}}
// UDP unpackler int decodeudppck (char * udpbuf, int ibufsize) {dWord dwriten = 0; char chinfo [100]; MEMSET (chinfo, 0, 100); udp_header * pudpheader; pudpheader = (udp_header *) udpbuf; int iSourcePort = ntohs (pUdpHeader-> uh_sport); int iDestPort = ntohs (pUdpHeader-> uh_dport); // port filter if (iPortFilter) if (!! (iSourcePort = iPortFilter) && (iDestPort = iPortFilter)) return true; Sprintf (chinfo, "/ r / n% s% 15s:% 5D ->% 15S:% 5D TTL =% 3D len =% 4D Bytes =% 4D", Szprotocol, SzsourceIP, ISOURCEPORT, SZDestip, Idestport, ITTL, NTOHS (Pudpheader-> UH_LEN), IBUFSIZE , Idestport); Printf ("TTL =% 3D", ITTL); Printf ("Len =% 4D", NTOHS (Pudpheader-> UH_LEN); Printf ("Bytes =% 4D", IBUFSIZE); :: Writefile HFILE, Chinfo, Strlen (SZProtocol) SizeOf ("/ R / N: ->: TTL = LEN = BYtes =") 51, & dwwriten, null ;: w wf (HPARSE, CHINFO, STRLEN (SZPROTOCOL) SIZEOF ("/ r / n: ->: ttl = len = bytes =") 51, & dwwriten, null); // is greater than the length 28-byte package for data analysis (IP_HEADER UDP_HEADER> 28) ife (ibufsize> 28)) {Printf ("/ n [data] / n"); :: Writefile (HFile, "/ R / N [DATA] / R / N ", SIZEOF (" / R / N [DATA] / R / N "), & DWWRITEN, NULL); :: Writefile (HPARSE," / R / N [DATA] ", SIZEOF ("/ r / n [data]"), & dwwriten, null; // UDP header length is 8 char * udpdata = udpbuf 8; // Analyze UDP data segment for (unsigned int i = 0; i <(ibufsize -SizeOf (udp_header)); i ) {char chData [15]; char chpata [1]; if ((UDPData [i]> 33) && (udpdata [i] <
122) {Printf ("/ n% 2C [% 08x]", udpdata [i], udpdata [i]); sprintf (chData, "/ r / n% 2c [% 08x]", udpdata [i], UDPDATA [I]);} else {printf ("/ n [% 08X]", ABS (UDPData [i])); sprintf (chData, "/ r / n [% 08X], udpdata [i]); } Sprintf (chpata, "% c", udpdata [i]); :: Writefile (Hfile, CHDATA, 15, & DWWRITEN, NULL); :: Writefile (HPARSE, CHPATA, 1, & DWWRITEN, NULL); }printf (" / N [DATA END] / N / N "); :: Writefile (HFile," / R / N [Data end] / R / N / R / N ", SIZEOF (" / R / N [Data end] / R / N / R / N "), & dwwriten, null; :: Writefile (HPARSE," [DATA END] / R / N ", SIZEOF (" [Data end] / r / n "), & dwwriten, null Return True;}
