Code:
/******************************************************************
* main.c - description *
* *
* date : March, 2003 *
******************************************************************/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "ethtype.h"
#include "eth.h"
#include "ip.h"
#include "arp.h"
#include "tcp.h"
#include "icmp.h"
#include "udp.h"
#define NULL1 0
#define TCPDUMP_MAGIC 0xa1b2c3d4 /* Tcpdump Magic Number (Preamble) */
#define PCAP_VERSION_MAJOR 2 /* Tcpdump Version Major (Preamble) */
#define PCAP_VERSION_MINOR 4 /* Tcpdump Version Minor (Preamble) */
#define DLT_NULL 0 /* Data Link Type Null */
#define DLT_EN10MB 1 /* Data Link Type for Ethernet II 100 MB and above */
#define DLT_EN3MB 2 /* Data Link Type for 3 Mb Experimental Ethernet */
FILE *input;
typedef struct packet_header
{
unsigned int magic; /* Tcpdump Magic Number */
unsigned short version_major; /* Tcpdump Version Major */
unsigned short version_minor; /* Tcpdump Version Minor */
unsigned int thiszone; /* GMT to Local Correction */
unsigned int sigfigs; /* Accuracy of timestamps */
unsigned int snaplen; /* Max Length of Portion of Saved Packet */
unsigned int linktype; /* Data Link Type */
} hdr;
typedef struct packet_timestamp
{
unsigned int tv_sec; /* Timestamp in Seconds */
unsigned int tv_usec; /* Timestamp in Micro Seconds */
/* Total Length of Packet Portion (Ethernet Length until the End of Each Packet) */
unsigned int caplen;
unsigned int len; /* Length of the Packet (Off Wire) */
} tt;
typedef struct ether_header
{
unsigned char edst[ETHER_ADDR_LEN]; /* Ethernet Destination Address */
unsigned char esrc[ETHER_ADDR_LEN]; /* Ethernet Source Address */
unsigned short etype; /* Ethernet Protocol Type */
} eth;
typedef struct ip_header
{
unsigned char ip_vhl; /* IP Version Number and Header Length */
unsigned char ip_tos; /* IP Type of Service */
unsigned char ip_len[IP_TTL_LEN]; /* IP Total Length */
unsigned char ip_id[IP_IDENT_LEN]; /* IP Identification */
unsigned short ip_off; /* IP Offset */
unsigned char ip_ttl; /* IP Time To Live */
unsigned char ip_proto; /* IP Protocol Type */
unsigned char ip_sum[IP_SUM_LEN]; /* IP Checksum */
unsigned char ip_src[IP_ADDR_LEN]; /* IP Source Address */
unsigned char ip_dst[IP_ADDR_LEN]; /* IP Destination Address */
} ip;
unsigned short ip_len, ip_id, ip_sum;
typedef struct arp_header
{
unsigned char arp_htype[ARP_TYPE_LEN]; /* ARP Hardware Format */
unsigned char arp_ptype[ARP_TYPE_LEN]; /* ARP Protocol Format */
unsigned char arp_haddr; /* ARP Hardware Address Length */
unsigned char arp_paddr; /* ARP Protocol Address Length */
unsigned char arp_op[ARP_OPCODE_LEN]; /* ARP Opcode */
unsigned char arp_hsrc[ARP_ETHER_ADDR_LEN]; /* ARP Sender Ethernet Address */
unsigned char arp_psrc[ARP_PROTO_ADDR_LEN]; /* ARP Sender IP Address */
unsigned char arp_hdst[ARP_ETHER_ADDR_LEN]; /* ARP Target Ethernet Address */
unsigned char arp_pdst[ARP_PROTO_ADDR_LEN]; /* ARP Target IP Address */
} arp;
unsigned short arp_htype, arp_ptype, arp_op;
typedef struct icmp_header
{
unsigned char icmp_type; /* ICMP Type of Message */
unsigned char icmp_code; /* ICMP Type Sub Code */
unsigned char icmp_sum[ICMP_SUM_LEN]; /* ICMP Checksum */
} icmp;
unsigned short icmp_sum;
typedef struct tcp_header
{
unsigned char tcp_sport[TCP_PORT_LEN]; /* TCP Source Port */
unsigned char tcp_dport[TCP_PORT_LEN]; /* TCP Destination Port */
unsigned char tcp_seq[TCP_SEQ_LEN]; /* TCP Sequence Number */
unsigned char tcp_ack[TCP_ACK_LEN]; /* TCP Acknowledgement Number */
unsigned char tcp_len; /* TCP Data Offset */
unsigned char tcp_flags; /* TCP Flags */
unsigned char tcp_win[TCP_WIN_LEN]; /* TCP Window */
unsigned char tcp_sum[TCP_SUM_LEN]; /* TCP Checksum */
unsigned char tcp_ptr[TCP_PTR_LEN]; /* TCP Urgent Pointer */
} tcp;
unsigned short tcp_src, tcp_dst, tcp_seq, tcp_ack, tcp_win, tcp_sum, tcp_ptr;
typedef struct udp_header
{
unsigned char udp_sport[UDP_PORT_LEN]; /* UDP Source Port */
unsigned char udp_dport[UDP_PORT_LEN]; /* UDP Destination Port */
unsigned char udp_len[UDP_HDR_LEN]; /* UDP Length */
unsigned char udp_sum[UDP_SUM_LEN]; /* UDP Checksum */
} udp;
unsigned short udp_src, udp_dst, udp_len, udp_sum;
int main(int argc, char *argv[])
{
unsigned int remain_len = 0;
unsigned char temp=0, hlen, version, tlen;
int i, count=0;
struct packet_header hdr; /* Initialize Packet Header Structure */
struct packet_timestamp tt; /* Initialize Timestamp Structure */
struct ether_header eth; /* Initialize Ethernet Structure */
struct ip_header ip; /* Initialize IP Header Structure */
struct arp_header arp; /* Initialize ARP Header Structure */
struct icmp_header icmp; /* Initialize ICMP Header Structure */
struct tcp_header tcp; /* Initialize TCP Header Structure */
struct udp_header udp; /* Initialize UDP Header Structure */
unsigned char buff;
input = fopen("abc", "rb"); /* Open Input File */
if(fopen == NULL1)
printf("Cannot open saved windump file.\n");
else
{
fread((char *) &hdr, sizeof(hdr), 1, input); /* Read & Display Packet Header Information */
printf("\n********** ********** PACKET HEADER ********** ***********\n");
printf("Preamble\n");
printf("Packet Header Length : %u bytes\n", sizeof(hdr));
printf("Magic Number : %u\n", hdr.magic);
printf("Version Major : %u\n", hdr.version_major);
printf("Version Minor : %u\n", hdr.version_minor);
printf("GMT to Local Correction : %u\n", hdr.thiszone);
printf("Jacked Packet with Length of : %u\n", hdr.snaplen);
printf("Accuracy to Timestamp : %u\n", hdr.sigfigs);
printf("Data Link Type (Ethernet Type II = 1) : %u\n", hdr.linktype);
/* Use While Loop to Set the Packet Boundary */
while(fread((char *) &tt, sizeof(tt), 1, input)) /* Read & Display Timestamp Information */
{
++count;
printf("\n");
printf("\n********** ********** TIMESTAMP & ETHERNET FRAME ********** ***********\n");
printf("\nPacket Number: %d", count); /* Display Packet Number */
printf("\nThe Packets are Captured in : %u Seconds\n", tt.tv_sec);
printf("The Packets are Captured in : %u Micro-seconds\n", tt.tv_usec);
/* Use caplen to Find the Remaining Data Segment */
printf("The Actual Packet Length: %u Bytes\n", tt.caplen);
printf("Packet Length (Off Wire): %u Bytes\n", tt.len);
fread((char *) ð, sizeof(eth), 1, input); /* Read & display ethernet header information */
printf("Ethernet Header Length : %u bytes\n", sizeof(eth));
printf("MAC Destination Address : [hex] %x :%x :%x :%x :%x :%x \n\t\t\t [dec] %d :%d :%d :%d :%d :%d\n",
eth.edst[0], eth.edst[1],
eth.edst[2], eth.edst[3], eth.edst[4], eth.edst[5], eth.edst[0], eth.edst[1],
eth.edst[2], eth.edst[3], eth.edst[4], eth.edst[5], eth.edst[6]);
printf("MAC Source Address : [hex] %x :%x :%x :%x :%x :%x \n\t\t\t [dec] %d :%d :%d :%d :%d :%d\n",
eth.esrc[0], eth.esrc[1], eth.esrc[2],
eth.esrc[3], eth.esrc[4], eth.esrc[5], eth.esrc[0], eth.esrc[1],
eth.esrc[2], eth.esrc[3], eth.esrc[4], eth.esrc[5]);
for (i=0;i<tt.caplen -14;i++)
{ fread((char *) &buff, sizeof(buff), 1 , input);
printf(" %x", buff);
}
} // end while
} // end main else
fclose(input); // Close input file
return (0);
}