adtrace.c File Reference

#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <pcap.h>
#include "../../config.h"
#include "ip.h"
#include "ether.h"
#include "ethertype.h"

Include dependency graph for adtrace.c:

Go to the source code of this file.

Functions
const u_char *	printEAddr (const u_char *pkt, u_char *endp)
void	printIPAddr (const u_char *pkt, u_char *endp)
void	handler (u_char *user, const struct pcap_pkthdr *head, const u_char *packet)
void	usage (char *av[])
int	main (int argc, char *argv[])
Variables
pcap_t *	p

---

Function Documentation

void handler (  u_char *  user, const struct pcap_pkthdr *  head, const u_char *  packet )

Definition at line 48 of file adtrace.c. References pcap_pkthdr::caplen, packet, printEAddr(), and printIPAddr(). Referenced by Event::Dispatch(), main(), RemoteSerializer::ProcessRequestEventsMsg(), EventRegistry::Register(), ID::SetVal(), and Serializer::UnserializeCall(). { u_char* endp; endp =(u_char*) packet + head->caplen; packet = printEAddr(packet, endp); if (packet) printIPAddr(packet, endp); }

int main (  int  argc, char *  argv[] )

Definition at line 63 of file adtrace.c. References DLT_EN10MB, file, fputs(), handler(), p, pcap_close(), pcap_datalink(), PCAP_ERRBUF_SIZE, pcap_loop(), pcap_open_offline(), and usage(). { char *file; char errbuf[PCAP_ERRBUF_SIZE]; u_char* pkt, endp; struct pcap_pkthdr *head; if ( argc != 2 ) usage(argv); file = argv[1]; p = pcap_open_offline(file, errbuf); if(p==NULL){ fprintf (stderr, "cannot open %s: %s\n", file, errbuf); exit(2); } if (pcap_datalink(p) != DLT_EN10MB){ fputs ("sorry, currently only ethernet links supported\n", stderr); exit(1); //if it is not ethernet we are watching we won't have MACs } pcap_loop(p, -1, handler, NULL); pcap_close(p); return(0); }

const u_char* printEAddr (  const u_char *  pkt, u_char *  endp )

Definition at line 16 of file adtrace.c. References ep, ETHER_ADDR_LEN, ETHER_HDRLEN, ETHERTYPE_IP, and printf(). Referenced by handler(). { const struct ether_header *ep; int i=0; ep = (const struct ether_header*) pkt; if (pkt+ETHER_HDRLEN > endp || ntohs(ep->ether_type) != ETHERTYPE_IP){ return 0; } for (i = 0; i<ETHER_ADDR_LEN; i++){ if (i>0) putchar(':'); printf("%02x", ep->ether_shost[i]); } putchar (' '); for (i = 0; i<ETHER_ADDR_LEN; i++){ if (i>0) putchar(':'); printf("%02x", ep->ether_dhost[i]); } putchar(' '); return (pkt+ETHER_HDRLEN); }

void printIPAddr (  const u_char *  pkt, u_char *  endp )

Definition at line 39 of file adtrace.c. References fputs(), and puts(). Referenced by handler(). { const struct ip* iph; if (pkt+sizeof(struct ip) > endp) return; iph = (const struct ip*) pkt; fputs ((char*) inet_ntoa(iph->ip_src), stdout); putchar(' '); puts ((char*) inet_ntoa(iph->ip_dst)); }

void usage (  char *  av[]  )

Definition at line 57 of file adtrace.c. { fprintf(stderr,"usage: %s filename \n", av[0]); exit(1); }

---

Variable Documentation

pcap_t* p

Definition at line 14 of file adtrace.c. Referenced by TCP_Rewriter::AbortPackets(), PacketSortConnPQ::Add(), add_or_find_if(), Rule::AddPattern(), addr2host(), Rule::AddRequires(), AnonymizeIPAddr::Anonymize(), bpf_dump(), bpf_filter(), bpf_image(), bpf_validate(), bro_prefixes(), PriorityQueue::BubbleUp(), RuleMatcher::BuildRegEx(), c__next_word(), c__prev_word(), cacheaddr(), ce__isword(), RemoteSerializer::CompleteHandshake(), RemoteSerializer::Connect(), TypeDecl::ConstructorFuncPrototype(), convert(), convert_code_r(), cv__endword(), cv__isword(), cv_next_word(), cv_prev_word(), DeleteConnPQ(), ConnCompressor::DoExpire(), GnutellaConn::Done(), TCP_Rewriter::DumpPacket(), ed_delete_prev_word(), em_delete_next_word(), escape_URI_char(), ether2host(), EventHandlerPtr::EventHandlerPtr(), find_ud(), OSFingerprint::FindMatch(), finish_parse(), fmt_bytes(), gen_bcmp(), TypeDecl::genConstructorFunc(), TypeDecl::genParamPrivDecls(), TypeDecl::genParamPubDecls(), RemoteSerializer::GotPacket(), HashKey::HashKey(), history_def_add(), history_def_clear(), history_def_curr(), history_def_enter(), history_def_first(), history_def_init(), history_def_last(), history_def_next(), history_def_prev(), history_def_set(), history_enter_data(), TCP_Rewriter::HoldPacket(), install_bpf_program(), SSL_Interpreter::Is_Orig(), TCP_RewriterEndpoint::IsPlaceHolderPacket(), key__decode_str(), OSFingerprint::load_config(), DFA_State_Cache::Lookup(), lookupaddr(), main(), ConnCompressor::MakeMapPtr(), map_addfunc(), map_bind(), md5_append(), merge(), new_block(), new_stmt(), TCP_ContentLine::NextNewLine(), TCP_Rewriter::NextPacket(), TCP_RewriterEndpoint::NextPacket(), nit_setflags(), ones_complement_checksum(), H3< T, N >::operator()(), EventHandlerPtr::operator=(), parse__escape(), pcap_close(), pcap_close_linux(), pcap_compile(), pcap_compile_nopcap(), pcap_datalink(), pcap_dispatch(), pcap_dump_close(), pcap_dump_open(), pcap_file(), pcap_fileno(), pcap_geterr(), pcap_getnonblock(), pcap_is_swapped(), pcap_loop(), pcap_major_version(), pcap_minor_version(), pcap_nametoaddr(), pcap_nametoeproto(), pcap_nametoproto(), pcap_next(), pcap_offline_read(), pcap_open_dead(), pcap_open_live(), pcap_open_offline(), pcap_perror(), pcap_read(), pcap_setfilter(), pcap_setnonblock(), pcap_snapshot(), pcap_stats(), PortVal::Port(), PortVal::PortVal(), pre_execute_stmt(), TypeDecl::Prepare(), RemoteSerializer::ProcessRequestEventsMsg(), RemoteSerializer::ProcessStatsMsg(), prompt_print(), prompt_set(), TCP_SourcePacketWriter::Purge(), re_update_line(), readloop(), DbgBreakpoint::RemoveFromGlobalMap(), RemoteSerializer::RequestEvents(), TCP_Rewriter::RewriteTCPOption(), RemoteSerializer::SendAccess(), GnutellaConn::SendEvents(), RemoteSerializer::SendPacket(), Serializer::Serialize(), RemoteSerializer::SetAcceptState(), RemoteSerializer::SetCompressionLevel(), TCP_RewriterEndpoint::SetNextPacket(), TCP_Endpoint::SetPeer(), SSL_InterpreterEndpoint::SetPeer(), sf_next_packet(), strerror(), strpbrk_n(), TCP_RewriteSlot::TCP_RewriteSlot(), term_bind_arrow(), tok_line(), Packet::Unserialize(), Serializer::UnserializePacket(), PortVal::ValDescribe(), and ChunkedIOFd::Write().

---