ct db_tns_marker*)(packet+size_data);
printf("Marker Type:%02x\n",con->type);
printf("Marker Data Type:%02x\n",con->data_byte0);
printf("Marker Data Type:%02x\n",con->data_byte1);
break;
}
case 0x0d:printf("attention package\n");break;
case 0x0e:printf("control package\n");break;
default:break;
}}
return;
}
/*
* dissect/print udp packet
*/
void
got_udp_package(u_char *args,const struct pcap_pkthdr *header,const u_char *packet,int size_ip)
{
struct db_udp *udp;
int size_udp;
u_short sport;
u_short dport;
u_short length;
udp=(struct db_udp*)(packet+size_ip);
sport=ntohs(udp->udp_source_port);
dport=ntohs(udp->udp_destination_port);
length=ntohs(udp->udp_length);
printf("-------UDP Protocol (Transport Layer)---------\n");
printf("Source Port:%d\n",sport);
printf("Destination Port:%d\n",dport);
printf("Length:%d\n",length);
printf("Checksum:%d\n",ntohs(udp->udp_checksum));
size_udp=length+size_ip;
if(sport==3306 || dport==3306)
{
printf("mysql protocol\n");
got_mysql_package(args,header,packet,size_udp);
}
else if(sport==1521 || dport==1521)
{
printf("Oracle tns protocol\n");
got_tns_package(args,header,packet,size_udp);
}
else if(sport==1433 || dport==1433)
printf("SQLSERVER tds protocol\n");
else got_data_package(args,header,packet,size_udp);
return;
}
/*
* dissect/print tcp packet
*/
void
got_tcp_package(u_char *args,const struct pcap_pkthdr *header,const u_char *packet,int size_ip)
{
const struct db_tcp *tcp; /* The TCP header */
int size_tcp;
u_char flags;
u_short windows;
u_short urgent_pointer;
u_int sequence;
u_int acknowledgement;
u_int16_t checksum;
u_short sport;
u_short dport;
/* define/compute tcp header offset */
tcp = (struct db_tcp*)(packet + size_ip);
size_tcp = TH_OFF(tcp)*4;
if (size_tcp < 20) {
printf(" * Invalid TCP header length: %u bytes\n", size_tcp);
return;
}
sequence=ntohl(tcp->th_seq);
acknowledgement=ntohl(tcp->th_ack);
windows=ntohs(tcp->th_win);
urgent_pointer=ntohs(tcp->th_urp);
flags=tcp->th_flags;
checksum=ntohs(tcp->th_sum);
sport=ntohs(tcp->th_sport);
dport=ntohs(tcp->th_dport);
printf("-------TCP Protocol (Transport Layer)---------\n");
printf(" Src port: %d\n", sport);
printf(" Dst port: %d\n", dport);
printf("Sequence Number:%u\n Acknowledgement Number:%u\n Header Length:%d\n Reserved:%d\n",sequence,acknowledgement,size_tcp,tcp->th_offx2);
printf("Flags:");
if(flags & 0x08) printf("PSH");
if(flags & 0x10) printf("ACK");
if(flags & 0x02) printf("SYN");
if(flags & 0x20) printf("URG");
if(flags & 0x01) printf("FIN");
if(flags & 0x04) printf("RST");
printf("\n");
printf("Window Size:%d\n",windows);
printf("Checksum:%d\n",checksum);
printf("Urgent Pointer:%d\n",urgent_pointer);
size_tcp=size_tcp+size_ip;
if(sport==3306 || dport==3306)
{
printf("mysql protocol\n");
got_mysql_package(args,header,packet,size_tcp);
}
else if(sport==1521 || dport==1521)
{
printf("Oracle tns protocol\n");
got_tns_package(args,header,packet,size_tcp);
}
else if(sport==1433 || dport==1433)
printf("SQLSERVER tds protocol\n");
else got_data_package(args,header,packet,size_tcp);
return;
}
/*
* dissect/print ip packet
*/
void
got_ip_package(u_char *args,const