ÔÚ±àÒëµÄʱºòΪʲôҪÁ¬½Ó¿â£ºlibgthread-2.0.so?ÄÜ·ñ½²Ò»ÏÂlibgthread-2.0.soµÄ×÷Óð¡?
gcc -o show_tcp_connection tcp.c -lpcap -lnet -lnids -lgthread-2.0;²»¼Ó-lgthread²»ÄܱàÒë³É¹¦°¡£¡
ллÁË£¡[code]#include "nids.h"
/* LibnidsµÄÍ·Îļþ£¬±ØÐë°üº¬ */
char ascii_string[10000];
char *char_to_ascii(char ch)
/* ´Ëº¯ÊýµÄ¹¦ÄÜÖ÷ÒªÓÃÓÚ°ÑÐÒéÊý¾Ý½øÐÐÏÔʾ */
{
char *string;
ascii_string[0] = 0;
string = ascii_string;
if (isgraph(ch))
/* ¿É´òÓ¡×Ö·û */
{
*string++ = ch;
}
else if (ch == ' ')
/* ¿Õ¸ñ */
{
*string++ = ch;
}
else if (ch == '\n' || ch == '\r')
/* »Ø³µºÍ»»ÐÐ */
{
*string++ = ch;
}
else
/* ÆäËü×Ö·ûÒÔµã"."±íʾ */
{
*string++ = '.';
}
*string = 0;
return ascii_string;
}
/*
=======================================================================================================================
ÏÂÃæµÄº¯ÊýÊǻص÷º¯Êý£¬ÓÃÓÚ·ÖÎöTCPÁ¬½Ó£¬·ÖÎöTCPÁ¬½Ó״̬£¬¶ÔTCPÐÒé´«ÊäµÄÊý¾Ý½øÐзÖÎö
=======================================================================================================================
*/
void tcp_protocol_callback(struct tcp_stream *tcp_connection, void **arg)
{
int i;
char address_string[1024];
char content[65535];
char content_urgent[65535];
struct tuple4 ip_and_port = tcp_connection->addr;
/* »ñÈ¡TCPÁ¬½ÓµÄµØÖ·ºÍ¶Ë¿Ú¶Ô */
strcpy(address_string, inet_ntoa(*((struct in_addr*) &(ip_and_port.saddr))));
/* »ñÈ¡Ô´µØÖ· */
sprintf(address_string + strlen(address_string), " : %i", ip_and_port.source);
/* »ñÈ¡Ô´¶Ë¿Ú */
strcat(address_string, " <---> ");
strcat(address_string, inet_ntoa(*((struct in_addr*) &(ip_and_port.daddr))));
/* »ñÈ¡Ä¿µÄµØÖ· */
sprintf(address_string + strlen(address_string), " : %i", ip_and_port.dest);
/* »ñÈ¡Ä¿µÄ¶Ë¿Ú */
strcat(address_string, "\n");
switch (tcp_connection->nids_state) /* ÅжÏLIBNIDSµÄ״̬ */
{
case NIDS_JUST_EST:
/* ±íʾTCP¿Í»§¶ËºÍTCP·þÎñÆ÷¶Ë½¨Á¢Á¬½Ó״̬ */
tcp_connection->client.collect++;
/* ¿Í»§¶Ë½ÓÊÕÊý¾Ý */
tcp_connection->server.collect++;
/* ·þÎñÆ÷½ÓÊÕÊý¾Ý */
tcp_connection->server.collect_urg++;
/* ·þÎñÆ÷½ÓÊÕ½ô¼±Êý¾Ý */
tcp_connection->client.collect_urg++;
/* ¿Í»§¶Ë½ÓÊÕ½ô¼±Êý¾Ý */
printf("%sTCPÁ¬½Ó½¨Á¢\n", address_string);
return ;
case NIDS_CLOSE:
/* ±íʾTCPÁ¬½ÓÕý³£¹Ø±Õ */
printf("--------------------------------\n");
printf("%sTCPÁ¬½ÓÕý³£¹Ø±Õ\n", address_string);
return ;
case NIDS_RESET:
/* ±íʾTCPÁ¬½Ó±»RST¹Ø±Õ */
printf("--------------------------------\n");
printf("%sTCPÁ¬½Ó±»RST¹Ø±Õ\n", address_string);
return ;
case NIDS_DATA:
/* ±íʾÓÐеÄÊý¾Ýµ½´ï */
{
struct half_stream *hlf;
/* ±íʾTCPÁ¬½ÓµÄÒ»¶ËµÄÐÅÏ¢£¬¿ÉÒÔÊÇ¿Í»§¶Ë£¬Ò²¿ÉÒÔÊÇ·þÎñÆ÷¶Ë */
if (tcp_connection->server.count_new_urg)
{
/* ±íʾTCP·þÎñÆ÷¶Ë½ÓÊÕµ½ÐµĽô¼±Êý¾Ý */
printf("--------------------------------\n");
strcpy(address_string, inet_ntoa(*((struct in_addr*) &(ip_and_port.saddr))));
sprintf(address_string + strlen(address_string), " : %i", ip_and_port.source);
strcat(address_string, " urgent---> ");
strcat(address_string, inet_ntoa(*((struct in_addr*) &(ip_and_port.daddr))));
sprintf(address_string + strlen(address_string), " : %i", ip_and_port.dest);
strcat(address_string, "\n");
address_string[strlen(address_string) + 1] = 0;
address_string[strlen(address_string)] = tcp_connection->server.urgdata;
printf("%s", address_string);
return ;
}
if (tcp_connection->client.count_new_urg)
{
/* ±íʾTCP¿Í»§¶Ë½ÓÊÕµ½ÐµĽô¼±Êý¾Ý */
printf("--------------------------------\n");
strcpy(address_string, inet_ntoa(*((struct in_addr*) &(ip_and_port.saddr))));
sprintf(address_string + strlen(address_string), " : %i", ip_and_port.source);
strcat(address_string, " <--- urgent ");
strcat(address_string, inet_ntoa(*((struct in_addr*) &(ip_and_port.daddr))));
sprintf(address_string + strlen(address_string), " : %i", ip_and_port.dest);
strcat(address_string, "\n");
address_string[strlen(address_string) + 1] = 0;
address_string[strlen(address_string)] = tcp_connection->client.urgdata;
printf("%s", address_string);
return ;
}
if (tcp_connection->client.count_new)
{
/* ±íʾ¿Í»§¶Ë½ÓÊÕµ½ÐµÄÊý¾Ý */
hlf = &tcp_connection->client;
/* ´Ëʱhlf±íʾµÄÊÇ¿Í»§¶ËµÄTCPÁ¬½ÓÐÅÏ¢ */
strcpy(address_string, inet_ntoa(*((struct in_addr*) &(ip_and_port.saddr))));
sprintf(address_string + strlen(address_string), ":%i", ip_and_port.source);
strcat(address_string, " <--- ");
strcat(address_string, inet_ntoa(*((struct in_addr*) &(ip_and_port.daddr))));
sprintf(address_string + strlen(address_string), ":%i", ip_and_port.dest);
strcat(address_string, "\n");
printf("--------------------------------\n");
printf("%s", address_string);
memcpy(content, hlf->data, hlf->count_new);
content[hlf->count_new] = '\0';
printf("¿Í»§¶Ë½ÓÊÕÊý¾Ý\n");
for (i = 0; i < hlf->count_new; i++)
{
printf("%s", char_to_ascii(content[i]));
/* Êä³ö¿Í»§¶Ë½ÓÊÕµÄеÄÊý¾Ý£¬ÒÔ¿É´òÓ¡×Ö·û½øÐÐÏÔʾ */
}
printf("\n");
}
else
{
/* ±íʾ·þÎñÆ÷¶Ë½ÓÊÕµ½ÐµÄÊý¾Ý */
hlf = &tcp_connection->server;
/* ´Ëʱhlf±íʾ·þÎñÆ÷¶ËµÄTCPÁ¬½ÓÐÅÏ¢ */
strcpy(address_string, inet_ntoa(*((struct in_addr*) &(ip_and_port.saddr))));
sprintf(address_string + strlen(address_string), ":%i", ip_and_port.source);
strcat(address_string, " ---> ");
strcat(address_string, inet_ntoa(*((struct in_addr*) &(ip_and_port.daddr))));
sprintf(address_string + strlen(address_string), ":%i", ip_and_port.dest);
strcat(address_string, "\n");
printf("--------------------------------\n");
printf("%s", address_string);
memcpy(content, hlf->data, hlf->count_new);
content[hlf->count_new] = '\0';
printf("·þÎñÆ÷¶Ë½ÓÊÕÊý¾Ý\n");
for (i = 0; i < hlf->count_new; i++)
{
printf("%s", char_to_ascii(content[i]));
/* Êä³ö·þÎñÆ÷½ÓÊÕµ½µÄеÄÊý¾Ý */
}
printf("\n");
}
}
default:
break;
}
return ;
}
void main()
{
if (!nids_init())
/* Libnids³õʼ»¯ */
{
printf("³öÏÖ´íÎó£º%s\n", nids_errbuf);
exit(1);
}
nids_register_tcp(tcp_protocol_callback);
/* ×¢²á»Øµ÷º¯Êý */
nids_run();
/* Libnids½øÈëÑ»·²¶»ñÊý¾Ý°ü״̬ */
}
[/code]
hml1006 ÓÚ 2011-04-29 17:38:39·¢±í:
´ó¸ÅÓõ½ÁËÏß³Ì