我正在尝试解析 pcap 以获取有效负载中仅 TLS 记录层的数据包字节。 在下面的代码中,我设法从包含 TLS 记录层的有效负载中仅获取 tcp 协议字节。我想进一步从中提取 TLS 记录层字节。 您能告诉我如何修改代码以仅提取有效负载的那部分吗?
void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet){
static int count = 1; /* packet counter */
/* declare pointers to packet headers */
const struct ether_header *ethernet; /* The ethernet header [1] */
const struct ip *ip; /* The IP header */
const struct tcphdr *tcp; /* The TCP header */
const struct sniff_udp *udp; /* The UDP header */
const char *payload; /* Packet payload */
int size_ip;
int size_tcp;
int size_udp;
int size_payload;
printf("\nPacket number %d:\n", count);
count++;
/* define ethernet header */
ethernet = (struct ether_header*)(packet);
/* define/compute ip header offset */
ip = (struct ip*)(packet + sizeof(struct ether_header));
size_ip = sizeof(struct ip);
if (size_ip < 20) {
//printf(" * Invalid IP header length: %u bytes\n", size_ip);
return;
}
/* print source and destination IP addresses */
printf(" From: %s\n", inet_ntoa(ip->ip_src));
printf(" To: %s\n", inet_ntoa(ip->ip_dst));
/* determine protocol */
switch(ip->ip_p) {
case IPPROTO_TCP:
printf(" Protocol: TCP\n");
break;
case IPPROTO_UDP:
printf(" Protocol: UDP\n");
break;
case IPPROTO_ICMP:
printf(" Protocol: ICMP\n");
return;
case IPPROTO_IP:
printf(" Protocol: IP\n");
return;
default:
printf(" Protocol: unknown\n");
return;
}
/*
* OK, this packet is TCP.
*/
/* define/compute tcp header offset */
if(ip->ip_p == IPPROTO_TCP)
{
tcp = (struct tcphdr *)(packet + sizeof(struct ether_header) + sizeof(struct ip));
size_tcp = sizeof(struct tcphdr);
printf(" Src port: %d\n", ntohs(tcp->th_sport));
printf(" Dst port: %d\n", ntohs(tcp->th_dport));
int sport = ntohs(tcp->th_sport);
int dport = ntohs(tcp->th_dport);
/* define/compute tcp payload (segment) offset */
payload = (u_char *)(packet + sizeof(struct ether_header) + sizeof(struct ip) + sizeof(struct tcphdr));
/* compute tcp payload (segment) size */
size_payload = header->len - (sizeof(struct ether_header) + sizeof(struct ip) + sizeof(struct tcphdr));
/*
* Print payload data; it might be binary, so don't just
* treat it as a string.
*/
if (size_payload > 0) {
printf(" Payload (%d bytes):\n", size_payload);
print_payload(payload, size_payload);
//if ((sport == 80) || (dport == 80))
//{
// printf(" HTTP prase:\n");
// prase_http(payload, size_payload);
//}
if(sport == 443 || dport == 443)
{
// printf(" SSL/TLS prase:\n");
//prase_ssl_tls(payload, size_payload);
//printf("%u",payload);
// print_payload(payload, size_payload);
parser(payload,size_payload);
}
}
}
/* UDP */
else if(ip->ip_p == IPPROTO_UDP)
{
udp = (struct sniff_udp*)(packet + SIZE_ETHERNET + size_ip);
size_udp = 8;
printf(" Src port: %d\n", ntohs(udp->uh_sport));
printf(" Dst port: %d\n", ntohs(udp->uh_dport));
int sport = ntohs(udp->uh_sport);
int dport = ntohs(udp->uh_dport);
payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_udp);
size_payload = ntohs(ip->ip_len) - (size_ip + size_udp);
if (size_payload > 0) {
//printf(" Payload (%d bytes:)\n", size_payload);
if(sport == 53 || dport == 53)
{
// printf(" DNS prase:\n");
// prase_dns(payload, size_payload);
}
}
}
return;
}
这是作为参数传递给 pcap_loop 的 got_packet 函数,它是
有人可以帮我吗?
您是否知道如何解析 tls 数据包并从中提取信息,如果是,请通过指导来帮助我,现在我处于同样的情况,我必须解析数据包并从中获取信息它。