Macwelt 4

home *** CD-ROM | disk | FTP | other *** search
/ Macwelt 4 / Macwelt DVD 4.cdr / Internet / Internet-Utilities / Mac-OS X / darkstat-2.2 / src / acct.c next >
MacBinary | 2002-09-23 | 9.4 KB | [□□□□/□□□□]
open in:
MacOS 8.1 extracted |
Win98 extracted |
DOS extracted
browse contents |
view JSON data |
view as text

This file was processed as: MacBinary (archive/macBinary).
Confidence	Program	Detection	Match Type	Support
`66%`	dexvert	Compact Compressed (Unix) `(archive/compact)`	ext	Supported
`10%`	dexvert	Jesper Olsen Module `(music/jesperOlsen)`	magic	Supported
`1%`	dexvert	MacBinary `(archive/macBinary)`	fallback	Supported
`100%`	file	MacBinary II, inited, Mon Sep 23 03:37:02 2002, modified Mon Sep 23 03:37:02 2002, 9024 bytes "acct.c" , at 0x23c0 286 bytes resource	default (weak)
`99%`	file	data	default
`66%`	TrID	TTComp archive compressed (bin-4K)	default (weak)
`33%`	TrID	MacBinary 2	default (weak)
`100%`	dearkID	deark: macbinary	default
`100%`	siegfried	fmt/1762 MacBinary (II)	default
`100%`	lsar	MacBinary	default
id metadata
key	value
macFileType	`[□□□□]`
macFileCreator	`[□□□□]`
hex view
+--------+-------------------------+-------------------------+--------+--------+
|00000000| 00 06 61 63 63 74 2e 63 | 00 00 00 00 00 00 00 00 |..acct.c|........|
|00000010| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000020| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000030| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000040| 00 00 00 00 00 00 00 00 | 00 01 00 00 00 00 00 00 |........|........|
|00000050| 00 00 00 00 00 23 40 00 | 00 01 1e b9 b4 75 1e b9 |.....#@.|.....u..|
|00000060| b4 75 1e 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |.u......|........|
|00000070| 00 00 00 00 00 00 00 00 | 00 00 81 81 be 20 00 00 |........|..... ..|
|00000080| 0a 2f 2a 20 64 61 72 6b | 73 74 61 74 3a 20 61 20 |./* dark|stat: a |
|00000090| 6e 65 74 77 6f 72 6b 20 | 74 72 61 66 66 69 63 20 |network |traffic |
|000000a0| 61 6e 61 6c 79 7a 65 72 | 0a 20 2a 20 28 63 29 20 |analyzer|. * (c) |
|000000b0| 32 30 30 31 2d 32 30 30 | 32 2c 20 45 6d 69 6c 20 |2001-200|2, Emil |
|000000c0| 4d 69 6b 75 6c 69 63 2e | 0a 20 2a 2f 0a 0a 23 69 |Mikulic.|. */..#i|
|000000d0| 6e 63 6c 75 64 65 20 22 | 61 63 63 74 2e 68 22 0a |nclude "|acct.h".|
|000000e0| 23 69 6e 63 6c 75 64 65 | 20 22 70 6f 72 74 5f 64 |#include| "port_d|
|000000f0| 62 2e 68 22 0a 23 69 6e | 63 6c 75 64 65 20 22 70 |b.h".#in|clude "p|
|00000100| 72 6f 74 6f 2e 68 22 0a | 23 69 6e 63 6c 75 64 65 |roto.h".|#include|
|00000110| 20 22 64 6e 73 2e 68 22 | 0a 23 69 6e 63 6c 75 64 | "dns.h"|.#includ|
|00000120| 65 20 22 67 72 61 70 68 | 2e 68 22 0a 0a 23 69 6e |e "graph|.h"..#in|
|00000130| 63 6c 75 64 65 20 3c 70 | 74 68 72 65 61 64 2e 68 |clude <p|thread.h|
|00000140| 3e 0a 23 69 6e 63 6c 75 | 64 65 20 3c 73 79 73 2f |>.#inclu|de <sys/|
|00000150| 73 6f 63 6b 65 74 2e 68 | 3e 0a 23 69 6e 63 6c 75 |socket.h|>.#inclu|
|00000160| 64 65 20 3c 73 79 73 2f | 69 6f 63 74 6c 2e 68 3e |de <sys/|ioctl.h>|
|00000170| 0a 23 69 6e 63 6c 75 64 | 65 20 3c 6e 65 74 69 6e |.#includ|e <netin|
|00000180| 65 74 2f 69 6e 2e 68 3e | 0a 23 69 6e 63 6c 75 64 |et/in.h>|.#includ|
|00000190| 65 20 3c 6e 65 74 2f 69 | 66 2e 68 3e 0a 23 69 6e |e <net/i|f.h>.#in|
|000001a0| 63 6c 75 64 65 20 3c 75 | 6e 69 73 74 64 2e 68 3e |clude <u|nistd.h>|
|000001b0| 0a 23 69 6e 63 6c 75 64 | 65 20 3c 74 69 6d 65 2e |.#includ|e <time.|
|000001c0| 68 3e 0a 23 69 66 20 64 | 65 66 69 6e 65 64 28 73 |h>.#if d|efined(s|
|000001d0| 75 6e 29 20 26 26 20 28 | 64 65 66 69 6e 65 64 28 |un) && (|defined(|
|000001e0| 5f 5f 73 76 72 34 5f 5f | 29 20 7c 7c 20 64 65 66 |__svr4__|) || def|
|000001f0| 69 6e 65 64 28 5f 5f 53 | 56 52 34 29 29 20 0a 23 |ined(__S|VR4)) .#|
|00000200| 69 6e 63 6c 75 64 65 20 | 3c 73 79 73 2f 73 6f 63 |include |<sys/soc|
|00000210| 6b 69 6f 2e 68 3e 0a 23 | 65 6e 64 69 66 0a 0a 69 |kio.h>.#|endif..i|
|00000220| 6e 74 36 34 09 6e 75 6d | 5f 70 61 63 6b 65 74 73 |nt64.num|_packets|
|00000230| 2c 20 74 6f 74 61 6c 5f | 64 61 74 61 3b 0a 64 77 |, total_|data;.dw|
|00000240| 6f 72 64 09 6c 6f 63 61 | 6c 5f 69 70 20 3d 20 30 |ord.loca|l_ip = 0|
|00000250| 2c 20 6c 61 6e 5f 69 70 | 20 3d 20 30 78 46 46 46 |, lan_ip| = 0xFFF|
|00000260| 46 46 46 46 46 2c 20 6c | 61 6e 5f 6d 61 73 6b 20 |FFFFF, l|an_mask |
|00000270| 3d 20 30 3b 0a 69 6e 74 | 09 61 63 63 74 5f 6c 69 |= 0;.int|.acct_li|
|00000280| 6e 6b 74 79 70 65 20 3d | 20 30 3b 0a 74 69 6d 65 |nktype =| 0;.time|
|00000290| 5f 74 09 74 5f 73 74 61 | 72 74 2c 20 74 5f 61 6c |_t.t_sta|rt, t_al|
|000002a0| 72 65 61 64 79 20 3d 20 | 30 2c 20 74 5f 6c 61 73 |ready = |0, t_las|
|000002b0| 74 73 61 76 65 20 3d 20 | 30 3b 0a 70 63 61 70 5f |tsave = |0;.pcap_|
|000002c0| 74 09 2a 61 63 63 74 5f | 70 63 61 70 20 3d 20 4e |t.*acct_|pcap = N|
|000002d0| 55 4c 4c 3b 0a 68 6f 73 | 74 5f 72 65 63 6f 72 64 |ULL;.hos|t_record|
|000002e0| 20 2a 6c 6f 63 61 6c 5f | 68 6f 73 74 5f 72 65 63 | *local_|host_rec|
|000002f0| 3b 0a 0a 23 64 65 66 69 | 6e 65 20 46 41 49 4c 28 |;..#defi|ne FAIL(|
|00000300| 29 20 7b 20 75 70 5f 61 | 63 63 74 20 3d 20 30 3b |) { up_a|cct = 0;|
|00000310| 20 70 74 68 72 65 61 64 | 5f 65 78 69 74 28 20 28 | pthread|_exit( (|
|00000320| 76 6f 69 64 2a 29 45 58 | 49 54 5f 46 41 49 4c 20 |void*)EX|IT_FAIL |
|00000330| 29 3b 20 7d 0a 23 64 65 | 66 69 6e 65 20 53 55 43 |); }.#de|fine SUC|
|00000340| 43 45 45 44 28 29 20 7b | 20 75 70 5f 61 63 63 74 |CEED() {| up_acct|
|00000350| 20 3d 20 30 3b 20 70 74 | 68 72 65 61 64 5f 65 78 | = 0; pt|hread_ex|
|00000360| 69 74 28 20 28 76 6f 69 | 64 2a 29 45 58 49 54 5f |it( (voi|d*)EXIT_|
|00000370| 53 55 43 43 45 53 53 20 | 29 3b 20 7d 0a 0a 0a 0a |SUCCESS |); }....|
|00000380| 76 6f 69 64 20 69 6e 74 | 65 72 70 72 65 74 5f 6c |void int|erpret_l|
|00000390| 69 6e 6b 74 79 70 65 28 | 69 6e 74 20 6c 69 6e 6b |inktype(|int link|
|000003a0| 74 79 70 65 2c 20 62 79 | 74 65 20 2a 70 64 61 74 |type, by|te *pdat|
|000003b0| 61 2c 0a 09 62 79 74 65 | 20 2a 2a 70 74 72 2c 20 |a,..byte| **ptr, |
|000003c0| 77 6f 72 64 20 2a 70 6b | 74 5f 74 79 70 65 29 0a |word *pk|t_type).|
|000003d0| 7b 0a 09 2f 2a 20 74 68 | 61 6e 6b 73 20 74 6f 20 |{../* th|anks to |
|000003e0| 42 72 69 61 6e 20 4d 61 | 79 20 66 6f 72 20 70 72 |Brian Ma|y for pr|
|000003f0| 6f 70 65 72 20 6c 69 6e | 6b 74 79 70 65 20 68 61 |oper lin|ktype ha|
|00000400| 6e 64 6c 69 6e 67 20 2a | 2f 0a 09 73 77 69 74 63 |ndling *|/..switc|
|00000410| 68 20 28 6c 69 6e 6b 74 | 79 70 65 29 0a 09 7b 0a |h (linkt|ype)..{.|
|00000420| 09 63 61 73 65 20 44 4c | 54 5f 45 4e 31 30 4d 42 |.case DL|T_EN10MB|
|00000430| 3a 0a 09 09 2a 70 74 72 | 20 3d 20 70 64 61 74 61 |:...*ptr| = pdata|
|00000440| 3b 0a 09 09 2a 70 6b 74 | 5f 74 79 70 65 20 3d 20 |;...*pkt|_type = |
|00000450| 65 74 68 5f 70 6b 74 5f | 74 79 70 65 28 2a 70 74 |eth_pkt_|type(*pt|
|00000460| 72 29 3b 0a 09 09 62 72 | 65 61 6b 3b 0a 0a 09 63 |r);...br|eak;...c|
|00000470| 61 73 65 20 44 4c 54 5f | 52 41 57 3a 0a 09 09 2a |ase DLT_|RAW:...*|
|00000480| 70 74 72 20 3d 20 70 64 | 61 74 61 3b 0a 09 09 2a |ptr = pd|ata;...*|
|00000490| 70 6b 74 5f 74 79 70 65 | 20 3d 20 45 54 48 5f 50 |pkt_type| = ETH_P|
|000004a0| 4b 54 5f 54 59 50 45 5f | 49 50 3b 0a 09 09 62 72 |KT_TYPE_|IP;...br|
|000004b0| 65 61 6b 3b 0a 0a 09 63 | 61 73 65 20 44 4c 54 5f |eak;...c|ase DLT_|
|000004c0| 46 44 44 49 3a 0a 09 09 | 2a 70 74 72 20 3d 20 70 |FDDI:...|*ptr = p|
|000004d0| 64 61 74 61 20 2b 20 31 | 33 3b 20 2f 2a 20 73 6b |data + 1|3; /* sk|
|000004e0| 69 70 20 46 44 44 49 20 | 68 65 61 64 65 72 20 2a |ip FDDI |header *|
|000004f0| 2f 0a 09 09 2a 70 74 72 | 20 2b 3d 20 36 3b 20 2f |/...*ptr| += 6; /|
|00000500| 2a 20 73 6f 6d 65 20 6f | 74 68 65 72 20 67 61 72 |* some o|ther gar|
|00000510| 62 61 67 65 20 2a 2f 0a | 09 09 2a 70 74 72 20 2d |bage */.|..*ptr -|
|00000520| 3d 20 31 32 3b 20 2f 2a | 20 6e 6f 77 20 69 74 20 |= 12; /*| now it |
|00000530| 6d 61 74 63 68 65 73 20 | 75 70 20 77 69 74 68 20 |matches |up with |
|00000540| 65 74 68 65 72 20 2a 2f | 0a 09 09 2a 70 6b 74 5f |ether */|...*pkt_|
|00000550| 74 79 70 65 20 3d 20 65 | 74 68 5f 70 6b 74 5f 74 |type = e|th_pkt_t|
|00000560| 79 70 65 28 2a 70 74 72 | 29 3b 0a 09 09 62 72 65 |ype(*ptr|);...bre|
|00000570| 61 6b 3b 0a 0a 09 63 61 | 73 65 20 44 4c 54 5f 4c |ak;...ca|se DLT_L|
|00000580| 49 4e 55 58 5f 53 4c 4c | 3a 0a 09 09 2a 70 74 72 |INUX_SLL|:...*ptr|
|00000590| 20 3d 20 70 64 61 74 61 | 20 2b 20 31 34 3b 20 2f | = pdata| + 14; /|
|000005a0| 2a 20 73 6b 69 70 20 68 | 65 61 64 65 72 20 2a 2f |* skip h|eader */|
|000005b0| 0a 09 09 2a 70 74 72 20 | 2d 3d 20 31 32 3b 20 2f |...*ptr |-= 12; /|
|000005c0| 2a 20 6e 6f 77 20 69 74 | 20 6d 61 74 63 68 65 73 |* now it| matches|
|000005d0| 20 75 70 20 77 69 74 68 | 20 65 74 68 65 72 20 2a | up with| ether *|
|000005e0| 2f 0a 09 09 2a 70 6b 74 | 5f 74 79 70 65 20 3d 20 |/...*pkt|_type = |
|000005f0| 65 74 68 5f 70 6b 74 5f | 74 79 70 65 28 2a 70 74 |eth_pkt_|type(*pt|
|00000600| 72 29 3b 0a 09 09 62 72 | 65 61 6b 3b 0a 0a 09 64 |r);...br|eak;...d|
|00000610| 65 66 61 75 6c 74 3a 0a | 09 09 66 72 65 61 6b 6f |efault:.|..freako|
|00000620| 75 74 28 22 55 6e 6b 6e | 6f 77 6e 20 6c 69 6e 6b |ut("Unkn|own link|
|00000630| 20 74 79 70 65 21 22 29 | 3b 0a 09 7d 0a 7d 0a 0a | type!")|;..}.}..|
|00000640| 0a 0a 2f 2a 20 64 69 73 | 61 73 73 65 6d 62 6c 65 |../* dis|assemble|
|00000650| 20 61 20 70 61 63 6b 65 | 74 20 61 6e 64 20 61 63 | a packe|t and ac|
|00000660| 63 6f 75 6e 74 20 66 6f | 72 20 69 74 20 2a 2f 0a |count fo|r it */.|
|00000670| 76 6f 69 64 20 68 61 6e | 64 6c 65 5f 70 6b 74 28 |void han|dle_pkt(|
|00000680| 62 79 74 65 20 2a 75 73 | 65 72 2c 20 63 6f 6e 73 |byte *us|er, cons|
|00000690| 74 20 73 74 72 75 63 74 | 20 70 63 61 70 5f 70 6b |t struct| pcap_pk|
|000006a0| 74 68 64 72 20 2a 70 68 | 65 61 64 65 72 2c 0a 09 |thdr *ph|eader,..|
|000006b0| 62 79 74 65 20 2a 70 64 | 61 74 61 29 0a 7b 0a 09 |byte *pd|ata).{..|
|000006c0| 62 79 74 65 20 2a 70 74 | 72 3b 0a 09 77 6f 72 64 |byte *pt|r;..word|
|000006d0| 20 70 6b 74 5f 74 79 70 | 65 3b 0a 09 64 77 6f 72 | pkt_typ|e;..dwor|
|000006e0| 64 20 70 6b 74 5f 6c 65 | 6e 3b 0a 09 62 79 74 65 |d pkt_le|n;..byte|
|000006f0| 20 70 6b 74 5f 70 72 6f | 74 6f 3b 0a 09 64 77 6f | pkt_pro|to;..dwo|
|00000700| 72 64 20 70 6b 74 5f 73 | 72 63 69 70 2c 20 70 6b |rd pkt_s|rcip, pk|
|00000710| 74 5f 64 65 73 74 69 70 | 3b 0a 09 70 6f 72 74 5f |t_destip|;..port_|
|00000720| 72 65 63 6f 72 64 20 2a | 70 3b 0a 0a 09 2f 2a 20 |record *|p;.../* |
|00000730| 75 70 64 61 74 65 20 74 | 6f 74 61 6c 20 70 61 63 |update t|otal pac|
|00000740| 6b 65 74 20 61 6e 64 20 | 64 61 74 61 20 63 6f 75 |ket and |data cou|
|00000750| 6e 74 65 72 73 20 2a 2f | 0a 09 69 36 34 61 64 64 |nters */|..i64add|
|00000760| 33 32 28 6e 75 6d 5f 70 | 61 63 6b 65 74 73 2c 20 |32(num_p|ackets, |
|00000770| 31 29 3b 0a 09 69 36 34 | 61 64 64 33 32 28 74 6f |1);..i64|add32(to|
|00000780| 74 61 6c 5f 64 61 74 61 | 2c 20 28 64 77 6f 72 64 |tal_data|, (dword|
|00000790| 29 28 70 68 65 61 64 65 | 72 2d 3e 6c 65 6e 29 29 |)(pheade|r->len))|
|000007a0| 3b 0a 0a 09 2f 2a 20 61 | 73 73 65 72 74 28 73 74 |;.../* a|ssert(st|
|000007b0| 72 63 6d 70 28 75 73 65 | 72 2c 20 22 61 62 63 22 |rcmp(use|r, "abc"|
|000007c0| 29 20 3d 3d 20 30 29 3b | 20 2a 2f 0a 0a 09 69 6e |) == 0);| */...in|
|000007d0| 74 65 72 70 72 65 74 5f | 6c 69 6e 6b 74 79 70 65 |terpret_|linktype|
|000007e0| 28 61 63 63 74 5f 6c 69 | 6e 6b 74 79 70 65 2c 20 |(acct_li|nktype, |
|000007f0| 70 64 61 74 61 2c 20 26 | 70 74 72 2c 20 26 70 6b |pdata, &|ptr, &pk|
|00000800| 74 5f 74 79 70 65 29 3b | 0a 0a 09 69 66 20 28 70 |t_type);|...if (p|
|00000810| 6b 74 5f 74 79 70 65 20 | 21 3d 20 45 54 48 5f 50 |kt_type |!= ETH_P|
|00000820| 4b 54 5f 54 59 50 45 5f | 49 50 29 0a 09 7b 0a 09 |KT_TYPE_|IP)..{..|
|00000830| 09 69 66 20 28 76 65 72 | 62 6f 73 65 29 0a 09 09 |.if (ver|bose)...|
|00000840| 7b 0a 09 09 09 70 75 74 | 63 68 61 72 28 27 28 27 |{....put|char('('|
|00000850| 29 3b 0a 09 09 09 73 77 | 69 74 63 68 20 28 70 6b |);....sw|itch (pk|
|00000860| 74 5f 74 79 70 65 29 0a | 09 09 09 7b 0a 09 09 09 |t_type).|...{....|
|00000870| 63 61 73 65 20 30 78 30 | 38 30 36 3a 20 70 72 69 |case 0x0|806: pri|
|00000880| 6e 74 66 28 22 41 52 50 | 22 29 3b 20 62 72 65 61 |ntf("ARP|"); brea|
|00000890| 6b 3b 0a 09 09 09 63 61 | 73 65 20 30 78 38 30 39 |k;....ca|se 0x809|
|000008a0| 62 3a 20 70 72 69 6e 74 | 66 28 22 41 70 70 6c 65 |b: print|f("Apple|
|000008b0| 54 61 6c 6b 22 29 3b 20 | 62 72 65 61 6b 3b 0a 09 |Talk"); |break;..|
|000008c0| 09 09 63 61 73 65 20 30 | 78 38 30 33 35 3a 20 70 |..case 0|x8035: p|
|000008d0| 72 69 6e 74 66 28 22 52 | 41 52 50 22 29 3b 20 62 |rintf("R|ARP"); b|
|000008e0| 72 65 61 6b 3b 0a 09 09 | 09 63 61 73 65 20 30 78 |reak;...|.case 0x|
|000008f0| 38 31 34 63 3a 20 70 72 | 69 6e 74 66 28 22 53 4e |814c: pr|intf("SN|
|00000900| 4d 50 22 29 3b 20 62 72 | 65 61 6b 3b 0a 09 09 09 |MP"); br|eak;....|
|00000910| 63 61 73 65 20 30 78 38 | 36 64 64 3a 20 70 72 69 |case 0x8|6dd: pri|
|00000920| 6e 74 66 28 22 49 50 76 | 36 22 29 3b 20 62 72 65 |ntf("IPv|6"); bre|
|00000930| 61 6b 3b 0a 09 09 09 63 | 61 73 65 20 30 78 38 38 |ak;....c|ase 0x88|
|00000940| 30 62 3a 20 70 72 69 6e | 74 66 28 22 50 50 50 22 |0b: prin|tf("PPP"|
|00000950| 29 3b 20 62 72 65 61 6b | 3b 0a 09 09 09 64 65 66 |); break|;....def|
|00000960| 61 75 6c 74 3a 20 70 72 | 69 6e 74 66 28 22 75 6e |ault: pr|intf("un|
|00000970| 6b 6e 6f 77 6e 20 28 74 | 79 70 65 20 25 30 34 58 |known (t|ype %04X|
|00000980| 29 22 2c 0a 09 09 09 09 | 09 70 6b 74 5f 74 79 70 |)",.....|.pkt_typ|
|00000990| 65 29 3b 0a 09 09 09 7d | 0a 09 09 09 70 72 69 6e |e);....}|....prin|
|000009a0| 74 66 28 22 20 70 61 63 | 6b 65 74 20 2d 2d 20 69 |tf(" pac|ket -- i|
|000009b0| 67 6e 6f 72 65 64 29 5c | 6e 22 29 3b 0a 09 09 09 |gnored)\|n");....|
|000009c0| 66 66 6c 75 73 68 28 73 | 74 64 6f 75 74 29 3b 0a |fflush(s|tdout);.|
|000009d0| 09 09 7d 0a 09 09 72 65 | 74 75 72 6e 3b 0a 09 7d |..}...re|turn;..}|
|000009e0| 0a 0a 09 70 74 72 20 3d | 20 65 74 68 5f 70 6b 74 |...ptr =| eth_pkt|
|000009f0| 5f 73 74 72 69 70 28 70 | 74 72 29 3b 0a 0a 09 69 |_strip(p|tr);...i|
|00000a00| 66 20 28 76 65 72 62 6f | 73 65 29 20 70 72 69 6e |f (verbo|se) prin|
|00000a10| 74 66 28 22 28 49 50 29 | 20 22 29 3b 0a 0a 09 70 |tf("(IP)| ");...p|
|00000a20| 6b 74 5f 70 72 6f 74 6f | 20 3d 20 69 70 5f 70 6b |kt_proto| = ip_pk|
|00000a30| 74 5f 70 72 6f 74 6f 28 | 70 74 72 29 3b 0a 09 70 |t_proto(|ptr);..p|
|00000a40| 6b 74 5f 73 72 63 69 70 | 20 3d 20 69 70 5f 70 6b |kt_srcip| = ip_pk|
|00000a50| 74 5f 73 72 63 69 70 28 | 70 74 72 29 3b 0a 09 70 |t_srcip(|ptr);..p|
|00000a60| 6b 74 5f 64 65 73 74 69 | 70 20 3d 20 69 70 5f 70 |kt_desti|p = ip_p|
|00000a70| 6b 74 5f 64 65 73 74 69 | 70 28 70 74 72 29 3b 0a |kt_desti|p(ptr);.|
|00000a80| 09 70 6b 74 5f 6c 65 6e | 20 3d 20 28 64 77 6f 72 |.pkt_len| = (dwor|
|00000a90| 64 29 28 69 70 5f 70 6b | 74 5f 6c 65 6e 28 70 74 |d)(ip_pk|t_len(pt|
|00000aa0| 72 29 29 3b 0a 0a 09 2f | 2a 20 64 65 2d 6d 61 6e |r));.../|* de-man|
|00000ab0| 67 6c 65 20 4c 69 6e 75 | 78 20 32 2e 34 2e 78 20 |gle Linu|x 2.4.x |
|00000ac0| 4e 41 54 20 2a 2f 0a 09 | 69 66 20 28 28 70 6b 74 |NAT */..|if ((pkt|
|00000ad0| 5f 73 72 63 69 70 20 26 | 20 6c 61 6e 5f 6d 61 73 |_srcip &| lan_mas|
|00000ae0| 6b 29 20 3d 3d 20 6c 61 | 6e 5f 69 70 29 20 70 6b |k) == la|n_ip) pk|
|00000af0| 74 5f 73 72 63 69 70 20 | 3d 20 6c 6f 63 61 6c 5f |t_srcip |= local_|
|00000b00| 69 70 3b 0a 09 69 66 20 | 28 28 70 6b 74 5f 64 65 |ip;..if |((pkt_de|
|00000b10| 73 74 69 70 20 26 20 6c | 61 6e 5f 6d 61 73 6b 29 |stip & l|an_mask)|
|00000b20| 20 3d 3d 20 6c 61 6e 5f | 69 70 29 20 70 6b 74 5f | == lan_|ip) pkt_|
|00000b30| 64 65 73 74 69 70 20 3d | 20 6c 6f 63 61 6c 5f 69 |destip =| local_i|
|00000b40| 70 3b 0a 0a 09 69 66 20 | 28 76 65 72 62 6f 73 65 |p;...if |(verbose|
|00000b50| 29 0a 09 7b 0a 09 09 70 | 72 69 6e 74 66 28 70 72 |)..{...p|rintf(pr|
|00000b60| 6f 74 6f 5f 6e 61 6d 65 | 5f 73 68 6f 72 74 28 70 |oto_name|_short(p|
|00000b70| 6b 74 5f 70 72 6f 74 6f | 29 29 3b 0a 09 09 70 75 |kt_proto|));...pu|
|00000b80| 74 63 68 61 72 28 27 20 | 27 29 3b 0a 09 09 70 72 |tchar(' |');...pr|
|00000b90| 69 6e 74 5f 61 64 64 72 | 28 70 6b 74 5f 73 72 63 |int_addr|(pkt_src|
|00000ba0| 69 70 29 3b 0a 09 09 70 | 72 69 6e 74 66 28 22 2d |ip);...p|rintf("-|
|00000bb0| 3e 22 29 3b 0a 09 09 70 | 72 69 6e 74 5f 61 64 64 |>");...p|rint_add|
|00000bc0| 72 28 70 6b 74 5f 64 65 | 73 74 69 70 29 3b 0a 09 |r(pkt_de|stip);..|
|00000bd0| 7d 0a 0a 09 2f 2a 20 73 | 74 61 72 74 20 6d 65 73 |}.../* s|tart mes|
|00000be0| 73 69 6e 67 20 77 69 74 | 68 20 44 42 20 2a 2f 0a |sing wit|h DB */.|
|00000bf0| 09 70 74 68 72 65 61 64 | 5f 6d 75 74 65 78 5f 6c |.pthread|_mutex_l|
|00000c00| 6f 63 6b 28 26 64 62 5f | 6d 75 74 65 78 29 3b 0a |ock(&db_|mutex);.|
|00000c10| 09 0a 09 2f 2a 20 61 63 | 63 6f 75 6e 74 69 6e 67 |.../* ac|counting|
|00000c20| 20 66 6f 72 20 70 72 6f | 74 6f 63 6f 6c 73 20 2a | for pro|tocols *|
|00000c30| 2f 0a 09 69 66 20 28 70 | 6b 74 5f 73 72 63 69 70 |/..if (p|kt_srcip|
|00000c40| 20 3d 3d 20 6c 6f 63 61 | 6c 5f 69 70 29 0a 09 09 | == loca|l_ip)...|
|00000c50| 70 72 6f 74 6f 5f 74 72 | 61 6e 73 66 65 72 5f 6f |proto_tr|ansfer_o|
|00000c60| 75 74 28 70 6b 74 5f 70 | 72 6f 74 6f 2c 20 70 6b |ut(pkt_p|roto, pk|
|00000c70| 74 5f 6c 65 6e 29 3b 0a | 09 69 66 20 28 70 6b 74 |t_len);.|.if (pkt|
|00000c80| 5f 64 65 73 74 69 70 20 | 3d 3d 20 6c 6f 63 61 6c |_destip |== local|
|00000c90| 5f 69 70 29 0a 09 09 70 | 72 6f 74 6f 5f 74 72 61 |_ip)...p|roto_tra|
|00000ca0| 6e 73 66 65 72 5f 69 6e | 28 70 6b 74 5f 70 72 6f |nsfer_in|(pkt_pro|
|00000cb0| 74 6f 2c 20 70 6b 74 5f | 6c 65 6e 29 3b 0a 09 69 |to, pkt_|len);..i|
|00000cc0| 66 20 28 70 6b 74 5f 73 | 72 63 69 70 20 21 3d 20 |f (pkt_s|rcip != |
|00000cd0| 6c 6f 63 61 6c 5f 69 70 | 20 26 26 20 70 6b 74 5f |local_ip| && pkt_|
|00000ce0| 64 65 73 74 69 70 20 21 | 3d 20 6c 6f 63 61 6c 5f |destip !|= local_|
|00000cf0| 69 70 29 0a 09 09 70 72 | 6f 74 6f 5f 74 72 61 6e |ip)...pr|oto_tran|
|00000d00| 73 66 65 72 5f 6f 74 68 | 65 72 28 70 6b 74 5f 70 |sfer_oth|er(pkt_p|
|00000d10| 72 6f 74 6f 2c 20 70 6b | 74 5f 6c 65 6e 29 3b 0a |roto, pk|t_len);.|
|00000d20| 0a 09 2f 2a 20 61 63 63 | 6f 75 6e 74 69 6e 67 20 |../* acc|ounting |
|00000d30| 66 6f 72 20 68 6f 73 74 | 73 20 2a 2f 0a 09 68 6f |for host|s */..ho|
|00000d40| 73 74 5f 74 72 61 6e 73 | 66 65 72 5f 6f 75 74 28 |st_trans|fer_out(|
|00000d50| 70 6b 74 5f 73 72 63 69 | 70 2c 20 70 6b 74 5f 6c |pkt_srci|p, pkt_l|
|00000d60| 65 6e 29 3b 0a 09 68 6f | 73 74 5f 74 72 61 6e 73 |en);..ho|st_trans|
|00000d70| 66 65 72 5f 69 6e 28 70 | 6b 74 5f 64 65 73 74 69 |fer_in(p|kt_desti|
|00000d80| 70 2c 20 70 6b 74 5f 6c | 65 6e 29 3b 0a 0a 09 2f |p, pkt_l|en);.../|
|00000d90| 2a 20 61 63 63 6f 75 6e | 74 69 6e 67 20 66 6f 72 |* accoun|ting for|
|00000da0| 20 70 6f 72 74 73 20 2a | 2f 0a 09 69 66 20 28 70 | ports *|/..if (p|
|00000db0| 6b 74 5f 70 72 6f 74 6f | 20 3d 3d 20 49 50 5f 50 |kt_proto| == IP_P|
|00000dc0| 52 4f 54 4f 5f 54 43 50 | 29 0a 09 7b 0a 09 09 62 |ROTO_TCP|)..{...b|
|00000dd0| 79 74 65 20 2a 74 63 70 | 5f 70 74 72 20 3d 20 69 |yte *tcp|_ptr = i|
|00000de0| 70 5f 70 6b 74 5f 73 74 | 72 69 70 28 70 74 72 29 |p_pkt_st|rip(ptr)|
|00000df0| 3b 0a 09 09 77 6f 72 64 | 09 73 72 63 70 6f 72 74 |;...word|.srcport|
|00000e00| 20 3d 20 74 63 70 5f 70 | 6b 74 5f 73 72 63 70 6f | = tcp_p|kt_srcpo|
|00000e10| 72 74 28 74 63 70 5f 70 | 74 72 29 2c 0a 09 09 09 |rt(tcp_p|tr),....|
|00000e20| 64 65 73 74 70 6f 72 74 | 20 3d 20 74 63 70 5f 70 |destport| = tcp_p|
|00000e30| 6b 74 5f 64 65 73 74 70 | 6f 72 74 28 74 63 70 5f |kt_destp|ort(tcp_|
|00000e40| 70 74 72 29 3b 0a 09 09 | 62 79 74 65 20 66 6c 61 |ptr);...|byte fla|
|00000e50| 67 73 20 3d 20 74 63 70 | 5f 66 6c 61 67 73 28 74 |gs = tcp|_flags(t|
|00000e60| 63 70 5f 70 74 72 29 3b | 0a 0a 09 09 69 66 20 28 |cp_ptr);|....if (|
|00000e70| 70 6b 74 5f 64 65 73 74 | 69 70 20 3d 3d 20 6c 6f |pkt_dest|ip == lo|
|00000e80| 63 61 6c 5f 69 70 29 0a | 09 09 7b 0a 09 09 09 2f |cal_ip).|..{..../|
|00000e90| 2a 20 74 72 65 61 74 20 | 61 6c 6c 20 66 74 70 2d |* treat |all ftp-|
|00000ea0| 64 61 74 61 20 61 73 20 | 73 69 6e 67 6c 65 20 70 |data as |single p|
|00000eb0| 6f 72 74 20 2d 2d 20 6a | 69 62 20 2a 2f 0a 09 09 |ort -- j|ib */...|
|00000ec0| 09 69 66 20 28 73 72 63 | 70 6f 72 74 20 3d 3d 20 |.if (src|port == |
|00000ed0| 32 30 29 20 64 65 73 74 | 70 6f 72 74 20 3d 20 32 |20) dest|port = 2|
|00000ee0| 30 3b 0a 0a 09 09 09 69 | 66 20 28 28 66 6c 61 67 |0;.....i|f ((flag|
|00000ef0| 73 20 26 20 54 43 50 5f | 53 59 4e 29 20 26 26 20 |s & TCP_|SYN) && |
|00000f00| 21 28 66 6c 61 67 73 20 | 5e 20 54 43 50 5f 53 59 |!(flags |^ TCP_SY|
|00000f10| 4e 29 29 0a 09 09 09 09 | 70 20 3d 20 70 6f 72 74 |N)).....|p = port|
|00000f20| 5f 66 72 6f 6d 5f 6e 75 | 6d 28 64 65 73 74 70 6f |_from_nu|m(destpo|
|00000f30| 72 74 29 3b 0a 09 09 09 | 65 6c 73 65 0a 09 09 09 |rt);....|else....|
|00000f40| 09 70 20 3d 20 70 6f 72 | 74 5f 66 69 6e 64 28 64 |.p = por|t_find(d|
|00000f50| 65 73 74 70 6f 72 74 29 | 3b 0a 0a 09 09 09 69 66 |estport)|;.....if|
|00000f60| 20 28 70 29 20 70 6f 72 | 74 5f 75 70 64 61 74 65 | (p) por|t_update|
|00000f70| 5f 69 6e 28 70 2c 20 70 | 6b 74 5f 6c 65 6e 29 3b |_in(p, p|kt_len);|
|00000f80| 0a 09 09 7d 0a 09 20 20 | 20 20 20 20 20 09 65 6c |...}..  |     .el|
|00000f90| 73 65 20 69 66 20 28 70 | 6b 74 5f 73 72 63 69 70 |se if (p|kt_srcip|
|00000fa0| 20 3d 3d 20 6c 6f 63 61 | 6c 5f 69 70 29 0a 09 09 | == loca|l_ip)...|
|00000fb0| 7b 0a 09 09 09 70 20 3d | 20 70 6f 72 74 5f 66 69 |{....p =| port_fi|
|00000fc0| 6e 64 28 73 72 63 70 6f | 72 74 29 3b 0a 09 09 09 |nd(srcpo|rt);....|
|00000fd0| 69 66 20 28 70 29 20 70 | 6f 72 74 5f 75 70 64 61 |if (p) p|ort_upda|
|00000fe0| 74 65 5f 6f 75 74 28 70 | 2c 20 70 6b 74 5f 6c 65 |te_out(p|, pkt_le|
|00000ff0| 6e 29 3b 0a 09 09 7d 09 | 0a 0a 09 09 69 66 20 28 |n);...}.|....if (|
|00001000| 76 65 72 62 6f 73 65 29 | 0a 09 09 7b 0a 09 09 09 |verbose)|...{....|
|00001010| 70 72 69 6e 74 66 28 22 | 20 25 64 3a 25 64 20 28 |printf("| %d:%d (|
|00001020| 22 2c 20 73 72 63 70 6f | 72 74 2c 64 65 73 74 70 |", srcpo|rt,destp|
|00001030| 6f 72 74 29 3b 0a 09 09 | 0a 09 09 09 69 66 20 28 |ort);...|....if (|
|00001040| 66 6c 61 67 73 20 26 20 | 54 43 50 5f 55 52 47 29 |flags & |TCP_URG)|
|00001050| 20 70 72 69 6e 74 66 28 | 22 55 52 47 20 22 29 3b | printf(|"URG ");|
|00001060| 0a 09 09 09 69 66 20 28 | 66 6c 61 67 73 20 26 20 |....if (|flags & |
|00001070| 54 43 50 5f 41 43 4b 29 | 20 70 72 69 6e 74 66 28 |TCP_ACK)| printf(|
|00001080| 22 41 43 4b 20 22 29 3b | 0a 09 09 09 69 66 20 28 |"ACK ");|....if (|
|00001090| 66 6c 61 67 73 20 26 20 | 54 43 50 5f 50 53 48 29 |flags & |TCP_PSH)|
|000010a0| 20 70 72 69 6e 74 66 28 | 22 50 53 48 20 22 29 3b | printf(|"PSH ");|
|000010b0| 0a 09 09 09 69 66 20 28 | 66 6c 61 67 73 20 26 20 |....if (|flags & |
|000010c0| 54 43 50 5f 52 53 54 29 | 20 70 72 69 6e 74 66 28 |TCP_RST)| printf(|
|000010d0| 22 52 53 54 20 22 29 3b | 0a 09 09 09 69 66 20 28 |"RST ");|....if (|
|000010e0| 66 6c 61 67 73 20 26 20 | 54 43 50 5f 53 59 4e 29 |flags & |TCP_SYN)|
|000010f0| 20 70 72 69 6e 74 66 28 | 22 53 59 4e 20 22 29 3b | printf(|"SYN ");|
|00001100| 0a 09 09 09 69 66 20 28 | 66 6c 61 67 73 20 26 20 |....if (|flags & |
|00001110| 54 43 50 5f 46 49 4e 29 | 20 70 72 69 6e 74 66 28 |TCP_FIN)| printf(|
|00001120| 22 46 49 4e 20 22 29 3b | 0a 09 09 09 69 66 20 28 |"FIN ");|....if (|
|00001130| 66 6c 61 67 73 29 20 70 | 75 74 63 68 61 72 28 38 |flags) p|utchar(8|
|00001140| 29 3b 0a 09 09 09 70 72 | 69 6e 74 66 28 22 29 22 |);....pr|intf(")"|
|00001150| 29 3b 0a 09 09 7d 0a 09 | 7d 0a 0a 09 2f 2a 20 73 |);...}..|}.../* s|
|00001160| 74 6f 70 20 6d 65 73 73 | 69 6e 67 20 77 69 74 68 |top mess|ing with|
|00001170| 20 64 62 20 2a 2f 0a 09 | 70 74 68 72 65 61 64 5f | db */..|pthread_|
|00001180| 6d 75 74 65 78 5f 75 6e | 6c 6f 63 6b 28 26 64 62 |mutex_un|lock(&db|
|00001190| 5f 6d 75 74 65 78 29 3b | 0a 0a 09 2f 2a 20 75 70 |_mutex);|.../* up|
|000011a0| 64 61 74 65 20 67 72 61 | 70 68 20 2a 2f 0a 09 70 |date gra|ph */..p|
|000011b0| 74 68 72 65 61 64 5f 6d | 75 74 65 78 5f 6c 6f 63 |thread_m|utex_loc|
|000011c0| 6b 28 26 67 72 61 70 68 | 5f 6d 75 74 65 78 29 3b |k(&graph|_mutex);|
|000011d0| 0a 09 67 72 61 70 68 5f | 72 6f 74 61 74 65 28 70 |..graph_|rotate(p|
|000011e0| 68 65 61 64 65 72 2d 3e | 74 73 2e 74 76 5f 73 65 |header->|ts.tv_se|
|000011f0| 63 29 3b 0a 09 69 66 20 | 28 70 6b 74 5f 73 72 63 |c);..if |(pkt_src|
|00001200| 69 70 20 3d 3d 20 6c 6f | 63 61 6c 5f 69 70 29 20 |ip == lo|cal_ip) |
|00001210| 67 72 61 70 68 5f 61 64 | 64 5f 6f 75 74 28 70 6b |graph_ad|d_out(pk|
|00001220| 74 5f 6c 65 6e 29 3b 20 | 65 6c 73 65 0a 09 69 66 |t_len); |else..if|
|00001230| 20 28 70 6b 74 5f 64 65 | 73 74 69 70 20 3d 3d 20 | (pkt_de|stip == |
|00001240| 6c 6f 63 61 6c 5f 69 70 | 29 20 67 72 61 70 68 5f |local_ip|) graph_|
|00001250| 61 64 64 5f 69 6e 28 70 | 6b 74 5f 6c 65 6e 29 3b |add_in(p|kt_len);|
|00001260| 0a 09 70 74 68 72 65 61 | 64 5f 6d 75 74 65 78 5f |..pthrea|d_mutex_|
|00001270| 75 6e 6c 6f 63 6b 28 26 | 67 72 61 70 68 5f 6d 75 |unlock(&|graph_mu|
|00001280| 74 65 78 29 3b 0a 0a 09 | 69 66 20 28 76 65 72 62 |tex);...|if (verb|
|00001290| 6f 73 65 29 0a 09 7b 0a | 09 09 70 72 69 6e 74 66 |ose)..{.|..printf|
|000012a0| 28 22 20 73 69 7a 65 3a | 25 64 5c 6e 22 2c 20 70 |(" size:|%d\n", p|
|000012b0| 6b 74 5f 6c 65 6e 29 3b | 0a 09 09 66 66 6c 75 73 |kt_len);|...fflus|
|000012c0| 68 28 73 74 64 6f 75 74 | 29 3b 0a 09 7d 0a 7d 0a |h(stdout|);..}.}.|
|000012d0| 0a 0a 0a 76 6f 69 64 20 | 69 6e 69 74 5f 64 62 28 |...void |init_db(|
|000012e0| 76 6f 69 64 29 0a 7b 0a | 09 68 6f 73 74 5f 64 62 |void).{.|.host_db|
|000012f0| 5f 69 6e 69 74 28 29 3b | 0a 09 70 6f 72 74 5f 64 |_init();|..port_d|
|00001300| 62 5f 69 6e 69 74 28 29 | 3b 0a 09 70 72 6f 74 6f |b_init()|;..proto|
|00001310| 5f 64 62 5f 69 6e 69 74 | 28 29 3b 0a 7d 0a 0a 0a |_db_init|();.}...|
|00001320| 0a 76 6f 69 64 20 73 61 | 76 65 5f 64 62 28 63 6f |.void sa|ve_db(co|
|00001330| 6e 73 74 20 63 68 61 72 | 20 2a 66 69 6c 65 6e 61 |nst char| *filena|
|00001340| 6d 65 29 0a 7b 0a 09 64 | 77 6f 72 64 20 75 70 74 |me).{..d|word upt|
|00001350| 69 6d 65 20 3d 20 28 64 | 77 6f 72 64 29 28 20 74 |ime = (d|word)( t|
|00001360| 5f 61 6c 72 65 61 64 79 | 20 2b 20 28 74 69 6d 65 |_already| + (time|
|00001370| 28 4e 55 4c 4c 29 20 2d | 20 74 5f 73 74 61 72 74 |(NULL) -| t_start|
|00001380| 29 20 29 3b 0a 09 46 49 | 4c 45 20 2a 66 70 20 3d |) );..FI|LE *fp =|
|00001390| 20 66 6f 70 65 6e 28 66 | 69 6c 65 6e 61 6d 65 2c | fopen(f|ilename,|
|000013a0| 20 22 77 62 22 29 3b 0a | 0a 09 69 66 20 28 21 66 | "wb");.|..if (!f|
|000013b0| 70 29 0a 09 7b 0a 09 09 | 70 72 69 6e 74 66 28 22 |p)..{...|printf("|
|000013c0| 45 72 72 6f 72 3a 20 73 | 61 76 65 5f 64 62 28 29 |Error: s|ave_db()|
|000013d0| 3a 20 43 61 6e 27 74 20 | 6f 70 65 6e 20 25 73 20 |: Can't |open %s |
|000013e0| 66 6f 72 20 77 72 69 74 | 69 6e 67 2e 5c 6e 22 2c |for writ|ing.\n",|
|000013f0| 0a 09 09 09 66 69 6c 65 | 6e 61 6d 65 29 3b 0a 09 |....file|name);..|
|00001400| 09 65 78 69 74 28 45 58 | 49 54 5f 46 41 49 4c 29 |.exit(EX|IT_FAIL)|
|00001410| 3b 0a 09 7d 0a 0a 09 66 | 77 72 69 74 65 28 26 75 |;..}...f|write(&u|
|00001420| 70 74 69 6d 65 2c 20 73 | 69 7a 65 6f 66 28 75 70 |ptime, s|izeof(up|
|00001430| 74 69 6d 65 29 2c 20 31 | 2c 20 66 70 29 3b 0a 09 |time), 1|, fp);..|
|00001440| 66 77 72 69 74 65 36 34 | 28 6e 75 6d 5f 70 61 63 |fwrite64|(num_pac|
|00001450| 6b 65 74 73 2c 20 66 70 | 29 3b 0a 09 66 77 72 69 |kets, fp|);..fwri|
|00001460| 74 65 36 34 28 74 6f 74 | 61 6c 5f 64 61 74 61 2c |te64(tot|al_data,|
|00001470| 20 66 70 29 3b 0a 0a 09 | 70 74 68 72 65 61 64 5f | fp);...|pthread_|
|00001480| 6d 75 74 65 78 5f 6c 6f | 63 6b 28 26 64 62 5f 6d |mutex_lo|ck(&db_m|
|00001490| 75 74 65 78 29 3b 0a 09 | 68 6f 73 74 5f 64 62 5f |utex);..|host_db_|
|000014a0| 73 61 76 65 28 66 70 29 | 3b 0a 09 70 72 6f 74 6f |save(fp)|;..proto|
|000014b0| 5f 64 62 5f 73 61 76 65 | 28 66 70 29 3b 0a 09 70 |_db_save|(fp);..p|
|000014c0| 6f 72 74 5f 64 62 5f 73 | 61 76 65 28 66 70 29 3b |ort_db_s|ave(fp);|
|000014d0| 0a 09 70 74 68 72 65 61 | 64 5f 6d 75 74 65 78 5f |..pthrea|d_mutex_|
|000014e0| 75 6e 6c 6f 63 6b 28 26 | 64 62 5f 6d 75 74 65 78 |unlock(&|db_mutex|
|000014f0| 29 3b 0a 0a 09 70 74 68 | 72 65 61 64 5f 6d 75 74 |);...pth|read_mut|
|00001500| 65 78 5f 6c 6f 63 6b 28 | 26 67 72 61 70 68 5f 6d |ex_lock(|&graph_m|
|00001510| 75 74 65 78 29 3b 0a 09 | 67 72 61 70 68 5f 73 61 |utex);..|graph_sa|
|00001520| 76 65 28 66 70 29 3b 0a | 09 70 74 68 72 65 61 64 |ve(fp);.|.pthread|
|00001530| 5f 6d 75 74 65 78 5f 75 | 6e 6c 6f 63 6b 28 26 67 |_mutex_u|nlock(&g|
|00001540| 72 61 70 68 5f 6d 75 74 | 65 78 29 3b 0a 0a 09 66 |raph_mut|ex);...f|
|00001550| 63 6c 6f 73 65 28 66 70 | 29 3b 0a 7d 0a 0a 0a 0a |close(fp|);.}....|
|00001560| 69 6e 74 20 6c 6f 61 64 | 5f 66 72 6f 6d 5f 66 69 |int load|_from_fi|
|00001570| 6c 65 28 46 49 4c 45 20 | 2a 66 70 29 0a 7b 0a 09 |le(FILE |*fp).{..|
|00001580| 69 6e 74 20 72 65 61 64 | 3b 0a 09 64 77 6f 72 64 |int read|;..dword|
|00001590| 20 75 70 74 69 6d 65 3b | 0a 0a 09 72 65 61 64 20 | uptime;|...read |
|000015a0| 3d 20 66 72 65 61 64 28 | 26 75 70 74 69 6d 65 2c |= fread(|&uptime,|
|000015b0| 20 73 69 7a 65 6f 66 28 | 75 70 74 69 6d 65 29 2c | sizeof(|uptime),|
|000015c0| 20 31 2c 20 66 70 29 3b | 0a 09 74 5f 61 6c 72 65 | 1, fp);|..t_alre|
|000015d0| 61 64 79 20 3d 20 28 74 | 69 6d 65 5f 74 29 75 70 |ady = (t|ime_t)up|
|000015e0| 74 69 6d 65 3b 0a 09 69 | 66 20 28 21 72 65 61 64 |time;..i|f (!read|
|000015f0| 29 20 72 65 74 75 72 6e | 20 30 3b 0a 0a 09 66 72 |) return| 0;...fr|
|00001600| 65 61 64 36 34 28 6e 75 | 6d 5f 70 61 63 6b 65 74 |ead64(nu|m_packet|
|00001610| 73 2c 20 66 70 2c 20 72 | 65 61 64 29 3b 0a 09 69 |s, fp, r|ead);..i|
|00001620| 66 20 28 21 72 65 61 64 | 29 20 72 65 74 75 72 6e |f (!read|) return|
|00001630| 20 30 3b 0a 0a 09 66 72 | 65 61 64 36 34 28 74 6f | 0;...fr|ead64(to|
|00001640| 74 61 6c 5f 64 61 74 61 | 2c 20 66 70 2c 20 72 65 |tal_data|, fp, re|
|00001650| 61 64 29 3b 0a 09 69 66 | 20 28 21 72 65 61 64 29 |ad);..if| (!read)|
|00001660| 20 72 65 74 75 72 6e 20 | 30 3b 0a 0a 09 69 66 20 | return |0;...if |
|00001670| 28 21 68 6f 73 74 5f 64 | 62 5f 6c 6f 61 64 28 66 |(!host_d|b_load(f|
|00001680| 70 29 29 20 72 65 74 75 | 72 6e 20 30 3b 0a 09 69 |p)) retu|rn 0;..i|
|00001690| 66 20 28 21 70 72 6f 74 | 6f 5f 64 62 5f 6c 6f 61 |f (!prot|o_db_loa|
|000016a0| 64 28 66 70 29 29 20 72 | 65 74 75 72 6e 20 30 3b |d(fp)) r|eturn 0;|
|000016b0| 0a 09 69 66 20 28 21 70 | 6f 72 74 5f 64 62 5f 6c |..if (!p|ort_db_l|
|000016c0| 6f 61 64 28 66 70 29 29 | 20 72 65 74 75 72 6e 20 |oad(fp))| return |
|000016d0| 30 3b 0a 09 69 66 20 28 | 21 67 72 61 70 68 5f 6c |0;..if (|!graph_l|
|000016e0| 6f 61 64 28 66 70 29 29 | 20 72 65 74 75 72 6e 20 |oad(fp))| return |
|000016f0| 30 3b 0a 0a 09 72 65 74 | 75 72 6e 20 31 3b 0a 7d |0;...ret|urn 1;.}|
|00001700| 0a 0a 0a 0a 76 6f 69 64 | 20 6c 6f 61 64 5f 64 62 |....void| load_db|
|00001710| 28 63 68 61 72 20 2a 66 | 69 6c 65 6e 61 6d 65 29 |(char *f|ilename)|
|00001720| 0a 7b 0a 09 46 49 4c 45 | 20 2a 66 70 20 3d 20 66 |.{..FILE| *fp = f|
|00001730| 6f 70 65 6e 28 66 69 6c | 65 6e 61 6d 65 2c 20 22 |open(fil|ename, "|
|00001740| 72 22 29 3b 0a 09 0a 09 | 69 66 20 28 21 66 70 29 |r");....|if (!fp)|
|00001750| 0a 09 7b 0a 09 09 70 72 | 69 6e 74 66 28 22 43 61 |..{...pr|intf("Ca|
|00001760| 6e 27 74 20 6c 6f 61 64 | 20 64 62 20 66 72 6f 6d |n't load| db from|
|00001770| 20 25 73 2c 20 73 74 61 | 72 74 69 6e 67 20 66 72 | %s, sta|rting fr|
|00001780| 6f 6d 20 73 63 72 61 74 | 63 68 2e 5c 6e 22 2c 0a |om scrat|ch.\n",.|
|00001790| 09 09 09 66 69 6c 65 6e | 61 6d 65 29 3b 0a 09 09 |...filen|ame);...|
|000017a0| 72 65 74 75 72 6e 3b 0a | 09 7d 0a 0a 09 69 66 20 |return;.|.}...if |
|000017b0| 28 21 6c 6f 61 64 5f 66 | 72 6f 6d 5f 66 69 6c 65 |(!load_f|rom_file|
|000017c0| 28 66 70 29 29 0a 09 7b | 0a 09 09 70 72 69 6e 74 |(fp))..{|...print|
|000017d0| 66 28 22 46 61 74 61 6c | 20 65 72 72 6f 72 3a 20 |f("Fatal| error: |
|000017e0| 63 6f 72 72 75 70 74 20 | 64 62 20 69 6e 20 25 73 |corrupt |db in %s|
|000017f0| 2e 5c 6e 22 0a 09 09 09 | 22 50 6c 65 61 73 65 20 |.\n"....|"Please |
|00001800| 72 65 6d 6f 76 65 20 64 | 61 74 61 62 61 73 65 20 |remove d|atabase |
|00001810| 61 6e 64 20 72 65 73 74 | 61 72 74 20 64 61 72 6b |and rest|art dark|
|00001820| 73 74 61 74 2e 5c 6e 22 | 2c 0a 09 09 09 66 69 6c |stat.\n"|,....fil|
|00001830| 65 6e 61 6d 65 29 3b 0a | 09 09 66 63 6c 6f 73 65 |ename);.|..fclose|
|00001840| 28 66 70 29 3b 0a 09 09 | 65 78 69 74 28 45 58 49 |(fp);...|exit(EXI|
|00001850| 54 5f 46 41 49 4c 29 3b | 0a 09 7d 0a 0a 09 66 63 |T_FAIL);|..}...fc|
|00001860| 6c 6f 73 65 28 66 70 29 | 3b 0a 09 70 72 69 6e 74 |lose(fp)|;..print|
|00001870| 66 28 22 4c 6f 61 64 65 | 64 20 25 73 2e 5c 6e 22 |f("Loade|d %s.\n"|
|00001880| 2c 20 66 69 6c 65 6e 61 | 6d 65 29 3b 0a 7d 0a 0a |, filena|me);.}..|
|00001890| 0a 0a 64 77 6f 72 64 20 | 67 65 74 5f 6c 6f 63 61 |..dword |get_loca|
|000018a0| 6c 5f 69 70 28 63 68 61 | 72 20 2a 69 6e 74 65 72 |l_ip(cha|r *inter|
|000018b0| 29 0a 7b 0a 09 69 6e 74 | 20 74 6d 70 20 3d 20 73 |).{..int| tmp = s|
|000018c0| 6f 63 6b 65 74 28 41 46 | 5f 49 4e 45 54 2c 20 53 |ocket(AF|_INET, S|
|000018d0| 4f 43 4b 5f 44 47 52 41 | 4d 2c 20 49 50 50 52 4f |OCK_DGRA|M, IPPRO|
|000018e0| 54 4f 5f 49 50 29 3b 0a | 09 73 74 72 75 63 74 20 |TO_IP);.|.struct |
|000018f0| 69 66 72 65 71 20 69 66 | 72 3b 0a 09 73 74 72 75 |ifreq if|r;..stru|
|00001900| 63 74 20 73 6f 63 6b 61 | 64 64 72 20 73 61 3b 0a |ct socka|ddr sa;.|
|00001910| 0a 09 73 74 72 63 70 79 | 28 69 66 72 2e 69 66 72 |..strcpy|(ifr.ifr|
|00001920| 5f 6e 61 6d 65 2c 20 69 | 6e 74 65 72 29 3b 0a 09 |_name, i|nter);..|
|00001930| 69 66 72 2e 69 66 72 5f | 61 64 64 72 2e 73 61 5f |ifr.ifr_|addr.sa_|
|00001940| 66 61 6d 69 6c 79 20 3d | 20 41 46 5f 49 4e 45 54 |family =| AF_INET|
|00001950| 3b 0a 09 69 66 20 28 69 | 6f 63 74 6c 28 74 6d 70 |;..if (i|octl(tmp|
|00001960| 2c 20 53 49 4f 43 47 49 | 46 41 44 44 52 2c 20 26 |, SIOCGI|FADDR, &|
|00001970| 69 66 72 29 20 21 3d 20 | 30 29 0a 09 7b 0a 09 09 |ifr) != |0)..{...|
|00001980| 70 72 69 6e 74 66 28 22 | 45 72 72 6f 72 3a 20 43 |printf("|Error: C|
|00001990| 61 6e 27 74 20 67 65 74 | 20 6f 77 6e 20 49 50 20 |an't get| own IP |
|000019a0| 61 64 64 72 65 73 73 20 | 6f 6e 20 69 6e 74 65 72 |address |on inter|
|000019b0| 66 61 63 65 20 25 73 2e | 5c 6e 22 2c 0a 09 09 09 |face %s.|\n",....|
|000019c0| 69 6e 74 65 72 29 3b 0a | 09 09 65 78 69 74 28 45 |inter);.|..exit(E|
|000019d0| 58 49 54 5f 46 41 49 4c | 29 3b 0a 09 7d 0a 09 63 |XIT_FAIL|);..}..c|
|000019e0| 6c 6f 73 65 28 74 6d 70 | 29 3b 0a 09 73 61 20 3d |lose(tmp|);..sa =|
|000019f0| 20 69 66 72 2e 69 66 72 | 5f 61 64 64 72 3b 0a 0a | ifr.ifr|_addr;..|
|00001a00| 09 2f 2a 20 6c 69 6e 75 | 78 2f 73 6f 63 6b 65 74 |./* linu|x/socket|
|00001a10| 2e 68 3a 0a 09 20 2a 20 | 73 74 72 75 63 74 20 73 |.h:.. * |struct s|
|00001a20| 6f 63 6b 61 64 64 72 20 | 7b 0a 09 20 2a 09 73 61 |ockaddr |{.. *.sa|
|00001a30| 5f 66 61 6d 69 6c 79 5f | 74 20 20 20 20 20 73 61 |_family_|t     sa|
|00001a40| 5f 66 61 6d 69 6c 79 3b | 20 20 20 20 20 20 2a 20 |_family;|      * |
|00001a50| 61 64 64 72 65 73 73 20 | 66 61 6d 69 6c 79 2c 20 |address |family, |
|00001a60| 41 46 5f 78 78 78 20 20 | 20 20 20 20 20 0a 09 20 |AF_xxx  |     .. |
|00001a70| 2a 09 63 68 61 72 20 20 | 20 20 20 20 20 20 20 20 |*.char  |        |
|00001a80| 20 20 73 61 5f 64 61 74 | 61 5b 31 34 5d 3b 20 20 |  sa_dat|a[14];  |
|00001a90| 20 20 2a 20 31 34 20 62 | 79 74 65 73 20 6f 66 20 |  * 14 b|ytes of |
|00001aa0| 70 72 6f 74 6f 63 6f 6c | 20 61 64 64 72 65 73 73 |protocol| address|
|00001ab0| 20 0a 09 20 2a 2f 0a 0a | 09 2f 2a 20 6c 69 6e 75 | .. */..|./* linu|
|00001ac0| 78 2f 69 6e 2e 68 3a 0a | 09 20 2a 20 73 74 72 75 |x/in.h:.|. * stru|
|00001ad0| 63 74 20 73 6f 63 6b 61 | 64 64 72 5f 69 6e 20 7b |ct socka|ddr_in {|
|00001ae0| 0a 09 20 2a 20 73 61 5f | 66 61 6d 69 6c 79 5f 74 |.. * sa_|family_t|
|00001af0| 20 20 20 20 20 20 20 20 | 20 20 20 73 69 6e 5f 66 |        |   sin_f|
|00001b00| 61 6d 69 6c 79 3b 20 20 | 20 20 20 2a 20 41 64 64 |amily;  |   * Add|
|00001b10| 72 65 73 73 20 66 61 6d | 69 6c 79 0a 09 20 2a 09 |ress fam|ily.. *.|
|00001b20| 75 6e 73 69 67 6e 65 64 | 20 73 68 6f 72 74 20 69 |unsigned| short i|
|00001b30| 6e 74 20 20 20 20 73 69 | 6e 5f 70 6f 72 74 3b 20 |nt    si|n_port; |
|00001b40| 20 20 20 20 20 20 2a 20 | 50 6f 72 74 20 6e 75 6d |      * |Port num|
|00001b50| 62 65 72 0a 09 20 2a 09 | 73 74 72 75 63 74 20 69 |ber.. *.|struct i|
|00001b60| 6e 5f 61 64 64 72 20 20 | 20 20 20 20 20 20 73 69 |n_addr  |      si|
|00001b70| 6e 5f 61 64 64 72 3b 20 | 20 20 20 20 20 20 2a 20 |n_addr; |      * |
|00001b80| 49 6e 74 65 72 6e 65 74 | 20 61 64 64 72 65 73 73 |Internet| address|
|00001b90| 0a 09 20 2a 20 2a 20 50 | 61 64 20 74 6f 20 73 69 |.. * * P|ad to si|
|00001ba0| 7a 65 20 6f 66 20 60 73 | 74 72 75 63 74 20 73 6f |ze of `s|truct so|
|00001bb0| 63 6b 61 64 64 72 27 2e | 0a 09 20 2a 0a 09 20 2a |ckaddr'.|.. *.. *|
|00001bc0| 20 2a 20 49 6e 74 65 72 | 6e 65 74 20 61 64 64 72 | * Inter|net addr|
|00001bd0| 65 73 73 2e 0a 09 20 2a | 20 73 74 72 75 63 74 20 |ess... *| struct |
|00001be0| 69 6e 5f 61 64 64 72 20 | 7b 0a 09 20 2a 09 5f 5f |in_addr |{.. *.__|
|00001bf0| 75 33 32 20 20 20 73 5f | 61 64 64 72 3b 0a 09 20 |u32   s_|addr;.. |
|00001c00| 2a 2f 0a 0a 09 72 65 74 | 75 72 6e 20 6e 74 6f 68 |*/...ret|urn ntoh|
|00001c10| 6c 28 20 28 28 73 74 72 | 75 63 74 20 73 6f 63 6b |l( ((str|uct sock|
|00001c20| 61 64 64 72 5f 69 6e 2a | 29 26 73 61 29 2d 3e 73 |addr_in*|)&sa)->s|
|00001c30| 69 6e 5f 61 64 64 72 2e | 73 5f 61 64 64 72 20 29 |in_addr.|s_addr )|
|00001c40| 3b 0a 7d 0a 0a 0a 0a 76 | 6f 69 64 20 61 63 63 74 |;.}....v|oid acct|
|00001c50| 5f 6d 61 69 6e 28 76 6f | 69 64 20 2a 69 67 6e 6f |_main(vo|id *igno|
|00001c60| 72 65 64 29 0a 7b 0a 09 | 63 68 61 72 20 65 72 72 |red).{..|char err|
|00001c70| 5b 50 43 41 50 5f 45 52 | 52 42 55 46 5f 53 49 5a |[PCAP_ER|RBUF_SIZ|
|00001c80| 45 5d 3b 0a 0a 09 69 66 | 20 28 21 6c 6f 63 61 6c |E];...if| (!local|
|00001c90| 5f 69 70 29 20 6c 6f 63 | 61 6c 5f 69 70 20 3d 20 |_ip) loc|al_ip = |
|00001ca0| 67 65 74 5f 6c 6f 63 61 | 6c 5f 69 70 28 61 63 63 |get_loca|l_ip(acc|
|00001cb0| 74 64 65 76 29 3b 0a 09 | 70 72 69 6e 74 66 28 22 |tdev);..|printf("|
|00001cc0| 53 6e 69 66 66 69 6e 67 | 20 6f 6e 20 64 65 76 69 |Sniffing| on devi|
|00001cd0| 63 65 20 25 73 2c 20 6c | 6f 63 61 6c 20 49 50 20 |ce %s, l|ocal IP |
|00001ce0| 69 73 20 22 2c 20 61 63 | 63 74 64 65 76 29 3b 0a |is ", ac|ctdev);.|
|00001cf0| 09 70 72 69 6e 74 5f 61 | 64 64 72 28 6c 6f 63 61 |.print_a|ddr(loca|
|00001d00| 6c 5f 69 70 29 3b 0a 09 | 70 75 74 63 68 61 72 28 |l_ip);..|putchar(|
|00001d10| 27 5c 6e 27 29 3b 0a 0a | 09 69 6e 69 74 5f 64 62 |'\n');..|.init_db|
|00001d20| 28 29 3b 0a 09 69 6e 69 | 74 5f 67 72 61 70 68 28 |();..ini|t_graph(|
|00001d30| 29 3b 0a 09 6c 6f 61 64 | 5f 64 62 28 64 62 5f 66 |);..load|_db(db_f|
|00001d40| 69 6c 65 29 3b 0a 0a 09 | 6c 6f 63 61 6c 5f 68 6f |ile);...|local_ho|
|00001d50| 73 74 5f 72 65 63 20 3d | 20 68 6f 73 74 5f 66 72 |st_rec =| host_fr|
|00001d60| 6f 6d 5f 69 70 28 6c 6f | 63 61 6c 5f 69 70 29 3b |om_ip(lo|cal_ip);|
|00001d70| 0a 0a 09 61 63 63 74 5f | 70 63 61 70 20 3d 20 70 |...acct_|pcap = p|
|00001d80| 63 61 70 5f 6f 70 65 6e | 5f 6c 69 76 65 28 61 63 |cap_open|_live(ac|
|00001d90| 63 74 64 65 76 2c 20 31 | 30 30 2c 20 70 72 6f 6d |ctdev, 1|00, prom|
|00001da0| 69 73 63 2c 20 50 43 41 | 50 5f 54 49 4d 45 4f 55 |isc, PCA|P_TIMEOU|
|00001db0| 54 2c 20 65 72 72 29 3b | 0a 09 69 66 20 28 21 61 |T, err);|..if (!a|
|00001dc0| 63 63 74 5f 70 63 61 70 | 29 0a 09 7b 0a 09 09 70 |cct_pcap|)..{...p|
|00001dd0| 72 69 6e 74 66 28 22 45 | 72 72 6f 72 3a 20 70 63 |rintf("E|rror: pc|
|00001de0| 61 70 5f 6f 70 65 6e 5f | 6c 69 76 65 28 25 73 29 |ap_open_|live(%s)|
|00001df0| 3a 20 25 73 5c 6e 22 0a | 09 09 09 22 41 72 65 20 |: %s\n".|..."Are |
|00001e00| 79 6f 75 20 6e 6f 74 20 | 72 75 6e 6e 69 6e 67 20 |you not |running |
|00001e10| 61 73 20 72 6f 6f 74 3f | 5c 6e 22 2c 20 61 63 63 |as root?|\n", acc|
|00001e20| 74 64 65 76 2c 20 65 72 | 72 29 3b 0a 09 09 46 41 |tdev, er|r);...FA|
|00001e30| 49 4c 28 29 3b 0a 09 7d | 0a 0a 09 69 66 20 28 61 |IL();..}|...if (a|
|00001e40| 63 63 74 65 78 70 72 29 | 0a 09 7b 0a 09 09 73 74 |cctexpr)|..{...st|
|00001e50| 72 75 63 74 20 62 70 66 | 5f 70 72 6f 67 72 61 6d |ruct bpf|_program|
|00001e60| 20 65 78 70 72 5f 63 6f | 6d 70 69 6c 65 64 3b 0a | expr_co|mpiled;.|
|00001e70| 09 09 2f 2a 62 70 66 5f | 75 5f 69 6e 74 33 32 20 |../*bpf_|u_int32 |
|00001e80| 6e 65 74 2c 20 6d 61 73 | 6b 3b 2a 2f 0a 09 09 2f |net, mas|k;*/.../|
|00001e90| 2a 70 63 61 70 5f 6c 6f | 6f 6b 75 70 6e 65 74 28 |*pcap_lo|okupnet(|
|00001ea0| 6e 65 74 64 65 76 2c 20 | 26 6e 65 74 2c 20 26 6d |netdev, |&net, &m|
|00001eb0| 61 73 6b 2c 20 65 72 72 | 29 3b 2a 2f 0a 0a 09 09 |ask, err|);*/....|
|00001ec0| 69 66 20 28 70 63 61 70 | 5f 63 6f 6d 70 69 6c 65 |if (pcap|_compile|
|00001ed0| 28 61 63 63 74 5f 70 63 | 61 70 2c 20 26 65 78 70 |(acct_pc|ap, &exp|
|00001ee0| 72 5f 63 6f 6d 70 69 6c | 65 64 2c 0a 09 09 09 61 |r_compil|ed,....a|
|00001ef0| 63 63 74 65 78 70 72 2c | 20 31 2c 20 30 20 2f 2a |cctexpr,| 1, 0 /*|
|00001f00| 6e 65 74 2a 2f 29 20 3d | 3d 20 2d 31 29 0a 09 09 |net*/) =|= -1)...|
|00001f10| 7b 0a 09 09 09 70 72 69 | 6e 74 66 28 22 45 72 72 |{....pri|ntf("Err|
|00001f20| 6f 72 3a 20 70 63 61 70 | 5f 63 6f 6d 70 69 6c 65 |or: pcap|_compile|
|00001f30| 28 29 20 66 61 69 6c 65 | 64 3a 20 25 73 5c 6e 22 |() faile|d: %s\n"|
|00001f40| 2c 20 65 72 72 29 3b 0a | 09 09 09 46 41 49 4c 28 |, err);.|...FAIL(|
|00001f50| 29 3b 0a 09 09 7d 0a 0a | 09 09 69 66 20 28 70 63 |);...}..|..if (pc|
|00001f60| 61 70 5f 73 65 74 66 69 | 6c 74 65 72 28 61 63 63 |ap_setfi|lter(acc|
|00001f70| 74 5f 70 63 61 70 2c 20 | 26 65 78 70 72 5f 63 6f |t_pcap, |&expr_co|
|00001f80| 6d 70 69 6c 65 64 29 20 | 3d 3d 20 2d 31 29 0a 09 |mpiled) |== -1)..|
|00001f90| 09 7b 0a 09 09 09 70 72 | 69 6e 74 66 28 22 45 72 |.{....pr|intf("Er|
|00001fa0| 72 6f 72 3a 20 70 63 61 | 70 5f 73 65 74 66 69 6c |ror: pca|p_setfil|
|00001fb0| 74 65 72 28 29 20 66 61 | 69 6c 65 64 3a 20 25 73 |ter() fa|iled: %s|
|00001fc0| 5c 6e 22 2c 20 65 72 72 | 29 3b 0a 09 09 09 46 41 |\n", err|);....FA|
|00001fd0| 49 4c 28 29 3b 0a 09 09 | 7d 0a 23 69 66 64 65 66 |IL();...|}.#ifdef|
|00001fe0| 20 48 41 56 45 5f 46 52 | 45 45 43 4f 44 45 0a 09 | HAVE_FR|EECODE..|
|00001ff0| 09 70 63 61 70 5f 66 72 | 65 65 63 6f 64 65 28 26 |.pcap_fr|eecode(&|
|00002000| 65 78 70 72 5f 63 6f 6d | 70 69 6c 65 64 29 3b 0a |expr_com|piled);.|
|00002010| 23 65 6e 64 69 66 0a 09 | 7d 0a 0a 0a 0a 09 74 5f |#endif..|}.....t_|
|00002020| 6c 61 73 74 73 61 76 65 | 20 3d 20 74 5f 73 74 61 |lastsave| = t_sta|
|00002030| 72 74 20 3d 20 74 69 6d | 65 28 4e 55 4c 4c 29 3b |rt = tim|e(NULL);|
|00002040| 0a 09 61 63 63 74 5f 6c | 69 6e 6b 74 79 70 65 20 |..acct_l|inktype |
|00002050| 3d 20 70 63 61 70 5f 64 | 61 74 61 6c 69 6e 6b 28 |= pcap_d|atalink(|
|00002060| 61 63 63 74 5f 70 63 61 | 70 29 3b 0a 0a 09 70 72 |acct_pca|p);...pr|
|00002070| 69 6e 74 66 28 22 41 43 | 43 54 3a 20 43 61 70 74 |intf("AC|CT: Capt|
|00002080| 75 72 69 6e 67 20 74 72 | 61 66 66 69 63 2e 2e 2e |uring tr|affic...|
|00002090| 5c 6e 22 0a 09 20 20 20 | 20 20 20 20 22 50 6f 69 |\n"..   |    "Poi|
|000020a0| 6e 74 20 79 6f 75 72 20 | 62 72 6f 77 73 65 72 20 |nt your |browser |
|000020b0| 61 74 20 68 74 74 70 3a | 2f 2f 6c 6f 63 61 6c 68 |at http:|//localh|
|000020c0| 6f 73 74 3a 25 64 2f 20 | 74 6f 20 73 65 65 20 74 |ost:%d/ |to see t|
|000020d0| 68 65 20 73 74 61 74 73 | 2e 22 0a 09 20 20 20 20 |he stats|."..    |
|000020e0| 20 20 20 22 5c 6e 5c 6e | 22 2c 20 77 65 62 70 6f |   "\n\n|", webpo|
|000020f0| 72 74 29 3b 0a 09 75 70 | 5f 61 63 63 74 20 3d 20 |rt);..up|_acct = |
|00002100| 31 3b 0a 0a 09 77 68 69 | 6c 65 20 28 21 73 68 75 |1;...whi|le (!shu|
|00002110| 74 74 69 6e 67 5f 64 6f | 77 6e 29 0a 09 7b 0a 09 |tting_do|wn)..{..|
|00002120| 09 73 74 72 75 63 74 20 | 70 63 61 70 5f 73 74 61 |.struct |pcap_sta|
|00002130| 74 20 70 73 3b 0a 0a 09 | 09 2f 2a 20 63 61 70 74 |t ps;...|./* capt|
|00002140| 75 72 65 20 73 6f 6d 65 | 20 70 61 63 6b 65 74 73 |ure some| packets|
|00002150| 20 66 6f 72 20 61 63 63 | 6f 75 6e 74 69 6e 67 20 | for acc|ounting |
|00002160| 2a 2f 0a 09 09 69 66 20 | 28 70 63 61 70 5f 64 69 |*/...if |(pcap_di|
|00002170| 73 70 61 74 63 68 28 61 | 63 63 74 5f 70 63 61 70 |spatch(a|cct_pcap|
|00002180| 2c 20 2d 31 2c 0a 09 09 | 09 28 70 63 61 70 5f 68 |, -1,...|.(pcap_h|
|00002190| 61 6e 64 6c 65 72 29 68 | 61 6e 64 6c 65 5f 70 6b |andler)h|andle_pk|
|000021a0| 74 2c 20 22 61 62 63 22 | 29 20 3d 3d 20 2d 31 29 |t, "abc"|) == -1)|
|000021b0| 0a 09 09 7b 0a 09 09 09 | 70 72 69 6e 74 66 28 22 |...{....|printf("|
|000021c0| 45 72 72 6f 72 3a 20 70 | 63 61 70 5f 64 69 73 70 |Error: p|cap_disp|
|000021d0| 61 74 63 68 28 29 3a 20 | 25 73 5c 6e 22 2c 0a 09 |atch(): |%s\n",..|
|000021e0| 09 09 09 70 63 61 70 5f | 67 65 74 65 72 72 28 61 |...pcap_|geterr(a|
|000021f0| 63 63 74 5f 70 63 61 70 | 29 29 3b 0a 09 09 09 46 |cct_pcap|));....F|
|00002200| 41 49 4c 28 29 3b 0a 09 | 09 7d 0a 0a 09 09 2f 2a |AIL();..|.}..../*|
|00002210| 20 70 72 69 6e 74 20 6f | 75 74 20 63 61 70 20 73 | print o|ut cap s|
|00002220| 74 61 74 69 73 74 69 63 | 73 20 2a 2f 09 0a 09 09 |tatistic|s */....|
|00002230| 69 66 20 28 76 65 72 62 | 6f 73 65 29 0a 09 09 7b |if (verb|ose)...{|
|00002240| 0a 09 09 09 70 63 61 70 | 5f 73 74 61 74 73 28 61 |....pcap|_stats(a|
|00002250| 63 63 74 5f 70 63 61 70 | 2c 20 26 70 73 29 3b 0a |cct_pcap|, &ps);.|
|00002260| 09 09 09 70 72 69 6e 74 | 66 28 22 50 61 63 6b 65 |...print|f("Packe|
|00002270| 74 73 3a 20 72 65 63 65 | 69 76 65 64 20 25 64 2c |ts: rece|ived %d,|
|00002280| 20 64 72 6f 70 70 65 64 | 20 25 64 20 28 61 63 63 | dropped| %d (acc|
|00002290| 74 29 5c 6e 22 2c 0a 09 | 09 09 09 70 73 2e 70 73 |t)\n",..|...ps.ps|
|000022a0| 5f 72 65 63 76 2c 20 70 | 73 2e 70 73 5f 64 72 6f |_recv, p|s.ps_dro|
|000022b0| 70 29 3b 0a 09 09 7d 0a | 0a 09 09 2f 2a 20 63 6f |p);...}.|.../* co|
|000022c0| 6d 6d 69 74 20 64 62 20 | 74 6f 20 64 69 73 6b 20 |mmit db |to disk |
|000022d0| 69 66 20 65 6e 6f 75 67 | 68 20 74 69 6d 65 20 68 |if enoug|h time h|
|000022e0| 61 73 20 70 61 73 73 65 | 64 20 2a 2f 0a 09 09 69 |as passe|d */...i|
|000022f0| 66 20 28 74 69 6d 65 28 | 4e 55 4c 4c 29 20 2d 20 |f (time(|NULL) - |
|00002300| 74 5f 6c 61 73 74 73 61 | 76 65 20 3e 20 53 41 56 |t_lastsa|ve > SAV|
|00002310| 45 5f 54 49 4d 45 29 0a | 09 09 7b 0a 09 09 09 74 |E_TIME).|..{....t|
|00002320| 5f 6c 61 73 74 73 61 76 | 65 20 3d 20 74 69 6d 65 |_lastsav|e = time|
|00002330| 28 4e 55 4c 4c 29 3b 0a | 09 09 09 73 61 76 65 5f |(NULL);.|...save_|
|00002340| 64 62 28 64 62 5f 66 69 | 6c 65 29 3b 0a 09 09 7d |db(db_fi|le);...}|
|00002350| 0a 09 7d 0a 0a 09 70 63 | 61 70 5f 63 6c 6f 73 65 |..}...pc|ap_close|
|00002360| 28 61 63 63 74 5f 70 63 | 61 70 29 3b 0a 0a 09 70 |(acct_pc|ap);...p|
|00002370| 72 69 6e 74 66 28 22 41 | 43 43 54 3a 20 4f 75 74 |rintf("A|CCT: Out|
|00002380| 20 6f 66 20 63 61 70 74 | 75 72 65 20 6c 6f 6f 70 | of capt|ure loop|
|00002390| 2e 5c 6e 22 29 3b 0a 09 | 53 55 43 43 45 45 44 28 |.\n");..|SUCCEED(|
|000023a0| 29 3b 20 2f 2a 20 69 6d | 70 6c 69 65 73 20 75 70 |); /* im|plies up|
|000023b0| 5f 61 63 63 74 20 3d 20 | 30 20 2a 2f 0a 7d 0a 0a |_acct = |0 */.}..|
|000023c0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000023d0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000023e0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000023f0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00002400| 00 00 01 00 00 00 01 00 | 00 00 00 00 00 00 00 1e |........|........|
|00002410| 54 68 69 73 20 72 65 73 | 6f 75 72 63 65 20 66 6f |This res|ource fo|
|00002420| 72 6b 20 69 6e 74 65 6e | 74 69 6f 6e 61 6c 6c 79 |rk inten|tionally|
|00002430| 20 6c 65 66 74 20 62 6c | 61 6e 6b 20 20 20 00 00 | left bl|ank   ..|
|00002440| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00002450| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00002460| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00002470| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00002480| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00002490| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000024a0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000024b0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000024c0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000024d0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000024e0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000024f0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00002500| 00 00 01 00 00 00 01 00 | 00 00 00 00 00 00 00 1e |........|........|
|00002510| 00 00 00 00 00 00 00 00 | 00 1c 00 1e ff ff 00 00 |........|........|
|00002520| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00002530| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00002540| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00002550| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00002560| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00002570| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
+--------+-------------------------+-------------------------+--------+--------+