[OCLUG-devel] Payload printing
John de la Garza
john at jjdev.com
Tue Apr 29 12:00:38 PDT 2014
On Tue, Apr 29, 2014 at 02:20:13PM -0400, Joshua Robinson wrote:
> Greetings OLugers,
>
> Need to catch in my C program, SMTP, POP, IMAP, HTTP, and print their
> payload. So far I don't even get the printf(...) statements.
>
> Am I missing something ? ideas ? --- Thanks.
>
>
> //*********** my c-callback function ***********
>
> // CallBack
> void raw_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
> {
> u_int length = h->len;
> u_int caplen = h->caplen;
>
> // net/ethernet.h
> struct ether_header *pkt = (struct ether_header *)p;
>
> p += sizeof(struct ether_header);
> pip = (struct ip*)p;
>
> //isprint();
>
> if(NULL != pip) {
> //SMTP-POP-IMAP-HTTP
> if (pip->ip_p == 80) {
> printf(" *** HTTP Protocol ***\n");
> num_http_pkt++;
> }
>
> if (pip->ip_p == 25) {
> printf(" *** SMTP Protocol ***\n");
> num_smtp_pkt++;
> }
>
> if (/*pip->ip_p == 995 ||*/ pip->ip_p == 110) {
> printf(" ***POP3 or POP over SSL Protocol ***\n");
> num_pop_pkt++;
> }
> }else{
> printf(" *** pip == NULL ****\n");
> }
> ....
> }
>
Can you confirm that the callback is being called on the recpetion of a
packet (before it checks the port)?
More information about the OCLUG-devel
mailing list