/* Connection description detection file */
/* - by: Brecht Claerhout */
/* Simple PORT BASED detection */
/*** FTP sessions ********************************************************/
if(
(ntohs(tcphead.source)==FTP_DATA_1)||(ntohs(tcphead.destination)==FTP_DATA_1) )
{strcpy(desc_string, "FTP DATA");}
if( (ntohs(tcphead.source)==FTP_1)||(ntohs(tcphead.destination)==FTP_1) )
{
if(info->DATA_len==0)
strcpy(desc_string, "FTP");
if(info->DATA_len>5)
{
const unsigned char *data= sp+PROTO_HEAD+info->IP_len+info->TCP_len;
strcpy(desc_string,"FTP: ");
j=5; /* 5 = "FTP: " */
for(i=0;i<info->DATA_len;i++)
{
if( (isalnum(data[i]) || ispunct(data[i]) || data[i]==' ')&&(j<(*DESC_LEN)-1) )
{desc_string[j]=data[i]; desc_string[j+1]=0; j++; }
else
{if( (isspace(data[i]) && data[i]!=' ')&&(j<(*DESC_LEN)-1) )
{desc_string[j]=' '; desc_string[j+1]=0; j++; }
}
}
}
}
/*** TELNET sessions *****************************************************/
if( (ntohs(tcphead.source)==TELNET_1)||(ntohs(tcphead.destination)==TELNET_1) )
{strcpy(desc_string, "TELNET");}
/*** SSH sessions ********************************************************/
if( (ntohs(tcphead.source)==SSH_1)||(ntohs(tcphead.destination)==SSH_1) )
{strcpy(desc_string, "Secure Shell");}
/*** MAIL sessions *****************************************************/
if( (ntohs(tcphead.source)==MAIL_1)||(ntohs(tcphead.destination)==MAIL_1) )
{strcpy(desc_string, "MAIL");}
/*** IDENT **************************************************************/
if( (ntohs(tcphead.source)==IDENT_1)||(ntohs(tcphead.destination)==IDENT_1) )
{strcpy(desc_string, "IDENT");}
/*** IRC ***************************************************************/
if( (ntohs(tcphead.source)==IRC_1)||(ntohs(tcphead.destination)==IRC_1) )
{strcpy(desc_string, "IRC");}
/*** X11 sessions *******************************************************/
if( (ntohs(tcphead.source)==X11_1)||(ntohs(tcphead.destination)==X11_1) )
{strcpy(desc_string, "X-Windows");}
/*** HTTP ***************************************************************/
if( (ntohs(tcphead.source)==HTTP_1)||(ntohs(tcphead.source)==HTTP_2)||
(ntohs(tcphead.source)==HTTP_3)||(ntohs(tcphead.source)==HTTP_4)
)
{
strcpy(desc_string, "HTTP");
}
if( (ntohs(tcphead.destination)==HTTP_1)||(ntohs(tcphead.destination)==HTTP_2) ||
(ntohs(tcphead.destination)==HTTP_3)||(ntohs(tcphead.destination)==HTTP_4)
)
{
if(info->DATA_len==0)
strcpy(desc_string, "HTTP");
if(info->DATA_len>5)
{
const unsigned char *data= sp+PROTO_HEAD+info->IP_len+info->TCP_len;
strcpy(desc_string,"HTTP: ");
j=6; /* 5 = "HTTP: " */
for(i=0;i<info->DATA_len;i++)
if( (isalnum(data[i]) || ispunct(data[i]) || data[i]==' ')&&(j<(*DESC_LEN)-1) )
{desc_string[j]=data[i]; desc_string[j+1]=0; j++; }
else
{if( (isspace(data[i]) && data[i]!=' ')&&(j<(*DESC_LEN)-1) )
{desc_string[j]=' '; desc_string[j+1]=0; j++; }
}
}
}
syntax highlighted by Code2HTML, v. 0.9.1