[delphi] pcap header 살펴보기

2018-04-09

pcap header 살펴보기

Data Type

1
2
3
4
5
6
7
8
9
┌───────────────────┐
│GLib     │C              │Delphi    │
├───────────────────┤
│guint32  │unsigned int   │LongWord  │
│guint16  │unsigned short │Word      │
│gint32   │signed int     │Integer   │
│         │unsigned char  │Byte      │
│         │unsigned int16 │word      │
┖───────────────────┘

GLOBAL HEADER 구조체

1
2
3
4
5
6
7
8
9
10
11
type
  TGLOBAL_HEADER = record
    magic_number: LongWord;
    version_major: Word;
    version_minor: Word;
    thiszone: Integer;
    sigfigs: LongWord;
    snaplen: LongWord;
    network: LongWord;
  end;
  PGLOBAL_HEADER = ^TGLOBAL_HEADER;

PACKET HEADER 구조체

1
2
3
4
5
6
7
8
type
  TPACKET_HEADER = record
    ts_sec: LongWord;
    ts_usec: LongWord;
    incl_len: LongWord;
    orig_len: LongWord;
  end;
  PPACKET_HEADER = ^TPACKET_HEADER;

PACKET DATA

  • 특정 바이트 정렬없이 incl_len 바이트의 데이터 blob로서 패킷 헤더 바로 뒤에 옵니다.

Layer2, Layer3, Layer4

  • 나중에 시간나면 추가…

CODE

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
procedure Init(rGHeader: PGLOBAL_HEADER); overload;
begin
  rGHeader^.magic_number := StrToInt('$A1B2C3D4');
  rGHeader^.version_major := 2;
  rGHeader^.version_minor := 4;
  rGHeader^.thiszone := 0;
  rGHeader^.sigfigs := 0;
  rGHeader^.snaplen := 65535;
  rGHeader^.network := 1;
end;

procedure Init(rPHeader: PPACKET_HEADER); overload;
begin
  rPHeader^.ts_sec := StrToInt('$5AA5438E');
  rPHeader^.ts_usec := 0;
  rPHeader^.incl_len := 0;
  rPHeader^.orig_len := 0;
end;

function GetGlobalHeaderBinary: TBytes;
var
  ms: TMemoryStream;
  rG: PGLOBAL_HEADER;
begin
  New(rG);
  Init(rG);

  ms := TMemoryStream.Create;
  ms.WriteData(rG, SizeOf(TGLOBAL_HEADER));

  ms.Position := 0;
  SetLength(Result, ms.Size);
  ms.ReadData(Result, ms.Size);

  ms.Free;
  Dispose(rG);
end;

function GetPacketHeaderBinary(b: TBytes): TBytes;
var
  ms: TMemoryStream;
  rP: PPACKET_HEADER;
begin
  New(rP);
  Init(rP);

  rP^.incl_len := Length(b);
  rP^.orig_len := Length(b);

  ms := TMemoryStream.Create;
  ms.WriteData(rP, SizeOf(TPACKET_HEADER));
  ms.WriteData(b, Length(b));

  ms.Position := 0;
  SetLength(Result, ms.Size);
  ms.ReadData(Result, ms.Size);

  ms.Free;
  Dispose(rP);
end;

function GetPcapBinary(b: TBytes): TBytes;
begin
  Result := GetGlobalHeaderBinary + GetPacketHeaderBinary(b);
end;

참고

Tags: delphi pcap
[book] 소프트 스킬(평범한 개발자의 비범한 인생 전략 71가지) [delphi] 컴포넌트 이동하기(Moving components)