// #include <Python.h>#include <pcap.h>#include <pcap/pcap.h>#include <s

1. // #include <Python.h>
2.  
3. #include <pcap.h>
4. #include <pcap/pcap.h>
5. #include <stdio.h>
6. #include <sys/types.h>
7. #include <sys/socket.h>
8. #include <arpa/inet.h>
9. #include <netpacket/packet.h>
10. #include <net/ethernet.h> /* the L2 protocols */
11. #include <net/if.h>
12. #include <netdb.h>
13. #include <strings.h>
14. #include <stdio.h>
15. #include <string.h>
16. #include <stdlib.h>
17. #include <netinet/in.h> /* sockaddr_in{} and other Internet defns */
18. #include <netinet/udp.h>
19. #include <netinet/ip.h>
20. #include <netinet/ip6.h>
21. #include <ctype.h>
22. #include <sys/types.h>
23. #include <sys/socket.h>
24. #include <arpa/inet.h>
25. #include <sys/ioctl.h>
26. #include <time.h>
27. #include <stdio.h>
28.  
29. #define SNAP_LEN 100
30.  
31. char *dev; /* The device to sniff on */
32.  
33. int tcp=0;
34. double tcp_bps = 0;
35. double tcp_avg_pckt = 0;
36. int tcp_sum_len = 0;
37. int udp=0;
38. int udp_sum_len = 0;
39. double udp_bps = 0;
40. double udp_avg_pckt = 0;
41. int icmp=0;
42. int icmp_sum_len = 0;
43. double icmp_bps = 0;
44. double icmp_avg_pckt = 0;
45. int sctp=0;
46. int sctp_sum_len = 0;
47. double sctp_bps = 0;
48. double sctp_avg_pckt = 0;
49. int icmp6=0;
50. int icmp6_sum_len = 0;
51. double icmp6_bps = 0;
52. double icmp6_avg_pckt = 0;
53.  
54. time_t start, duration;
55. int ip4=0;
56. int ip6 = 0;
57. int unknown=0;
58. int unknown_ethertype = 0;
59.  
60. int cols = 80;
61. int lines = 24;
62.  
63. int analyse(const u_char* buff, struct pcap_pkthdr header)
64. {
65.  
66. int n = header.len;
67.  
68. struct ethhdr *hdr;
69. struct ip *ipv4hdr;
70. struct ip6_hdr *ipv6hdr;
71. hdr = (struct ethhdr *)buff;
72.  
73. int type = ntohs(hdr->h_proto);
74. switch(type) {
75. case ETHERTYPE_IPV6:
76. ipv6hdr = (struct ip6_hdr *)(buff+sizeof(struct ethhdr));
77. ip6++;
78. switch(ipv6hdr->ip6_nxt) {
79. case IPPROTO_TCP:
80. tcp++;
81. tcp_sum_len = tcp_sum_len + ntohs(ipv6hdr->ip6_plen) +40;
82. break;
83. case IPPROTO_UDP:
84. udp++;
85. udp_sum_len = udp_sum_len + ntohs(ipv6hdr->ip6_plen) + 40;
86. break;
87. case IPPROTO_SCTP:
88. sctp++;
89. sctp_sum_len = sctp_sum_len + ntohs(ipv6hdr->ip6_plen) + 40;
90. break;
91. case IPPROTO_ICMPV6:
92. icmp6++;
93. icmp6_sum_len = icmp6_sum_len + ntohs(ipv6hdr->ip6_plen) + 40;
94. break;
95. default:
96. unknown++;
97. break;
98. }
99. break;
100. case ETHERTYPE_IP:
101. ipv4hdr = (struct ip *)(buff+sizeof(struct ethhdr));
102. ip4++;
103. switch(ipv4hdr->ip_p) {
104. case IPPROTO_TCP:
105. tcp++;
106. tcp_sum_len = tcp_sum_len + ntohs(ipv4hdr->ip_len);
107. break;
108. case IPPROTO_UDP:
109. udp++;
110. udp_sum_len = udp_sum_len + ntohs(ipv4hdr->ip_len);
111. break;
112. case IPPROTO_ICMP:
113. icmp++;
114. icmp_sum_len = icmp_sum_len + ntohs(ipv4hdr->ip_len);
115. break;
116. case IPPROTO_SCTP:
117. sctp++;
118. sctp_sum_len = sctp_sum_len + ntohs(ipv4hdr->ip_len);
119. break;
120. default:
121. unknown++;
122. break;
123. }
124. break;
125. default:
126. unknown_ethertype++;
127. break;
128. }
129. return n;
130. }
131.  
132. pcap_t* setup(char* device, char* filter_exp)
133. {
134. char errbuf[PCAP_ERRBUF_SIZE]; /* Error string */
135. struct bpf_program fp; /* The compiled filter */
136. bpf_u_int32 mask; /* Our netmask */
137. bpf_u_int32 net; /* Our IP */
138. char str1[INET6_ADDRSTRLEN], str2[INET6_ADDRSTRLEN];
139. pcap_if_t *alldevsp=NULL, *devsp=NULL;
140. pcap_addr_t *p_addr;
141.  
142. /* Define the device */
143. dev = pcap_lookupdev(errbuf);
144. if (dev == NULL) {
145. fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
146. }
147.  
148. /* Find the properties for the default device */
149. if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
150. fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf);
151. net = 0;
152. mask = 0;
153. }
154.  
155. /* Open the session in promiscuous mode */
156. pcap_t* handle = pcap_open_live(device, SNAP_LEN, 1, 2000, errbuf);
157.  
158. if (handle == NULL) {
159. fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
160. }
161.  
162. // printf("Link header = %s\n", pcap_datalink_val_to_name( pcap_datalink(handle)));
163. if( pcap_set_datalink(handle,DLT_EN10MB) == -1 ){
164. printf("pcap_set_datalink error!");
165. }
166. /* Compile and apply the filter */
167. if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
168. fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
169. }
170. if (pcap_setfilter(handle, &fp) == -1) {
171. fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
172. }
173. struct winsize ts;
174. ioctl(0, TIOCGWINSZ, &ts);
175. cols = ts.ws_col;
176. lines = ts.ws_row;
177.  
178.  
179. return handle;
180. }
181.  
182. void compute_data(){
183. duration = time(NULL)-start;
184. if(tcp > 0 && duration > 0){
185. tcp_avg_pckt = (double)tcp_sum_len / (double)tcp;
186. tcp_bps = (double)tcp_sum_len / (double)duration;
187. }
188. if(udp > 0 && duration > 0){
189. udp_avg_pckt = (double)udp_sum_len / (double)udp;
190. udp_bps = (double)udp_sum_len / (double)duration;
191. }
192. if(icmp > 0 && duration > 0){
193. icmp_avg_pckt = (double)icmp_sum_len / (double)icmp;
194. icmp_bps = (double)icmp_sum_len / (double)duration;
195. }
196. if(sctp > 0 && duration > 0){
197. sctp_avg_pckt = (double)sctp_sum_len / (double)sctp;
198. sctp_bps = (double)sctp_sum_len / (double)duration;
199. }
200. if(icmp6 > 0 && duration > 0){
201. icmp6_avg_pckt = (double)icmp6_sum_len / (double)icmp6;
202. icmp6_bps = (double)icmp6_sum_len / (double)duration;
203. }
204. }
205.  
206. void print_data(){
207. system("clear");
208. printf(" Listening on: %s\n", dev);
209. printf("Protocol(ipv4)\t packets \t average bps\t average packet size\n");
210.  
211. printf("\nTCP\t\t %i\t\t %0.2f\t\t %0.2f\n", tcp, tcp_bps, tcp_avg_pckt);
212. printf("\nUDP\t\t %i\t\t %0.2f\t\t %0.2f\n", udp, udp_bps, udp_avg_pckt);
213. printf("\nICMP\t\t %i\t\t %0.2f\t\t %0.2f\n", icmp, icmp_bps, icmp_avg_pckt);
214. printf("\nSCTP\t\t %i\t\t %0.2f\t\t %0.2f\n", sctp, sctp_bps, sctp_avg_pckt);
215. printf("\nICMPV6\t\t %i\t\t %0.2f\t\t %0.2f\n", icmp6, icmp6_bps, icmp6_avg_pckt);
216. printf("\nunknown:\t %i\n",unknown);
217.  
218. printf("\nIPv4 packets: %i\nIPv6 packets: %i\nOther EtherType: %i", ip4, ip6, unknown_ethertype);
219. printf("\nduration: %ld seconds\n", duration);
220. }
221.  
222. int main(int argc, char *argv[])
223. {
224.  
225.  
226. struct pcap_pkthdr header; /* The header that pcap gives us */
227. const u_char *buff; /* The actual packet */
228. char buf[100];
229. char filter_exp[1024] = ""; /* The filter expression */
230.  
231. int n;
232. int datalink=0;
233.  
234. if( argc == 3)
235. strncpy(filter_exp, argv[2], 2048);
236.  
237. if ( (argc != 2) && (argc != 3) ){
238. fprintf(stderr, "usage: %s <Interface name> '<filter>'\n", argv[0]);
239. return 1;
240. }
241.  
242. pcap_t *handle = setup(argv[1], filter_exp);
243. start = time(NULL);
244.  
245. int i=0, j=0;
246. for(;;){
247. j++;
248. buff = pcap_next(handle, &header);
249. if(buff == NULL)
250. continue;
251.  
252. datalink = pcap_datalink(handle);
253.  
254. i += analyse(buff, header);
255. compute_data();
256. print_data();
257. }
258.  
259. printf("Sniffed %d packets\n",j);
260. /* And close the session */
261. pcap_close(handle);
262. return(0);
263. }