Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // #include <Python.h>
- #include <pcap.h>
- #include <pcap/pcap.h>
- #include <stdio.h>
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <arpa/inet.h>
- #include <netpacket/packet.h>
- #include <net/ethernet.h> /* the L2 protocols */
- #include <net/if.h>
- #include <netdb.h>
- #include <strings.h>
- #include <stdio.h>
- #include <string.h>
- #include <stdlib.h>
- #include <netinet/in.h> /* sockaddr_in{} and other Internet defns */
- #include <netinet/udp.h>
- #include <netinet/ip.h>
- #include <netinet/ip6.h>
- #include <ctype.h>
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <arpa/inet.h>
- #include <sys/ioctl.h>
- #include <time.h>
- #include <stdio.h>
- #define SNAP_LEN 100
- char *dev; /* The device to sniff on */
- int tcp=0;
- double tcp_bps = 0;
- double tcp_avg_pckt = 0;
- int tcp_sum_len = 0;
- int udp=0;
- int udp_sum_len = 0;
- double udp_bps = 0;
- double udp_avg_pckt = 0;
- int icmp=0;
- int icmp_sum_len = 0;
- double icmp_bps = 0;
- double icmp_avg_pckt = 0;
- int sctp=0;
- int sctp_sum_len = 0;
- double sctp_bps = 0;
- double sctp_avg_pckt = 0;
- int icmp6=0;
- int icmp6_sum_len = 0;
- double icmp6_bps = 0;
- double icmp6_avg_pckt = 0;
- time_t start, duration;
- int ip4=0;
- int ip6 = 0;
- int unknown=0;
- int unknown_ethertype = 0;
- int cols = 80;
- int lines = 24;
- int analyse(const u_char* buff, struct pcap_pkthdr header)
- {
- int n = header.len;
- struct ethhdr *hdr;
- struct ip *ipv4hdr;
- struct ip6_hdr *ipv6hdr;
- hdr = (struct ethhdr *)buff;
- int type = ntohs(hdr->h_proto);
- switch(type) {
- case ETHERTYPE_IPV6:
- ipv6hdr = (struct ip6_hdr *)(buff+sizeof(struct ethhdr));
- ip6++;
- switch(ipv6hdr->ip6_nxt) {
- case IPPROTO_TCP:
- tcp++;
- tcp_sum_len = tcp_sum_len + ntohs(ipv6hdr->ip6_plen) +40;
- break;
- case IPPROTO_UDP:
- udp++;
- udp_sum_len = udp_sum_len + ntohs(ipv6hdr->ip6_plen) + 40;
- break;
- case IPPROTO_SCTP:
- sctp++;
- sctp_sum_len = sctp_sum_len + ntohs(ipv6hdr->ip6_plen) + 40;
- break;
- case IPPROTO_ICMPV6:
- icmp6++;
- icmp6_sum_len = icmp6_sum_len + ntohs(ipv6hdr->ip6_plen) + 40;
- break;
- default:
- unknown++;
- break;
- }
- break;
- case ETHERTYPE_IP:
- ipv4hdr = (struct ip *)(buff+sizeof(struct ethhdr));
- ip4++;
- switch(ipv4hdr->ip_p) {
- case IPPROTO_TCP:
- tcp++;
- tcp_sum_len = tcp_sum_len + ntohs(ipv4hdr->ip_len);
- break;
- case IPPROTO_UDP:
- udp++;
- udp_sum_len = udp_sum_len + ntohs(ipv4hdr->ip_len);
- break;
- case IPPROTO_ICMP:
- icmp++;
- icmp_sum_len = icmp_sum_len + ntohs(ipv4hdr->ip_len);
- break;
- case IPPROTO_SCTP:
- sctp++;
- sctp_sum_len = sctp_sum_len + ntohs(ipv4hdr->ip_len);
- break;
- default:
- unknown++;
- break;
- }
- break;
- default:
- unknown_ethertype++;
- break;
- }
- return n;
- }
- pcap_t* setup(char* device, char* filter_exp)
- {
- char errbuf[PCAP_ERRBUF_SIZE]; /* Error string */
- struct bpf_program fp; /* The compiled filter */
- bpf_u_int32 mask; /* Our netmask */
- bpf_u_int32 net; /* Our IP */
- char str1[INET6_ADDRSTRLEN], str2[INET6_ADDRSTRLEN];
- pcap_if_t *alldevsp=NULL, *devsp=NULL;
- pcap_addr_t *p_addr;
- /* Define the device */
- dev = pcap_lookupdev(errbuf);
- if (dev == NULL) {
- fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
- }
- /* Find the properties for the default device */
- if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
- fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf);
- net = 0;
- mask = 0;
- }
- /* Open the session in promiscuous mode */
- pcap_t* handle = pcap_open_live(device, SNAP_LEN, 1, 2000, errbuf);
- if (handle == NULL) {
- fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
- }
- // printf("Link header = %s\n", pcap_datalink_val_to_name( pcap_datalink(handle)));
- if( pcap_set_datalink(handle,DLT_EN10MB) == -1 ){
- printf("pcap_set_datalink error!");
- }
- /* Compile and apply the filter */
- if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
- fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
- }
- if (pcap_setfilter(handle, &fp) == -1) {
- fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
- }
- struct winsize ts;
- ioctl(0, TIOCGWINSZ, &ts);
- cols = ts.ws_col;
- lines = ts.ws_row;
- return handle;
- }
- void compute_data(){
- duration = time(NULL)-start;
- if(tcp > 0 && duration > 0){
- tcp_avg_pckt = (double)tcp_sum_len / (double)tcp;
- tcp_bps = (double)tcp_sum_len / (double)duration;
- }
- if(udp > 0 && duration > 0){
- udp_avg_pckt = (double)udp_sum_len / (double)udp;
- udp_bps = (double)udp_sum_len / (double)duration;
- }
- if(icmp > 0 && duration > 0){
- icmp_avg_pckt = (double)icmp_sum_len / (double)icmp;
- icmp_bps = (double)icmp_sum_len / (double)duration;
- }
- if(sctp > 0 && duration > 0){
- sctp_avg_pckt = (double)sctp_sum_len / (double)sctp;
- sctp_bps = (double)sctp_sum_len / (double)duration;
- }
- if(icmp6 > 0 && duration > 0){
- icmp6_avg_pckt = (double)icmp6_sum_len / (double)icmp6;
- icmp6_bps = (double)icmp6_sum_len / (double)duration;
- }
- }
- void print_data(){
- system("clear");
- printf(" Listening on: %s\n", dev);
- printf("Protocol(ipv4)\t packets \t average bps\t average packet size\n");
- printf("\nTCP\t\t %i\t\t %0.2f\t\t %0.2f\n", tcp, tcp_bps, tcp_avg_pckt);
- printf("\nUDP\t\t %i\t\t %0.2f\t\t %0.2f\n", udp, udp_bps, udp_avg_pckt);
- printf("\nICMP\t\t %i\t\t %0.2f\t\t %0.2f\n", icmp, icmp_bps, icmp_avg_pckt);
- printf("\nSCTP\t\t %i\t\t %0.2f\t\t %0.2f\n", sctp, sctp_bps, sctp_avg_pckt);
- printf("\nICMPV6\t\t %i\t\t %0.2f\t\t %0.2f\n", icmp6, icmp6_bps, icmp6_avg_pckt);
- printf("\nunknown:\t %i\n",unknown);
- printf("\nIPv4 packets: %i\nIPv6 packets: %i\nOther EtherType: %i", ip4, ip6, unknown_ethertype);
- printf("\nduration: %ld seconds\n", duration);
- }
- int main(int argc, char *argv[])
- {
- struct pcap_pkthdr header; /* The header that pcap gives us */
- const u_char *buff; /* The actual packet */
- char buf[100];
- char filter_exp[1024] = ""; /* The filter expression */
- int n;
- int datalink=0;
- if( argc == 3)
- strncpy(filter_exp, argv[2], 2048);
- if ( (argc != 2) && (argc != 3) ){
- fprintf(stderr, "usage: %s <Interface name> '<filter>'\n", argv[0]);
- return 1;
- }
- pcap_t *handle = setup(argv[1], filter_exp);
- start = time(NULL);
- int i=0, j=0;
- for(;;){
- j++;
- buff = pcap_next(handle, &header);
- if(buff == NULL)
- continue;
- datalink = pcap_datalink(handle);
- i += analyse(buff, header);
- compute_data();
- print_data();
- }
- printf("Sniffed %d packets\n",j);
- /* And close the session */
- pcap_close(handle);
- return(0);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement