您的位置:首页 > 理论基础 > 计算机网络

[编程实例]linux下的以太网简单网络流量分析

2008-12-10 20:14 1156 查看
/*

name:ether.c

func:print ether protocol mac address flow

compile: gcc ether.c -o ether -lpcap

platform:linux/unix

*/

#include <pcap.h>

#include <stdio.h>

#include <netinet/if_ether.h>

#include <stdlib.h>

#include <unistd.h>

#include <signal.h>

#define MAXSTRINGSIZE 1500

#define DEFAULT_SNAPLEN 68

//STP protocol

u_int8_t DMAC[6]={0x01,0x80,0xC2,0x00,0x00,0x00};

static int ether_counter=0;

int tFlag=0;

//count the size of the packet

unsigned int arp_array[1024],ip_array[1024],rarp_array[1024],/

stp_array[1024],other_array[1024];

unsigned int arp_c=0,ip_c=0,rarp_c=0,stp_c=0,other_c=0;

double arp_flow,ip_flow,rarp_flow,stp_flow,other_flow;

#define HWADDR(addr) /

((unsigned char *)&addr)[0], /

((unsigned char *)&addr)[1], /

((unsigned char *)&addr)[2], /

((unsigned char *)&addr)[3], /

((unsigned char *)&addr)[4], /

((unsigned char *)&addr)[5]

void usage();

char *program_name;

int cap_time=1;

double cap_sum(unsigned int array[], unsigned int c)

{

int i=0;

double sum=0;

for(;i<c;i++)

sum+=array[i];

return sum;

}

void sig_alarm(int sig)

{

arp_flow=cap_sum(arp_array,arp_c)/cap_time;

ip_flow=cap_sum(ip_array,ip_c)/cap_time;

rarp_flow=cap_sum(rarp_array,rarp_c)/cap_time;

stp_flow=cap_sum(stp_array,stp_c)/cap_time;

other_flow=cap_sum(other_array,other_c)/cap_time;

printf("/n--------------------network flux-----------------------/n");

printf("cap time: %d s/n", cap_time);

printf("packet count: %d/n", ether_counter);

printf("arp protocol: %lf bytes/s/n",arp_flow);

printf("ip protocol: %lf bytes/s/n", ip_flow);

printf("rarp protocol: %lf bytes/s/n", rarp_flow);

printf("stp protocol: %lf bytes/s/n", stp_flow);

printf("other protocol: %lf bytes/s/n", other_flow);

fflush(stdout);

exit(0);

}

void print_etherType(struct ether_header *eth,const struct pcap_pkthdr *h)

{

int i=0;

u_char *p;

register char *cp;

switch(ntohs(eth->ether_type)){

case ETHERTYPE_IP:

ip_c++;

ip_array[ip_c-1]=h->len;

printf("IP");break;

case ETHERTYPE_ARP:

arp_c++;

arp_array[arp_c-1]=h->len;

printf("ARP");break;

case ETHERTYPE_REVARP:

rarp_c++;

rarp_array[rarp_c-1]=h->len;

printf("RARP");break;

default:

//printf("%x ", ntohs(eth->ether_type));

p = eth->ether_dhost;

while( *(p+i) == *(DMAC+i) )

{

i++;

if(i == 6)

break;

}

if(i == 6){

stp_c++;

stp_array[stp_c-1]=h->len;

printf("STP");

}

else{

other_c++;

other_array[other_c-1]=h->len;

printf("***");

}

//break;

}

fflush(stdout);

}

void eth_printer(u_char *user, const struct pcap_pkthdr *h, const u_char *p)

{

struct ether_header *eth;

eth = (struct ether_header *)p;

++ether_counter;

printf("%02X:%02X:%02X:%02X:%02X:%02X",

HWADDR(eth->ether_shost));

printf("->");

printf("%02X:%02X:%02X:%02X:%02X:%02X",

HWADDR(eth->ether_dhost));

printf("/t");

print_etherType(eth,h);

printf("/t%d", h->len);

printf("/n");

fflush(stdout);

}

int main(int argc, char **argv)

{

char ebuf[PCAP_ERRBUF_SIZE];

register int op;//options

register char *device, *cp; //network interface list

pcap_t *pd;

pcap_if_t *devpointer; //device list

pcap_if_t *d; //device list

int devnum;

int i=0;

if ((cp = strrchr(argv[0], '/')) != NULL)

program_name = cp + 1;

else

program_name = argv[0];

if(argc < 2)

usage();

while ((op = getopt(argc, argv,"Di:t:")) != -1)

switch (op) {

case 'D':

if (pcap_findalldevs(&devpointer, ebuf) < 0)

fprintf(stderr,"Error in pcap_findalldevs_ex: %s/n", ebuf);

else {

for (i = 0; devpointer != 0; i++) {

printf("%d.%s", i+1, devpointer->name);

if (devpointer->description != NULL)

printf(" (%s)", devpointer->description);

printf("/n");

devpointer = devpointer->next;

}

}

return 0;

case 'i':

if (optarg[0] == '0' && optarg[1] == 0){

printf("Invalid adapter index");

usage();

}

if ((devnum = atoi(optarg)) != 0) {

if (devnum < 0)

fprintf(stderr, "Invalid adapter index");

if (pcap_findalldevs(&devpointer, ebuf) < 0)

fprintf(stderr,"Error in pcap_findalldevs: %s", ebuf);

else {

for (i = 0; i < devnum-1; i++){

devpointer = devpointer->next;

if (devpointer == NULL)

printf("Invalid adapter index");

}

}

device = devpointer->name;

break;

}

device = optarg;

break;

case 't':

cap_time=atoi(optarg);

tFlag=1;

break;

default:

usage();

break;

}

if((pd = pcap_open_live(device, DEFAULT_SNAPLEN, 1, 1000, ebuf)) == NULL)

{

(void)fprintf(stderr, "pcap_loop: %s/n", pcap_geterr(pd));

exit(1);

}

signal(SIGALRM, sig_alarm);

if(tFlag==1)

alarm(cap_time);

struct bpf_program fcode;

pcap_compile(pd, &fcode, NULL, 1, 0);

pcap_setfilter(pd, &fcode);

if(pcap_loop(pd, -1, eth_printer, NULL) < 0){

(void)fprintf(stderr, "pcap_loop: %s/n", pcap_geterr(pd));

exit(1);

}

pcap_close(pd);

return 0;

}

void usage()

{

printf("==============================================================/n");

printf("+/tether tool/t/t/n");

printf("+/n");

printf("+/t/t ~~~print the simple ether mac flow~~~/n");

printf("+/tCopyright shile/n");

printf("==============================================================/n/n");

printf("usage: %s [-iDt] /n/t-D list interfaces/n/t-i <interface> [-t <cap time>] /n/n", program_name);

exit(0);

}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航