[编程实例]linux下的以太网简单网络流量分析
2008-12-10 20:14
1156 查看
/*
name:ether.c
func:print ether protocol mac address flow
compile: gcc ether.c -o ether -lpcap
platform:linux/unix
*/
#include <pcap.h>
#include <stdio.h>
#include <netinet/if_ether.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#define MAXSTRINGSIZE 1500
#define DEFAULT_SNAPLEN 68
//STP protocol
u_int8_t DMAC[6]={0x01,0x80,0xC2,0x00,0x00,0x00};
static int ether_counter=0;
int tFlag=0;
//count the size of the packet
unsigned int arp_array[1024],ip_array[1024],rarp_array[1024],/
stp_array[1024],other_array[1024];
unsigned int arp_c=0,ip_c=0,rarp_c=0,stp_c=0,other_c=0;
double arp_flow,ip_flow,rarp_flow,stp_flow,other_flow;
#define HWADDR(addr) /
((unsigned char *)&addr)[0], /
((unsigned char *)&addr)[1], /
((unsigned char *)&addr)[2], /
((unsigned char *)&addr)[3], /
((unsigned char *)&addr)[4], /
((unsigned char *)&addr)[5]
void usage();
char *program_name;
int cap_time=1;
double cap_sum(unsigned int array[], unsigned int c)
{
int i=0;
double sum=0;
for(;i<c;i++)
sum+=array[i];
return sum;
}
void sig_alarm(int sig)
{
arp_flow=cap_sum(arp_array,arp_c)/cap_time;
ip_flow=cap_sum(ip_array,ip_c)/cap_time;
rarp_flow=cap_sum(rarp_array,rarp_c)/cap_time;
stp_flow=cap_sum(stp_array,stp_c)/cap_time;
other_flow=cap_sum(other_array,other_c)/cap_time;
printf("/n--------------------network flux-----------------------/n");
printf("cap time: %d s/n", cap_time);
printf("packet count: %d/n", ether_counter);
printf("arp protocol: %lf bytes/s/n",arp_flow);
printf("ip protocol: %lf bytes/s/n", ip_flow);
printf("rarp protocol: %lf bytes/s/n", rarp_flow);
printf("stp protocol: %lf bytes/s/n", stp_flow);
printf("other protocol: %lf bytes/s/n", other_flow);
fflush(stdout);
exit(0);
}
void print_etherType(struct ether_header *eth,const struct pcap_pkthdr *h)
{
int i=0;
u_char *p;
register char *cp;
switch(ntohs(eth->ether_type)){
case ETHERTYPE_IP:
ip_c++;
ip_array[ip_c-1]=h->len;
printf("IP");break;
case ETHERTYPE_ARP:
arp_c++;
arp_array[arp_c-1]=h->len;
printf("ARP");break;
case ETHERTYPE_REVARP:
rarp_c++;
rarp_array[rarp_c-1]=h->len;
printf("RARP");break;
default:
//printf("%x ", ntohs(eth->ether_type));
p = eth->ether_dhost;
while( *(p+i) == *(DMAC+i) )
{
i++;
if(i == 6)
break;
}
if(i == 6){
stp_c++;
stp_array[stp_c-1]=h->len;
printf("STP");
}
else{
other_c++;
other_array[other_c-1]=h->len;
printf("***");
}
//break;
}
fflush(stdout);
}
void eth_printer(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
{
struct ether_header *eth;
eth = (struct ether_header *)p;
++ether_counter;
printf("%02X:%02X:%02X:%02X:%02X:%02X",
HWADDR(eth->ether_shost));
printf("->");
printf("%02X:%02X:%02X:%02X:%02X:%02X",
HWADDR(eth->ether_dhost));
printf("/t");
print_etherType(eth,h);
printf("/t%d", h->len);
printf("/n");
fflush(stdout);
}
int main(int argc, char **argv)
{
char ebuf[PCAP_ERRBUF_SIZE];
register int op;//options
register char *device, *cp; //network interface list
pcap_t *pd;
pcap_if_t *devpointer; //device list
pcap_if_t *d; //device list
int devnum;
int i=0;
if ((cp = strrchr(argv[0], '/')) != NULL)
program_name = cp + 1;
else
program_name = argv[0];
if(argc < 2)
usage();
while ((op = getopt(argc, argv,"Di:t:")) != -1)
switch (op) {
case 'D':
if (pcap_findalldevs(&devpointer, ebuf) < 0)
fprintf(stderr,"Error in pcap_findalldevs_ex: %s/n", ebuf);
else {
for (i = 0; devpointer != 0; i++) {
printf("%d.%s", i+1, devpointer->name);
if (devpointer->description != NULL)
printf(" (%s)", devpointer->description);
printf("/n");
devpointer = devpointer->next;
}
}
return 0;
case 'i':
if (optarg[0] == '0' && optarg[1] == 0){
printf("Invalid adapter index");
usage();
}
if ((devnum = atoi(optarg)) != 0) {
if (devnum < 0)
fprintf(stderr, "Invalid adapter index");
if (pcap_findalldevs(&devpointer, ebuf) < 0)
fprintf(stderr,"Error in pcap_findalldevs: %s", ebuf);
else {
for (i = 0; i < devnum-1; i++){
devpointer = devpointer->next;
if (devpointer == NULL)
printf("Invalid adapter index");
}
}
device = devpointer->name;
break;
}
device = optarg;
break;
case 't':
cap_time=atoi(optarg);
tFlag=1;
break;
default:
usage();
break;
}
if((pd = pcap_open_live(device, DEFAULT_SNAPLEN, 1, 1000, ebuf)) == NULL)
{
(void)fprintf(stderr, "pcap_loop: %s/n", pcap_geterr(pd));
exit(1);
}
signal(SIGALRM, sig_alarm);
if(tFlag==1)
alarm(cap_time);
struct bpf_program fcode;
pcap_compile(pd, &fcode, NULL, 1, 0);
pcap_setfilter(pd, &fcode);
if(pcap_loop(pd, -1, eth_printer, NULL) < 0){
(void)fprintf(stderr, "pcap_loop: %s/n", pcap_geterr(pd));
exit(1);
}
pcap_close(pd);
return 0;
}
void usage()
{
printf("==============================================================/n");
printf("+/tether tool/t/t/n");
printf("+/n");
printf("+/t/t ~~~print the simple ether mac flow~~~/n");
printf("+/tCopyright shile/n");
printf("==============================================================/n/n");
printf("usage: %s [-iDt] /n/t-D list interfaces/n/t-i <interface> [-t <cap time>] /n/n", program_name);
exit(0);
}
name:ether.c
func:print ether protocol mac address flow
compile: gcc ether.c -o ether -lpcap
platform:linux/unix
*/
#include <pcap.h>
#include <stdio.h>
#include <netinet/if_ether.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#define MAXSTRINGSIZE 1500
#define DEFAULT_SNAPLEN 68
//STP protocol
u_int8_t DMAC[6]={0x01,0x80,0xC2,0x00,0x00,0x00};
static int ether_counter=0;
int tFlag=0;
//count the size of the packet
unsigned int arp_array[1024],ip_array[1024],rarp_array[1024],/
stp_array[1024],other_array[1024];
unsigned int arp_c=0,ip_c=0,rarp_c=0,stp_c=0,other_c=0;
double arp_flow,ip_flow,rarp_flow,stp_flow,other_flow;
#define HWADDR(addr) /
((unsigned char *)&addr)[0], /
((unsigned char *)&addr)[1], /
((unsigned char *)&addr)[2], /
((unsigned char *)&addr)[3], /
((unsigned char *)&addr)[4], /
((unsigned char *)&addr)[5]
void usage();
char *program_name;
int cap_time=1;
double cap_sum(unsigned int array[], unsigned int c)
{
int i=0;
double sum=0;
for(;i<c;i++)
sum+=array[i];
return sum;
}
void sig_alarm(int sig)
{
arp_flow=cap_sum(arp_array,arp_c)/cap_time;
ip_flow=cap_sum(ip_array,ip_c)/cap_time;
rarp_flow=cap_sum(rarp_array,rarp_c)/cap_time;
stp_flow=cap_sum(stp_array,stp_c)/cap_time;
other_flow=cap_sum(other_array,other_c)/cap_time;
printf("/n--------------------network flux-----------------------/n");
printf("cap time: %d s/n", cap_time);
printf("packet count: %d/n", ether_counter);
printf("arp protocol: %lf bytes/s/n",arp_flow);
printf("ip protocol: %lf bytes/s/n", ip_flow);
printf("rarp protocol: %lf bytes/s/n", rarp_flow);
printf("stp protocol: %lf bytes/s/n", stp_flow);
printf("other protocol: %lf bytes/s/n", other_flow);
fflush(stdout);
exit(0);
}
void print_etherType(struct ether_header *eth,const struct pcap_pkthdr *h)
{
int i=0;
u_char *p;
register char *cp;
switch(ntohs(eth->ether_type)){
case ETHERTYPE_IP:
ip_c++;
ip_array[ip_c-1]=h->len;
printf("IP");break;
case ETHERTYPE_ARP:
arp_c++;
arp_array[arp_c-1]=h->len;
printf("ARP");break;
case ETHERTYPE_REVARP:
rarp_c++;
rarp_array[rarp_c-1]=h->len;
printf("RARP");break;
default:
//printf("%x ", ntohs(eth->ether_type));
p = eth->ether_dhost;
while( *(p+i) == *(DMAC+i) )
{
i++;
if(i == 6)
break;
}
if(i == 6){
stp_c++;
stp_array[stp_c-1]=h->len;
printf("STP");
}
else{
other_c++;
other_array[other_c-1]=h->len;
printf("***");
}
//break;
}
fflush(stdout);
}
void eth_printer(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
{
struct ether_header *eth;
eth = (struct ether_header *)p;
++ether_counter;
printf("%02X:%02X:%02X:%02X:%02X:%02X",
HWADDR(eth->ether_shost));
printf("->");
printf("%02X:%02X:%02X:%02X:%02X:%02X",
HWADDR(eth->ether_dhost));
printf("/t");
print_etherType(eth,h);
printf("/t%d", h->len);
printf("/n");
fflush(stdout);
}
int main(int argc, char **argv)
{
char ebuf[PCAP_ERRBUF_SIZE];
register int op;//options
register char *device, *cp; //network interface list
pcap_t *pd;
pcap_if_t *devpointer; //device list
pcap_if_t *d; //device list
int devnum;
int i=0;
if ((cp = strrchr(argv[0], '/')) != NULL)
program_name = cp + 1;
else
program_name = argv[0];
if(argc < 2)
usage();
while ((op = getopt(argc, argv,"Di:t:")) != -1)
switch (op) {
case 'D':
if (pcap_findalldevs(&devpointer, ebuf) < 0)
fprintf(stderr,"Error in pcap_findalldevs_ex: %s/n", ebuf);
else {
for (i = 0; devpointer != 0; i++) {
printf("%d.%s", i+1, devpointer->name);
if (devpointer->description != NULL)
printf(" (%s)", devpointer->description);
printf("/n");
devpointer = devpointer->next;
}
}
return 0;
case 'i':
if (optarg[0] == '0' && optarg[1] == 0){
printf("Invalid adapter index");
usage();
}
if ((devnum = atoi(optarg)) != 0) {
if (devnum < 0)
fprintf(stderr, "Invalid adapter index");
if (pcap_findalldevs(&devpointer, ebuf) < 0)
fprintf(stderr,"Error in pcap_findalldevs: %s", ebuf);
else {
for (i = 0; i < devnum-1; i++){
devpointer = devpointer->next;
if (devpointer == NULL)
printf("Invalid adapter index");
}
}
device = devpointer->name;
break;
}
device = optarg;
break;
case 't':
cap_time=atoi(optarg);
tFlag=1;
break;
default:
usage();
break;
}
if((pd = pcap_open_live(device, DEFAULT_SNAPLEN, 1, 1000, ebuf)) == NULL)
{
(void)fprintf(stderr, "pcap_loop: %s/n", pcap_geterr(pd));
exit(1);
}
signal(SIGALRM, sig_alarm);
if(tFlag==1)
alarm(cap_time);
struct bpf_program fcode;
pcap_compile(pd, &fcode, NULL, 1, 0);
pcap_setfilter(pd, &fcode);
if(pcap_loop(pd, -1, eth_printer, NULL) < 0){
(void)fprintf(stderr, "pcap_loop: %s/n", pcap_geterr(pd));
exit(1);
}
pcap_close(pd);
return 0;
}
void usage()
{
printf("==============================================================/n");
printf("+/tether tool/t/t/n");
printf("+/n");
printf("+/t/t ~~~print the simple ether mac flow~~~/n");
printf("+/tCopyright shile/n");
printf("==============================================================/n/n");
printf("usage: %s [-iDt] /n/t-D list interfaces/n/t-i <interface> [-t <cap time>] /n/n", program_name);
exit(0);
}
相关文章推荐
- Linux的简单的socket网络编程实例
- linux 网络编程---->简单的UDP实例
- Linux网络编程:原始套接字编程及实例分析(二)
- linux网络编程十二:简单模拟HTTP请求的读取和分析
- [Linux网络编程]ARP简单实例
- Linux 网络编程 简单实例
- Linux 网络编程 简单实例
- 【Linux网络编程】原始套接字实例:MAC 头部报文分析
- linux 网络编程简单实例
- Linux网络编程:原始套接字编程及实例分析
- Linux网络编程【四】:进程池、线程池原理及简单线程池源码分析
- Linux网络编程之tcpdump抓包分析TCP三次握手过程
- Linux系统网络性能实例分析
- linux网络编程常用函数详解与实例(socket-->bind-->listen-->accept)
- 实例分析之用ASP编程实现网络内容快速查找的代码
- Linux网络编程下UDP洪水攻击实例介绍
- Linux 网络编程一步一步学(一)-简单客户端编写
- Linux网络编程:一个简单的正向代理服务器的实现
- Linux网络编程--TCP网络编程基础(简单的server/client模型)
- LinuxC/C++编程基础(23) 使用thrift/rpc开发简单实例(续1)