-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinetmon.c
More file actions
191 lines (170 loc) · 4.95 KB
/
inetmon.c
File metadata and controls
191 lines (170 loc) · 4.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
/* inetmon- IP Network Monitor
*
* Copyright (C) 2021 ECLB Ltd
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <glib.h>
#include <glib/gprintf.h>
#include <signal.h>
#include <pcap.h>
#include <curses.h>
static gchar *iface = NULL;
static gchar *filename = NULL;
static int interval = 1;
static gboolean running = TRUE;
/* Counters */
static gint frames = 0;
static gint arp = 0;
static gint ipv4 = 0;
static gint ipv6 = 0;
static gint unknown = 0;
#define ETH_PROTOCOL_ARP 0x0806
#define ETH_PROTOCOL_IP 0x0800
#define ETH_PROTOCOL_IPV6 0x86DD
typedef struct ethernet_hdr_t {
uint8_t destination[6];
uint8_t source[6];
uint16_t protocol;
} __attribute__ ((packed)) ethernet_hdr_t;
typedef struct ip_hdr_t {
uint8_t ihl_version;
uint8_t tos;
uint16_t tot_len;
uint16_t id;
uint16_t frag_off;
uint8_t ttl;
uint8_t protocol;
uint16_t check;
uint32_t saddr;
uint32_t daddr;
} __attribute__ ((packed)) ip_hdr_t;
#define MAXIMUM_SNAPLEN 262144
static inline uint64_t
get_time_us (void)
{
struct timeval tv;
gettimeofday (&tv, NULL);
return (tv.tv_sec * (uint64_t) 1000000 + tv.tv_usec);
}
static void process_frame(const uint8_t * frame, uint32_t length)
{
ethernet_hdr_t *eth = (ethernet_hdr_t *)frame;
frames++;
switch (ntohs(eth->protocol))
{
case ETH_PROTOCOL_ARP:
arp++;
break;
case ETH_PROTOCOL_IP:
ipv4++;
break;
case ETH_PROTOCOL_IPV6:
ipv6++;
break;
default:
unknown++;
break;
}
}
static void dump_state(void)
{
g_printf("\r\n%8d frames (ARP:%d IPv4:%d IPv6:%d Unknown:%d)\r\n", frames, arp, ipv4, ipv6, unknown);
}
static void process_interface(const char *interface, int snaplen, int promisc, int to_ms)
{
char error_pcap[PCAP_ERRBUF_SIZE] = { 0 };
struct pcap_pkthdr hdr;
const uint8_t *frame;
pcap_t *pcap;
int status;
uint64_t lasttime;
int col, row;
pcap = pcap_open_live(interface, snaplen, promisc, to_ms, error_pcap);
if (pcap == NULL) {
g_printf("%s: Failed to open interface: %s\r\n", interface, error_pcap);
return;
}
g_printf("Reading from \"%s\"\r\n", interface);
lasttime = get_time_us();
initscr();
getmaxyx(stdscr, row, col);
while (running && (frame = pcap_next(pcap, &hdr)) != NULL) {
process_frame(frame, hdr.caplen);
if (interval && ((get_time_us() - lasttime) / 1000000) > interval)
{
lasttime = get_time_us();
clear();
refresh();
dump_state();
}
}
endwin();
dump_state();
pcap_close(pcap);
}
static void process_pcap(const char *filename)
{
char error_pcap[PCAP_ERRBUF_SIZE];
pcap_t *pcap;
const uint8_t *frame;
struct pcap_pkthdr hdr;
pcap = pcap_open_offline(filename, error_pcap);
if (pcap == NULL) {
g_printf("Invalid pcap file: %s\r\n", filename);
return;
}
g_printf("Reading \"%s\"\r\n", filename);
while (running && (frame = pcap_next(pcap, &hdr)) != NULL) {
process_frame(frame, hdr.caplen);
}
dump_state();
pcap_close(pcap);
}
static GOptionEntry entries[] = {
{ "filename", 'f', 0, G_OPTION_ARG_STRING, &filename, "Pcap file to use", NULL },
{ "interface", 'i', 0, G_OPTION_ARG_STRING, &iface, "Interface to capture on", NULL },
{ "timeout", 't', 0, G_OPTION_ARG_INT, &interval, "Display timeout", NULL },
{ NULL }
};
static void intHandler(int dummy)
{
running = FALSE;
}
int main(int argc, char **argv)
{
GError *error = NULL;
GOptionContext *context;
gint i, j;
/* Parse options */
context = g_option_context_new("- IP Network Monitor");
g_option_context_add_main_entries(context, entries, NULL);
if (!g_option_context_parse(context, &argc, &argv, &error)) {
g_print("%s", g_option_context_get_help(context, FALSE, NULL));
g_print("ERROR: %s\n", error->message);
exit(1);
}
if ((!filename && !iface) || filename && iface) {
g_print("%s", g_option_context_get_help(context, FALSE, NULL));
g_print("ERROR: Require interface or pcap file\n");
exit(1);
}
signal(SIGINT, intHandler);
if (filename)
process_pcap(filename);
else
process_interface(iface, MAXIMUM_SNAPLEN, 1, 1000);
g_option_context_free(context);
return 0;
}