Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-15-2009, 12:49 AM
|
#1
|
Member
Registered: Jan 2008
Posts: 49
Rep:
|
Using C and libpcap in linux
I want to build a internet traffic pattern analyser
using C and libpcap in linux . can anyone suggest how should
I proceed .
|
|
|
04-15-2009, 01:20 AM
|
#2
|
Member
Registered: Feb 2009
Posts: 47
Rep:
|
Use pcap library ..
|
|
|
04-15-2009, 11:17 PM
|
#3
|
Member
Registered: Mar 2008
Distribution: Ubuntu
Posts: 270
Rep:
|
Quote:
Originally Posted by Mridulj
I want to build a internet traffic pattern analyser
|
what analysis you want to do?
|
|
|
04-16-2009, 12:11 PM
|
#4
|
Member
Registered: Jan 2008
Posts: 49
Original Poster
Rep:
|
packet analysis when you are connected to the internet
|
|
|
04-16-2009, 11:09 PM
|
#5
|
Member
Registered: Mar 2008
Distribution: Ubuntu
Posts: 270
Rep:
|
dear mridul,
it is very obvious that any body will do only and only packet analysis. Because other than packets there will be nothing in the network.
What I am asking is . . .
what is your objective?
What information you want to consume from the packets?
What precisely you will be analyzing with respect to the collected packets?
|
|
|
04-18-2009, 05:00 AM
|
#6
|
Member
Registered: Jan 2008
Posts: 49
Original Poster
Rep:
|
we should be able to measure packet traffic going out and coming when I
connect to a network .
|
|
|
04-18-2009, 11:22 PM
|
#7
|
Member
Registered: Mar 2008
Distribution: Ubuntu
Posts: 270
Rep:
|
Is it that, you want to measure the number of packets per unit time?
|
|
|
04-19-2009, 01:39 PM
|
#8
|
Member
Registered: Jan 2008
Posts: 49
Original Poster
Rep:
|
ya ..........
say ... no.of packets , wats the protocol used , length of the packet destination IP , etc .
|
|
|
04-19-2009, 11:13 PM
|
#9
|
Member
Registered: Mar 2008
Distribution: Ubuntu
Posts: 270
Rep:
|
To me it seems to be homework. Doesn't matter it is or not, I will give only hints; not answers.
hint-1:
did you refered this
|
|
|
04-20-2009, 01:58 AM
|
#10
|
Member
Registered: Jan 2008
Posts: 49
Original Poster
Rep:
|
hav pcap installed in my pc
nxt Hint 2: ??
|
|
|
04-20-2009, 11:14 PM
|
#11
|
Member
Registered: Mar 2008
Distribution: Ubuntu
Posts: 270
Rep:
|
hint - 2:
with the help of link I gave, in the hint-1, write a program that captures the traffic.
|
|
|
04-22-2009, 04:18 AM
|
#12
|
Member
Registered: Jan 2008
Posts: 49
Original Poster
Rep:
|
#include <stdio.h>
#include <stdlib.h>
#include <pcap.h>
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/if_ether.h>
int main(int argc, char **argv)
{
int i;
char *dev;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t* descr;
const u_char *packet;
struct pcap_pkthdr hdr;
struct ether_header *eptr;
u_char *ptr;
dev = pcap_lookupdev(errbuf);
if(dev == NULL)
{
printf("%s\n",errbuf);
exit(1);
}
printf("DEV: %s\n",dev);
descr = pcap_open_live(dev,BUFSIZ,0,-1,errbuf);
if(descr == NULL)
{
printf("pcap_open_live(): %s\n",errbuf);
exit(1);
}
packet = pcap_next(descr,&hdr);
if(packet == NULL)
{
printf("Didn't grab packet\n");
exit(1);
}
printf("Grabbed packet of length %d\n",hdr.len);
printf("Recieved at ..... %s\n",ctime((consttime_t*)&hdr.ts.tv_sec));
printf("Ethernet address length is %d\n",ETHER_HDR_LEN);
eptr = (struct ether_header *) packet;
if (ntohs (eptr->ether_type) == ETHERTYPE_IP)
{
printf("Ethernet type hex:%x dec:%d is an IP packet\n",
ntohs(eptr->ether_type),
ntohs(eptr->ether_type));
}else if (ntohs (eptr->ether_type) == ETHERTYPE_ARP)
{
printf("Ethernet type hex:%x dec:%d is an ARP packet\n",
ntohs(eptr->ether_type),
ntohs(eptr->ether_type));
}else {
printf("Ethernet type %x not IP", ntohs(eptr->ether_type));
exit(1);
}
ptr = eptr->ether_dhost;
i = ETHER_ADDR_LEN;
printf(" Destination Address: ");
do{
printf("%s%x",(i == ETHER_ADDR_LEN) ? " " : ":",*ptr++);
}while(--i>0);
printf("\n");
ptr = eptr->ether_shost;
i = ETHER_ADDR_LEN;
printf(" Source Address: ");
do{
printf("%s%x",(i == ETHER_ADDR_LEN) ? " " : ":",*ptr++);
}while(--i>0);
printf("\n");
return 0;
}
|
|
|
04-23-2009, 03:46 AM
|
#13
|
Member
Registered: Mar 2008
Distribution: Ubuntu
Posts: 270
Rep:
|
I didn't tested your code. Any way you do it on your own.
hint - 3:
now get in to "rfc 791".
|
|
|
All times are GMT -5. The time now is 02:59 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|