[编程实例]linux下的以太网简单网络流量分析
来源:互联网 发布:最短路径问题算法 编辑:程序博客网 时间:2024/06/09 19:43
- /*
- name:ether.c
- func:print ether protocol mac address flow
- compile: gcc ether.c -o ether -lpcap
- platform:linux/unix
- */
- #include <pcap.h>
- #include <stdio.h>
- #include <netinet/if_ether.h>
- #include <stdlib.h>
- #include <unistd.h>
- #include <signal.h>
- #define MAXSTRINGSIZE 1500
- #define DEFAULT_SNAPLEN 68
- u_int8_t DMAC[6]={0x01,0x80,0xC2,0x00,0x00,0x00};
- static int ether_counter=0;
- int tFlag=0;
-
- unsigned int arp_array[1024],ip_array[1024],rarp_array[1024],/
- stp_array[1024],other_array[1024];
- unsigned int arp_c=0,ip_c=0,rarp_c=0,stp_c=0,other_c=0;
- double arp_flow,ip_flow,rarp_flow,stp_flow,other_flow;
- #define HWADDR(addr) /
- ((unsigned char *)&addr)[0], /
- ((unsigned char *)&addr)[1], /
- ((unsigned char *)&addr)[2], /
- ((unsigned char *)&addr)[3], /
- ((unsigned char *)&addr)[4], /
- ((unsigned char *)&addr)[5]
- void usage();
- char *program_name;
- int cap_time=1;
- double cap_sum(unsigned int array[], unsigned int c)
- {
- int i=0;
- double sum=0;
- for(;i<c;i++)
- sum+=array[i];
- return sum;
-
- }
- void sig_alarm(int sig)
- {
- arp_flow=cap_sum(arp_array,arp_c)/cap_time;
- ip_flow=cap_sum(ip_array,ip_c)/cap_time;
- rarp_flow=cap_sum(rarp_array,rarp_c)/cap_time;
- stp_flow=cap_sum(stp_array,stp_c)/cap_time;
- other_flow=cap_sum(other_array,other_c)/cap_time;
- printf("/n--------------------network flux-----------------------/n");
- printf("cap time: %d s/n", cap_time);
- printf("packet count: %d/n", ether_counter);
- printf("arp protocol: %lf bytes/s/n",arp_flow);
- printf("ip protocol: %lf bytes/s/n", ip_flow);
- printf("rarp protocol: %lf bytes/s/n", rarp_flow);
- printf("stp protocol: %lf bytes/s/n", stp_flow);
- printf("other protocol: %lf bytes/s/n", other_flow);
- fflush(stdout);
- exit(0);
- }
- void print_etherType(struct ether_header *eth,const struct pcap_pkthdr *h)
- {
- int i=0;
- u_char *p;
- register char *cp;
-
- switch(ntohs(eth->ether_type)){
- case ETHERTYPE_IP:
- ip_c++;
- ip_array[ip_c-1]=h->len;
- printf("IP");break;
- case ETHERTYPE_ARP:
- arp_c++;
- arp_array[arp_c-1]=h->len;
- printf("ARP");break;
- case ETHERTYPE_REVARP:
- rarp_c++;
- rarp_array[rarp_c-1]=h->len;
- printf("RARP");break;
- default:
-
- p = eth->ether_dhost;
- while( *(p+i) == *(DMAC+i) )
- {
- i++;
- if(i == 6)
- break;
- }
- if(i == 6){
- stp_c++;
- stp_array[stp_c-1]=h->len;
- printf("STP");
- }
- else{
- other_c++;
- other_array[other_c-1]=h->len;
- printf("***");
- }
-
- }
- fflush(stdout);
-
- }
- void eth_printer(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
- {
-
- struct ether_header *eth;
- eth = (struct ether_header *)p;
- ++ether_counter;
- printf("%02X:%02X:%02X:%02X:%02X:%02X",
- HWADDR(eth->ether_shost));
- printf("->");
- printf("%02X:%02X:%02X:%02X:%02X:%02X",
- HWADDR(eth->ether_dhost));
- printf("/t");
- print_etherType(eth,h);
- printf("/t%d", h->len);
- printf("/n");
- fflush(stdout);
- }
- int main(int argc, char **argv)
- {
- char ebuf[PCAP_ERRBUF_SIZE];
-
- register int op;
-
- register char *device, *cp;
-
- pcap_t *pd;
- pcap_if_t *devpointer;
- pcap_if_t *d;
- int devnum;
-
- int i=0;
- if ((cp = strrchr(argv[0], '/')) != NULL)
- program_name = cp + 1;
- else
- program_name = argv[0];
- if(argc < 2)
- usage();
-
- while ((op = getopt(argc, argv,"Di:t:")) != -1)
- switch (op) {
- case 'D':
- if (pcap_findalldevs(&devpointer, ebuf) < 0)
- fprintf(stderr,"Error in pcap_findalldevs_ex: %s/n", ebuf);
- else {
- for (i = 0; devpointer != 0; i++) {
- printf("%d.%s", i+1, devpointer->name);
- if (devpointer->description != NULL)
- printf(" (%s)", devpointer->description);
- printf("/n");
- devpointer = devpointer->next;
- }
- }
- return 0;
- case 'i':
- if (optarg[0] == '0' && optarg[1] == 0){
- printf("Invalid adapter index");
- usage();
- }
-
-
- if ((devnum = atoi(optarg)) != 0) {
- if (devnum < 0)
- fprintf(stderr, "Invalid adapter index");
- if (pcap_findalldevs(&devpointer, ebuf) < 0)
- fprintf(stderr,"Error in pcap_findalldevs: %s", ebuf);
- else {
- for (i = 0; i < devnum-1; i++){
- devpointer = devpointer->next;
- if (devpointer == NULL)
- printf("Invalid adapter index");
- }
- }
- device = devpointer->name;
- break;
- }
- device = optarg;
- break;
-
- case 't':
- cap_time=atoi(optarg);
- tFlag=1;
- break;
- default:
- usage();
- break;
-
- }
-
- if((pd = pcap_open_live(device, DEFAULT_SNAPLEN, 1, 1000, ebuf)) == NULL)
- {
- (void)fprintf(stderr, "pcap_loop: %s/n", pcap_geterr(pd));
- exit(1);
- }
- signal(SIGALRM, sig_alarm);
- if(tFlag==1)
- alarm(cap_time);
- struct bpf_program fcode;
- pcap_compile(pd, &fcode, NULL, 1, 0);
- pcap_setfilter(pd, &fcode);
- if(pcap_loop(pd, -1, eth_printer, NULL) < 0){
- (void)fprintf(stderr, "pcap_loop: %s/n", pcap_geterr(pd));
- exit(1);
- }
- pcap_close(pd);
- return 0;
- }
- void usage()
- {
- printf("==============================================================/n");
- printf("+/tether tool/t/t/n");
- printf("+/n");
- printf("+/t/t ~~~print the simple ether mac flow~~~/n");
- printf("+/tCopyright shile/n");
- printf("==============================================================/n/n");
- printf("usage: %s [-iDt] /n/t-D list interfaces/n/t-i <interface> [-t <cap time>] /n/n", program_name);
- exit(0);
- }
