[编程实例]linux下的以太网简单网络流量分析

 

  1. /*
  2. name:ether.c
  3. func:print ether protocol mac address flow
  4. compile: gcc ether.c -o ether -lpcap
  5. platform:linux/unix 
  6. */
  7. #include <pcap.h>
  8. #include <stdio.h>
  9. #include <netinet/if_ether.h>
  10. #include <stdlib.h>
  11. #include <unistd.h>
  12. #include <signal.h>
  13. #define MAXSTRINGSIZE    1500
  14. #define DEFAULT_SNAPLEN  68
  15. //STP protocol 
  16. u_int8_t DMAC[6]={0x01,0x80,0xC2,0x00,0x00,0x00};
  17. static int ether_counter=0;
  18. int tFlag=0;
  19.  
  20. //count the  size of the packet
  21. unsigned int arp_array[1024],ip_array[1024],rarp_array[1024],/
  22.         stp_array[1024],other_array[1024];
  23. unsigned int arp_c=0,ip_c=0,rarp_c=0,stp_c=0,other_c=0;
  24. double  arp_flow,ip_flow,rarp_flow,stp_flow,other_flow;
  25. #define HWADDR(addr) /
  26.     ((unsigned char *)&addr)[0], /
  27.     ((unsigned char *)&addr)[1], /
  28.     ((unsigned char *)&addr)[2], /
  29.     ((unsigned char *)&addr)[3], /
  30.     ((unsigned char *)&addr)[4], /
  31.     ((unsigned char *)&addr)[5]
  32. void usage();
  33. char *program_name;
  34. int cap_time=1;
  35. double cap_sum(unsigned int array[], unsigned int c)
  36. {
  37.         int i=0;
  38.         double sum=0;
  39.         for(;i<c;i++)
  40.         sum+=array[i];
  41.         return sum;
  42.         
  43. }
  44. void sig_alarm(int sig)
  45. {
  46.         arp_flow=cap_sum(arp_array,arp_c)/cap_time;
  47.         ip_flow=cap_sum(ip_array,ip_c)/cap_time;
  48.         rarp_flow=cap_sum(rarp_array,rarp_c)/cap_time;
  49.         stp_flow=cap_sum(stp_array,stp_c)/cap_time;
  50.         other_flow=cap_sum(other_array,other_c)/cap_time;
  51.         printf("/n--------------------network flux-----------------------/n");
  52.         printf("cap time: %d s/n", cap_time);
  53.         printf("packet count: %d/n", ether_counter);
  54.         printf("arp protocol: %lf bytes/s/n",arp_flow);
  55.         printf("ip protocol: %lf bytes/s/n", ip_flow);
  56.         printf("rarp protocol: %lf bytes/s/n", rarp_flow);
  57.         printf("stp protocol: %lf bytes/s/n", stp_flow);
  58.         printf("other protocol: %lf bytes/s/n", other_flow);
  59.         fflush(stdout);
  60.         exit(0);
  61. }
  62. void print_etherType(struct ether_header *eth,const struct pcap_pkthdr *h)
  63. {
  64.         int i=0;
  65.         u_char *p;
  66.         register char  *cp;
  67.         
  68.         switch(ntohs(eth->ether_type)){
  69.                 case ETHERTYPE_IP:
  70.                         ip_c++; 
  71.                         ip_array[ip_c-1]=h->len;             
  72.                         printf("IP");break;
  73.                 case ETHERTYPE_ARP:
  74.                         arp_c++;
  75.                         arp_array[arp_c-1]=h->len;
  76.                         printf("ARP");break;
  77.                 case ETHERTYPE_REVARP:
  78.                         rarp_c++;
  79.                         rarp_array[rarp_c-1]=h->len;
  80.                         printf("RARP");break;
  81.                 default:
  82.                         //printf("%x ", ntohs(eth->ether_type));     
  83.                         p = eth->ether_dhost;
  84.                         while( *(p+i) == *(DMAC+i) )
  85.                         {
  86.                         i++;
  87.                         if(i == 6)
  88.                         break;
  89.                         }                               
  90.                         if(i == 6){
  91.                                 stp_c++;
  92.                                 stp_array[stp_c-1]=h->len;
  93.                                 printf("STP");
  94.                                 }
  95.                         else{
  96.                                 other_c++;
  97.                                 other_array[other_c-1]=h->len;
  98.                                 printf("***");
  99.                                 }
  100.                         //break;
  101.                 }
  102.                 fflush(stdout);
  103.         
  104. }
  105. void eth_printer(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
  106. {
  107.         
  108.         struct ether_header *eth;
  109.         eth = (struct ether_header *)p;
  110.         ++ether_counter;
  111.         printf("%02X:%02X:%02X:%02X:%02X:%02X",
  112.           HWADDR(eth->ether_shost));
  113.         printf("->");
  114.         printf("%02X:%02X:%02X:%02X:%02X:%02X",
  115.           HWADDR(eth->ether_dhost));
  116.         printf("/t");
  117.         print_etherType(eth,h);
  118.         printf("/t%d", h->len);
  119.         printf("/n");
  120.         fflush(stdout); 
  121. }
  122. int main(int argc, char **argv)
  123. {
  124.         char ebuf[PCAP_ERRBUF_SIZE];
  125.         
  126.         register int op;//options      
  127.         
  128.         register char *device, *cp; //network interface list
  129.         
  130.         pcap_t *pd;
  131.         pcap_if_t *devpointer; //device list
  132.         pcap_if_t *d; //device list
  133.         int devnum; 
  134.         
  135.         int i=0;
  136.         if ((cp = strrchr(argv[0], '/')) != NULL)
  137.                 program_name = cp + 1;
  138.         else
  139.                 program_name = argv[0];
  140.         if(argc < 2)
  141.                 usage();
  142.                 
  143.         while ((op = getopt(argc, argv,"Di:t:")) != -1)
  144.         switch (op) {
  145.                 case 'D':
  146.                         if (pcap_findalldevs(&devpointer, ebuf) < 0)
  147.                                 fprintf(stderr,"Error in pcap_findalldevs_ex: %s/n", ebuf);
  148.                         else {
  149.                                 for (i = 0; devpointer != 0; i++) {
  150.                                         printf("%d.%s", i+1, devpointer->name);
  151.                                         if (devpointer->description != NULL)
  152.                                                 printf(" (%s)", devpointer->description);
  153.                                         printf("/n");
  154.                                         devpointer = devpointer->next;
  155.                                 }
  156.                         }
  157.                         return 0;
  158.                 case 'i':
  159.                         if (optarg[0] == '0' && optarg[1] == 0){
  160.                                 printf("Invalid adapter index");
  161.                                 usage();
  162.                                 }
  163.                                 
  164.                         
  165.                         if ((devnum = atoi(optarg)) != 0) {
  166.                                 if (devnum < 0)
  167.                                         fprintf(stderr, "Invalid adapter index");
  168.                                 if (pcap_findalldevs(&devpointer, ebuf) < 0)
  169.                                         fprintf(stderr,"Error in pcap_findalldevs: %s", ebuf);
  170.                                 else {
  171.                                         for (i = 0; i < devnum-1; i++){
  172.                                                 devpointer = devpointer->next;
  173.                                                 if (devpointer == NULL)
  174.                                                         printf("Invalid adapter index");
  175.                                         }
  176.                                 }
  177.                                 device = devpointer->name;
  178.                                 break;
  179.                         }
  180.                         device = optarg;
  181.                         break;
  182.                                                 
  183.              case 't':
  184.                 cap_time=atoi(optarg);
  185.                 tFlag=1;
  186.                 break;
  187.              default:
  188.                  usage();       
  189.                  break;
  190.                 
  191.         }
  192.                 
  193.         if((pd = pcap_open_live(device, DEFAULT_SNAPLEN, 1, 1000, ebuf)) == NULL)
  194.         {
  195.                 (void)fprintf(stderr, "pcap_loop: %s/n", pcap_geterr(pd));
  196.                 exit(1);
  197.         }
  198.         signal(SIGALRM, sig_alarm);
  199.         if(tFlag==1)
  200.         alarm(cap_time);
  201.         struct bpf_program fcode;
  202.         pcap_compile(pd, &fcode, NULL, 1, 0);
  203.         pcap_setfilter(pd, &fcode);
  204.                 if(pcap_loop(pd, -1, eth_printer, NULL) < 0){
  205.                 (void)fprintf(stderr, "pcap_loop: %s/n", pcap_geterr(pd));
  206.                 exit(1);
  207.         }
  208.         pcap_close(pd);
  209.         return 0;
  210. }
  211. void usage()
  212. {
  213.                 printf("==============================================================/n");
  214.                 printf("+/tether tool/t/t/n");
  215.                 printf("+/n");
  216.                 printf("+/t/t ~~~print the simple ether mac flow~~~/n");
  217.                 printf("+/tCopyright  shile/n");
  218.                 printf("==============================================================/n/n");
  219.                 printf("usage: %s [-iDt] /n/t-D list interfaces/n/t-i <interface> [-t <cap time>] /n/n", program_name);
  220.                 exit(0);
  221. }

你可能感兴趣的:(编程,c,linux,网络,header,null)