Network Traffic Analyzer Project 05082013054125 Network Trafffic Analyser

ARTTC, Ranchi-835217
Summer Training
Date:- 03/06/2013 to 29/06/2013
Project on
Network traffic anallyser
Submitted By:-
Om Prakash singh Munda
Rupesh Kumar Gonjhu
Prakash kumar Ravidas
Sujit Kumar Bauri
Under the guidance of
Mr. Ranjan Kumar Ram
SDE (TF), ARTTC Ranchi
Abstract:-
The rapid growth of Internet Traffic has emerged as a major issue due to the rapid
development of various network applications and Internet services. One of the
challenges facing Internet Service Providers (ISPs) is to optimize the performance
of their networks in the face of continuously increasing amounts of IP traffic while
guaranteeing some specific Quality of Services (QoS). Therefore it is necessary for
ISPs to study the traffic patterns and user behaviors in different localities, to
estimatethe application usage trends, and thereby to come up with solutions that
caneffectively, efficiently, and economically support their users’ traffic.
The main objective of this thesis is to analyze and characterize traffic in a local
multi-service residential IP network in Sweden (referred to in this report as
“Network North”). The data about the amount of traffic was measured using a real-
time traffic-monitoring tool from Packet Logic. Traffic from the monitored
network to various destinations was captured and classified into 5 ring-wise
locality levels in accordance with the traffic’s geographic destinations: traffic
within Network North and traffic to the remainder of the North of Sweden,
Sweden, Europe, and World.
Parameters such as traffic patterns (e.g., traffic volume distribution,
application usage, and application popularity) and user behavior (e.g., usage habits,
user interests,
etc.) at different geographic localities were studied in this project. As a result of a
systematic and in-depth measurement and the fact that the number of content
servers at the World, Europe, and Sweden levels are quite large, we recommend
that an intelligent content distribution system be positioned at Level 1 localities in
order to reduce the amount of duplicate traffic in the network and thereby
removing this traffic load from the core network.
The results of these measurements provide a temporal reference for ISPs of
their present traffic and should allow them to better manage their network.
However, due to certain circumstances the analysis was limited due to the set of
available daily traffic traces. To provide a more trustworthy solution, a relatively
longer-term, periodic, and seasonal traffic analysis could be done in the future
based on the established measurement framework.
CERTIFICATE
This is to certify that the B.Tech students Om Prakash Singh

Munda, Rupesh Kumar Gonjhu, Prakash Kumar Ravidas and Sujit
Kumar Bauri of National Institute of Technology (NIT), Jamshedpur
have undergone the live project on Network Traffic Analyser and have
prepared this project report by virtue of their Diligence and self effort.
They have successfully completed every aspect of this project with

a lot of sincerity while abiding with the rules of the institution.
We wish them all success for their future .
Mr. Ranjan Kumar Ram
SDE (TF)
ARTTC Ranchi
Acknowledgements:-
First and foremost, I would like to express my sincere gratitude to my
lecturer and SDE incharge,BSNL Ranchi Mr. Ranjan Kumar Ram for the
valuable guidance which inspired me throughout the whole thesis work. Without
his consistent, precise and illuminating feedbacks and suggestions, this thesis could
not reach its present form. I cherished every comment from him which was vital
for me to improve my work, and even the future study would ever been.
Furthermore, I would like to thank Sir G.Manjhi SDE incharge,BSNL
Ranchi for his advices and sharing knowledge during this project work. In
addition, I want to show my special appreciation to my parents. Thank you for
always supporting behind me. I could not success without your understanding and
encouragement.
Finally, I would like to thank all my group members who helped me
during the entire project.
Om Prakash Singh Munda

(Under Graguate)
Computer science and Engg.
NIT ,Jamshedpur
Reg. No:-CS110315
Introduction:-
internet traffic has been constantly increasing with the revolutionary
developments in communication networks and applications. Global IP traffic is
predicted to increase threefold over the next 5 years in Cisco’s report on global IP
traffic forecast for 2011–2016[1] . The diversified development of communication
methods has not only increased demand for Internet access, but also brought
heavier network traffic loads. As revealed in [1], most IP traffic originating with
PC devices has a tendency to continue to generate increasing traffic loads,
meanwhile the traffic generating by non-PC devices would will double in the next
few years.
The greatly increased user demands have caused the Internet to successfully
evolve into a mainstream market from an esoteric niche. The Internet service
providers (ISPs), on one hand, have realized the business opportunities and rapidly
developed a wide variety of network applications and Internet services, which in
turn brought in considerable revenue while generating increasing traffic loads. On
the other hand, ISPs are obsessed with the traffic stress associated with offering
various services. Therefore, there is a need to consider potential network
management solutions.
The question of how to avoid traffic bottlenecks is obsessing ISPs all of the
time. An efficient method to address network traffic issue is to monitor the
network performance based upon real time continuous data collection, and by
understanding the network traffic patterns to propose effective and economical
solutions to support the expected traffic.
ISPs connect end users to the Internet. Additionally, these ISPs exchange
traffic with other ISPs so that the users connected to different ISPs can
communicate with each other. This is called interconnection [2]. The growing
amount of network traffic transiting the Internet has required tremendous
expenditures by ISPs. However, the ISPs want to minimize the cost of operating
their business.
A common way to reduce the network traffic and cost for ISPs is to use
peering between two or among several ISPs[3]. Figure 1-1 shows the basic
topology of these network interconnections, in which transiting and peering are the
two main functions.
Transiting is a simple service that forward packets from one user to the
upstream ISP, and the upstream ISP decides where these packets should be
forwarded based upon entries in its routing table. ISPs need to defray certain
expenses to obtain access to the upstream ISP’s routing[4]. When two service
providers have nearly same network scale, cost, and traffic volumes, it is
unnecessary for each of them to pay a transit fee in both directions, as they would
be paying each other equal amounts of money. In this case the service providers
will implement a peering solution.
Problem Statement :
Design a software which can analyse the traffic in the network. It should provide
an interface by which one can filter packets using different criterias like protocol,
Source address, port etc.
Understanding of the problem:
We are asked to analyze the traffic in the network. We are also asked to filter the
packets using different criterias like protocol,Source address etc. These can be
easily achieved if we can
1. Capture all the packets that are owing through the network interface and if
we can
2. Capture these packets as a whole i.e before stripping of the packet begins.
(Our packet should contain the data along with the other headers)
Tools Used:
1. Raw Socket Programming( Sniffing ) in C for capturing and filtering the
packets.
2. Gtk, a C Library, for building the Graphical User Interface (GUI).
Steps involved in solving the problem:
Problem formulation:
 We can only receive frames destined to us (Unicast) , to everyone

(Broadcast) and to some selected addresses we subscribe to (Multicast).
 All Headers i.e. Ethernet, IP, TCP etc are stripped by the network stack and
only the data is shipped to the application layer.
The picture given above explains the stripping of the packet clearly:
How to solve the problem:
Inorder to solve the above problem, it would be interesting:

 If we could receive the frames for all computers connected to our broadcast
domain
Promiscous mode.
 If we could get all the headers i.e. Ethernet , TCP, IP etc from the network
and analyze them
Raw Sockets.
Promiscous Mode:
 Tells the network driver to accept all packets irrespective of whom the
packets are addressed to.
 We can do this in UNIX sytem by using the ifconfig utility - ìfconfig
interface name promisc' (try `sudo ifconfig interface name promisc' if
ìfconfig interface name promisc' does not work)
Raw Sockets:
 Raw sockets provide a way to bypass the whole network stack traversal of a
packet and deliver
it directly to an application.
 We will concentrate on the PF PACKET interface for creating raw sockets.
Coding:
Sniffer.h
/*
Group Members:
* Shubham Toshniwal
* Sanjay Kumar
* Guruprasad Nayak
* A Chaitanya
*/
#include<linux/if_packet.h>
#include<linux/if_ether.h>
#include<stdio.h>
#include<stdlib.h>
#include<sys/socket.h>
#include<features.h>
#include<errno.h>
#include<sys/ioctl.h>
#include<net/if.h>
#include<string.h>
#include <time.h>
#define MAXLENGTH 2048 // Sets the length of buffer in

which we are going to store the packet
#define MAX_PACKETS 50000 // Maximum number of packets
that can be captured
#define TIMEOUT 1 /* Time after which gtk_main
is invoked(To check for if a new packet has been captured and
print it on the GUI
interface if there is one)*/
#define MAXINTERFACES 10 // Maximum number of
network interfaces
#define PDFVIEWER "okular"
//The default pdf viewer
/* Returns 1 if the packet captured was according to the filter set by user
* Also is a general function to fill the structure entries of the packet by calling the
specialised functions
* Is the soul of the Code for decoding of packets
*/
int PrintPacketInformation(unsigned char *,int);
//Fills the fields of the "packe" structure in case of IPv4|TCP

void PrintPacketInformation_TCP(unsigned char *, int);
//Fills the fields of the "packe" structure in case of IPv4|UDP
void PrintPacketInformation_UDP(unsigned char *, int);
//Fills the fields of the "packe" structure in case of IPv4|ICMP

void PrintPacketInformation_ICMP(unsigned char *, int);
//Fills the fields of the "packe" structure in case of ARP and returns 1 if all the
fields required by user are satisfied
int PrintPacketInformation_ARP(unsigned char *, int);
//Fills the fields of the "packe" structure in case of IPv6|UDP

void PrintPacketInformation_UDP_IPv6(unsigned char *, int);
//Fills the fields of the "packe" structure in case of IPv6|TCP

void PrintPacketInformation_TCP_IPv6(unsigned char *, int);
//Fills the fields of the "packe" structure in case of IPv6|ICMP

void PrintPacketInformation_ICMP_IPv6(unsigned char *, int);
//Converts a hexadecimal character to its decimal value

int xtod(char);
//Converts a hexadecimal string to its decimal value

int hextoint(char *, int);
//Prints the packet

void Printpacket();
//Dump the hex code of packet into the hex_dump field of "packe"
void Printhexdump(unsigned char *,int);
typedef struct packe{

int index; // Index of the captured
packet
int size; // Size of the frame
received
double arrival_time; // Time of arrival
char source[40]; // Source Address
char destination[40]; // Destination Address
char protocol[10]; // Protocol used at the topmost
layer i.e. the deepest in the packet
char protocol_hierarchy[80]; // Encapsulation Sequence i.e.
IPv4:TCP:FTP
char relevant[100]; // Something really important
about the packet
char less_relevant[400]; // General and less relevant
information obtained from the packet
char hex_dump[2048]; // The packet printed in Hex
format
}pack;
sniffer.c
#include "sniffer.h"
// Global variables
int count_printed; // Number of packets

captured and printed till now
// User defined filters
char protocol[15] = "all"; // protocol to sniff

char source_ip[40] = ""; // Source address to sniff on
char destination_ip[40] = ""; // Destination address to sniff
on
char source_MAC[40] = ""; // Source address MAC
Address to sniff on
char destination_MAC[40] = ""; // Destination MAC
address to sniff on
pack packet_struct[MAX_PACKETS]; // Initialize the structure

packet for MAX_PACKETS number of packets
// Packet Sniffer that takes the argument name of interface on which trafic is to
analysed
int main(int argc, char **argv)
{
// declaration of variables
int rawsock; // raw socket
descriptor
int len; // length of
packet
int proto;
int state = 1; // Continue sniffing packet
till state != 0
char buffer[MAXLENGTH];
struct sockaddr_ll sll; // structure of type
sock address
struct ifreq req; // structure
required to request a particular interface for socket ioctl commands
int t; // Variable
to chaeck whether the packet captured was according to our needs
struct timeval tv1, tv2; // Variables required to
calculate the time of arrival of packet w.r.t starting the capture
// Initializing Global variables
count_printed = 0;
// Set the protocol family which are to be captured in the protocol field of
Socket
// All Protocol
if (strcmp(protocol,"all") == 0)
proto = ETH_P_ALL;
// IPv4 Protocol
if (strcmp(protocol,"ipv4") == 0 || strcmp(protocol,"ipv4|udp") == 0 ||
strcmp(protocol,"ipv4|tcp") == 0 || strcmp(protocol,"ipv4|icmp") == 0)
proto = ETH_P_IP;
// IPv6 Protocol
proto = ETH_P_IPV6;
// ARP Protocol
if (strcmp(protocol,"arp") == 0)
proto = ETH_P_ARP;
/* Creating the packet socket
* Only a root owner can run this line because only have the capability to
open packet sockets(that is why we CAN RUN THIS
CODE ONLY WITH ROOT PERMISSIONS).
* Packet Sockets with socket_type to be SOCK_RAW allow us to bypass
the network stack so that we get the packet directly
delivered to us(without any header ripped off).
* PF_PACKET interface allows us to send/receive packets directly at the
device driver level, thus all packets received
will be complete with header and data
* The third argument of creating a socket specifies the protocol of which
packets are to be filtered
*/
if((rawsock = socket(PF_PACKET, SOCK_RAW, htons(proto)))== -1)

{
perror("Error in creating raw socket: ");
exit(-1);
}
//Initialize the structures
bzero(&sll, sizeof(sll));
bzero(&req, sizeof(req));
/* IFNAMSIZ is a constant defined in <net/if.h> file which defines the

maximum buffer size value needed to hold an interface
name (Its value is defined to be 16 in the header file)*/
/* strncpy is a safe way of copying than strcpy(buffer overflow) and hence
IFNAMSIZ is a real boon */
/* We specify the device we want to affect by the ifr_name field and hence
we are copying the interface name as argument to
the required field */
strncpy((char *)req.ifr_name, argv[1], IFNAMSIZ);
// First Get the Interface Index

/* SIOCGIFINDEX : Request to retrieve the interface index into the
ifr_ifindex field of ifreq structure*/
if((ioctl(rawsock, SIOCGIFINDEX, &req)) == -1)

{
printf("Error while retrieving Interface index !\n");
exit(-1);
}
sll.sll_family = AF_PACKET;
/* For binding the device to some interface, we need to the sll_ifindex field
of sockaddr_ll structure to the interface
index of the device*/
sll.sll_ifindex = req.ifr_ifindex;
sll.sll_protocol = htons(proto);
// Finally,binding the socket to the given interface
if((bind(rawsock, (struct sockaddr *)&sll, sizeof(sll)))== -1)

{
perror("Error binding raw socket to interface\n");
exit(-1);
}
// Record this time i.e. the time just before we start capturing the packets
gettimeofday(&tv1, NULL);
// Start Sniffing and print the details of every packet

while(state)
{
if((len = recvfrom(rawsock, buffer, MAXLENGTH, 0, NULL,
NULL)) == -1)
{
perror("Recv from returned -1: ");
exit(-1);
}
// Time after capturing the packet
else
{
if (count_printed == MAX_PACKETS)
// Stop printing the packets beyond MAX_PACKETS
state = 0;
sprintf(packet_struct[count_printed].less_relevant,"Frame Size :
%d bytes \n",len);
// Call the function to put the relevant details into the packet
fields
t = PrintPacketInformation(buffer, len);
// Packet has been received successfully and is according to
filters set by the User!!
if (t)
{
packet_struct[count_printed].size = len;
packet_struct[count_printed].index = count_printed + 1;
packet_struct[count_printed].arrival_time = ((double)
(tv2.tv_usec - tv1.tv_usec)/1000000 + (double) (tv2.tv_sec - tv1.tv_sec));
Printpacket();
Printhexdump(buffer,len);
count_printed ++;
}
else
{
bzero(packet_struct,sizeof(pack));
}
}
//Initialize the buffer again for proper overwriting

bzero(buffer,MAXLENGTH);
}
//Close the socket

//The vale 2 specifies that we are closing the socket for both send and
receive
shutdown(rawsock,2);
return 0;
}
// Convert a hexadecimal character to int
int xtod(char c) {
if (c >= '0' && c <= '9')
return c - '0';
if (c >= 'A' && c <= 'F')
return c - 'A' + 10;
if (c >= 'a' && c <= 'f')
return c - 'a' + 10;
else
return c = 0; // Not in hexadecimal
}
// Returns the integer value of a hexadecimal string
int hextoint(char *hex, int len)

{
if (len == 0)
return 0;
return (hextoint(hex,len -1)*16 + xtod(hex[len -1]));
}
void Printpacket(){
printf("\n............Packet Information starts here.........\n\n");
printf("Index : %d Time : %f Source : %s Destination : %s Protocol : %s
Info : %s \nEncapsulation : %s\nLess Relevant : %s",
count_printed,packet_struct[count_printed].arrival_time,packet_struct[count_print
ed].source,packet_struct[count_printed].destination,
packet_struct[count_printed].protocol,packet_struct[count_printed].relevant,packet
_struct[count_printed].protocol_hierarchy,
packet_struct[count_printed].less_relevant);
printf("\n............Packet Information ends here.........\n\n");
}
void Printhexdump(unsigned char *packet,int len){

int t = 0;
while(t < len) {
sprintf(packet_struct[count_printed].hex_dump,"%s
%02x",packet_struct[count_printed].hex_dump,packet[t]);
t++;
}
}
void PrintPacketInformation_UDP(unsigned char *packet, int len)

{
int IP_header_length;
int s_port;
int d_port;
// Temporary Storage
int size = 100;
char temp[5];
char temp1[size];
char temp2[size];
sprintf(temp,"%02x",packet[14]);
IP_header_length = xtod(temp[1]);
IP_header_length = 4*IP_header_length;
// Relevant to UDP
bzero(temp,5);
sprintf(temp,"%02x%02x",packet[14 + IP_header_length],packet[35 +
IP_header_length]);
s_port = hextoint(temp,4);
sprintf(packet_struct[count_printed].relevant,"Source Port : %d",s_port);
bzero(temp,5);
IP_header_length]);
d_port = hextoint(temp,4);
//Checking for some commonly used dest_ports
if (d_port == 2008) {
sprintf(packet_struct[count_printed].relevant,"%s Destination Port :
terminaldb",packet_struct[count_printed].relevant);
return;
}
// Simple Service Discovery Protocol -
else if (d_port == 1900){

sprintf(packet_struct[count_printed].protocol,"SSDP");
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:SSDP",packet_struct[
count_printed].protocol_hierarchy);
if (s_port == 1900)
sprintf(packet_struct[count_printed].relevant,"NOTIFY *
HTTP/1.1");
else
sprintf(packet_struct[count_printed].relevant,"%s M-SEARCH
* HTTP/1.1",packet_struct[count_printed].relevant);
return;
}

mvs-capacity",packet_struct[count_printed].relevant);
return;
}
else if (d_port == 17500 && s_port == 17500){

sprintf(packet_struct[count_printed].relevant,"DropBox LAN Sync
Discovery Protocol");
return;
}
//Simply print the port, if the above checks fail
else {
%d",packet_struct[count_printed].relevant,d_port);
return;
}
}
void PrintPacketInformation_UDP_IPv6(unsigned char *packet,int len)
{
int s_port;
int d_port;
char temp[5];
bzero(temp,5);
sprintf(temp,"%02x%02x",packet[54],packet[55]);
bzero(temp,5);
// Checking for some commonly used dest_ports
/* The WS-Discovery protocol uses the UDP port 3702. The multicast
address used is 239.255.255.250 on IPV4 networks and
[FF02::C] on IPV6 networks. The WS-Discovery protocol uses SOAP and
UDP (User Datagram Protocol) multicast to enable
services to be discovered by a client */
if (d_port == 3702){
ws-discovery",packet_struct[count_printed].relevant);
return;
}
if (d_port == 2008) {
return;
}

if (s_port == 1900)
HTTP/1.1");
else
return;
}

return;
}

return;
}
else {
return;
}
}
void PrintPacketInformation_TCP(unsigned char *packet, int len){
char temp[5];
int window_size;
int s_port;
int d_port;
int time_to_live;
//Header length field - The check is necessary because it is not necessary that
the length is always 20 bytes
bzero(temp,5);
IP_header_length]);
bzero(temp,5);
IP_header_length]);
//Check for some well known protocols
//Check for FTP

if (s_port == 21){
sprintf(packet_struct[count_printed].protocol,"FTP");
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:FTP",packet_struct[c
ount_printed].protocol_hierarchy);
}
//Check for Echo

else if (s_port == 7){
sprintf(packet_struct[count_printed].protocol,"Echo");
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:Echo",packet_struct[c
}
//Check for SSH

sprintf(packet_struct[count_printed].protocol,"SSH");
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:SSH",packet_struct[c
}
//Check for Telnet

sprintf(packet_struct[count_printed].protocol,"Telnet");
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:Telnet",packet_struct[
}
//Check for imap

sprintf(packet_struct[count_printed].protocol,"IMAP");
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:IMAP",packet_struct[
}
//Check for http

sprintf(packet_struct[count_printed].protocol,"HTTP");
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:HTTP",packet_struct[
}
//Check for pop3

sprintf(packet_struct[count_printed].protocol,"Pop3");
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:Pop3",packet_struct[c
}
//Check for https
sprintf(packet_struct[count_printed].protocol,"HTTPS");
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:HTTPS",packet_struc
t[count_printed].protocol_hierarchy);
}
// None of the above protocols

else{
sprintf(packet_struct[count_printed].less_relevant,"%sSource Port :
%d Destination Port :
%d\n",packet_struct[count_printed].less_relevant,s_port,d_port);
}
bzero(temp,5);
time_to_live = hextoint(temp,2);
bzero(temp,5);
IP_header_length]);
window_size = hextoint(temp,4);
sprintf(packet_struct[count_printed].relevant,"Time to live %d, Window size

: %d",time_to_live,window_size);
void PrintPacketInformation_TCP_IPv6(unsigned char *packet, int len){
char temp[5];
int window_size;
int s_port;
int d_port;
int time_to_live;
bzero(temp,5);
bzero(temp,5);
//Check for FTP

if (s_port == 21){
}
//Check for Echo

}
//Check for SSH

}
//Check for Telnet

}
//Check for imap

}
//Check for http

}
//Check for pop3

}
//Check for https

}

else{
%d",packet_struct[count_printed].less_relevant,s_port,d_port);
}
bzero(temp,5);
bzero(temp,5);

void PrintPacketInformation_ICMP(unsigned char *packet, int len){
char temp[5];
int type; // Type of ICMP request
// Not so relevant
bzero(temp,5);
bzero(temp,5);
sprintf(temp,"%02x",packet[14 + IP_header_length]);
type = hextoint(temp,2);
if (type == 0) {
sprintf(packet_struct[count_printed].relevant,"Echo reply");
return;
}
if (type == 8) {
sprintf(packet_struct[count_printed].relevant,"Echo request");
return;
}
if (type == 9) {
sprintf(packet_struct[count_printed].relevant,"Router
discovery/selection/solicitation");
return;
}
else {
sprintf(packet_struct[count_printed].relevant,"ICMP packet of type
%d\n",type);
return;
}
}
void PrintPacketInformation_ICMP_IPv6(unsigned char *packet, int len){
char temp[5];
// Not so relevant
bzero(temp,5);
if (type == 128) {
sprintf(packet_struct[count_printed].relevant,"Echo Request");
return;
}
if (type == 129) {
sprintf(packet_struct[count_printed].relevant,"Echo Reply");
return;
}
if (type == 133) {
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:NDP",packet_struct[c
sprintf(packet_struct[count_printed].protocol,"NDP");
sprintf(packet_struct[count_printed].relevant,"Router Soclicitation");
return;
}
if (type == 134) {
Advertisement");
return;
}
if (type == 135) {
sprintf(packet_struct[count_printed].relevant,"Neighbour
solicitation");
return;
}
else {
sprintf(packet_struct[count_printed].relevant,"ICMPv6 packet of type
%d\n",type);
return;
}
}
int PrintPacketInformation_ARP(unsigned char *packet, int len){
char opcode[3];
int size = 100;
char temp1[size];
char temp2[size];
sprintf(opcode,"%02x%02x",packet[20],packet[21]);
if (strcmp(opcode,"0001")==0){
// ARP Request
// Destination MAC
bzero(temp1,size);
bzero(temp2,size);
sprintf(temp1,"Destination MAC address: ");
sprintf(temp2,"%02x:%02x:%02x:%02x:%02x:%02x", packet[0],
packet[1], packet[2], packet[3], packet[4], packet[5]);
if ((strcmp(destination_MAC,"") != 0) &&
(strcmp(destination_MAC,temp2) != 0))
return 0;
sprintf(packet_struct[count_printed].less_relevant,"%s
%s\n",temp1,temp2);
// Source MAC
bzero(temp1,size);
bzero(temp2,size);
sprintf(temp1,"Source MAC address: ");
if ((strcmp(source_MAC,"") != 0) && (strcmp(source_MAC,temp2) !
= 0))
return 0;
sprintf(temp1,"%s%s\n",temp1,temp2);
strcat(packet_struct[count_printed].less_relevant,temp1);
//Source
sprintf(packet_struct[count_printed].source,"%s",temp2);
// Source IP-compare
bzero(temp2,size);
sprintf(temp2,"%d.%d.%d.
%d",packet[28],packet[29],packet[30],packet[31]);
if (strcmp(temp2,source_ip)!= 0)
return 0;
// Destination IP -Compare
sprintf(packet_struct[count_printed].destination,"%d.%d.%d.
if (strcmp(packet_struct[count_printed].destination,destination_ip) !=
0){
return 0;
}
// Destination
sprintf(packet_struct[count_printed].destination,"Broadcast");
// Relevant Information
sprintf(packet_struct[count_printed].relevant,"Who has %d.%d.%d.
%d ? Tell %d.%d.%d.
%d",packet[38],packet[39],packet[40],packet[41],packet[28],packet[29],packet[30]
,packet[31]);
}
// ARP reply
// Destination MAC
bzero(temp1,size);
bzero(temp2,size);
return 0;
%s\n",temp1,temp2);
// Destination
sprintf(packet_struct[count_printed].destination,"%s",temp2);
// Source MAC
bzero(temp1,size);
bzero(temp2,size);
= 0))
return 0;
// Source
sprintf(packet_struct[count_printed].relevant,"%d.%d.%d.%d has
MAC address %02x:%02x:%02x:%02x:%02x:
%02x\n",packet[28],packet[29],packet[30],packet[31],packet[22],packet[23],packe
t[24],packet[25],packet[26],packet[27]);
bzero(temp2,size);
return 0;
// Destination IP-comapare
bzero(temp2,size);
if (strcmp(temp2,destination_ip)!= 0)
return 0;
}
return 1;
int PrintPacketInformation(unsigned char *packet, int len)

{
sprintf(packet_struct[count_printed].protocol_hierarchy,"Ethernet");
sprintf(packet_struct[count_printed].protocol,"Ethernet");
// Stores the Ether type field of the Ethernet packet
char eth_type[4];
// Stores the Protocol field of the IPv4 packet

char IP_type[2];
// Stores the "Next Header" field of the IPv6 packet

char IPv6_type[2];
int size = 100;
char temp1[size];
char temp2[size];
int t = 0;
sprintf(eth_type, "%02x%02x",packet[12],packet[13]);
// IPv4 - Ethertype field = 0x0800
if (strcmp(eth_type,"0800") == 0 && ((strcmp(protocol,"ipv4") == 0) ||

(strcmp(protocol,"ipv4|udp") == 0) || (strcmp(protocol,"ipv4|tcp") == 0) ||
(strcmp(protocol,"ipv4|icmp") == 0) || (strcmp(protocol,"all") == 0))){
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:IPv4",packet_struct[c
sprintf(packet_struct[count_printed].protocol,"IPv4");
// Destination MAC
bzero(temp1,size);
bzero(temp2,size);
return 0;
// Source MAC
bzero(temp1,size);
bzero(temp2,size);
= 0))
return 0;
// Source IP
bzero(temp1,size);
bzero(temp2,size);
sprintf(temp1,"Source IP address: ");
sprintf(temp2,"%d.%d.%d.%d", packet[26], packet[27], packet[28],
packet[29]);
if ((strcmp(source_ip,"") != 0) && (strcmp(source_ip,temp2) != 0))
return 0;
// Source
// Destination IP
bzero(temp1,size);
bzero(temp2,size);
sprintf(temp1,"Destination IP address: ");
packet[33]);
if ((strcmp(destination_ip,"") != 0) && (strcmp(destination_ip,temp2)
!= 0))
return 0;
// Destination
//Find out the type of protocol

sprintf(IP_type,"%02x",packet[23]);
if ((strcmp(IP_type,"06") == 0) && ((strcmp(protocol,"all") == 0) ||

(strcmp(protocol,"ipv4") == 0) || (strcmp(protocol,"ipv4|tcp") == 0))){
// TCP packet
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:TCP",packet_struct[c
sprintf(packet_struct[count_printed].protocol,"TCP");
PrintPacketInformation_TCP(packet, len);
return 1;
}

(strcmp(protocol,"ipv4") == 0) || (strcmp(protocol,"ipv4|udp") == 0))) {
// UDP packet
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:UDP",packet_struct[c
sprintf(packet_struct[count_printed].protocol,"UDP");
PrintPacketInformation_UDP(packet, len);
return 1;
}

(strcmp(protocol,"ipv4") == 0) || (strcmp(protocol,"ipv4|icmp") == 0))){
// ICMP packet
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:ICMP",packet_struct[
sprintf(packet_struct[count_printed].protocol,"ICMP");
PrintPacketInformation_ICMP(packet, len);
return 1;
}
}
// ARP - Ethertype field = 0x0806
else if ((strcmp(eth_type,"0806") == 0) && ((strcmp(protocol,"arp") == 0) ||

(strcmp(protocol,"all") == 0))){
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:ARP",packet_struct[c
sprintf(packet_struct[count_printed].protocol,"ARP");
return PrintPacketInformation_ARP(packet,len);
}
//IPv6 - Ethertype field = 0x86dd

else if ((strcmp(eth_type,"86dd") == 0) && ((strcmp(protocol,"ipv6") == 0)
|| (strcmp(protocol,"ipv6|udp") == 0) || (strcmp(protocol,"ipv6|tcp") == 0) ||
// Destination MAC
bzero(temp1,size);
bzero(temp2,size);
return 0;
%s\n",temp1,temp2);
// Source MAC
bzero(temp1,size);
bzero(temp2,size);
= 0))
return 0;
// Source IPv6
bzero(temp1,size);
bzero(temp2,size);
sprintf(temp1,"Source IPv6 address: ");
sprintf(temp2,"%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x
%02x:%02x%02x:%02x%02x:%02x%02x", packet[22], packet[23], packet[24],
packet[25], packet[26], packet[27], packet[28], packet[29], packet[30], packet[31],
packet[32], packet[33], packet[34], packet[35], packet[36], packet[37]);
return 0;
// Source - field of packe

// Destination IPv6
bzero(temp1,size);
bzero(temp2,size);
sprintf(temp1,"Destination IPv6 address: ");
!= 0))
return 0;
// Destination
//Next Header field

sprintf(IPv6_type,"%02x",packet[20]);
// Depending on the Next Header Field
if ((strcmp(IPv6_type,"11") == 0) && ((strcmp(protocol,"all") == 0) ||

(strcmp(protocol,"ipv6") == 0) || (strcmp(protocol,"ipv6|udp") == 0))){
PrintPacketInformation_UDP_IPv6(packet,len);
return 1;
}

PrintPacketInformation_TCP_IPv6(packet,len);
return 1;
}
if ((strcmp(IPv6_type,"3a") == 0) && ((strcmp(protocol,"all") == 0) ||

sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:ICMPv6",packet_stru
ct[count_printed].protocol_hierarchy);
sprintf(packet_struct[count_printed].protocol,"ICMPv6");
PrintPacketInformation_ICMP_IPv6(packet,len);
return 1;
}
// If the packet is of none of the above types then fill the entries with
"Unknown"
else{
sprintf(packet_struct[count_printed].source,"Unknown");
sprintf(packet_struct[count_printed].destination,"Unknown");
sprintf(packet_struct[count_printed].protocol,"Unknown");
sprintf(packet_struct[count_printed].relevant,"Packet of unknown
type");
sprintf(packet_struct[count_printed].less_relevant,"Packet of
unknown type, not identified by our software");
return 1;
}
return 1;
return 0;
}
interfaces.py
import os
import platform
import subprocess
import string
def findalldev():
'''Returns a list of network interfaces'''
##Lists all the interfaces on which

list_of_devices = []
##Since the method we are using to get the list of network interfaces it
##helps to check the Platform we are workking on
##If platform is Windows

if platform.system() == "Windows":
##Strategy:
##(1)Run the command "ipconfig /all"
##(2)Store the output in a file
##(3)Parse its output to provide the list of interfaces
##(1) and (2)

f = os.popen("ipconfig /all")
##(3)
state = 0
for line in f:
if line == "\n":
state = 1
continue
if state:
if "Description" in line:
t = line.split(":")
list_of_devices.append(t[1].strip())
state = 0
##If platform is Linux

if platform.system() == "Linux":
##Strategy:
##(1)The file cat /proc/net/dev has all the N/w interfaces along with
##their details.
##(2)Run the shell command "cat /proc/net/dev" and direct its output to
##a file "/tmp/devicenames"
##(3)Open the file.
##(4)Parse the file.
##(5)Close the file
##(6)Remove the file
##(2)
subprocess.call("cat /proc/net/dev > /tmp/devicenames",shell=True)
##(3)
f = open('/tmp/devicenames','r')
##(4)
for line in f:
if ":" in line:
t = line.split(':')
t[0] = t[0].strip()
if t[0] != "lo":
list_of_devices.append(t[0])
##(5)
f.close()
##(6)
subprocess.call("rm /tmp/devicenames",shell=True)
##Return the list of devices

return list_of_devices
p = findalldev()
count = 0
for j in p:
if count == 0:
f = open('./interfaces.txt','w')
f.write(j + "\n")
f.close()
else:
f = open('./interfaces.txt','a')
f.write(j + "\n")
count = count + 1
f.close()
gui.c
#include "sniffer.h"
#include <pthread.h>
#include <gtk/gtk.h>
#include <time.h>
pthread_t thread1,thread2;
int count_captured; // Number of
packets captured till now
int count_print_anyways;
int count_printed;
int count_printed; // Number of packets

captured and printed till now
char interface_names[MAXINTERFACES][IFNAMSIZ];
// Stores he name of interfaces
int number_of_interfaces; // Total number of
interfaces present in the system
// User defined filters
char protocol[15] = "all"; // default protocol to sniff

char source_ip[40] = ""; // Source address to sniff on
char destination_ip[40] = ""; // Destination address to sniff
on
char source_MAC[40] = ""; // Source address MAC
Address to sniff on
char destination_MAC[40] = ""; // Destination MAC
address to sniff on
pack packet_struct[MAX_PACKETS];
// Number of packets printed till now

// buffer in which sniffed packet is stored
char interface[10] = "eth0"; //default value for interface

gchar datum[1000][6][300];
int indx = 0;
int DUMMY = FALSE;
int glob_index=0;
void Inames(){
system("python interfaces.py");
int i,j;
char line[IFNAMSIZ];
int t = 0;
static const char filename[] = "interfaces.txt";
// Global variable
number_of_interfaces = 0;
FILE *file;
file = fopen(filename, "r");
if ( file != NULL )
{
while (fgets(line,IFNAMSIZ,file) != NULL)
{
number_of_interfaces ++;
}
// Close the file

fclose ( file );
}
char interface[number_of_interfaces][IFNAMSIZ];
file = fopen(filename, "r");
bzero(interface,sizeof(interface));
if ( file != NULL )
{
while (fgets(line,IFNAMSIZ,file) != NULL)
{
strcpy(interface[t],line);
t++;
}
// Close the file

fclose(file);
}
else
{
perror(filename);
}
for(j = 0; j < number_of_interfaces; j++)

{
for(i = 0; i < (strlen(interface[j])-1); i++)
{
interface_names[j][i] = interface[j][i];
}
}
}
//basic code to bring up a pop up window to display some message with some title
void popup_window (gchar *message,gchar * title) {
GtkWidget *dialog, *label, *content_area;
dialog = gtk_dialog_new_with_buttons (title,NULL,
GTK_DIALOG_DESTROY_WITH_PARENT,GTK_STOCK_OK,GTK_RESPO
NSE_NONE,NULL);
content_area = gtk_dialog_get_content_area (GTK_DIALOG (dialog));
label = gtk_label_new (message);
//close the pop up window once the user responds with an "OK"
g_signal_connect_swapped (dialog,"response",G_CALLBACK
(gtk_widget_destroy),dialog);
gtk_container_add (GTK_CONTAINER (content_area), label);
gtk_widget_show_all (dialog);
}
//Function to display credits of the contributors of this project

void credits(){
char message[500];
sprintf(message,"This Application is the joint effort by \nShubham
Toshniwal\nSanjay Kumar\nGuruprasad Nayak and \nChaitanya
Prasad\n\n\n\n\n**GUI by Guruprasad\n");
gchar * title = "Credits";
popup_window(message,title);
return;
}
// Read the contents of the first of the two textboxes

void submittext1(GtkButton * o,GtkWidget* widget){
gchar *c = gtk_entry_get_text((GtkEntry*)widget);
sprintf(source_ip,"%s",c);
return;
}
// Read the contents of the first of the two textboxes

void submittext2(GtkButton * o,GtkWidget * widget){
gchar *c = gtk_entry_get_text((GtkEntry*)widget);
sprintf(destination_ip,"%s",c);
return;
}
//Call this function whenever the user selects a value from the drop down box
// This is for the first drop down box
void combo_selected(GtkWidget *widget, gpointer window){
gchar *text = gtk_combo_box_get_active_text(GTK_COMBO_BOX(widget));
sprintf(protocol,"%s",text);
printf("selected option is : %s\n",protocol);
return;
}
//Same function as the previous one, but now for the second drop down box
void combo_selected2(GtkWidget *widget, gpointer window)
{
gchar *text = gtk_combo_box_get_active_text(GTK_COMBO_BOX(widget));
sprintf(interface,"%s",text);
printf("selected option is : %s\n",interface);
return;
}
//set the global variable DUMMY to false once the user decides to stop the capture
//we use this variable DUMMY while capturing packets, deciding whether to
display them or not
void stop_capture(gpointer data){
DUMMY = FALSE;
return ;
}
//the opposite of the previous function, again with a similar purpose

void capture(){
DUMMY = TRUE;
return ;
}
//This function is called at every time interval of TIMEOUT seconds(TIMEOUT is

a macro defined in sniffer.h).
//if DUMMY is true, it prints the newly acquired packet on the screen
gboolean stop_capture1( gpointer data ){
if(DUMMY){
if(indx<glob_index){
int i;
char s[1][6][300];
for ( i=0 ; i < 6 ; i++ ){
sprintf(s[0][i],"%s",datum[indx][i]);
}
gchar * drink[1][6] = {{s[0][0],s[0][1],s[0][2],s[0][3],s[0]
[4],s[0][5]}};
gtk_clist_append( (GtkCList *) data, drink[0]);
GdkColor color1,color2;
if(!strcmp(s[0][4],"TCP")) i = 0;
else if(!strcmp(s[0][4],"UDP")) i = 1;
else if(!strcmp(s[0][4],"ICMP")) i = 6;
else if(strcmp(s[0][4],"ICMPv6")) i = 5;
else if(!strcmp(s[0][4],"ARP")) i = 3;
else if(!strcmp(s[0][4],"IPv4")) i = 4;
else if(!strcmp(s[0][4],"IPv6")) i = 2;
char * colors[] =
{"green","yellow","orange","magenta","cyan","purple","blue"};
gdk_color_parse (colors[i], &color2);
gtk_clist_set_background((GtkCList *)
data,indx,&color2);
indx += 1;
}
}
return TRUE;
}
int got()
{
// declaration of variables
int rawsock; // raw socket
descriptor
int len; // length of
packet
int proto;
int state = 1; // Continue sniffing packet
till state != 0
//char interface[10];
char buffer[MAXLENGTH];
struct sockaddr_ll sll; // structure of type
sock address
struct ifreq req; // structure
required to request a particular interface for socket ioctl commands
int t; // Variable
to chaeck whether the packet captured was according to our needs
struct timeval tv1, tv2; // Variables required to
calculate the time of arrival of packet w.r.t starting the capture
// Initializing Global variables
count_printed = 0;
// Set the protocol family which are to be captured in the protocol field of
Socket
// All Protocol
proto = ETH_P_ALL;
// IPv4 Protocol
proto = ETH_P_IP;
// IPv6 Protocol
proto = ETH_P_IPV6;
// ARP Protocol
if (strcmp(protocol,"arp") == 0)
proto = ETH_P_ARP;
/* Creating the packet socket
* Only a root owner can run this line because only have the capability to
open packet sockets(that is why we CAN RUN THIS
CODE ONLY WITH ROOT PERMISSIONS).
* Packet Sockets with socket_type to be SOCK_RAW allow us to bypass
the network stack so that we get the packet directly
delivered to us(without any header ripped off).
* PF_PACKET interface allows us to send/receive packets directly at the
device driver level, thus all packets received
will be complete with header and data
* The third argument of creating a socket specifies the protocol of which
packets are to be filtered
*/
if((rawsock = socket(PF_PACKET, SOCK_RAW, htons(proto)))== -1)

{
perror("Error in creating raw socket: ");
exit(-1);
}
//Initialize the structures
bzero(&sll, sizeof(sll));
bzero(&req, sizeof(req));
/* IFNAMSIZ is a constant defined in <net/if.h> file which defines the

maximum buffer size value needed to hold an interface
name (Its value is defined to be 16 in the header file)*/
/* strncpy is a safe way of copying than strcpy(buffer overflow) and hence
IFNAMSIZ is a real boon */
/* We specify the device we want to affect by the ifr_name field and hence
we are copying the interface name as argument to
the required field */
strncpy((char *)req.ifr_name, interface, IFNAMSIZ);
// First Get the Interface Index

/* SIOCGIFINDEX : Request to retrieve the interface index into the
ifr_ifindex field of ifreq structure*/
if((ioctl(rawsock, SIOCGIFINDEX, &req)) == -1)

{
printf("Error while retrieving Interface index !\n");
exit(-1);
}
sll.sll_family = AF_PACKET;
/* For binding the device to some interface, we need to the sll_ifindex field
of sockaddr_ll structure to the interface
index of the device*/
sll.sll_ifindex = req.ifr_ifindex;
sll.sll_protocol = htons(proto);
// Finally,binding the socket to the given interface
if((bind(rawsock, (struct sockaddr *)&sll, sizeof(sll)))== -1)

{
perror("Error binding raw socket to interface\n");
exit(-1);
}
// Record this time i.e. the time just before we start capturing the packets
// Start Sniffing and print the details of every packet

while(state)
{
if((len = recvfrom(rawsock, buffer, MAXLENGTH, 0, NULL,
NULL)) == -1)
{
perror("Recv from returned -1: ");
exit(-1);
}
// Time after capturing the packet
else
{
if (count_printed == MAX_PACKETS)
// Stop printing the packets beyond MAX_PACKETS
state = 0;
sprintf(packet_struct[count_printed].less_relevant,"Frame Size :
%d bytes \n",len);
// Call the function to put the relevant details into the packet
fields
t = PrintPacketInformation(buffer, len);
// Packet has been received successfully and is according to
filters set by the User!!
if (t)
{
packet_struct[count_printed].size = len;
packet_struct[count_printed].index = count_printed + 1;
packet_struct[count_printed].arrival_time = ((double)
(tv2.tv_usec - tv1.tv_usec)/1000000 + (double) (tv2.tv_sec - tv1.tv_sec));
Printpacket();
Printhexdump(buffer,len);
count_printed ++;
}
else
{
bzero(packet_struct,sizeof(pack));
}
}
//Initialize the buffer again for proper overwriting

bzero(buffer,MAXLENGTH);
}
//Close the socket

//The vale 2 specifies that we are closing the socket for both send and
receive
shutdown(rawsock,2);
return 0;
}
// Convert a hexadecimal character to int
int xtod(char c) {
if (c >= '0' && c <= '9')
return c - '0';
if (c >= 'A' && c <= 'F')
return c - 'A' + 10;
if (c >= 'a' && c <= 'f')
return c - 'a' + 10;
else
return c = 0; // Not in hexadecimal
}
// Returns the integer value of a hexadecimal string
int hextoint(char *hex, int len)

{
if (len == 0)
return 0;
return (hextoint(hex,len -1)*16 + xtod(hex[len -1]));
}
void Printpacket(){
printf("\n............Packet Information starts here.........\n\n");
printf("Index : %d Time : %f Source : %s Destination : %s Protocol : %s
Info : %s \nEncapsulation : %s\nLess Relevant : %s",
count_printed,packet_struct[count_printed].arrival_time,packet_struct[count_print
ed].source,packet_struct[count_printed].destination,
packet_struct[count_printed].protocol,packet_struct[count_printed].relevant,packet
_struct[count_printed].protocol_hierarchy,
packet_struct[count_printed].less_relevant);
printf("\n............Packet Information ends here.........\n\n");
//Print the packet information to the datum array

sprintf(datum[glob_index][0],"%d",count_printed);
sprintf(datum[glob_index]
[1],"%f",packet_struct[count_printed].arrival_time);
sprintf(datum[glob_index][2],"%s",packet_struct[count_printed].source);
[3],"%s",packet_struct[count_printed].destination);
sprintf(datum[glob_index][4],"%s",packet_struct[count_printed].protocol);
[5],"%s",packet_struct[count_printed].protocol_hierarchy);
glob_index+=1;
void Printhexdump(unsigned char *packet,int len){

int t = 0;
while(t < len) {
sprintf(packet_struct[count_printed].hex_dump,"%s
%02x",packet_struct[count_printed].hex_dump,packet[t]);
t++;
}
//print a new line in hexdump after every 55 characters
int len1,i,j=0;
len1 = strlen(packet_struct[count_printed].hex_dump);
char temp[len1+30];
for(i=0;i<len1;i++){
if(i/55 - j != 0){
temp[i+j] = '\n';
j++;
}
temp[i+j] = packet_struct[count_printed].hex_dump[i];
}
sprintf(packet_struct[count_printed].hex_dump,"%s",temp);
}
void PrintPacketInformation_UDP(unsigned char *packet, int len)

{
int s_port;
int d_port;
int size = 100;
char temp[5];
char temp1[size];
char temp2[size];
// Relevant to UDP
bzero(temp,5);
IP_header_length]);
bzero(temp,5);
IP_header_length]);
//Checking for some commonly used dest_ports
if (d_port == 2008) {
return;
}

if (s_port == 1900)
HTTP/1.1");
else
return;
}

return;
}

return;
}
else {
return;
}
}
void PrintPacketInformation_UDP_IPv6(unsigned char *packet,int len)

{
int s_port;
int d_port;
char temp[5];
bzero(temp,5);
bzero(temp,5);
// Checking for some commonly used dest_ports
/* The WS-Discovery protocol uses the UDP port 3702. The multicast
address used is 239.255.255.250 on IPV4 networks and
[FF02::C] on IPV6 networks. The WS-Discovery protocol uses SOAP and
UDP (User Datagram Protocol) multicast to enable
services to be discovered by a client */
if (d_port == 3702){
ws-discovery",packet_struct[count_printed].relevant);
return;
}
if (d_port == 2008) {
return;
}

if (s_port == 1900)
HTTP/1.1");
else
return;
}

return;
}

return;
}
else {
return;
}
}
void PrintPacketInformation_TCP(unsigned char *packet, int len){

char temp[5];
int window_size;
int s_port;
int d_port;
int time_to_live;
//Header length field - The check is necessary because it is not necessary that
the length is always 20 bytes
bzero(temp,5);
IP_header_length]);
bzero(temp,5);
IP_header_length]);
//Check for FTP

if (s_port == 21){
}
//Check for Echo

}
//Check for SSH

}
//Check for Telnet

}
//Check for imap

}
//Check for http

}
//Check for pop3

}
//Check for https

}

else{
%d\n",packet_struct[count_printed].less_relevant,s_port,d_port);
}
bzero(temp,5);
bzero(temp,5);
IP_header_length]);

void PrintPacketInformation_TCP_IPv6(unsigned char *packet, int len){
char temp[5];
int window_size;
int s_port;
int d_port;
int time_to_live;
bzero(temp,5);
bzero(temp,5);
//Check for FTP

if (s_port == 21){
}
//Check for Echo

}
//Check for SSH

}
//Check for Telnet

}
//Check for imap

}
//Check for http

}
//Check for pop3

}
//Check for https

}
else{
%d",packet_struct[count_printed].less_relevant,s_port,d_port);
}
bzero(temp,5);
bzero(temp,5);

void PrintPacketInformation_ICMP(unsigned char *packet, int len){
char temp[5];
// Not so relevant
bzero(temp,5);
bzero(temp,5);
sprintf(temp,"%02x",packet[14 + IP_header_length]);
if (type == 0) {
sprintf(packet_struct[count_printed].relevant,"Echo reply");
return;
}
if (type == 8) {
sprintf(packet_struct[count_printed].relevant,"Echo request");
return;
}
if (type == 9) {
discovery/selection/solicitation");
return;
}
else {
sprintf(packet_struct[count_printed].relevant,"ICMP packet of type
%d\n",type);
return;
}
}
void PrintPacketInformation_ICMP_IPv6(unsigned char *packet, int len){
char temp[5];
// Not so relevant
bzero(temp,5);
if (type == 128) {
sprintf(packet_struct[count_printed].relevant,"Echo Request");
return;
}
if (type == 129) {
sprintf(packet_struct[count_printed].relevant,"Echo Reply");
return;
}
if (type == 133) {
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:NDP",packet_struct[c
sprintf(packet_struct[count_printed].protocol,"NDP");
sprintf(packet_struct[count_printed].relevant,"Router Soclicitation");
return;
}
if (type == 134) {
Advertisement");
return;
}
if (type == 135) {
sprintf(packet_struct[count_printed].relevant,"Neighbour
solicitation");
return;
}
else {
sprintf(packet_struct[count_printed].relevant,"ICMPv6 packet of type
%d\n",type);
return;
}
}
int PrintPacketInformation_ARP(unsigned char *packet, int len){
char opcode[3];
int size = 100;
char temp1[size];
char temp2[size];
sprintf(opcode,"%02x%02x",packet[20],packet[21]);
// ARP Request
// Destination MAC
bzero(temp1,size);
bzero(temp2,size);
return 0;
%s\n",temp1,temp2);
// Source MAC
bzero(temp1,size);
bzero(temp2,size);
= 0))
return 0;
//Source
bzero(temp2,size);
return 0;
// Destination IP -Compare
sprintf(packet_struct[count_printed].destination,"%d.%d.%d.
if (strcmp(packet_struct[count_printed].destination,destination_ip) !=
0){
return 0;
}
// Destination
sprintf(packet_struct[count_printed].destination,"Broadcast");
sprintf(packet_struct[count_printed].relevant,"Who has %d.%d.%d.
%d ? Tell %d.%d.%d.
%d",packet[38],packet[39],packet[40],packet[41],packet[28],packet[29],packet[30]
,packet[31]);
}
// ARP reply
// Destination MAC
bzero(temp1,size);
bzero(temp2,size);
return 0;
%s\n",temp1,temp2);
// Destination
// Source MAC
bzero(temp1,size);
bzero(temp2,size);
= 0))
return 0;
// Source
sprintf(packet_struct[count_printed].relevant,"%d.%d.%d.%d has
MAC address %02x:%02x:%02x:%02x:%02x:
%02x\n",packet[28],packet[29],packet[30],packet[31],packet[22],packet[23],packe
t[24],packet[25],packet[26],packet[27]);
bzero(temp2,size);
return 0;
// Destination IP-comapare
bzero(temp2,size);
if (strcmp(temp2,destination_ip)!= 0)
return 0;
}
return 1;
int PrintPacketInformation(unsigned char *packet, int len)

{
sprintf(packet_struct[count_printed].protocol_hierarchy,"Ethernet");
sprintf(packet_struct[count_printed].protocol,"Ethernet");
// Stores the Ether type field of the Ethernet packet
char eth_type[4];
// Stores the Protocol field of the IPv4 packet

char IP_type[2];
// Stores the "Next Header" field of the IPv6 packet

char IPv6_type[2];
int size = 100;
char temp1[size];
char temp2[size];
int t = 0;
sprintf(eth_type, "%02x%02x",packet[12],packet[13]);
// IPv4 - Ethertype field = 0x0800
if (strcmp(eth_type,"0800") == 0 && ((strcmp(protocol,"ipv4") == 0) ||

(strcmp(protocol,"ipv4|udp") == 0) || (strcmp(protocol,"ipv4|tcp") == 0) ||
// Destination MAC
bzero(temp1,size);
bzero(temp2,size);
return 0;
// Source MAC
bzero(temp1,size);
bzero(temp2,size);
= 0))
return 0;
// Source IP
bzero(temp1,size);
bzero(temp2,size);
sprintf(temp1,"Source IP address: ");
packet[29]);
return 0;
// Source
// Destination IP
bzero(temp1,size);
bzero(temp2,size);
sprintf(temp1,"Destination IP address: ");
packet[33]);
!= 0))
return 0;
// Destination
//Find out the type of protocol

sprintf(IP_type,"%02x",packet[23]);

// TCP packet
PrintPacketInformation_TCP(packet, len);
return 1;
}

(strcmp(protocol,"ipv4") == 0) || (strcmp(protocol,"ipv4|udp") == 0))) {
// UDP packet
PrintPacketInformation_UDP(packet, len);
return 1;
}

// ICMP packet
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:ICMP",packet_struct[
sprintf(packet_struct[count_printed].protocol,"ICMP");
PrintPacketInformation_ICMP(packet, len);
return 1;
}
}
// ARP - Ethertype field = 0x0806
else if ((strcmp(eth_type,"0806") == 0) && ((strcmp(protocol,"arp") == 0) ||

(strcmp(protocol,"all") == 0))){
sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:ARP",packet_struct[c
sprintf(packet_struct[count_printed].protocol,"ARP");
return PrintPacketInformation_ARP(packet,len);
}
//IPv6 - Ethertype field = 0x86dd
else if ((strcmp(eth_type,"86dd") == 0) && ((strcmp(protocol,"ipv6") == 0)

|| (strcmp(protocol,"ipv6|udp") == 0) || (strcmp(protocol,"ipv6|tcp") == 0) ||
// Destination MAC
bzero(temp1,size);
bzero(temp2,size);
return 0;
%s\n",temp1,temp2);
// Source MAC
bzero(temp1,size);
bzero(temp2,size);
= 0))
return 0;
// Source IPv6
bzero(temp1,size);
bzero(temp2,size);
sprintf(temp1,"Source IPv6 address: ");
return 0;
// Source
// Destination IPv6
bzero(temp1,size);
bzero(temp2,size);
sprintf(temp1,"Destination IPv6 address: ");
!= 0))
return 0;
// Destination
//Next Header field

sprintf(IPv6_type,"%02x",packet[20]);
// Depending on the Next Header Field

(strcmp(protocol,"ipv6") == 0) || (strcmp(protocol,"ipv6|udp") == 0))){
PrintPacketInformation_UDP_IPv6(packet,len);
return 1;
}

PrintPacketInformation_TCP_IPv6(packet,len);
return 1;
}
if ((strcmp(IPv6_type,"3a") == 0) && ((strcmp(protocol,"all") == 0) ||

sprintf(packet_struct[count_printed].protocol_hierarchy,"%s:ICMPv6",packet_stru
ct[count_printed].protocol_hierarchy);
sprintf(packet_struct[count_printed].protocol,"ICMPv6");
PrintPacketInformation_ICMP_IPv6(packet,len);
return 1;
}
// If the packet is of none of the above types then fill the entries with
"Unknown"
else{
sprintf(packet_struct[count_printed].source,"Unknown");
sprintf(packet_struct[count_printed].destination,"Unknown");
sprintf(packet_struct[count_printed].protocol,"Unknown");
sprintf(packet_struct[count_printed].relevant,"Packet of unknown
type");
sprintf(packet_struct[count_printed].less_relevant,"Packet of
unknown type, not identified by our software");
return 1;
}
return 1;
return 0;
}
//We run two threads one to keep sniffing packets and the other one to run the GUI
and to cater to
// the user requests
//Run the sniffer function (got()) on the second thread
int tempthread()
{
int j;
j= pthread_create( &thread2, NULL, got, NULL);
}
//display the color code for different Protocols

void color_info_clicked( gpointer data )
{
char * message = "The color codes for the different protocols are:\n"
"TCP : Green\n"
"UDP : Yellow\n"
"ARP : Magenta\n"
"ICMPv4 : Blue\n"
"ICMPv6 : Orange\n"
"IPv4 : Cyan\n"
"IPv6 : Purple\n";
char * title = "Color Codes";
return;
}
//additional functionality not used here

//to clear the list
/*
void clear_list( gpointer data )
{
gtk_clist_clear( (GtkCList *) data);
return;
}
*/
//function to hide the upper tabs

void hide_tab( gpointer data ){
static short int flag = 0;
if (flag == 0){
gtk_clist_column_titles_hide((GtkCList *) data);
flag++;
}
else{
gtk_clist_column_titles_show((GtkCList *) data);
flag--;
}
return;
}
//function to print packet information when a row is clicked

void select_packet( GtkWidget*clist,gint row, gint column, GdkEventButton
*event, gpointer data )
{
gchar *text;
//grab the index of the packet from the zeroth column into text
gtk_clist_get_text(GTK_CLIST(clist), row, 0, &text);
//store the index of the packet in i
int i = atoi(text) ; // convert the string to index number

char message[3000];
sprintf(message,"Index : %d\n"
"Time of arrival : %f\n"
"Source IP : %s\n"
"Destination IP : %s\n"
"Protocol : %s\n"
"%s\n"
"Encapsulation : %s\n"
"%s\n"
"Hexdump : %s\n",i,
packet_struct[i].arrival_time,
packet_struct[i].source,
packet_struct[i].destination,
packet_struct[i].protocol,
packet_struct[i].relevant,
packet_struct[i].protocol_hierarchy,
packet_struct[i].less_relevant,
packet_struct[i].hex_dump);
gchar * title = "Detailed information on the current selected packet";

return;
}
//generate a box with text and image side by side

static GtkWidget *Image_plus_text( gchar *image_file, gchar *label_text )
{
GtkWidget *box;
GtkWidget *label;
GtkWidget *image;
box = gtk_hbox_new (FALSE, 0);
gtk_container_set_border_width (GTK_CONTAINER (box), 2);
image = gtk_image_new_from_file (image_file);
label = gtk_label_new (label_text);
gtk_box_pack_start (GTK_BOX (box), image, FALSE, FALSE, 3);
gtk_box_pack_start (GTK_BOX (box), label, FALSE, FALSE, 3);
gtk_widget_show (image);
gtk_widget_show (label);
return box;
}
//open the project report

void documentation(){
char tmp[300];
sprintf(tmp,"%s report.pdf",PDFVIEWER);
system(tmp);
return;
}
//This function handles the main part of the GUI code

//To be run in the first thread
int fft ()
{
int i;
//define the widgets needed
GtkWidget *scrolled_window; //the scroll window
GtkWidget *vbox;
GtkWidget * window; //the main
window
GtkLabel* entry_l; //label
GtkWidget * box;
GtkWidget * box1;
GtkWidget * box2;
GtkWidget * box3;
GtkWidget * box4;
GtkWidget * boxbig;
GtkWidget * titleimage; //Header Image
GtkWidget * button1;
GtkWidget * boxone;
GtkWidget * labeltext;
GtkWidget *combo; //The drop down
menu
GtkWidget * combo2; //The drop down
menu
GtkWidget * labeltext2;
GtkWidget * boxone2;
GtkEntry *entry; //Textbox
GtkEntry *entry2; //Textbox
window = gtk_window_new (GTK_WINDOW_TOPLEVEL);
gtk_window_set_title(GTK_WINDOW(window),"Project");
gboolean homogeneous= FALSE,expand = FALSE,fill = FALSE;
gint spacing = 0,padding =0;
box = gtk_hbox_new (homogeneous, padding);
box1 = gtk_vbox_new (homogeneous, padding);
boxbig = gtk_vbox_new (homogeneous, padding);
titleimage = gtk_vbox_new(homogeneous, padding);
titleimage = Image_plus_text("header.png","Project ID - 18");
gtk_widget_show(titleimage);
box1 = Image_plus_text("up.bmp", "Credits");
gtk_widget_show(box1);
button1 = gtk_button_new(); //Create Button
gtk_widget_set_size_request(GTK_WIDGET(button1),300,30);
gtk_container_add(GTK_CONTAINER(button1),box1);
box2 = Image_plus_text("hand.png", "Capture Packets");
button2 = gtk_button_new();
box3 = Image_plus_text("up.bmp", "Open File");
box4 = Image_plus_text("up.bmp", "Documentation");
gtk_box_pack_start (GTK_BOX (box), button1, expand, fill, padding);
g_signal_connect(window,"delete
event",GTK_SIGNAL_FUNC(gtk_main_quit),NULL);
g_signal_connect(button1,"clicked",G_CALLBACK(credits),NULL);
g_signal_connect(button2,"clicked",G_CALLBACK(capture),NULL);
g_signal_connect(button2,"clicked",G_CALLBACK(tempthread),NULL);
g_signal_connect(button4,"clicked",G_CALLBACK(documentation),NULL);
gtk_widget_show (button1);
gtk_widget_show(boxbig);
combo = gtk_combo_box_new_text();
boxone = gtk_hbox_new(TRUE,5);
//add all protocols to the list
gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "tcp");
gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "udp");
gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "icmp");
gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "arp");
gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "ipv4");
gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "ipv6");
gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "ipv6|udp");
gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "ipv6|tcp");
gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "ipv6|icmp");
gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "all");
labeltext = gtk_label_new ("Select Protocol :");

gtk_box_pack_start (GTK_BOX (boxone), GTK_WIDGET(labeltext),
FALSE, FALSE, 0);
gtk_widget_show(GTK_WIDGET(labeltext));
gtk_box_pack_start (GTK_BOX (boxone), GTK_WIDGET(combo),
FALSE, FALSE, 0);
g_signal_connect(G_OBJECT(combo), "changed",
G_CALLBACK(combo_selected), NULL);
gtk_widget_show(combo);
gtk_widget_show(boxone);
boxone2 = gtk_hbox_new(TRUE,0);
combo2 = gtk_combo_box_new_text();
int alpha;
Inames(); // the function to get all the interfaces on the system
for(alpha=0;alpha<number_of_interfaces;alpha++){
gtk_combo_box_append_text(GTK_COMBO_BOX(combo2),
interface_names[alpha]);
}
labeltext2 = gtk_label_new ("Select Interface :");

gtk_box_pack_start (GTK_BOX (boxone2), GTK_WIDGET(labeltext2),
FALSE, FALSE, 0);
gtk_widget_show(GTK_WIDGET(labeltext2));
gtk_box_pack_start (GTK_BOX (boxone2), GTK_WIDGET(combo2),
FALSE, FALSE, 0);
g_signal_connect(G_OBJECT(combo2), "changed",
G_CALLBACK(combo_selected2), NULL);
gtk_widget_show(combo2);
gtk_widget_show(boxone2);
GtkWidget * boxtext;
GtkWidget * buttonsubmit1;
boxtext = gtk_hbox_new(TRUE,5);
gtk_widget_show(boxtext);
entry_l = (GtkLabel *)gtk_label_new("Insert Source IP");
gtk_widget_show(GTK_WIDGET(entry_l));
buttonsubmit1 = gtk_button_new_with_label("submit");
gtk_widget_show(buttonsubmit1);
entry = (GtkEntry *)gtk_entry_new();
g_signal_connect(G_OBJECT(buttonsubmit1),"clicked",G_CALLBACK(submitte
xt1),GTK_WIDGET(entry));
gtk_box_pack_start(GTK_BOX(boxtext),GTK_WIDGET(entry_l),expand,fill,pad
ding);
gtk_box_pack_start(GTK_BOX(boxtext),GTK_WIDGET(entry),expand,fill,paddi
ng);
gtk_box_pack_start(GTK_BOX(boxtext),GTK_WIDGET(buttonsubmit1),expand,
fill,padding);
gtk_widget_show(GTK_WIDGET(entry));
GtkWidget * boxtext2;
GtkWidget * buttonsubmit2;
GtkLabel * entry_l2;
boxtext2 = gtk_hbox_new(TRUE,5);
gtk_widget_show(boxtext2);
entry_l2 = (GtkLabel *)gtk_label_new("Insert Destination IP");
gtk_widget_show(GTK_WIDGET(entry_l2));
buttonsubmit2 = gtk_button_new_with_label("submit");
gtk_widget_show(buttonsubmit2);
entry2 = (GtkEntry *)gtk_entry_new();
g_signal_connect(G_OBJECT(buttonsubmit2),"clicked",G_CALLBACK(submitte
xt2),GTK_WIDGET(entry2));
gtk_box_pack_start(GTK_BOX(boxtext2),GTK_WIDGET(entry_l2),expand,fill,p
adding);
gtk_box_pack_start(GTK_BOX(boxtext2),GTK_WIDGET(entry2),expand,fill,pad
ding);
gtk_box_pack_start(GTK_BOX(boxtext2),GTK_WIDGET(buttonsubmit2),expand
,fill,padding);
gtk_widget_show(GTK_WIDGET(entry2));
gtk_box_pack_start (GTK_BOX (boxbig),titleimage, expand, fill, padding);
gtk_box_pack_start (GTK_BOX (boxbig),GTK_WIDGET(boxtext),
expand, fill, padding);
gtk_box_pack_start (GTK_BOX (boxbig),GTK_WIDGET(boxtext2),
gtk_box_pack_start (GTK_BOX (boxbig),GTK_WIDGET(boxone), expand,
fill, padding);
gtk_box_pack_start (GTK_BOX (boxbig),GTK_WIDGET(boxone2),
gtk_box_pack_start (GTK_BOX (boxbig), box, expand, fill, padding);
gtk_widget_show(box);
GtkWidget *hbox;
GtkWidget *clist;
GtkWidget *button_stop, *color_info, *button_hide_show;
gchar *titles[6] = { "Index","Time",
"Source","Destination","Protocol","Encapsulation"};
vbox=gtk_vbox_new(FALSE, 5);
gtk_container_set_border_width(GTK_CONTAINER(vbox), 5);
gtk_box_pack_start (GTK_BOX (boxbig), vbox, expand, fill, padding);
gtk_widget_show(vbox);
scrolled_window = gtk_scrolled_window_new (NULL, NULL);
gtk_scrolled_window_set_policy (GTK_SCROLLED_WINDOW
(scrolled_window),GTK_POLICY_ALWAYS, GTK_POLICY_AUTOMATIC);
gtk_widget_set_usize (GTK_WIDGET(scrolled_window), 110, 330);
gtk_box_pack_start(GTK_BOX(vbox), scrolled_window, TRUE, TRUE, 0);
gtk_widget_show (scrolled_window);
clist = gtk_clist_new_with_titles( 6, titles);
gtk_signal_connect(GTK_OBJECT(clist), "select_row",
GTK_SIGNAL_FUNC(select_packet),NULL);
gtk_clist_set_shadow_type (GTK_CLIST(clist), GTK_SHADOW_OUT);
gtk_clist_set_column_width (GTK_CLIST(clist), 0, 50);
gtk_container_add(GTK_CONTAINER(scrolled_window), clist);
gtk_widget_show(clist);
hbox = gtk_hbox_new(FALSE, 0);
gtk_box_pack_start(GTK_BOX(vbox), hbox, FALSE, TRUE, 0);
gtk_widget_show(hbox);
button_stop = gtk_button_new_with_label("Stop Capture");

color_info = gtk_button_new_with_label("Color Codes");
button_hide_show = gtk_button_new_with_label("Hide/Show Tab");
gtk_box_pack_start(GTK_BOX(hbox), button_stop, TRUE, TRUE, 0);

gtk_box_pack_start(GTK_BOX(hbox), color_info, TRUE, TRUE, 0);
gtk_box_pack_start(GTK_BOX(hbox), button_hide_show, TRUE, TRUE, 0);
gtk_signal_connect_object(GTK_OBJECT(button_stop),
"clicked",GTK_SIGNAL_FUNC(stop_capture),(gpointer) clist);
gtk_signal_connect_object(GTK_OBJECT(color_info),
"clicked",GTK_SIGNAL_FUNC(color_info_clicked),(gpointer) clist);
gtk_signal_connect_object(GTK_OBJECT(button_hide_show),
"clicked",GTK_SIGNAL_FUNC(hide_tab),(gpointer) clist);
gtk_widget_show(button_stop);
gtk_widget_show(color_info);
gtk_widget_show(button_hide_show);
g_timeout_add(TIMEOUT, stop_capture1, (gpointer) clist);
gtk_container_add (GTK_CONTAINER (window), boxbig);
gtk_widget_show(window);
gtk_main();
return 0;
}
int main( int argc,

char *argv[] )
{
gtk_init(&argc, &argv);
int i;
i = pthread_create( &thread1, NULL, fft, NULL);
pthread_join(thread1,NULL);
pthread_join(thread2,NULL);
return 0;
}
Run.sh
gcc sniffer.h
gcc -pthread -w gui.c -o gui.o `pkg-config --cflags --libs gtk+-2.0`sudo ./gui.o
Explaining the Code:
Explaining the role of each file
Sniffer.h
 Contains the various header files, which are standard C libraries
 Has important macros defined in it like MAXLENGTH, MAX PACKETS,
TIMEOUT, MAX-INTERFACES
 Has the declaration of the various functions used in sniffer.c
 Definition of the structure packet, which will help in storing the packet fields
and some additional data
sniffer.c
 Useful if you want to see the output on terminal or output to any file
 Execute it like $ sudo ./sniffer.o interface_name(For example, $ sudo
./sniffer.o eth0)
 First of all we create a raw socket and bind it to the interface you gave as
argument
 With the use of recvfrom we get the raw packet
 By calling the function int PrintPacketInformation(unsigned char *,int),
you fill the packet structure and if the value returned is 0, then the captured
packet shouldn't be displayed to the user and shouldn't be stored otherwise
display the captured packet to the user.
 If number of packets captured reaches more than MAX PACKETS stop
capturing packets
interfaces.py
 Writes the network interfaces to which the system is connected to a file
named ìnterfaces.txt', which would later be read by the function void
Iname() in the file `gui.c'
 Does this for both Linux and Windows
 Linux : Just parse the file /proc/dev/net to get the list of interfaces
 Windows : Parse the output of the Command line utility ipconfig /all
run.sh
 Just compiles the code in the sequence, interfaces.py to update the
ìnterfaces.txt' file, then compiles sniffer.h and then gui.c with appropriate
ags and finally execute the code.
gui.c
 GUI created in GTK is patched with code of sniffer.c
 Provided coloring feature depending upon the protocol of the packet.
 Basic information is provided in a tabular form.
 For more information you can click on the row presenting the packet.
Glimpses of Our Software

While capturing packets
 First choose the interface and other filters you want to apply
 Click on the `Capture Packets' button.
Detailed Information:
 After capturing packets or during capturing if you click on a particular row

you get a pop-up with the detailed information of packet printed on it

Network Traffic Analyzer Project 05082013054125 Network Trafffic Analyser

Uploaded by

Copyright:

Available Formats

You might also like

Network Traffic Analyzer Project 05082013054125 Network Trafffic Analyser

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Network Traffic Analyzer Project 05082013054125 Network Trafffic Analyser

Uploaded by

Copyright:

Available Formats

ARTTC, Ranchi-835217

Om Prakash singh Munda

Rupesh Kumar Gonjhu

Prakash kumar Ravidas

Sujit Kumar Bauri

Under the guidance of

Mr. Ranjan Kumar Ram

SDE (TF), ARTTC Ranchi

This is to certify that the B.Tech students Om Prakash Singh

They have successfully completed every aspect of this project with

We wish them all success for their future .

Mr. Ranjan Kumar Ram

Om Prakash Singh Munda

Steps involved in solving the problem:

 We can only receive frames destined to us (Unicast) , to everyone

Inorder to solve the above problem, it would be interesting:

#define MAXLENGTH 2048 // Sets the length of buffer in

//Fills the fields of the "packe" structure in case of IPv4|TCP

//Fills the fields of the "packe" structure in case of IPv4|ICMP

//Fills the fields of the "packe" structure in case of IPv6|UDP

//Fills the fields of the "packe" structure in case of IPv6|TCP

//Fills the fields of the "packe" structure in case of IPv6|ICMP

//Converts a hexadecimal character to its decimal value

//Converts a hexadecimal string to its decimal value

//Prints the packet

typedef struct packe{

int count_printed; // Number of packets

// User defined filters

char protocol[15] = "all"; // protocol to sniff

pack packet_struct[MAX_PACKETS]; // Initialize the structure

// Initializing Global variables

/* Creating the packet socket

if((rawsock = socket(PF_PACKET, SOCK_RAW, htons(proto)))== -1)

//Initialize the structures

/* IFNAMSIZ is a constant defined in <net/if.h> file which defines the

strncpy((char *)req.ifr_name, argv[1], IFNAMSIZ);

// First Get the Interface Index

if((ioctl(rawsock, SIOCGIFINDEX, &req)) == -1)

// Finally,binding the socket to the given interface

if((bind(rawsock, (struct sockaddr *)&sll, sizeof(sll)))== -1)

// Start Sniffing and print the details of every packet

//Initialize the buffer again for proper overwriting

//Close the socket

// Convert a hexadecimal character to int

// Returns the integer value of a hexadecimal string

int hextoint(char *hex, int len)

void Printhexdump(unsigned char *packet,int len){

void PrintPacketInformation_UDP(unsigned char *packet, int len)

//Checking for some commonly used dest_ports

else if (d_port == 1900){

else if (d_port == 10007){

else if (d_port == 17500 && s_port == 17500){

//Simply print the port, if the above checks fail

// Checking for some commonly used dest_ports

// Simple Service Discovery Protocol -

else if (d_port == 1900){

else if (d_port == 10007){