timer - need help regarding a packet capture program -

-

the following program captures tcp packets < port 80 > , prints header related information in console every packet. have included timer , after every 1000 millisec i.e. 1 sec , frequency of occurence of various flags , , distinct number of src ips , ack nos , seq nos encountered written file. i'm working in fedora core 5. encountering following problems :

1.file writing part works fine during executions , of other times ,in same machine , file not @ written to.

2.when execute program in house , 30 packets captured every second. when run same program in lab , 1 packet captured per second. ( though same amount of browsing in both places ) 

#define interval 1000        /* number of milliseconds go off */  #include <pcap.h> #include <stdio.h> #include <string.h> #include <stdlib.h> #include <ctype.h> #include <errno.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <sys/time.h> // setitimer #include<unistd.h>    // pause #include <signal.h>     /* signal */  /* default snap length (maximum bytes per packet capture) */ #define snap_len 1518  /* ethernet headers 14 bytes [1] */ #define size_ethernet 14  /* ethernet addresses 6 bytes */ #define ether_addr_len  6  /* ethernet header */ struct sniff_ethernet {         u_char  ether_dhost[ether_addr_len];    /* destination host address */         u_char  ether_shost[ether_addr_len];    /* source host address */         u_short ether_type;                     /* ip? arp? rarp? etc */ };  /* ip header */ struct sniff_ip {         u_char  ip_vhl;                 /* version << 4 | header length >> 2 */         u_char  ip_tos;                 /* type of service */         u_short ip_len;                 /* total length */         u_short ip_id;                  /* identification */         u_short ip_off;                 /* fragment offset field */         #define ip_rf 0x8000            /* reserved fragment flag */         #define ip_df 0x4000            /* dont fragment flag */         #define ip_mf 0x2000            /* more fragments flag */         #define ip_offmask 0x1fff       /* mask fragmenting bits */         u_char  ip_ttl;                 /* time live */         u_char  ip_p;                   /* protocol */         u_short ip_sum;                 /* checksum */         struct  in_addr ip_src,ip_dst;  /* source , dest address */ }; #define ip_hl(ip)               (((ip)->ip_vhl) & 0x0f) #define ip_v(ip)                (((ip)->ip_vhl) >> 4)  /* tcp header */ typedef u_int tcp_seq;  struct sniff_tcp {         u_short th_sport;               /* source port */         u_short th_dport;               /* destination port */         tcp_seq th_seq;                 /* sequence number */         tcp_seq th_ack;                 /* acknowledgement number */         u_char  th_offx2;               /* data offset, rsvd */ #define th_off(th)      (((th)->th_offx2 & 0xf0) >> 4)         u_char  th_flags;         #define th_fin  0x01         #define th_syn  0x02         #define th_rst  0x04         #define th_push 0x08         #define th_ack  0x10         #define th_urg  0x20         #define th_ece  0x40         #define th_cwr  0x80         #define th_flags        (th_fin|th_syn|th_rst|th_ack|th_urg|th_ece|th_cwr)         u_short th_win;                 /* window */         u_short th_sum;                 /* checksum */         u_short th_urp;                 /* urgent pointer */ };  u_short sport[100];int spd=0; u_int seq[100];int seqd=0; u_short win[100];int wind=0;  file* urlfile; int count = 1,flag=0,t=0;  float sc=0,ac=0,fc=0,pc=0,uc=0,rc=0;  void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet);  void print_payload(const u_char *payload, int len);  void print_hex_ascii_line(const u_char *payload, int len, int offset);    void print_app_usage(void);  void dostuff(void);  void dostuff(void) {     t++;   printf("timer %d went off.########################################\n",t);  // fprintf(urlfile,"\n hi hi");   fprintf(urlfile,"\ntime %d 1:%f 2:%f 3:%f 4:%f 5:%f 6:%f 7:%f 8:%f 9:%f",t,sc/count,ac/count,fc/count,pc/count,uc/count,rc/count,(float)spd/count,(float)wind/count,(float)seqd/count);   printf("\ntime %d 1:%f 2:%f 3:%f 4:%f 5:%f 6:%f 7:%f 8:%f 9:%f",t,sc/count,ac/count,fc/count,pc/count,uc/count,rc/count,(float)spd/count,(float)wind/count,(float)seqd/count);   printf("\n a_count : %f , total_packets : %d , frequency : %f",ac,count,ac/count);   printf("\n r_count : %f , total_packets : %d , frequency : %f",rc,count,rc/count);   printf("\n p_count : %f , total_packets : %d , frequency : %f",pc,count,pc/count);   printf("\n s_count : %f , total_packets : %d , frequency : %f",sc,count,sc/count);   printf("\n u_count : %f , total_packets : %d , frequency : %f",uc,count,uc/count);   printf("\n f_count : %f , total_packets : %d , frequency : %f",fc,count,fc/count);   printf("\ncount of distinct seq nos : %d no/pcount : %f ",seqd,(float)seqd/count);   printf("\ncount of distinct sports : %d no/pcount : %f ",spd,(float)spd/count);   printf("\ncount of distinct win nos : %d no/pcount : %f\n\n ",wind,(float)wind/count);   ac=rc=pc=fc=sc=uc=0;count=1;     spd=seqd=wind=0; }   void print_app_usage(void) {      printf("usage: ./a.out [interface]\n");     printf("\n");     printf("options:\n");     printf("    interface    listen on <interface> packets.\n");     printf("\n");  return; }   /*  * dissect/print packet  */ void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) {                        /* packet counter */     int j;     /* declare pointers packet headers */     const struct sniff_ethernet *ethernet;  /* ethernet header [1] */     const struct sniff_ip *ip;              /* ip header */     const struct sniff_tcp *tcp;            /* tcp header */     const char *payload;                    /* packet payload */      int size_ip;     int size_tcp;     int size_payload;      printf("\npacket number %d:\n", count);     count++;      /* define ethernet header */     ethernet = (struct sniff_ethernet*)(packet);      /* define/compute ip header offset */     ip = (struct sniff_ip*)(packet + size_ethernet);     size_ip = ip_hl(ip)*4;     if (size_ip < 20) {         printf("   * invalid ip header length: %u bytes\n", size_ip);         return;     }      switch(ip->ip_p) {         case ipproto_tcp:             printf("   protocol: tcp\n");             break;         case ipproto_udp:             printf("   protocol: udp\n");             return;         case ipproto_icmp:             printf("   protocol: icmp\n");             return;         case ipproto_ip:             printf("   protocol: ip\n");             return;         default:             printf("   protocol: unknown\n");             return;     }      /* define/compute tcp header offset */     tcp = (struct sniff_tcp*)(packet + size_ethernet + size_ip);     size_tcp = th_off(tcp)*4;     if (size_tcp < 20) {         printf("   * invalid tcp header length: %u bytes\n", size_tcp);         return;     }      flag=0;     for(j=0;j<spd;j++)     {              if(sport[j]==ntohs(tcp->th_sport)) { flag=1; break; }     }     if(flag==0) sport[spd++]=ntohs(tcp->th_sport);      flag=0;     for(j=0;j<seqd;j++)     {              if(seq[j]==ntohs(tcp->th_seq)) { flag=1; break; }     }     if(flag==0) seq[seqd++]=ntohs(tcp->th_seq);      flag=0;     for(j=0;j<wind;j++)     {              if(win[j]==ntohs(tcp->th_win)) { flag=1; break; }     }     if(flag==0) win[wind++]=ntohs(tcp->th_win);      printf("   src port: %d\n", ntohs(tcp->th_sport));     printf("   window: %d\n", ntohs(tcp->th_win));     printf("   sequence no: %d\n", ntohs(tcp->th_seq));      if (tcp->th_flags & th_urg){         printf("   flag: th_urg");uc++;     }     if (tcp->th_flags & th_rst){         printf("   flag: th_rst");rc++;     }     if (tcp->th_flags & th_ack){         printf("   flag: th_ack");ac++;     }     if (tcp->th_flags & th_push){         printf("   flag: th_push");pc++;     }     if (tcp->th_flags & th_syn){         printf("   flag: th_syn");sc++;     }     if (tcp->th_flags & th_fin){         printf("   flag: th_fin");fc++;     }       if (size_payload > 0) {         printf("   payload (%d bytes):\n", size_payload);      }  return; }  int main(int argc, char **argv) {      char *dev = null;           /* capture device name */     char errbuf[pcap_errbuf_size];      /* error buffer */     pcap_t *handle;             /* packet capture handle */     char filter_exp[] = "tcp port 80";     struct bpf_program fp;          /* compiled filter program (expression) */     bpf_u_int32 mask;           /* subnet mask */     bpf_u_int32 net;            /* ip */     //int num_packets = 10;         /* number of packets capture */      /* check capture device name on command-line */     if (argc == 2) {         dev = argv[1];     }     else if (argc > 2) {         fprintf(stderr, "error: unrecognized command-line options\n\n");         print_app_usage();         exit(exit_failure);     }     else {         /* find capture device if not specified on command-line */         dev = pcap_lookupdev(errbuf);         if (dev == null) {             fprintf(stderr, "couldn't find default device: %s\n",                 errbuf);             exit(exit_failure);         }     }      /* network number , mask associated capture device */     if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {         fprintf(stderr, "couldn't netmask device %s: %s\n",             dev, errbuf);         net = 0;         mask = 0;     }      /* print capture info */     printf("device: %s\n", dev);     printf("filter expression: %s\n", filter_exp);      /* open capture device */     handle = pcap_open_live(dev, snap_len, 1, 1000, errbuf);     if (handle == null) {         fprintf(stderr, "couldn't open device %s: %s\n", dev, errbuf);         exit(exit_failure);     }      /* make sure we're capturing on ethernet device [2] */     if (pcap_datalink(handle) != dlt_en10mb) {         fprintf(stderr, "%s not ethernet\n", dev);         exit(exit_failure);     }      /* compile filter expression */     if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {         fprintf(stderr, "couldn't parse filter %s: %s\n",             filter_exp, pcap_geterr(handle));         exit(exit_failure);     }      /* apply compiled filter */     if (pcap_setfilter(handle, &fp) == -1) {         fprintf(stderr, "couldn't install filter %s: %s\n",             filter_exp, pcap_geterr(handle));         exit(exit_failure);     }      urlfile=fopen("output.txt","w");     if(urlfile==null) printf("unable create file.");      // timer code      struct itimerval it_val;  /* setting itimer */    /* upon sigalrm, call dostuff().    * set interval timer.  want frequency in ms,     * setitimer call needs seconds , useconds. */   if (signal(sigalrm, (void (*)(int)) dostuff) == sig_err) {     perror("unable catch sigalrm");     exit(1);   }   it_val.it_value.tv_sec =     interval/1000;   it_val.it_value.tv_usec =    (interval*1000) % 1000000;      it_val.it_interval = it_val.it_value;   if (setitimer(itimer_real, &it_val, null) == -1) {     perror("error calling setitimer()");     exit(1);   }      /* can set our callback function */     //pcap_loop(handle, num_packets, got_packet, null);     pcap_loop(handle,-1, got_packet, null);// set num_packets -1 capture indefinitely.     /* cleanup */     pcap_freecode(&fp);     pcap_close(handle);     fclose(urlfile);     printf("\ncapture complete.\n");  return 0; }

as part of project , i'm right stuck @ point.. can please suggest regarding may have gone wrong.. in advance.

have tried fflush()?


Comments

Post a Comment

Popular posts from this blog

unicode - Are email addresses allowed to contain non-alphanumeric characters? -

-
i'm building website using `django. website have significant users non-english speaking countries. i want know if there technical restrictions on types of characters email address contain. are email addresses allowed contain english alphabets, numbers, "_", "@" , "."? are allowed contain non-english alphabets "é" or "ü"? are allowed contain chinese or japanese or other unicode characters? email address consists of 2 parts local before @ , domain goes after. rules these parts different: for local part can use ascii: latin letters - z - z digits 0 - 9 special characters !#$%&'*+-/=?^_`{|}~ dot ., not first or last, , not in sequence space , "(),:;<>@[] characters allowed restrictions (they allowed inside quoted string, backslash or double-quote must preceded backslash) plus since 2012 can use international characters above u+007f , encoded as utf-8 . domain part more res...
Read more

c++ - Convert big endian to little endian when reading from a binary file -

-
this question has answer here: how convert between big-endian , little-endian values in c++? 28 answers i've been looking around how convert big-endian little-endians. didn't find solve problem. seem there's many way can conversion. anyway following code works ok in big-endian system. how should write conversion function work on little-endian system well? this homework, since systems @ school running big-endian system. it's got curious , wanted make work on home computer also #include <iostream> #include <fstream> using namespace std; int main() { ifstream file; file.open("file.bin", ios::in | ios::binary); if(!file) cerr << "not able read" << endl; else { cout << "opened" << endl; int i_var; double d_var; while(!file.eof()) {...
Read more

C#: Application without a window or taskbar item (background app) that can still use Console.WriteLine() -

-
i'm trying create application adheres following: no taskbar no console or form window can utilize console.writeline() . (i.e. if executes app command prompt write console.) the problem if create windows form (or wpf) application can have there no taskbar, console or window show up, console.writeline() nothing. if create console app, writes console, can't figure out how hide (and if did hide it, write command prompt window?)... how do this? just create standard console application. callers responsibility hide window caused program (from how run c# console application console hidden ): system.diagnostics.processstartinfo start = new system.diagnostics.processstartinfo(); start.filename = dir + @"\myprocesstostart.exe"; start.windowstyle = system.diagnostics.processwindowstyle.hidden;
Read more