#include <gtk/gtk.h>
/*#include <mysql.h> */
#define __FAVOR_BSD //to use the BSD format
#include "callback.h"
#include <tcpstat-utils.c> //is_ip_packet(), get_ip_proto()
//===== Define global variables =====//
int sniffer_active = 0, //initialise
count, threadstop,
what_to_show,
use_database_yesno,
show_packet_content = 1,
savefile_yesno,
sniffer_number = 100, //the number of data packets we want to capture
llc_count = 1, //The number of LLC packets that captured
ip_count = 1, //The number of IP packets that captured
tcp_count = 1, //The number of TCP packets that captured
arp_count = 1, //The number of ARP packets that captured
color_tag_count = 1, //The number of color tag that used in insert_text1()
blue_tag_count = 1; //The number of color tag that used in insert_text2_green()
char gstr[8192];
char har_src[17]; //store source address of Ethernet
char har_dst[17]; //store destination address of Ethernet
/* The file to store captured data packets */
char savefile_string[] = "captured_package.txt";
/* The file that used for storing captured data */
pcap_dumper_t *dumper_filename;
/* Buffers to store informations temporarily */
char buffer[1024];
/* Captured IP/TCP/ARP data packet number */
char ip_num[64];
char tcp_num[64];
char arp_num[64];
/*MYSQL mysql; //Connection handle */
void set_readfile()
{
g_print ("set readfile\n");
}
void set_savefile()
{
g_print ("set savefile\n");
}
void openfile_test()
{
g_print ("open file test\n");
}
void save_to_file()
{
g_print ("save to file\n");
}
void open_log_file()
{
g_print ("open log file\n");
}
void destroy()
{
gtk_main_quit ();
}
void connect_database()
{
g_print ("connect database\n");
}
void close_database()
{
g_print ("close database\n");
}
void show_database()
{
g_print ("show database\n");
}
void show_analyse_window()
{
g_print ("show analyse main_window\n");
}
void show_restore_content_window()
{
g_print ("show restore content main_window\n");
}
void show_rules_window()
{
g_print ("show rules main_window\n");
}
void show_define_rules_window()
{
g_print ("show define rules main_window\n");
}
void setting_sniffer_clicked()
{
g_print ("setting sniffer clicked\n");
}
void setting_bpf()
{
g_print ("setting bpf\n");
}
void clear_all()
{
g_print ("clear all\n");
}
void get_device()
{
g_print ("get device\n");
}
void set_filter()
{
g_print ("set filter\n");
}
void set_savefile_2()
{
g_print ("set savefile\n");
}
void show_total_packet_content()
{
g_print ("show total packet content\n");
}
void show_tcp_connecting()
{
g_print ("show tcp connecting\n");
}
void detect_scanning()
{
g_print ("detect scanning\n");
}
void hide_toolbar()
{
g_print ("hide toolbar\n");
}
void hide_buttons()
{
g_print ("hide buttons\n");
}
void on_help_about_menubar_activate()
{
g_print ("on help about menubar activate\n");
}
void about()
{
g_print ("about\n");
}
void threads_click()
{
/* g_print ("threads click\n"); */
/* the callback function of button "start" */
if (sniffer_active == 1) //is running? it will stop when you press "stop" button
return;
threadstop = 0;
count = 1;
clear_all (NULL, NULL); //clear all page content
read_rules_from_file ("rules"); //read rules from rule libraries
read_statement_from_rules (); //to analyse rules
/* Create another thread, which its callback function is another_thread1 */
g_thread_create ((GThreadFunc) another_thread1, NULL, TRUE, NULL);
}
void stop1()
{
/* g_print ("stop1\n"); */
}
void refresh()
{
g_print ("refresh\n");
}
void button_clear_clicked()
{
g_print ("button clear clicked\n");
}
void stop_alert()
{
g_print ("stop alert\n");
}
void selection_make()
{
g_print ("selection make\n");
}
void text_click_event()
{
g_print ("text click event\n");
}
void *another_thread1( void *args )
{
char *dev; //Device to sniffer on
char device_total[] = "eth0"; //User defined network device
char filter_total[] = "arp or ip"; //User defined filter rules
char errbuf[PCAP_ERRBUF_SIZE]; //Error string
pcap_t *descr; //Session handle
struct bpf_program fp; //The compiled filter expression
bpf_u_int32 maskp; //The netmask of our sniffing device
bpf_u_int32 netp; //The IP of our sniffing device
char filter_app[1024] = ""; //The filter expression, its initial value is NULL
char string[1024];
struct hook_and_sinker hs; //reference later
int get_tcp_flags = 0;
get_tcp_flags |= GET_TCPD_COUNT_LINKSIZE;
hs.hook = my_hook; //initialise hs, set callback function
hs.proc_flags = get_tcp_flags;
what_to_show |= PP_SHOW_IPHEADER|
PP_SHOW_BASICINFO | PP_SHOW_LINKLAYER |
PP_SHOW_PACKETCONTENT | PP_SHOW_TCPHEADER |
PP_SHOW_UDPHEADER | PP_SHOW_ICMPHEADER;
sniffer_active = 1; //is running now
dev = (char*) malloc (sizeof (char)* 10);
/*
*[> ask pcap to find a valid device for use to sniff on<]
*device_total = pcap_lookupdev(errbuf);
*/
strcpy (dev, device_total); //set network device, which is defined by device_tatal
strcpy (filter_app, filter_total); //set filter rules, which is defined by filter_tatal
/* ask pcap to get net address and netmask */
pcap_lookupnet (dev, &netp, &maskp, errbuf);
strcpy (buffer, "");
sprintf (string, "Device: [%s]\n", dev);
strcpy (buffer, string);
sprintf (string, "Number of packets: [%d]\n", sniffer_number);
strcat (buffer, string);
sprintf (string, "Filter app: [%s]\n", filter_app);
strcat (buffer, string);
insert_text1 ("green"); //print the contents of "buffer" in "text1" page
/* Open device in promiscuous mode */
descr = pcap_open_live (dev, BUFSIZ, 1, 1000, errbuf);
if (descr == NULL)
{
printf ("pcap_open_live(): %s\n", errbuf);
exit (1);
}
/* use filter rules */
if (pcap_compile (descr, &fp, filter_app, 0, netp) == -1)
{
printf ("pcap_compile failed\n");
exit (1);
}
if (pcap_setfilter (descr, &fp) == -1)
{
printf ("pcap_setfilter said 'eat shit'\n");
exit (1);
}
hs.linktype = pcap_datalink (descr); //The type of data link layer
/* Open file that used for storing captured data, and then write in */
dumper_filename = pcap_dump_open(descr, savefile_string);
if (dumper_filename == NULL)
printf ("dumper_filename error\n");
/* Beginnig capture data(loop), and call callback function, here is
* got_packet in which we analyse the captured net data packets */
pcap_loop(descr, sniffer_number, got_packet, (u_char *)&hs);
/* Clean up */
pcap_freecode(&fp); //Clean up a "struct bpf_program"
pcap_close (descr); //Close Session, and free source
pcap_dump_close (dumper_filename); //Close captured file
strcpy (buffer, ""); //initialise buffer to NULL
sprintf (string, "Done sniffing\n");
strcpy (buffer, string);
insert_text1 ("purple");
free (dev);
g_thread_exit (another_thread1); //Exits the current thread
}
void got_packet( u_char *args, const struct pcap_pkthdr *header, const u_char *packet )
{
/* Define pointer arguments for data packets's character */
const struct sniffer_ethernet *ethernet; //The Ethernet head
const struct sniffer_ip *ip; //The IP head
const struct sniffer_tcp *tcp; //The TCP head
int size_ethernet = sizeof (struct sniffer_ethernet); //The size of Ethernet header
int size_ip = sizeof (struct sniffer_ip); //The size of IP header
int size_tcp = sizeof (struct sniffer_tcp); //The size of TCP header
char string[1024];
char timestr[1024];
char number[1024];
char destip[1024];
char ether_type_string[1024];
/*char packet_number_string[1024]; */
GtkWidget *list;
GtkWidget *label;
int ether_type, packetnumber;
packetnumber = count; //the number of captured packet
/*sprintf (packet_number_string, "%d", packetnumber); */
clear_all_variable (); //Clear all header_string_object
analysis_ethernet (args, header, packet); //Analyse Ethernet Protocol,
//a callback function
g_usleep (1000); //Pauses the current thread for the given number of microseconds.
i
评论8