Linux网络入侵检测软件资源-CSDN文库

5星 · 超过95%的资源需积分: 11 115 浏览量 2010-07-04 15:05:32 上传评论 2 收藏 25KB GZ 举报

共8个文件

c：3个

h：2个

rules：1个

资源详情

资源评论

资源推荐

收起资源包目录

NIDS.tar.gz （8个子文件）

main.c 825B

ui.xml 3KB

callback.h 11KB

makefile 894B

window.c 24KB

window.h 95B

callback.c 67KB

rules 533B

#include <gtk/gtk.h> /*#include <mysql.h> */ #define __FAVOR_BSD //to use the BSD format #include "callback.h" #include <tcpstat-utils.c> //is_ip_packet(), get_ip_proto() //===== Define global variables =====// int sniffer_active = 0, //initialise count, threadstop, what_to_show, use_database_yesno, show_packet_content = 1, savefile_yesno, sniffer_number = 100, //the number of data packets we want to capture llc_count = 1, //The number of LLC packets that captured ip_count = 1, //The number of IP packets that captured tcp_count = 1, //The number of TCP packets that captured arp_count = 1, //The number of ARP packets that captured color_tag_count = 1, //The number of color tag that used in insert_text1() blue_tag_count = 1; //The number of color tag that used in insert_text2_green() char gstr[8192]; char har_src[17]; //store source address of Ethernet char har_dst[17]; //store destination address of Ethernet /* The file to store captured data packets */ char savefile_string[] = "captured_package.txt"; /* The file that used for storing captured data */ pcap_dumper_t *dumper_filename; /* Buffers to store informations temporarily */ char buffer[1024]; /* Captured IP/TCP/ARP data packet number */ char ip_num[64]; char tcp_num[64]; char arp_num[64]; /*MYSQL mysql; //Connection handle */ void set_readfile() { g_print ("set readfile\n"); } void set_savefile() { g_print ("set savefile\n"); } void openfile_test() { g_print ("open file test\n"); } void save_to_file() { g_print ("save to file\n"); } void open_log_file() { g_print ("open log file\n"); } void destroy() { gtk_main_quit (); } void connect_database() { g_print ("connect database\n"); } void close_database() { g_print ("close database\n"); } void show_database() { g_print ("show database\n"); } void show_analyse_window() { g_print ("show analyse main_window\n"); } void show_restore_content_window() { g_print ("show restore content main_window\n"); } void show_rules_window() { g_print ("show rules main_window\n"); } void show_define_rules_window() { g_print ("show define rules main_window\n"); } void setting_sniffer_clicked() { g_print ("setting sniffer clicked\n"); } void setting_bpf() { g_print ("setting bpf\n"); } void clear_all() { g_print ("clear all\n"); } void get_device() { g_print ("get device\n"); } void set_filter() { g_print ("set filter\n"); } void set_savefile_2() { g_print ("set savefile\n"); } void show_total_packet_content() { g_print ("show total packet content\n"); } void show_tcp_connecting() { g_print ("show tcp connecting\n"); } void detect_scanning() { g_print ("detect scanning\n"); } void hide_toolbar() { g_print ("hide toolbar\n"); } void hide_buttons() { g_print ("hide buttons\n"); } void on_help_about_menubar_activate() { g_print ("on help about menubar activate\n"); } void about() { g_print ("about\n"); } void threads_click() { /* g_print ("threads click\n"); */ /* the callback function of button "start" */ if (sniffer_active == 1) //is running? it will stop when you press "stop" button return; threadstop = 0; count = 1; clear_all (NULL, NULL); //clear all page content read_rules_from_file ("rules"); //read rules from rule libraries read_statement_from_rules (); //to analyse rules /* Create another thread, which its callback function is another_thread1 */ g_thread_create ((GThreadFunc) another_thread1, NULL, TRUE, NULL); } void stop1() { /* g_print ("stop1\n"); */ } void refresh() { g_print ("refresh\n"); } void button_clear_clicked() { g_print ("button clear clicked\n"); } void stop_alert() { g_print ("stop alert\n"); } void selection_make() { g_print ("selection make\n"); } void text_click_event() { g_print ("text click event\n"); } void *another_thread1( void *args ) { char *dev; //Device to sniffer on char device_total[] = "eth0"; //User defined network device char filter_total[] = "arp or ip"; //User defined filter rules char errbuf[PCAP_ERRBUF_SIZE]; //Error string pcap_t *descr; //Session handle struct bpf_program fp; //The compiled filter expression bpf_u_int32 maskp; //The netmask of our sniffing device bpf_u_int32 netp; //The IP of our sniffing device char filter_app[1024] = ""; //The filter expression, its initial value is NULL char string[1024]; struct hook_and_sinker hs; //reference later int get_tcp_flags = 0; get_tcp_flags |= GET_TCPD_COUNT_LINKSIZE; hs.hook = my_hook; //initialise hs, set callback function hs.proc_flags = get_tcp_flags; what_to_show |= PP_SHOW_IPHEADER| PP_SHOW_BASICINFO | PP_SHOW_LINKLAYER | PP_SHOW_PACKETCONTENT | PP_SHOW_TCPHEADER | PP_SHOW_UDPHEADER | PP_SHOW_ICMPHEADER; sniffer_active = 1; //is running now dev = (char*) malloc (sizeof (char)* 10); /* *[> ask pcap to find a valid device for use to sniff on<] *device_total = pcap_lookupdev(errbuf); */ strcpy (dev, device_total); //set network device, which is defined by device_tatal strcpy (filter_app, filter_total); //set filter rules, which is defined by filter_tatal /* ask pcap to get net address and netmask */ pcap_lookupnet (dev, &netp, &maskp, errbuf); strcpy (buffer, ""); sprintf (string, "Device: [%s]\n", dev); strcpy (buffer, string); sprintf (string, "Number of packets: [%d]\n", sniffer_number); strcat (buffer, string); sprintf (string, "Filter app: [%s]\n", filter_app); strcat (buffer, string); insert_text1 ("green"); //print the contents of "buffer" in "text1" page /* Open device in promiscuous mode */ descr = pcap_open_live (dev, BUFSIZ, 1, 1000, errbuf); if (descr == NULL) { printf ("pcap_open_live(): %s\n", errbuf); exit (1); } /* use filter rules */ if (pcap_compile (descr, &fp, filter_app, 0, netp) == -1) { printf ("pcap_compile failed\n"); exit (1); } if (pcap_setfilter (descr, &fp) == -1) { printf ("pcap_setfilter said 'eat shit'\n"); exit (1); } hs.linktype = pcap_datalink (descr); //The type of data link layer /* Open file that used for storing captured data, and then write in */ dumper_filename = pcap_dump_open(descr, savefile_string); if (dumper_filename == NULL) printf ("dumper_filename error\n"); /* Beginnig capture data(loop), and call callback function, here is * got_packet in which we analyse the captured net data packets */ pcap_loop(descr, sniffer_number, got_packet, (u_char *)&hs); /* Clean up */ pcap_freecode(&fp); //Clean up a "struct bpf_program" pcap_close (descr); //Close Session, and free source pcap_dump_close (dumper_filename); //Close captured file strcpy (buffer, ""); //initialise buffer to NULL sprintf (string, "Done sniffing\n"); strcpy (buffer, string); insert_text1 ("purple"); free (dev); g_thread_exit (another_thread1); //Exits the current thread } void got_packet( u_char *args, const struct pcap_pkthdr *header, const u_char *packet ) { /* Define pointer arguments for data packets's character */ const struct sniffer_ethernet *ethernet; //The Ethernet head const struct sniffer_ip *ip; //The IP head const struct sniffer_tcp *tcp; //The TCP head int size_ethernet = sizeof (struct sniffer_ethernet); //The size of Ethernet header int size_ip = sizeof (struct sniffer_ip); //The size of IP header int size_tcp = sizeof (struct sniffer_tcp); //The size of TCP header char string[1024]; char timestr[1024]; char number[1024]; char destip[1024]; char ether_type_string[1024]; /*char packet_number_string[1024]; */ GtkWidget *list; GtkWidget *label; int ether_type, packetnumber; packetnumber = count; //the number of captured packet /*sprintf (packet_number_string, "%d", packetnumber); */ clear_all_variable (); //Clear all header_string_object analysis_ethernet (args, header, packet); //Analyse Ethernet Protocol, //a callback function g_usleep (1000); //Pauses the current thread for the given number of microseconds. i