SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files

Advanced Packet Sniffer

Copyright (C) 1999 Christian Schulte (dg1nsw@saturn2.franken.de)

I have written this little tool in order to fully understand the working and interacting of network-protocolls like TCP,IP,UDP,ARP,NetBios and so on. I hope it can be a bit useful.
For my part i use it for diagnostic purposes on firewalls, routers and gateways.

What it does:
APS is reading in raw data from socket ETHPALL and tries to interpret the MAC-header. If it is a known protocol APS passes the packet to the appropriate routine which then prints info about the protocol such as (IP) source and destination or (TCP) fragmentation and flags status. If there comes the time APS doesn't know what to do it prints the rest of bytes in HEX, ASCII, or both ( or nothing at all, just as you want) onto the screen.

Compiling
Do a "configure" then try "make". (good luck :-) Please mail me if you could compile this for other hardware or other OSes with at least the version of the OS and version of APS and of course the modified files if any.

Until now APS was tested to compile and run under: 

        -Slackware 3.6  4.0  7.0
        -Redhat 5.2 6.0
        -Turbolinux 4.0.5
        -Debian-GNU-Linux 2.1
        -Corel-Linux 1.0
        -SuSE 5.1  5.3  6.0  6.1

ON BUG REPORTS PLEASE INCLUDE: 

        -FULL VERSION of APS
        -FULL VERSION of OS you are running (ie. SuSE 6.0 / 2.0.38pre10 i686)
        -WHEN did the error occur (what did you do ?)
        -WHAT was printed by APS befor the ERROR
        -in cases of a SEGFAULT perhaps the output of a "ldd -r aps"
Todo
-Implementation of more protocols and protocol-details (netbios,ipx...) -Improving configure-script to check all deps -Ability to filter multiple HWs and IPs etc.... -Bring up debug levels and perhaps log-files -A better packet fetching method (libpcap ?) -Availability on Unixes depends on packet fetching method. sorry :-< -Speed up these switches and printfs

KNOWN BUGS:
-sporadic crashing of GTK-GUI when switching desktops (especialy at higher update-rates) -aps is missing packets at very high net-load -you have to kill xaps from the running console because there is no event-handler for the close-button

How to get it:
To get a recent copy you should have a look at

http://www.swrtec.de/swrtec/clinux
or mail me at dg1nsw@saturn2.franken.de. (i will send you the latest copy)


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.