Descarga la aplicación para disfrutar aún más
Esta es una vista previa del archivo. Inicie sesión para ver el archivo original
#include "functions.h" int main(int argc,char *argv[]) { uint32_t bytes=0; uint32_t packets=0; uint64_t duration=0; uint32_t value[5]; uint16_t port[5]; uint8_t i=0; uint16_t ethertype=0; uint8_t proto=0; char *filter=NULL; char fname[500]={0}; if(argc!=2) { printf("Uso: ./analiza_trafico fichero.pcap\n"); return -1; } printf("****************************************\n"); printf("Abre,lee y cierra fichero\n"); printf("****************************************\n"); packets=0; if(getStats(&bytes,&packets,&duration,NO_FILTER_ETHER,NO_FILTER_IP,NO_FILTER_IP,NO_FILTER_PORT,NO_FILTER_PORT,NO_FILTER_PROTO,NULL,argv[1])==OK) { printf("Paquetes Totales:%u\n",packets); printf("Bytes Totales:%u\n",bytes); printf("Duracion: %"PRIu64"\n",duration); printf("Tam Medio:%f\n",(float)(bytes/packets)); printf("Tasa: %f bps %f pps\n",(float)(bytes/(duration/1000000)),(float)(packets/(duration/1000000))); } printf("****************************************\n"); printf("Filtros BPF\n"); printf("****************************************\n"); /*********************************************************************************************************** * Práctica: asignar a la variable filter los filtros necesarios para calcular la utilización de salida * de la subred 163.0.0.0 con ,máscara 255.0.0.0 ************************************************************************************************************/ if(getStats(&bytes,&packets,&duration,NO_FILTER_ETHER,NO_FILTER_IP,NO_FILTER_IP,NO_FILTER_PORT,NO_FILTER_PORT,NO_FILTER_PROTO,filter,argv[1])==OK) { if(duration!=0) printf("Utilizacion salida subred 163.0.0.0/8: %f bps\n",(float)(bytes/(duration/1000000))); } /************************************************************************************************************* * Práctica: asignar a la variable filter los filtros necesarios para calcular la utilización de entrada * de la subred 163.0.0.0 con ,máscara 255.0.0.0 **************************************************************************************************************/ if(getStats(&bytes,&packets,&duration,NO_FILTER_ETHER,NO_FILTER_IP,NO_FILTER_IP,NO_FILTER_PORT,NO_FILTER_PORT,NO_FILTER_PROTO,filter,argv[1])==OK) { if(duration!=0) printf("Utilizacion entrada subred 163.0.0.0/8: %f bps\n",(float)(bytes/(duration/1000000))); } /***************************************************************************************************************** * Práctica: asignar a la variable filter los filtros necesarios para calcular el número de paquetes internos * de la subred 163.0.0.0 con ,máscara 255.0.0.0 ******************************************************************************************************************/ if(getStats(&bytes,&packets,&duration,NO_FILTER_ETHER,NO_FILTER_IP,NO_FILTER_IP,NO_FILTER_PORT,NO_FILTER_PORT,NO_FILTER_PROTO,filter,argv[1])==OK) printf("N paquetes internos 163.0.0.0/8: %d\n",packets); printf("****************************************\n"); printf("Analisis de protocolos a nivel de paquete\n"); printf("****************************************\n"); /************************************************************************************************** * Práctica: asignar a ethertype el valor necesario para filtrar paquetes IP ***************************************************************************************************/ bytes=0; packets=0; ethertype=0x0800; if(getStats(&bytes,&packets,&duration,ethertype,NO_FILTER_IP,NO_FILTER_IP,NO_FILTER_PORT,NO_FILTER_PORT,NO_FILTER_PROTO,NULL,argv[1])==OK) printf("Paquetes IP:%d\n",packets); /************************************************************************************************** * Práctica: asignar a ethertype el valor necesario para filtrar paquetes ARP ***************************************************************************************************/ bytes=0; packets=0; ethertype=0x0806; if(getStats(&bytes,&packets,&duration,ethertype,NO_FILTER_IP,NO_FILTER_IP,NO_FILTER_PORT,NO_FILTER_PORT,NO_FILTER_PROTO,NULL,argv[1])==OK) printf("Paquetes ARP:%d\n",packets); /************************************************************************************************** * Práctica: asignar a ethertype el valor necesario para filtrar paquetes IPv6 ***************************************************************************************************/ bytes=0; packets=0; ethertype=0x86DD; if(getStats(&bytes,&packets,&duration,ethertype,NO_FILTER_IP,NO_FILTER_IP,NO_FILTER_PORT,NO_FILTER_PORT,NO_FILTER_PROTO,NULL,argv[1])==OK) printf("Paquetes IPV6:%d\n",packets); /************************************************************************************************** * Práctica: asignar a proto el valor necesario para filtrar paquetes TCP ***************************************************************************************************/ bytes=0; packets=0; proto=0x06; if(getStats(&bytes,&packets,&duration,ETYPE_IP,NO_FILTER_IP,NO_FILTER_IP,NO_FILTER_PORT,NO_FILTER_PORT,proto,NULL,argv[1])==OK) printf("Paquetes TCP:%d\n",packets); /************************************************************************************************** * Práctica: asignar a proto el valor necesario para filtrar paquetes UDP ***************************************************************************************************/ bytes=0; packets=0; proto=0x11; if(getStats(&bytes,&packets,&duration,ETYPE_IP,NO_FILTER_IP,NO_FILTER_IP,NO_FILTER_PORT,NO_FILTER_PORT,proto,NULL,argv[1])==OK) printf("Paquetes UDP:%d\n",packets); /************************************************************************************************** * Práctica: asignar a proto el valor necesario para filtrar paquetes ICMP ***************************************************************************************************/ bytes=0; packets=0; proto=0x01; if(getStats(&bytes,&packets,&duration,ETYPE_IP,NO_FILTER_IP,NO_FILTER_IP,NO_FILTER_PORT,NO_FILTER_PORT,proto,NULL,argv[1])==OK) printf("Paquetes ICMP:%d\n",packets); if(getTopNPort(0,0,5,port,value,NULL,argv[1])==OK) { printf("Top 5 Puerto origen bytes:\n"); for(i=0;i<5;i++) { printf("\t%d %d\n",port[i],value[i]); } //Se saca la ECDF del tamaño de paquete filtrando por el puerto origen mas popular en bytes sprintf(fname,"%u_source_port_bytes_cdf.dat",port[0]); if(getSizeECDFPort(argv[1],fname,port[0],NO_FILTER_PORT)!=OK) { printf("ERROR %s/%d",__FILE__, __LINE__); return ERROR; } } if(getTopNPort(1,0,5,port,value,NULL,argv[1])==OK) { printf("Top 5 Puerto destino bytes:\n"); for(i=0;i<5;i++) { printf("\t%d %d\n",port[i],value[i]); } //Se saca la ECDF del tamaño de paquete filtrando por el puerto destino mas popular en bytes sprintf(fname,"%u_destination_port_bytes_cdf.dat",port[0]); if(getSizeECDFPort(argv[1],fname,NO_FILTER_PORT,port[0])!=OK) { printf("ERROR %s/%d",__FILE__, __LINE__); return ERROR; } } if(getTopNPort(0,1,5,port,value,NULL,argv[1])==OK) { printf("Top 5 Puerto origen paquetes:\n"); for(i=0;i<5;i++) { printf("\t%d %d\n",port[i],value[i]); } //Se saca la ECDF del tamaño de paquete filtrando por el puerto origen mas popular en numero de paquetes sprintf(fname,"%u_source_port_packets_cdf.dat",port[0]); if(getSizeECDFPort(argv[1],fname,port[0],NO_FILTER_PORT)!=OK) { printf("ERROR %s/%d",__FILE__, __LINE__); return ERROR; } } if(getTopNPort(1,1,5,port,value,NULL,argv[1])==OK) { printf("Top 5 Puerto destino paquetes:\n"); for(i=0;i<5;i++) { printf("\t%d %d\n",port[i],value[i]); } //Se saca la ECDF del tamaño de paquete filtrando por el puerto destino mas popular en numero de paquetes sprintf(fname,"%u_destination_port_packets_cdf.dat",port[0]); if(getSizeECDFPort(argv[1],fname,NO_FILTER_PORT,port[0])!=OK) { printf("ERROR %s/%d",__FILE__, __LINE__); return ERROR; } } return 0; }
Compartir