uint16_t udp_data_length() const noexcept
{
const uint16_t hdr_len = ip_header_length();
uint16_t real_length = pkt->size() - hdr_len;
uint16_t final_length = std::min(real_length, ntohs(udp_header().length));
return final_length - sizeof(udp::Header);
}
uint16_t udp_checksum() const noexcept
{ return udp_header().checksum; }
port_t dst_port() const noexcept
{ return ntohs(udp_header().dport); }
Packet_v& set_dst_port(port_t p) noexcept
{ udp_header().dport = htons(p); return *this; }
port_t src_port() const noexcept
{ return ntohs(udp_header().sport); }
// sets the correct length for all the protocols up to IP4
void set_length(uint16_t newlen = 0)
{
// new total UDP payload length
udp_header().length = htons(udp_header_length() + newlen);
pkt->set_data_end(ip_header_length() + udp_header_length() + newlen);
}
void set_udp_checksum() noexcept
{
udp_header().checksum = 0;
udp_header().checksum = compute_udp_checksum();
}
BOOL ethernet_test(void)
{
int t, len;
static BYTE *tx;
if(!cs8900a_detect()) {
printf("No cs8900a detected.\n");
return FALSE;
}
cs8900a_init();
// prepare to send broadcast packet
eth_header(&tx_buffer[0], 0x0800);
ip_header (&tx_buffer[14], 270, 17, 0L, 0xFFFFFFFF);
udp_header(&tx_buffer[34], 262, 68, 67);
// payload
tx = &tx_buffer[42];
// generate DHCP Discovery
*(tx++) = 0x01; // Boot request
*(tx++) = 0x01; // Htype = Ethernet
*(tx++) = 0x06; // Address length = 6
*(tx++) = 0x00; // Hops = 0
*(tx++) = 0x39; // ID
*(tx++) = 0x03;
*(tx++) = 0xF3;
*(tx++) = 0x26;
for(t=0;t<20;t++) {
*(tx++) = 0;
}
for(t=0;t<6;t++) {
*(tx++) = mac[t];
}
for(t=6;t<208;t++) {
*(tx++) = 0;
}
*(tx++) = 0x63; // Magic cookie
*(tx++) = 0x82; //
*(tx++) = 0x53; //
*(tx++) = 0x63; //
*(tx++) = 0x35; // DHCP Discover option
*(tx++) = 0x01; // Length = 1
*(tx++) = 0x01; //
*(tx++) = 0x3D; // DHCP Client ID option
*(tx++) = 0x07; // Length = 7
*(tx++) = 0x01; //
for(t=0;t<6;t++) {
*(tx++) = mac[t];
}
*(tx++) = 0x37; // DHCP Request list
*(tx++) = 0x06; // Length = 1
*(tx++) = 0x01; // Subnet Mask
*(tx++) = 0x0F; // Domain Name
*(tx++) = 0x03; // Router
*(tx++) = 0x06; // DNS
*(tx++) = 0x1F; // Router discover
*(tx++) = 0x21; // Static Route
*(tx++) = 0xFF; // DHCP End
*(tx++) = 0x00; // Length = 0
*(tx++) = 0x00; // Length = 0
// send packet
cs8900a_tx_frame(tx_buffer, 304);
// we should receive a response!
for(t=0;t<5000;t++) {
len = cs8900a_rx_frame(rx_buffer);
if(len > 10) {
printf("Frame received: Len = %d.\n", len);
dump_hex(rx_buffer, 128);
return TRUE;
}
TIMER = 250;
while(TIMER)
;
}
printf("No frame received.\n");
// send packet
cs8900a_tx_frame(tx_buffer, 304);
// we should receive a response!
for(t=0;t<5000;t++) {
len = cs8900a_rx_frame(rx_buffer);
if(len > 10) {
printf("Frame received: Len = %d.\n", len);
dump_hex(rx_buffer, 128);
return TRUE;
}
TIMER = 250;
while(TIMER)
;
}
printf("No frame received.\n");
return FALSE;
}
int main(int argc, char **argv) // allows multiple input files
{
// Define variables
char command[800];
int fnum; // File number
int i; // Loop index
unsigned long pkt_counter=0; // Number of packets seen
unsigned long user_pkt_counter=0; // Number of user data packets analysed
unsigned long user_total_volume=0; // Total volume of user data in bytes
unsigned long tcp_total_volume = 0;
unsigned long udp_total_volume = 0;
unsigned long udp_counter = 0;
int ether_offset; // Length of ethernet header
int bgan_offset; // Length of bgan header
int ip_offset; // Length of inner IP header
int udp_len; // Length of inner UDP packet payload
int tcp_hdr_len; // Length of inner TCP header
int tcp_length; // Length of inner TCP packet payload
int port; // 0 if should look at source port, 1 is destination port
int *pnt_port = &port;
int ip_protocol; // Stores value of next protocol field in inner IP header
int *pnt_ip_protocol = &ip_protocol;
int ip_length; // Stores length of inner IP header
int *pnt_ip_length = &ip_length;
int port_number; // Stores inner UDP/TCP source/destination port
int *pnt_port_number = &port_number;
int tcp_flags; // Stores value of TCP flags field (whole byte)
int *pnt_tcp_flags = &tcp_flags;
unsigned long arr_iplength[65536] = {0};
// Array to store ip lengths- row number is (packet length - 1), value stored is number of packets with that length
unsigned long arr_protocol[256][3] = {0};
// Array to store next header protocols.Row number is protocol ID, 1st column is number of bytes, 2nd column is background bytes, 3rd column is streaming bytes
unsigned long arr_tcp_port[65536] = {0};
// Array to store TCP ports.Row number is port number, value stored is number of bytes.
unsigned long arr_tcp_len[65536] = {0};
// Array to store TCP lengths. Row number is payload length, value stored is number of packets
unsigned long arr_udp_port[65536] = {0};
// Array to store UDP ports.Row number is port number, value stored is number of bytes.
unsigned long arr_udp_len[65536] = {0};
// Array to store udp lengths - row number is payload length, value stored is number of packets
//Counters for types of TCP packet
unsigned long tcp_counter = 0;
unsigned long syn_counter = 0;
unsigned long syn_ack_counter = 0;
unsigned long fin_counter = 0;
unsigned long fin_ack_counter = 0;
unsigned long syn_fin_counter = 0;
unsigned long syn_rst_counter = 0;
unsigned long fin_rst_counter = 0;
unsigned long pure_ack_counter = 0;
unsigned long data_counter = 0;
unsigned long reset_counter = 0;
unsigned long weird_counter = 0;
// Output files
f_ip_len = fopen ("IPLenAnalysis.csv", "wt");
f_protocol = fopen ("ProtocolAnalysis.csv", "wt");
f_tcp_port = fopen ("TCPPortAnalysis.csv", "wt");
f_tcp_len = fopen ("TCPLenAnalysis.csv", "wt");
f_udp_port = fopen ("UDPPortAnalysis.csv", "wt");
f_udp_len = fopen ("UDPLenAnalysis.csv", "wt");
f_err = fopen ("ErrorLog.csv", "wt");
// Create temporary packet buffers
struct pcap_pkthdr header; // The header that pcap gives us
const u_char *packet; // The actual packet
// Check command line arguments
if (argc < 2)
{
fprintf(stderr, "Usage: %s [.cap filename]\n", argv[0]);
exit(1);
}
// Begin by processing the files
for (fnum=1; fnum < argc; fnum++)
{
// Loop through the .cap files in the order given when called
sprintf(command, "zcat %s > tempfile", argv[fnum]);
system(command);
pcap_t *handle;
char errbuf[PCAP_ERRBUF_SIZE];
//handle = pcap_open_offline(argv[fnum], errbuf); // Call pcap library function
handle = pcap_open_offline("tempfile", errbuf); // Call pcap library function
if (handle == NULL) // If there is a problem with the file
{
fprintf(stderr,"Couldn't open pcap file %s: %s\n", argv[fnum], errbuf);
return(2);
}
else
{
printf("Processing packets in %s\n", argv[fnum]);
}
// Begin processing the packets in this file
while (packet = pcap_next(handle,&header))
{
pkt_counter++;
//printf("Processing packet number %d\n", pkt_counter);
printf("#");
u_char *pkt_ptr = (u_char *)packet; // Cast a pointer to the packet data
//First check type of ethernet header
ether_offset = ethernet_header(pkt_ptr);
if (ether_offset == 0)
{
continue;
}
pkt_ptr += ether_offset;
//Now move on to BGAN header
bgan_offset = bgan_header(pkt_ptr, pnt_port);
if (bgan_offset == 0)
{
continue;
}
pkt_ptr += bgan_offset;
// Now move on to inner IP header
ip_offset = inner_ip_header(pkt_ptr, pnt_ip_protocol, pnt_ip_length);
if (ip_offset == 0)
{
continue;
}
if(ip_length > 65535)
{
arr_iplength[65535]++; // Maximum IP packet length should be 65535. This catches longer packets.
}
else
{
arr_iplength[(ip_length-1)]++;
}
if(ip_length > 1500)
{
fprintf(f_err, "Error, long IP packet. Packet Number: %d. Packet Length: %d\n", pkt_counter, ip_length);
}
user_pkt_counter++;
user_total_volume += ip_length;
arr_protocol[ip_protocol][0] += ip_length;
// Look at next header if UDP or TCP
if(ip_protocol == 17) // UDP
{
udp_counter++;
pkt_ptr += ip_offset;
port_number = udp_header(pkt_ptr, port); //UDP header always 8 bytes
udp_len = ip_length - ip_offset - 8;
arr_udp_port[port_number] += ip_length;
udp_total_volume += ip_length;
arr_udp_len[udp_len]++;
}
if(ip_protocol == 6) // TCP
{
tcp_counter++;
pkt_ptr += ip_offset;
tcp_hdr_len = tcp_header(pkt_ptr, port, pnt_port_number, pnt_tcp_flags);
arr_tcp_port[port_number] += ip_length;
tcp_total_volume += ip_length;
tcp_length = ip_length - ip_offset - tcp_hdr_len; // Length of data in TCP packet
arr_tcp_len[tcp_length]++;
while (tcp_flags > 32)
tcp_flags -= 32; //Ignore all URG, ECE, CWR flags
if ((tcp_flags == 2) || (tcp_flags == 10)) // SYN; SYN/PSH
syn_counter++;
else if ((tcp_flags == 18) || (tcp_flags == 26)) // SYN/ACK; SYN/ACK/PSH
syn_ack_counter++;
else if ((tcp_flags == 1) || (tcp_flags == 9)) // FIN; FIN/PSH
fin_counter++;
else if ((tcp_flags == 17) || (tcp_flags == 25)) // FIN/ACK; FIN/ACK/PSH
fin_ack_counter++;
else if (((tcp_flags == 16) || (tcp_flags == 24)) && (tcp_length == 0)) // ACK; ACK/PSH
pure_ack_counter++;
else if ((tcp_flags == 4) || (tcp_flags == 20) || (tcp_flags == 12) || (tcp_flags == 28))
reset_counter++; // RST; RST/ACK; RST/PSH; RST/ACK/PSH;
else if ((tcp_flags == 3) || (tcp_flags == 11) || (tcp_flags == 19) || (tcp_flags == 27))
syn_fin_counter++; // SYN/FIN; SYN/FIN/PSH; SYN/ACK/FIN; SYN/ACK/FIN/PSH
else if ((tcp_flags == 6) || (tcp_flags == 14) || (tcp_flags == 22) || (tcp_flags == 30))
syn_rst_counter++; // SYN/RST; SYN/RST/PSH; SYN/ACK/RST; SYN/ACK/RST/PSH
else if ((tcp_flags == 5) || (tcp_flags == 13)) // FIN/RST; FIN/RST/PSH
fin_rst_counter++;
else if (tcp_length != 0)
{
data_counter++;
}
else
{
weird_counter++;
fprintf(f_err, "Unidentified TCP packet. Packet Number: %d. TCP Flags: %d\n", pkt_counter, tcp_flags);
}
}
}
system("rm -rf tempfile");
}
// Analysis complete, now print to output files
//IPLenAnalysis.csv
fprintf (f_ip_len, "Packet Length (bytes), Number of Packets\n");
for (i = 0; i<65536; i++)
{
if (arr_iplength[i] != 0) // Only print out when some packets with this length
{
fprintf (f_ip_len, "%d,%d\n", (i+1), arr_iplength[i]);
}
}
fprintf(f_ip_len, "\nTotal number of IP packets: %d\n", user_pkt_counter);
fprintf(f_ip_len, "Total IP volume (bytes): %d \n", user_total_volume);
fprintf(f_ip_len, "Average IP packet length (bytes): %d \n", user_total_volume/user_pkt_counter);
//ProtocolAnalysis.csv
fprintf (f_protocol, "Protocol ID/Name, Number of Bytes, Background Bytes, Streaming Bytes\n");
for (i = 0; i<256; i++)
{
if (arr_protocol[i][0] != 0)
{
fprintf (f_protocol, "%d,%d,%d,%d\n", i, arr_protocol[i][0], arr_protocol[i][1], arr_protocol[i][2]);
}
}
fprintf(f_protocol, "\nTotal volume (bytes) : %d \n", user_total_volume);
//TCPPortAnalysis.csv
fprintf (f_tcp_port, "Port Number/Name, Number of Bytes\n");
for (i = 0; i<65536; i++)
{
if (arr_tcp_port[i] != 0)
{
fprintf (f_tcp_port, "%d,%d\n", i, arr_tcp_port[i]);
}
}
fprintf (f_tcp_port, "\nTotal TCP volume (bytes): %d\n", tcp_total_volume);
//UDPPortAnalysis.csv
fprintf (f_udp_port, "Port Number/Name, Number of Bytes\n");
for (i = 0; i<65536; i++)
{
if (arr_udp_port[i] != 0)
{
fprintf (f_udp_port, "%d,%d\n", i, arr_udp_port[i]);
}
}
fprintf (f_udp_port, "\nTotal UDP volume (bytes): %d\n", udp_total_volume);
//UDPLenAnalysis.csv
fprintf (f_udp_len, "Payload Length (bytes), Number of Packets\n");
for (i = 0; i<65536; i++)
{
if (arr_udp_len[i] != 0)
{
fprintf (f_udp_len, "%d,%d\n", i, arr_udp_len[i]);
}
}
fprintf(f_udp_len, "\nAverage UDP packet length (bytes): %d\n", udp_total_volume/udp_counter);
//TCPLenAnalysis.csv
fprintf (f_tcp_len, "Payload Length (bytes), Number of Packets\n");
for (i = 0; i<65536; i++)
{
if (arr_tcp_len[i] != 0)
{
fprintf (f_tcp_len, "%d,%d\n", i, arr_tcp_len[i]);
}
}
fprintf(f_tcp_len, "\nTotal number of TCP packets: %d\n", tcp_counter);
fprintf(f_tcp_len, "Total number of SYN packets: %d\n", syn_counter);
fprintf(f_tcp_len, "Total number of SYN, ACK packets: %d\n", syn_ack_counter);
fprintf(f_tcp_len, "Total number of FIN packets: %d\n", fin_counter);
fprintf(f_tcp_len, "Total number of FIN, ACK packets: %d\n", fin_ack_counter);
fprintf(f_tcp_len, "Total number of pure ACK packets: %d\n", pure_ack_counter);
fprintf(f_tcp_len, "Total number of RST packets: %d\n", reset_counter);
fprintf(f_tcp_len, "Total number of SYN, FIN packets: %d\n", syn_fin_counter);
fprintf(f_tcp_len, "Total number of SYN, RST packets: %d\n", syn_rst_counter);
fprintf(f_tcp_len, "Total number of FIN, RST packets: %d\n", fin_rst_counter);
fprintf(f_tcp_len, "Total number of data packets: %d\n", data_counter);
fprintf(f_tcp_len, "Total number of weird packets: %d\n", weird_counter);
fprintf(f_tcp_len, "\nAverage TCP packet length (bytes): %d\n", tcp_total_volume/tcp_counter);
printf("\nSummary of Results:\n");
printf("Number of user packets: %d\n",user_pkt_counter);
return 0;
}