1 /************************************************************************** 2 **SA Network Connection Profiler [sancp] - A TCP/IP statistical/collection tool 3 * ************************************************************************ 4 * * Copyright (C) 2003 John Curry <john.curry@metre.net> 5 * * 6 * * This program is distributed under the terms of version 1.0 of the 7 * * Q Public License. See LICENSE.QPL for further details. 8 * * 9 * * This program is distributed in the hope that it will be useful, 10 * * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 * * 13 * ***********************************************************************/ 14 15 #include <unistd.h> // setuid(), setgid() 16 #include <pcap.h> // libpcap 17 18 #define PROMISC 1 19 #define MAX_VAR 80 20 #define READ_TIMEOUT 500 21 #define ETHPROTO_IP 0x0008 22 23 // network order bytes 0x0806 24 #define ETHPROTO_ARP 0x0608 25 26 // network order bytes 0x8035 27 #define ETHPROTO_RARP 0x3580 28 29 #define ETHPROTO_8021Q 0x0081 30 31 //void Record_Raw_Pcap(u_char *,int); 32 33 //void Handle_Packet(u_char *,int); 34 35 void erase_idle(); 36 37 void ProcessMyPacket(char *user, struct pcap_pkthdr * pkthdr, u_char * pkt); 38 39 void close_pcap_file(pcap_t *); 40 41 pcap_t * open_pcap_file(char *,char *); 42 43 pcap_t * open_pcap_live(char *,char *); 44 45 void start_pcap_loop(pcap_t *); 46 47 int apply_filter(pcap_t *ph, char *filename, int optimize, bpf_u_int32 netmask ); 48