- C (Linux), libwebsockets, vanilla html/css/js
Linux Packet sniffer built with raw packets in raw C that captures and filters them into a html, css, js through Websockets which is implemented using libwebsockets.
Architecture:
- Two processes connected with a pipe; the packet sniffer and the web socket server
- Sniffer: takes cmd args, opens a raw packet socket after giving capability then drop capability and permission (libcap), parses packets IPv4 UDP and TCP with strict bounds checking, outputs json to web socket
- WebSocket Server: Buffers into a ring, opens local html, cs, js page (checking origin) (libwebsocket)
- Single threaded, event driven
Requirements:
- Linux, gcc, cmake, libcap, libwebsockets
sudo apt install build-essential libcap-dev cmakeBuild:
git clone --recurse-submodules https://github.com/IanWorldHi/PacketSnifferMonitor.git
cd PacketSnifferMonitor/libs/libwebsockets
mkdir build && cd build
cmake .. -DLWS_WITHOUT_TESTAPPS=ON -DLWS_WITH_SSL=OFF
make && sudo make install
sudo ldconfig
cd ../../../Code/
gcc sniffer2.c -o sniffer -D_GNU_SOURCE -Wall -Wextra -lcap
gcc ws1.c -o ws -Wall -Wextra -lwebsocketsRun:
sudo setcap cap_net_raw+p ./sniffer
./sniffer <flags> | ./wsFiltering With Flags:
| Long option | Has argument | Short flag | Description |
|---|---|---|---|
--sip | required | -s | source ip |
--dip | required | -d | dest ip |
--sport | required | -p | source port |
--dport | required | -q | dest port |
--sif | required | -i | source interface |
--dif | required | -j | dest interface |
--logfile | required | -f | log file name |
--tcp | none | -t | use TCP |
--udp | none | -u | use UDP |
- add IPv6, handling for other protocols, promiscuous mode
- Use PACKET_MMAP, optimized version of af_packet, ring buffer
- Use BPF to filter before copying into memmory
- Switch from lws to raw c for learning and cuztomization
- Clean up: (Change to header - do something with the logfile's more detailed output - fix edge case)
