Network analyzer

This project is an academic project that aims to implement a C-like tcpdump. We use the pcap C-library to get network frames and then parses them in order to display relevant informations about the data : transport protocol, ip-like protocol and applicative level relatives informations.

Dependencies

This project makes use of the pcap library to capture the frames

Build

Clone the repository using

git clone https://github.com/NicolasGresset/network_analyzer.git

at the place of your convenience then enters the folder with

cd network_analyzer

Therefore, you can build the project with

make clean

make

Run

You can whether choose to do a live analysis or use previously captured trames from a file, which will be referred as offline analysis.

Live analysis

Run

./bin/sniffer -i interface_name -v verbose_level [-f filter]

The interface name refers to the one you can find with

ifconfig

e.g wlp2s0

Verbose level must be between 1 and 3, 1 being the less explanatory and 3 the more verbose

Filters are optional BPF filters and you can find syntax examples here

Therefore, a complete utilization could look like

./bin/sniffer -i wlp2s0 -v 3 -f "port 80"

Offline analysis

In offline mode, you should take as input a file you have previously obtained from network analysers tools such as tcpdump or a packet generation tool like scapy

Example command

./bin/sniffer -o packet1.pcap -v 2