A Not Simple Network Sniffer.
- Ubuntu 20.04
- Qt 5.9.0
- libpcap 1.10.1
$ sudo apt-get install qtbase5-dev qtchooser qt5-qmake qtbase5-dev-tools
$ sudo apt-get install libpcap-devsrc/- Source codesrc/utils/- Utility functionssrc/utils/utils.h- Utility functions headersrc/utils/utils.cpp- Utility functions implementationsrc/utils/hdr.h- Package header informationsrc/main.cpp- Main functionsrc/mainwindow.cpp- Main windowsrc/mainwindow.h- Main window headersrc/sniffer.cpp- Sniffersrc/sniffer.h- Sniffer headersrc/catch.h- Catch packagesrc/catch.cpp- Catch package implementationsrc/filter.h- Filter headersrc/filter.cpp- Filtersrc/devwindow.h- Devwindow headersrc/devwindow.cpp- Devwindow
ui/- UI filesui/mainwindow.ui- Main window UI
build/- Build directorybuild/build.sh- Build scriptbuild/sniffer.pro- Project filebuild/Makefile- Makefilebuild/bin/- Executable directorybuild/bin/sniffer- Executable file
test/- Test directoryMakefile- Makefiletest/test.cpp- Test file
Use build.sh script:
# build
$ cd build
$ bash build.sh
# run
$ ./bin/snifferManually:
# build
$ cd ./build
$ qmake -o Makefile ./sniffer.pro
$ make
# run
$ cd ./bin
$ chmod +x ./sniffer
$ ./snifferTest sniffer in terminal:
$ cd test
# make clean if necessary
$ make
$ sudo ./testSave to log file:
$ cd test
$ mkdir log
# make clean if necessary
$ make
$ echo "eth0" > test.in # change "eth0" to your device
$ sudo ./test < test.in > ./log/"$(date +"%Y-%m-%d_%H-%M-%S").log"- GUI framework
- Find all network devices
- Catch packets
- Parse packets (Parse IP, TCP, UDP, ICMP, ARP, etc.)
- IP fragmentation reassembly
- Filter packets (Filter IP addresses (src & dst), ports (src & dst), protocols, etc.)
- Search packets (Search by content, etc.)
- Save packets (Save packets to readable file)
- File reassembly (Reassemble files from TCP packets)
- Interact in GUI (Show packets info in GUI)
- Beautify UI (QStyle class may be helpful)
Resources
- Getting Started with qmake
- pcap tutorial
- sniffex.c
- libpcap packet capture tutorial
- Qt groupbox example
- pcap
Q&A