A Not Simple Network Sniffer.
- Ubuntu 20.04
- Qt 5.9.0
- libpcap 1.10.1
$ sudo apt-get install qtbase5-dev qtchooser qt5-qmake qtbase5-dev-tools
$ sudo apt-get install libpcap-dev
src/
- Source codesrc/utils/
- Utility functionssrc/utils/utils.h
- Utility functions headersrc/utils/utils.cpp
- Utility functions implementationsrc/utils/hdr.h
- Package header informationsrc/main.cpp
- Main functionsrc/mainwindow.cpp
- Main windowsrc/mainwindow.h
- Main window headersrc/sniffer.cpp
- Sniffersrc/sniffer.h
- Sniffer headersrc/catch.h
- Catch packagesrc/catch.cpp
- Catch package implementation
ui/
- UI filesui/mainwindow.ui
- Main window UI
build/
- Build directorybuild/build.sh
- Build scriptbuild/sniffer.pro
- Project filebuild/bin/
- Executable directorybuild/bin/sniffer
- Executable file
test/
- Test directoryMakefile
- Makefiletest/test.cpp
- Test file
Use build.sh
script:
# build
$ cd build
$ bash build.sh
# run
$ ./bin/sniffer
Manually:
# build
$ cd ./build
$ qmake -o Makefile ./sniffer.pro
$ make
# run
$ cd ./bin
$ chmod +x ./sniffer
$ ./sniffer
Test sniffer in terminal:
$ cd test
# make clean if necessary
$ make
$ sudo ./test
Save to log file:
$ cd test
$ mkdir log
# make clean if necessary
$ make
$ echo "eth0" > test.in # change "eth0" to your device
$ sudo ./test < test.in > ./log/"$(date +"%Y-%m-%d_%H-%M-%S").log"
- GUI framework
- Find all network devices
- Catch packets
- Parse packets (Parse IP, TCP, UDP, ICMP, ARP, etc.)
- IP fragmentation reassembly
- Filter packets (Filter IP addresses (src & dst), ports (src & dst), protocols, etc.)
- Search packets (Search by content, etc.)
- Save packets (Save packets to readable file)
- File reassembly (Reassemble files from TCP packets)
- Interact in GUI (Show packets info in GUI)
- Beautify UI (QStyle class may be helpful)
Resources
- Getting Started with qmake
- pcap tutorial
- sniffex.c
- libpcap packet capture tutorial
- Qt groupbox example
- pcap
Q&A