Czech version here.
Assignment (zadani) in CZ here.
Isashark is offline packet analyzer, which is able to parse headers data of supported protocols and print them or use them to further processing. Further processing depends on selected program options and arguments.
Program expects .pcap files with saved traffic.
Output format depends on given options, see Usage for more information.
Defragmentation of ipv4 - I've chosen to implement fragmentation handling by myself, but this results in wrong results in case of overlapping fragments and two last values in TCP header. UDP works fine.
No other issues were found.
Program is build by running the command "make".
isashark [-h] [-a aggr-key] [-s sort-key] [-l limit] [-f filter-expression] file ...
./isashark -h
Prints help and exits with success.
./isashark -a dstip inputfile.pcap
Agregates packets by given key - in this case: "dstip".
./isashark -l 20 inputfile.pcap
Prints 20 packets at max.
./isashark -f "src host 2001:db8::1" inputfile.pcap
Process only packets that match the filter.
- isashark.cpp
- isashark.h
- Makefile
- README.md
- manual.pdf
- libpcap
- libpcap-devel
- DNS primer, headers
- Sample traffic in pcap
- Retriving the data from UDP packet
- Dealing with pcup.h library
- Understanding the IPv6 headers
- Wikipedia - Ethernet Frame
- rfc791 - INTERNET PROTOCOL
- rfc815 - IP DATAGRAM REASSEMBLY ALGORITHMS
- Managed Ethernet Switches & VLANs
- Netfilter - What Packets Look Like
- The Lost Art of Structure Packing
- Flattening a C structure to a byte array
- Parsing Binary Data in C
- Parsing a TCP Packet data
- Correct way to parse network packet in C
- protocol parsing in c
- Packet parsing in C using struct