/utils/etterlog/el_analyze.c

https://github.com/wertarbyte/ettercap · C · 199 lines · 111 code · 52 blank · 36 comment · 16 complexity · 49e2e601f12397c17a4b9a34b2320e07 MD5 · raw file 

    

  1. /*
    2. 

  2.     etterlog -- analysis module
    3. 

    4. 

  4.     Copyright (C) ALoR & NaGA
    5. 

    6. 

  6.     This program is free software; you can redistribute it and/or modify
    7. 

  7.     it under the terms of the GNU General Public License as published by
    8. 

  8.     the Free Software Foundation; either version 2 of the License, or
    9. 

  9.     (at your option) any later version.
    10. 

    11. 

  11.     This program is distributed in the hope that it will be useful,
    12. 

  12.     but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14.     GNU General Public License for more details.
    15. 

    16. 

  16.     You should have received a copy of the GNU General Public License
    17. 

  17.     along with this program; if not, write to the Free Software
    18. 

  18.     Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
    19. 

  19. */
    20. 

  20. 

  21. #include <el.h>
    22. 

  22. #include <ec_log.h>
    23. 

  23. #include <ec_profiles.h>
    24. 

  24. #include <el_functions.h>
    25. 

  25. 

  26. #include <sys/stat.h>
    27. 

  27. 

  28. void analyze(void);
    29. 

  29. void analyze_packet(void);
    30. 

  30. void analyze_info(void);
    31. 

  31. 

  32. void create_hosts_list(void);
    33. 

  33. 

  34. /*******************************************/
    35. 

  35. 

  36. void analyze(void)
    37. 

  37. {
    38. 

  38.    switch(GBL.hdr.type) {
    39. 

  39.       case LOG_PACKET:
    40. 

  40.          analyze_packet();
    41. 

  41.          break;
    42. 

  42.       case LOG_INFO:
    43. 

  43.          analyze_info();
    44. 

  44.          break;
    45. 

  45.    }
    46. 

  46. }
    47. 

  47. 

  48. 

  49. /* analyze a packet log file */
    50. 

  50. 

  51. void analyze_packet(void)
    52. 

  52. {
    53. 

  53.    struct log_header_packet pck;
    54. 

  54.    int ret, count = 0;
    55. 

  55.    int tot_size = 0, pay_size = 0;
    56. 

  56.    u_char *buf;
    57. 

  57.    struct stat st;
    58. 

  58.    
    59. 

  59.    fprintf(stdout, "\nAnalyzing the log file (one dot every 100 packets)\n");
    60. 

  60.  
    61. 

  61.    tot_size = sizeof(struct log_global_header);
    62. 

  62.    
    63. 

  63.    /* read the logfile */
    64. 

  64.    LOOP {
    65. 

  65.       
    66. 

  66.       memset(&pck, 0, sizeof(struct log_header_packet));
    67. 

  67.       
    68. 

  68.       ret = get_packet(&pck, &buf);
    69. 

  69. 

  70.       /* on error exit the loop */
    71. 

  71.       if (ret != ESUCCESS)
    72. 

  72.          break;
    73. 

  73.       
    74. 

  74.       count++;
    75. 

  75.       tot_size += sizeof(struct log_header_packet) + pck.len;
    76. 

  76.       pay_size += pck.len;
    77. 

  77.     
    78. 

  78.       if (count % 100 == 0) {
    79. 

  79.          fprintf(stderr, ".");
    80. 

  80.          fflush(stderr);
    81. 

  81.       }
    82. 

  82.       
    83. 

  83.       SAFE_FREE(buf);
    84. 

  84.    }
    85. 

  85. 

  86.    /* get the file stat */
    87. 

  87.    ret = stat(GBL.logfile, &st);
    88. 

  88.    ON_ERROR(ret, -1, "Cannot stat file");
    89. 

  89.    
    90. 

  90.    fprintf(stdout, "\n\n");
    91. 

  91.    fprintf(stdout, "Log file size (compressed)   : %d\n", (int)st.st_size);   
    92. 

  92.    fprintf(stdout, "Log file size (uncompressed) : %d\n", tot_size);
    93. 

  93.    if (tot_size != 0)
    94. 

  94.       fprintf(stdout, "Compression ratio            : %.2f %%\n\n", 100 - ((float)st.st_size * 100 / (float)tot_size) );
    95. 

  95.    fprintf(stdout, "Effective payload size       : %d\n", pay_size);
    96. 

  96.    if (tot_size != 0)
    97. 

  97.       fprintf(stdout, "Wasted percentage            : %.2f %%\n\n", 100 - ((float)pay_size * 100 / (float)tot_size) );
    98. 

  98.    
    99. 

  99.    fprintf(stdout, "Number of packets            : %d\n", count);
    100. 

  100.    if (count != 0)
    101. 

  101.       fprintf(stdout, "Average size per packet      : %d\n", pay_size / count );
    102. 

  102.    fprintf(stdout, "\n");
    103. 

  103.    
    104. 

  104.    return;
    105. 

  105. }
    106. 

  106. 

  107. 

  108. 

  109. /*
    110. 

  110.  * extract data form the file
    111. 

  111.  * and create the host list
    112. 

  112.  */
    113. 

  113. 

  114. void create_hosts_list(void)
    115. 

  115. {
    116. 

  116.    struct log_header_info inf;
    117. 

  117.    int ret;
    118. 

  118.    struct dissector_info buf;
    119. 

  119.    
    120. 

  120.    /* read the logfile */
    121. 

  121.    LOOP {
    122. 

  122. 

  123.       memset(&inf, 0, sizeof(struct log_header_info));
    124. 

  124.       memset(&buf, 0, sizeof(struct dissector_info));
    125. 

  125.       
    126. 

  126.       ret = get_info(&inf, &buf);
    127. 

  127. 

  128.       /* on error exit the loop */
    129. 

  129.       if (ret != ESUCCESS)
    130. 

  130.          break;
    131. 

  131.    
    132. 

  132.       profile_add_info(&inf, &buf);
    133. 

  133.       
    134. 

  134.       SAFE_FREE(buf.user);
    135. 

  135.       SAFE_FREE(buf.pass);
    136. 

  136.       SAFE_FREE(buf.info);
    137. 

  137.       SAFE_FREE(buf.banner);
    138. 

  138.    }
    139. 

  139. }
    140. 

  140. 

  141. 

  142. /* 
    143. 

  143.  * analyze an info log file 
    144. 

  144.  */
    145. 

  145. 

  146. void analyze_info(void)
    147. 

  147. {
    148. 

  148.    struct host_profile *h;
    149. 

  149.    struct open_port *o;
    150. 

  150.    struct active_user *u;
    151. 

  151.    TAILQ_HEAD(, host_profile) *hosts_list_head = get_host_list_ptr();
    152. 

  152.    int nhl = 0, nhnl = 0, ngw = 0;
    153. 

  153.    int nports = 0, nusers = 0, nhosts = 0;
    154. 

  154.    
    155. 

  155.    /* create the hosts' list */
    156. 

  156.    create_hosts_list(); 
    157. 

  157. 

  158. 

  159.    TAILQ_FOREACH(h, hosts_list_head, next) {
    160. 

  160.       if (h->type & FP_HOST_LOCAL)
    161. 

  161.          nhl++;
    162. 

  162.       
    163. 

  163.       if (h->type & FP_HOST_NONLOCAL)
    164. 

  164.          nhnl++;
    165. 

  165.       
    166. 

  166.       if (h->type & FP_GATEWAY)
    167. 

  167.          ngw++;
    168. 

  168.       
    169. 

  169.       nhosts++;
    170. 

  170.      
    171. 

  171.       LIST_FOREACH(o, &(h->open_ports_head), next) {
    172. 

  172.          nports++;
    173. 

  173.          
    174. 

  174.          LIST_FOREACH(u, &(o->users_list_head), next) {
    175. 

  175.             nusers++;
    176. 

  176.          }
    177. 

  177.       }
    178. 

  178.    }
    179. 

  179.    
    180. 

  180.    fprintf(stdout, "\n\n");
    181. 

  181.    fprintf(stdout, "Number of hosts (total)       : %d\n\n", nhosts);   
    182. 

  182.    fprintf(stdout, "Number of local hosts         : %d\n", nhl);   
    183. 

  183.    fprintf(stdout, "Number of non local hosts     : %d\n", nhnl);   
    184. 

  184.    fprintf(stdout, "Number of gateway             : %d\n\n", ngw);   
    185. 

  185.    
    186. 

  186.    fprintf(stdout, "Number of discovered services : %d\n", nports);   
    187. 

  187.    fprintf(stdout, "Number of accounts captured   : %d\n\n", nusers);   
    188. 

  188.    
    189. 

  189.    fprintf(stdout, "\n");
    190. 

  190.    
    191. 

  191.    return;
    192. 

  192. }
    193. 

  193. 

  194. 

  195. 

  196. /* EOF */
    197. 

  197. 

  198. // vim:ts=3:expandtab
    199.