phj's FREE software.        174186 visit
     3.15.10.159


PIPACS

The program shows the IP traffic summary or the IP address pairs traffic and the traffic flow over the different TCP/UDP ports in real-time, with variable refresh time. You can filter for the interface(s), IP range, ports and protocolls. The captured data can be save to file and this captured data can be handle in external programs, which pipacs automatically starts. There are two different modes, one run-time summary and a protocoll capture/decoder mode.
The program were written originally from an Platform SDK sample to use the WinSock2 (Windows 2000) interface. Because of it usefullnes I ported it to Linux. The two version are not strictly the same because of the differences in the socket and the interface handling, but the outlook is the same in both case. The usage of the program ( in parantesis is the default values) :
Windows 2000Linux
usage: pipacs.exe options
where options:
[-c:sec] Dump cycle in sec (10)
[-f:file[-e:program]] Results into a file [and exec program](-)
[-n:db] Execute just db cycle (0)
[-l:lineno] Print lineno lines of hosts(25)
[-a] Print packet info&data (-)
[-h] Print just the header
[-p] Print just summary info (-)
    Otherwise print sum&ip pairs
[-g] Make GRE encapsulation transparent (-)
[-t:[tcp|udp|icmp|.....|number]] Filter on protocoll (ALL)
[-sa:IP[/Net]] Filter on source address (-)/net
[-sp:Port] Filter on source port (-)
[-da:IP[/Net]] Filter on dest address/net (-)
[-dp:Port] Filter on dest port(-)
[-xa:IP[/Net]] Filter on src|dest address/net (-)
[-xp:Port] Filter on src|dest port (-)
 [-pa:pattern] String match (0), last param!!!
[-i:int] Capture on this interface (0)
Available interfaces:
0 ........ [212.97.0.121]
Filtering rules: t && (sa|da|xa) && (sp|dp|xp)
Ver. 2.4 (c):2000-2004, P�l�czi-Horv�th J�nos
usage: pipacs options
where options:
[-i:int[,int]] Capture on this interface(s) (eth0)
[-c:sec] Dump cycle in sec (60)
[-f:file[-e:program]] Results into a file [and exec program](-)
[-f:file -a] Produce Wireshark compatible dump to file (-)
[-n:db] Execute just db cycle (0)
[-l:lineno] Print lineno lines of hosts(25)
[-k] Sort reult by packet count (size)
[-1] Ignore source IP (-)
[-2] Ignore destination IP (-)
[-h] Print just the header (-)
[-w[012]] Wireless mode,0=dot11 1=prism 2-radiotap (0)
[-r] Don't print RAW ( no 802.3 ) packets (-)
[-a] Print packet info&data (-)
[-h] Print just the header (-)
[-p] Print just summary info (-)
    Otherwise print sum&ip pairs
[-t:[tcp|udp|icmp|.....|number]] Filter on protocoll (ALL)
[-g] Make GRE encapsulation transparent (-)
[-v][:xx] Skip VLAN headers [xx bytes (4)] (-)
[-sa:[!]IP[/Net]] Filter on [not] source address (-)/net
[-sp:[!]Port] Filter on [not] source port (-)
[-da:[!]IP[/Net]] Filter on [not] dest address/net (-)
[-dp:[!]Port] Filter on [not] dest port(-)
[-xa:[!]IP[/Net]] Filter on [not] src|dest address/net (-)
[-xp:[!]Port] Filter on [not] src|dest port (-)
[-pa:pattern] String match , last param!!!
Filtering rules: t && (sa|da|xa) && (sp|dp|xp)
Ver. 4.2 (c):2000-2008, P�l�czi-Horv�th J�nos
pipacs.zippipacs

2004.04.14/15:    The oulook ( new print the F:2/0 = don't fragment bit set, 0=offset ) were modified, and some bug were removed. There are three major modifications:




The screen when capturing (LINUX version, -i:eth0,eth1,eth2 -c:10):
eth0,eth1,eth2   Speed: 22.44 Kbit/s , 18 IP pairs / 10 secs.    phj@phj.hu
Prot: TCP     :   98/15.0   k UDP      :   34/4.7    k OSPF    :    6/440
Port: 0445:  61/7.2   k 3251:  61/7.2   k 0022:  19/6.7  k 1106:  14/6.1   k
      0514:  30/3.7   k 0138:   8/2.0   k 3379:   8/982    0110:  11/700
212.92.31.254   212.97.0.121       10 pkt ,      6048 byte : 4.72 Kbps
95.80.10.0      1.1.0.0             2 pkt ,      4096 byte : 3.20 Kbps
212.97.0.107    212.97.0.116       41 pkt ,      3680 byte : 2.88 Kbps
212.97.0.116    212.97.0.107       20 pkt ,      3680 byte : 2.88 Kbps
212.97.0.101    212.97.0.116       22 pkt ,      2788 byte : 2.18 Kbps
212.97.0.105    212.97.0.116        8 pkt ,       982 byte : 0.77 Kbps
195.228.193.11  193.6.32.239       11 pkt ,       700 byte : 0.55 Kbps
212.97.0.115    212.97.0.121        3 pkt ,       536 byte : 0.42 Kbps
10.0.80.241     212.97.0.115        2 pkt ,       508 byte : 0.40 Kbps
212.97.0.115    10.0.80.241         2 pkt ,       500 byte : 0.39 Kbps
10.0.1.1        224.0.0.5           4 pkt ,       304 byte : 0.24 Kbps
195.199.27.219  193.225.209.24      4 pkt ,       240 byte : 0.19 Kbps
212.97.0.121    212.92.31.254       4 pkt ,       160 byte : 0.12 Kbps
212.97.0.121    212.97.0.115        2 pkt ,       128 byte : 0.10 Kbps
195.70.35.64    193.6.32.239        2 pkt ,        80 byte : 0.06 Kbps
212.97.0.115    224.0.0.5           1 pkt ,        68 byte : 0.05 Kbps
212.97.0.116    224.0.0.5           1 pkt ,        68 byte : 0.05 Kbps
195.199.74.252  193.225.209.24      1 pkt ,        60 byte : 0.05 Kbps



Packet capture mode (LINUX version, -i:eth2 -a):

2001.06.26 23:43:47 8:0:6a:2a:b3:57 > 8:0:e:21:33:96
193.6.32.101 > 193.6.32.196 TTL:253 Proto:UDP F:0/0 TOS:00
UDP: SPort: 53 | DPort: 1024 | Len: 196 | CSum: 0x0000ada0
54 fa 85 80 00 01 00 01 00 03 00 03 03 32 34 33 T............243
02 38 38 02 39 30 03 32 30 37 07 69 6e 2d 61 64 .88.90.207.in-ad
64 72 04 61 72 70 61 00 00 0c 00 01 c0 0c 00 0c dr.arpa.........
00 01 00 01 51 80 00 1e 04 64 32 34 30 03 61 73 ....Q....d240.as
30 04 65 61 74 6e 02 6f 68 07 76 6f 79 61 67 65 0.eatn.oh.voyage
72 03 6e 65 74 00 c0 10 00 02 00 01 00 01 51 80 r.net.........Q.
00 08 02 65 30 02 6e 73 c0 49 c0 10 00 02 00 01 ...e0.ns.I......
00 01 51 80 00 05 02 65 31 c0 65 c0 10 00 02 00 ..Q....e1.e.....
01 00 01 51 80 00 05 02 65 32 c0 65 c0 62 00 01 ...Q....e2.e.b..
00 01 00 01 51 80 00 04 a9 cf 02 48 c0 76 00 01 ....Q......H.v..
00 01 00 01 51 80 00 04 cf 59 80 0d c0 87 00 01 ....Q....Y......
00 01 00 01 51 80 00 04 cf 00 e5 fc 49 69 52 80 ....Q.......IiR.
9b df 45 36 35 e6 2d 2c ad d6                   ..E65.-,..
2001.06.26 23:43:48 8:0:6a:2a:b3:57 > 8:0:e:21:33:96
195.70.32.222 > 193.6.32.196 TTL:58 Proto:TCP F:0/0 TOS:00
TCP: SPort: 5676 DPort: 1461 Seq: C66DC413 ACK: 1771B5C Flags: ACK PSH
23 23 23 b9 d3 e6 f7 e6 fa a2 fd d3 e6 f7 e6 fa ###.............
c3 f7 f1 e6 e5 ea ae b5 b0 b4 b5 bb ad e7 ea e2 ................
ef ad ee e2 f7 e2 f5 ad ed e6 f7 a3 d2 d6 ca d7 ................
a3 b9 c0 ef ea e6 ed f7 a3 e6 fb ea f7 e6 e7 0d ................
0a 7f e9 af 98 c8 fb 03 36 ea 8d d3 56 7e 35     ........6...V~5
2001.06.26 23:43:48 8:0:6a:2a:b3:57 > 8:0:e:21:33:96
207.90.88.243 > 193.6.32.196 TTL:106 Proto:TCP F:0/0 TOS:00
TCP: SPort: 1216 DPort: 8000 Seq: 3EB38AB ACK: 0 Flags: SYN
02 04 02 18 01 01 04 02 0e fd cb 9c 20 e7 3e 25 ............ .>%
c3 8f 65 85 25 9a                                ..e.%.
2001.06.26 23:43:48 8:0:6a:2a:b3:57 > 8:0:e:21:33:96
207.90.88.243 > 193.6.32.196 TTL:106 Proto:TCP F:0/0 TOS:00
TCP: SPort: 1216 DPort: 8000 Seq: 3EB38AB ACK: 0 Flags: SYN
02 04 02 18 01 01 04 02 01 00 1a 00 00 00 00 09 ................
3e 02 a8 1b aa 55                                >....U
2001.06.26 23:43:49 8:0:6a:2a:b3:57 > 8:0:e:21:33:96
195.70.32.222 > 193.6.32.196 TTL:58 Proto:TCP F:0/0 TOS:00
TCP: SPort: 5676 DPort: 1461 Seq: C66DC454 ACK: 1771B5C Flags: ACK PSH
23 23 23 b9 c9 f6 e0 ea a2 fd c9 f6 e0 ea c3 f7 ###.............
f1 e6 e5 ea ae b2 b6 b4 b1 b6 ad e7 ea e2 ef ad ................
e5 f1 e6 e6 f0 f7 e2 f1 f7 ad eb f6 a3 d2 d6 ca ................
d7 a3 b9 c1 f1 ec e8 e6 ed a3 f3 ea f3 e6 0d 0a ................
00 b1 18 e8 71 4f 50 52 8b 56 f8 8b 46 f6        ....qOPR.V..F.



Errors and todos

- LINUX :signal handling missing (^c -> promisc. mode setting back to original)
- LINUX : you can give just an ethernet interface (MAC protokoll decoder); TUN adapter: -v:-14 !!
- WINDOWS : you can select just one interface at a time