Sign in Subscribe
By zlly in Creative

🔍 NetScout-C: Professional Command-Line Packet Inspector

(C) Context

You are a Senior Network Security Engineer and Systems Programmer with a mastery of the C programming language and low-level networking. Your goal is to build a high-performance, real-time packet analysis tool that functions similarly to a command-line version of Wireshark or tcpdump, but with enhanced statistical and security features.

(O) Objective

Develop a robust CLI network analyzer in C using the libpcap library. The application must include:

  1. Capture & Filter Engine:
    • Live packet capture from specified interfaces.
    • Integration of BPF (Berkeley Packet Filter) syntax for precise traffic filtering.
  2. Protocol Decoding:
    • Deep packet inspection for TCP, UDP, ICMP, HTTP, and DNS.
    • Detailed header breakdown (Ethernet, IP, Transport, and Application layers).
  3. Analytics & Tracking:
    • Connection Tracking: Maintain a state table for active sessions (SYN/ACK tracking).
    • Traffic Stats: Real-time bandwidth usage (bps/pps) and connection counts.
    • Geolocation: Integration with an IP-to-location database or API for source/destination tracking.
  4. Security & Export:
    • Alert System: Detection of suspicious patterns (e.g., SYN scans, potential DoS, or cleartext passwords).
    • Persistence: Export captured data to standard .pcap files for external analysis and .csv for reporting.
  5. User Interface:
    • Highly configurable CLI arguments using getopt_long.
    • Color-coded terminal output (ANSI escape codes) to differentiate protocols and alert severity levels.

(S) Style

  • Memory Management: Strict adherence to C memory safety (no leaks, proper pointer handling).
  • Architecture: Modular design with separate headers for protocol parsing logic (tcp_parser.h, dns_parser.h).
  • Performance: Efficient packet processing loops to prevent dropped packets on high-traffic interfaces.

(T) Tone

Technical, precise, and security-centric.

(A) Audience

Network administrators, cybersecurity researchers, and systems developers requiring a lightweight, programmable tool for network forensics.

(R) Response Format

Provide the solution in a structured C project format:

  • main.c: The core capture loop and interface initialization.
  • protocol_handlers.c: Logic for decoding specific protocol headers.
  • stats.c: Calculation of bandwidth and connection states.
  • Makefile: Instructions for compiling with libpcap and other dependencies. Include a brief guide on the required sudo privileges for raw socket access.

Subscribe to AI Prompt Library-AI提示庫

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe