Compilation

Compile in debug mode to facilitate debugging:

CFLAGS='-g -O0 -Wall -Werror' CXXFLAGS='-g -O0 -std=c++11 -Wall -Werror' make

Architecture Overview

NetHogs usses libpcap to capture packets from a specified network interface. It parses each packet to extract connection details (source/destination addresses and ports) and payload length. Each network connection is associated with a processs, and a single process may have multiple connections.

Main Loop

The main processing loop handles packet capture and processing.

Implementation Details

Initialization

The dp_handle structure manages libpcap operations:

struct dp_handle {
  pcap_t *capture_handle;
  dp_callback handler[dp_n_packet_types];
  int link_layer_type;
  u_char *user_ctx;
  int user_ctx_size;
};

The dpargs structure stores network interface and addressing information:

struct dpargs {
  const char *interface_name;
  int address_family;
  in_addr source_ipv4;
  in_addr dest_ipv4;
  in6_addr source_ipv6;
  in6_addr dest_ipv6;
};

pcap_open_live initializes packet capture on the specified network interface.

Packet Processing

pcap_dispatch processes incoming packets from live capture. The primary processing occurs in the process_tcp function which handles TCP traffic analysis.

Statistics Refresh

The do_refresh function updates statistical information. Each Process object contains multiple Connection objects, and each Connection tracks multiple Packet objects containing langth information.

Debugging Notes

When debugging with GDB, pcap_dispatch may not appear in call stacks due to potential function inlining during compilation.