├── libpcap.A.dylib ├── screenshot.png ├── VisualSniff ├── en.lproj │ ├── InfoPlist.strings │ ├── Credits.rtf │ └── MainMenu.xib ├── AppIcon.icns ├── VisualSniff-Prefix.pch ├── main.m ├── VisualSniff.entitlements ├── Map.h ├── RawPacket.h ├── Sniffer.h ├── Conversation.h ├── Host.h ├── Conversation.m ├── VisualSniff-Info.plist ├── VisualSniffAppDelegate.h ├── RawPacket.m ├── Sniffer.m ├── Host.m ├── VisualSniffAppDelegate.m └── Map.m ├── README.md └── pcap.h /libpcap.A.dylib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dhoelzer/VisualSniff/HEAD/libpcap.A.dylib -------------------------------------------------------------------------------- /screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dhoelzer/VisualSniff/HEAD/screenshot.png -------------------------------------------------------------------------------- /VisualSniff/en.lproj/InfoPlist.strings: -------------------------------------------------------------------------------- 1 | /* Localized versions of Info.plist keys */ 2 | 3 | -------------------------------------------------------------------------------- /VisualSniff/AppIcon.icns: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dhoelzer/VisualSniff/HEAD/VisualSniff/AppIcon.icns -------------------------------------------------------------------------------- /VisualSniff/VisualSniff-Prefix.pch: -------------------------------------------------------------------------------- 1 | // 2 | // Prefix header for all source files of the 'VisualSniff' target in the 'VisualSniff' project 3 | // 4 | 5 | #ifdef __OBJC__ 6 | #import 7 | #endif 8 | -------------------------------------------------------------------------------- /VisualSniff/main.m: -------------------------------------------------------------------------------- 1 | // 2 | // main.m 3 | // VisualSniff 4 | // 5 | // Created by David Hoelzer on 10/1/11. 6 | // Copyright 2011 Enclave Forensics, Inc. All rights reserved. 7 | // 8 | 9 | #import 10 | 11 | int main(int argc, char *argv[]) 12 | { 13 | return NSApplicationMain(argc, (const char **)argv); 14 | } 15 | -------------------------------------------------------------------------------- /VisualSniff/en.lproj/Credits.rtf: -------------------------------------------------------------------------------- 1 | {\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230 2 | {\fonttbl\f0\fswiss\fcharset0 Helvetica;} 3 | {\colortbl;\red255\green255\blue255;} 4 | \vieww9600\viewh8400\viewkind0 5 | \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720 6 | 7 | \f0\b\fs24 \cf0 Conceived & Created by: 8 | \b0 \ 9 | David Hoelzer\ 10 | dhoelzer@enclaveforensics.com\ 11 | } -------------------------------------------------------------------------------- /VisualSniff/VisualSniff.entitlements: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | com.apple.security.app-sandbox 6 | 7 | com.apple.security.files.user-selected.read-write 8 | 9 | com.apple.security.network.client 10 | 11 | com.apple.security.network.server 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /VisualSniff/Map.h: -------------------------------------------------------------------------------- 1 | // 2 | // Map.h 3 | // VisualSniff 4 | // 5 | // Created by David Hoelzer on 10/15/11. 6 | // Copyright 2011 Enclave Forensics, Inc. All rights reserved. 7 | // 8 | 9 | #import 10 | #import "Host.h" 11 | 12 | @interface Map : NSView 13 | { 14 | id conversationDelegate; 15 | NSArray *hosts, *conversations; 16 | Host *pointedHost; 17 | CGContextRef context; 18 | float radialOffset; 19 | BOOL doShowHosts; 20 | 21 | } 22 | 23 | @property BOOL doShowHosts; 24 | -(void)setConversationDelegate:(id)object; 25 | @end 26 | -------------------------------------------------------------------------------- /VisualSniff/RawPacket.h: -------------------------------------------------------------------------------- 1 | // 2 | // RawPacket.h 3 | // VisualSniff 4 | // 5 | // Created by David Hoelzer on 10/6/11. 6 | // Copyright 2011 Enclave Forensics, Inc. All rights reserved. 7 | // 8 | 9 | #import 10 | 11 | @interface RawPacket : NSObject 12 | { 13 | const u_char *rawPacketData; 14 | int packetSize; 15 | } 16 | 17 | - (id)initWithPacket:(const u_char *)packet_data length:(int)packetLength; 18 | - (NSString *)getEtherDestinationHost; 19 | - (NSString *)getEtherSourceHost; 20 | - (NSString *)getIPSourceHost; 21 | - (NSString *)getIPDestinationHost; 22 | - (int)getPayloadSize; 23 | - (BOOL)isIP; 24 | 25 | @property(nonatomic,readonly)const u_char *rawPacketData; 26 | @property(nonatomic, readonly)int packetSize; 27 | @end 28 | -------------------------------------------------------------------------------- /VisualSniff/Sniffer.h: -------------------------------------------------------------------------------- 1 | // 2 | // Sniffer.h 3 | // VisualSniff 4 | // 5 | // Created by David Hoelzer on 10/1/11. 6 | // Copyright 2011 Enclave Forensics, Inc. All rights reserved. 7 | // 8 | 9 | #import 10 | #include "pcap.h" 11 | #import "Host.h" 12 | 13 | @interface Sniffer : NSObject 14 | { 15 | const char *device; 16 | NSString *deviceString; 17 | pcap_t *listener; 18 | bool isSniffing; 19 | id startButton; 20 | Sniffer *parentSniffer; 21 | 22 | } 23 | - (void)startSniffer; 24 | - (Boolean)startOffline:(NSString *)fileName; 25 | - (void)startOfflineCapture:(NSString *)fileName; 26 | - (id)initWithDevice:(NSString *)deviceName; 27 | - (id)initWithFile:(NSString *)fileName; 28 | void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet); 29 | void got_offline_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet); 30 | @end 31 | -------------------------------------------------------------------------------- /VisualSniff/Conversation.h: -------------------------------------------------------------------------------- 1 | // 2 | // Conversation.h 3 | // VisualSniff 4 | // 5 | // Created by David Hoelzer on 10/15/11. 6 | // Copyright 2011 Enclave Forensics, Inc. All rights reserved. 7 | // 8 | 9 | #import 10 | #import "Host.h" 11 | 12 | @interface Conversation : NSObject 13 | { 14 | Host *sourceHost, *destinationHost; 15 | float size; 16 | NSDate *lastPacket; 17 | float packets; 18 | NSString *idTag; 19 | } 20 | 21 | @property(readwrite, retain) NSString *idTag; 22 | @property(readwrite, retain) Host *sourceHost; 23 | @property(readwrite, retain) Host *destinationHost; 24 | @property(readonly) float packets; 25 | @property(readonly) float size; 26 | @property (nonatomic, readonly, retain) NSDate *lastPacket; 27 | 28 | -(void)addPacket; 29 | -(void)addSize:(int)bytes; 30 | -(float) adjustedPackets; 31 | -(float) adjustedSize; 32 | -(void) reducePackets:(float)factor; 33 | -(void) reduceSize:(float)factor; 34 | - (NSInteger)lastPacketReceived; 35 | 36 | @end 37 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # VisualSniff 2 | A reimplementation of the EtherApe style display for OS X. Note that this is not a fork of EtherApe. Written in a kinder, gentler, day when Objective-C had not yet been supplanted with this Swift nonsense. 3 | 4 | ![](screenshot.png) 5 | 6 | This code is released under the GPL 3.0 7 | 8 | 9 | VisualSniff, a reimplementation of the EtherApe style display for OS X. 10 | Copyright (C) 2011 David Hoelzer 11 | 12 | This program is free software: you can redistribute it and/or modify 13 | it under the terms of the GNU General Public License as published by 14 | the Free Software Foundation, either version 3 of the License, or 15 | (at your option) any later version. 16 | 17 | This program is distributed in the hope that it will be useful, 18 | but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 | GNU General Public License for more details. 21 | 22 | You should have received a copy of the GNU General Public License 23 | along with this program. If not, see . 24 | -------------------------------------------------------------------------------- /VisualSniff/Host.h: -------------------------------------------------------------------------------- 1 | // 2 | // EtherHost.h 3 | // VisualSniff 4 | // 5 | // Created by David Hoelzer on 10/2/11. 6 | // Copyright 2011 Enclave Forensics, Inc. All rights reserved. 7 | // 8 | 9 | #import 10 | 11 | @interface Host : NSObject 12 | { 13 | NSDate *lastPacket; 14 | NSString *address; 15 | struct CGColor *color; 16 | CGRect packetRect, sizeRect; 17 | float packets, size; 18 | float xCenter, yCenter; 19 | BOOL IP, ethernet; 20 | } 21 | 22 | - (id)initWithAddress:(NSString *)address; 23 | - (CGPoint)setCenterX:(int)x Y:(int)y; 24 | - (BOOL)isEthernet; 25 | - (BOOL)isIP; 26 | - (void)setEthernet; 27 | - (void)setIP; 28 | - (const char *)cStringAddress; 29 | - (void)moveTo:(CGPoint)newCenter; 30 | - (CGPoint)center; 31 | - (void) reducePackets:(float)factor; 32 | - (void) addPacket; 33 | -(void) addSize:(int)bytes; 34 | - (void) reduceSize:(float)factor; 35 | - (NSInteger)lastPacketReceived; 36 | 37 | @property (nonatomic, retain) NSDate *lastPacket; 38 | @property (nonatomic, readwrite, retain) NSString *address; 39 | @property (nonatomic, readwrite) struct CGColor *color; 40 | @property (nonatomic, readonly) CGRect packetRect, sizeRect; 41 | @property (nonatomic, readonly) float packets, size; 42 | @property (nonatomic, readonly) BOOL IP, ethernet; 43 | @end 44 | -------------------------------------------------------------------------------- /VisualSniff/Conversation.m: -------------------------------------------------------------------------------- 1 | // 2 | // Conversation.m 3 | // VisualSniff 4 | // 5 | // Created by David Hoelzer on 10/15/11. 6 | // Copyright 2011 Enclave Forensics, Inc. All rights reserved. 7 | // 8 | 9 | #import "Conversation.h" 10 | #import "Host.h" 11 | 12 | @implementation Conversation 13 | @synthesize sourceHost, destinationHost, packets, idTag, size, lastPacket; 14 | 15 | -(float) adjustedPackets 16 | { 17 | return (logf(packets)); 18 | } 19 | 20 | -(float) adjustedSize 21 | { 22 | return (logf(size)); 23 | } 24 | 25 | - (NSInteger)lastPacketReceived 26 | { 27 | return ([lastPacket timeIntervalSinceNow] * -1 ); 28 | } 29 | 30 | -(void)addPacket 31 | { 32 | packets += 1; 33 | packets = (packets > 250 ? 250 : packets); 34 | [lastPacket release]; 35 | lastPacket = [[NSDate alloc] init]; 36 | } 37 | 38 | -(void)addSize:(int)bytes 39 | { 40 | size += bytes; 41 | size = (size > 250 ? 250 : size); 42 | } 43 | 44 | -(void) reducePackets:(float)factor 45 | { 46 | packets = packets * factor; 47 | packets = (packets < 1 ? 0 : packets); 48 | } 49 | 50 | -(void) reduceSize:(float)factor 51 | { 52 | size = size * factor; 53 | size = (size < 1 ? 0 : size); 54 | } 55 | 56 | - (id)init 57 | { 58 | self = [super init]; 59 | if (self) { 60 | packets = 0; 61 | } 62 | 63 | return self; 64 | } 65 | 66 | @end 67 | -------------------------------------------------------------------------------- /VisualSniff/VisualSniff-Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | CFBundleDevelopmentRegion 6 | en 7 | CFBundleDisplayName 8 | VisualSniff 9 | CFBundleDocumentTypes 10 | 11 | CFBundleExecutable 12 | ${EXECUTABLE_NAME} 13 | CFBundleIconFile 14 | AppIcon.icns 15 | CFBundleIdentifier 16 | com.enclaveforensics.visualsniff 17 | CFBundleInfoDictionaryVersion 18 | 6.0 19 | CFBundleName 20 | VisualSniff 21 | CFBundlePackageType 22 | APPL 23 | CFBundleShortVersionString 24 | 1.02 25 | CFBundleSignature 26 | ???? 27 | CFBundleURLTypes 28 | 29 | CFBundleVersion 30 | 1.02 31 | LSApplicationCategoryType 32 | public.app-category.utilities 33 | LSMinimumSystemVersion 34 | ${MACOSX_DEPLOYMENT_TARGET} 35 | NSHumanReadableCopyright 36 | Copyright © 2012 Enclaveforensics. All rights reserved. 37 | NSMainNibFile 38 | MainMenu 39 | NSPrincipalClass 40 | NSApplication 41 | NSServices 42 | 43 | UTExportedTypeDeclarations 44 | 45 | UTImportedTypeDeclarations 46 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /VisualSniff/VisualSniffAppDelegate.h: -------------------------------------------------------------------------------- 1 | // 2 | // VisualSniffAppDelegate.h 3 | // VisualSniff 4 | // 5 | // Created by David Hoelzer on 10/1/11. 6 | // Copyright 2011 Enclave Forensics, Inc. All rights reserved. 7 | // 8 | 9 | #import 10 | #import "Sniffer.h" 11 | #import "Conversation.h" 12 | #import "RawPacket.h" 13 | 14 | @interface VisualSniffAppDelegate : NSObject { 15 | NSWindow *window; 16 | NSWindow *adapterSelectionWindow; 17 | NSWindow *settingsWindow; 18 | NSMutableArray *hosts; 19 | NSMutableArray *conversations; 20 | IBOutlet NSComboBox *interfaceSelection; 21 | IBOutlet NSButton *startButton; 22 | IBOutlet NSButton *drawSizes; 23 | IBOutlet NSButton *drawEthernetHosts; 24 | IBOutlet NSButton *drawIPV4Hosts; 25 | IBOutlet NSButton *openPcapFileButton; 26 | IBOutlet NSSlider *hostTimeout; 27 | IBOutlet NSTextField *timeoutLabel; 28 | } 29 | 30 | -(IBAction)closeSettings:(id)sender; 31 | -(IBAction)triggerSettings:(id)sender; 32 | -(int)hostTimeoutValue; 33 | -(IBAction)adjustTimeout:(id)sender; 34 | -(IBAction)openHelp:(id)sender; 35 | -(IBAction)openPcapFile:(id)sender; 36 | -(IBAction)startSniffer:(id)sender; 37 | - (void) packetReceived:(NSNotification *)aNotice; 38 | -(Host *)findOrAddHostForAddress:(NSString *)hostAddress withPacket:(RawPacket *)packet isSource:(Boolean)isSource type:(NSString *)type; 39 | -(Conversation *)findOrAddConversationFrom:(Host *)source To:(Host *)destination withPacket:(RawPacket *)packet; 40 | -(NSArray *)getConversationsReference; 41 | -(NSArray *)getHostsReference; 42 | -(Boolean)drawSizes; 43 | -(Boolean)drawIPV4Hosts; 44 | -(Boolean)drawEthernetHosts; 45 | 46 | @property (assign) IBOutlet NSWindow *window; 47 | @property (assign) IBOutlet NSWindow *settingsWindow; 48 | @property (nonatomic, retain) IBOutlet NSTextField *timeoutLabel; 49 | @property (nonatomic, retain, readwrite) IBOutlet NSComboBox *interfaceSelection; 50 | @property (nonatomic, retain, readwrite) IBOutlet NSSlider *hostTimeout; 51 | 52 | @end 53 | -------------------------------------------------------------------------------- /pcap.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1993, 1994, 1995, 1996, 1997 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 3. All advertising materials mentioning features or use of this software 14 | * must display the following acknowledgement: 15 | * This product includes software developed by the Computer Systems 16 | * Engineering Group at Lawrence Berkeley Laboratory. 17 | * 4. Neither the name of the University nor of the Laboratory may be used 18 | * to endorse or promote products derived from this software without 19 | * specific prior written permission. 20 | * 21 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 | * SUCH DAMAGE. 32 | * 33 | * @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.59 2006-10-04 18:09:22 guy Exp $ (LBL) 34 | */ 35 | 36 | /* 37 | * For backwards compatibility. 38 | * 39 | * Note to OS vendors: do NOT get rid of this file! Many applications 40 | * expect to be able to include , and at least some of them 41 | * go through contortions in their configure scripts to try to detect 42 | * OSes that have "helpfully" moved pcap.h to without 43 | * leaving behind a file. 44 | */ 45 | #include 46 | -------------------------------------------------------------------------------- /VisualSniff/RawPacket.m: -------------------------------------------------------------------------------- 1 | // 2 | // RawPacket.m 3 | // VisualSniff 4 | // 5 | // Created by David Hoelzer on 10/6/11. 6 | // Copyright 2011 Enclave Forensics, Inc. All rights reserved. 7 | // 8 | 9 | #import "RawPacket.h" 10 | 11 | @implementation RawPacket 12 | @synthesize rawPacketData, packetSize; 13 | 14 | - (id)initWithPacket:(const u_char *)packet_data length:(int)packetLength 15 | { 16 | self = [super init]; 17 | if (self) { 18 | rawPacketData = packet_data; // This should be a copy... 19 | packetSize = packetLength; 20 | } 21 | return self; 22 | 23 | } 24 | 25 | -(int) getIPTotalLength 26 | { 27 | int x; 28 | const u_char *IP_Header = &(self.rawPacketData[14]); 29 | 30 | x = IP_Header[2] << 8; 31 | x |= IP_Header[3]; 32 | return x; 33 | } 34 | 35 | -(int) getUDPLength 36 | { 37 | int x; 38 | const u_char *UDP_Header = &(self.rawPacketData[14]); 39 | 40 | x = UDP_Header[5] << 8; 41 | x |= UDP_Header[4]; 42 | return x; 43 | } 44 | 45 | - (BOOL)isIP 46 | { 47 | NSString *etherType = [NSString stringWithFormat:@"0x%x%x", self.rawPacketData[12], self.rawPacketData[13]]; 48 | return [etherType isEqualToString:@"0x80"]; 49 | } 50 | 51 | - (int)getPayloadSize 52 | { 53 | int totalHeaders; 54 | int x; 55 | const u_char *IP_Header = &(self.rawPacketData[14]); 56 | 57 | totalHeaders = 14; // Ethernet header 58 | x = IP_Header[0] & 0x0f; // Determine IP Header Length 59 | x = x << 2; 60 | totalHeaders += x; 61 | switch (IP_Header[9]) { 62 | case 6: 63 | totalHeaders += 20; // Not dealing with TCP options for now 64 | x = [self getIPTotalLength]; 65 | break; 66 | case 17: 67 | totalHeaders += 8; // UDP 68 | x = [self getUDPLength]; 69 | break; 70 | default: 71 | return 1024; 72 | // Only looking at TCP and UDP for now. 73 | break; 74 | } 75 | return (x); 76 | } 77 | 78 | -(NSString *)getEtherSourceHost 79 | { 80 | char source[24]; 81 | sprintf(source, "%x:%x:%x:%x:%x:%x", self.rawPacketData[6], self.rawPacketData[7], 82 | self.rawPacketData[8], self.rawPacketData[9], self.rawPacketData[10], self.rawPacketData[11]); 83 | 84 | NSString *nsSource = [NSString stringWithFormat:@"%s", source]; 85 | 86 | return nsSource; 87 | } 88 | 89 | -(NSString *)getIPSourceHost 90 | { 91 | char address[16]; //(> 3 * 4 + 3) 92 | const u_char *IP_Header = &(self.rawPacketData[14]); 93 | sprintf(address, "%d.%d.%d.%d", IP_Header[12], IP_Header[13], IP_Header[14], IP_Header[15]); 94 | NSString *result = [NSString stringWithFormat:@"%s", address]; 95 | return result; 96 | } 97 | 98 | -(NSString *)getIPDestinationHost 99 | { 100 | char address[16]; //(> 3 * 4 + 3) 101 | const u_char *IP_Header = &(self.rawPacketData[14]); 102 | sprintf(address, "%d.%d.%d.%d", IP_Header[16], IP_Header[17], IP_Header[18], IP_Header[19]); 103 | NSString *result = [NSString stringWithFormat:@"%s", address]; 104 | return result; 105 | } 106 | 107 | 108 | -(NSString *)getEtherDestinationHost 109 | { 110 | char dest[24]; 111 | sprintf(dest, "%x:%x:%x:%x:%x:%x", self.rawPacketData[0], self.rawPacketData[1], 112 | self.rawPacketData[2], self.rawPacketData[3], self.rawPacketData[4], self.rawPacketData[5]); 113 | 114 | NSString *nsDest = [NSString stringWithFormat:@"%s", dest]; 115 | 116 | return nsDest; 117 | } 118 | 119 | @end 120 | -------------------------------------------------------------------------------- /VisualSniff/Sniffer.m: -------------------------------------------------------------------------------- 1 | // 2 | // Sniffer.m 3 | // VisualSniff 4 | // 5 | // Created by David Hoelzer on 10/1/11. 6 | // Copyright 2011 Enclave Forensics, Inc. All rights reserved. 7 | // 8 | 9 | #import "Sniffer.h" 10 | #include "pcap.h" 11 | #import "RawPacket.h" 12 | 13 | @implementation Sniffer 14 | { 15 | 16 | 17 | } 18 | struct timeval starting_timestamp; 19 | struct timeval last_timestamp; 20 | NSDate *startingTime; 21 | id CRefToSelf; 22 | #define ETHER_ADDR_LEN 6 23 | 24 | /* Ethernet header */ 25 | struct sniff_ethernet { 26 | u_char ether_dhost[ETHER_ADDR_LEN]; /* Destination host address */ 27 | u_char ether_shost[ETHER_ADDR_LEN]; /* Source host address */ 28 | u_short ether_type; /* IP? ARP? RARP? etc */ 29 | }; 30 | 31 | - (id)initWithDevice:(NSString *)deviceName 32 | { 33 | self = [super init]; 34 | if (self) { 35 | deviceString = deviceName; 36 | [deviceString retain]; 37 | } 38 | CRefToSelf = self; 39 | [self startSniffer]; 40 | return self; 41 | } 42 | 43 | - (id)initWithFile:(NSString *)fileName 44 | { 45 | self = [super init]; 46 | if (!self) { 47 | return self; 48 | } 49 | CRefToSelf = self; 50 | if (![self startOffline:fileName]) 51 | { 52 | [self autorelease]; 53 | return nil; 54 | }; 55 | return self; 56 | } 57 | 58 | -(void)processPacket:(const u_char *)packet length:(int)packetLength 59 | { 60 | RawPacket *receivedPacket = [[[RawPacket alloc] initWithPacket:packet length:packetLength] autorelease]; 61 | [[NSNotificationCenter defaultCenter] postNotification:[NSNotification notificationWithName:@"packetReceived" object:receivedPacket]]; 62 | } 63 | 64 | 65 | 66 | void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) 67 | { 68 | [CRefToSelf processPacket:packet length:header->len]; 69 | 70 | } 71 | 72 | void got_offline_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) 73 | { 74 | if(startingTime == nil) 75 | { 76 | startingTime = [[NSDate alloc] init]; 77 | last_timestamp.tv_sec = 0; 78 | last_timestamp.tv_usec = 0; 79 | starting_timestamp.tv_sec = header -> ts.tv_sec; 80 | starting_timestamp.tv_usec = header -> ts.tv_usec; 81 | 82 | } 83 | while((header->ts.tv_sec - starting_timestamp.tv_sec) > last_timestamp.tv_sec) 84 | { 85 | last_timestamp.tv_sec = abs([startingTime timeIntervalSinceNow]); 86 | } 87 | [CRefToSelf processPacket:packet length:header->len]; 88 | 89 | } 90 | 91 | - (void)startOfflineCapture:(NSURL *)fileName 92 | { 93 | char error_buffer[4096]; 94 | const char *theFileName; 95 | 96 | theFileName = [[fileName relativePath] UTF8String]; 97 | NSLog(@"Starting with %s", theFileName); 98 | listener = pcap_open_offline(theFileName, error_buffer); 99 | NSLog(@"%s", error_buffer); 100 | if(!listener) return; 101 | pcap_loop(listener, -1, got_offline_packet, NULL); 102 | 103 | } 104 | 105 | - (void)startCapture:(NSString *)sniffDev { 106 | char error_buffer[4096]; 107 | 108 | device = [sniffDev UTF8String]; 109 | listener = pcap_open_live(device, 100, 1, 50, error_buffer); 110 | pcap_loop(listener, -1, got_offline_packet, NULL); 111 | 112 | } 113 | 114 | 115 | - (void)startSniffer 116 | { 117 | 118 | parentSniffer = self; 119 | 120 | [NSThread detachNewThreadSelector:@selector(startCapture:) 121 | toTarget:self 122 | withObject:deviceString]; 123 | 124 | 125 | } 126 | 127 | - (Boolean)startOffline:(NSURL *)fileName 128 | { 129 | char error_buffer[4096]; 130 | const char *theFileName; 131 | pcap_t *test_listener; 132 | 133 | theFileName = [[fileName relativePath] UTF8String]; 134 | NSLog(@"Starting with %s", theFileName); 135 | test_listener = pcap_open_offline(theFileName, error_buffer); 136 | NSLog(@"%s", error_buffer); 137 | 138 | if(!test_listener) return NO; 139 | 140 | parentSniffer = self; 141 | 142 | [NSThread detachNewThreadSelector:@selector(startOfflineCapture:) 143 | toTarget:self 144 | withObject:fileName]; 145 | return YES; 146 | 147 | 148 | } 149 | 150 | 151 | @end 152 | -------------------------------------------------------------------------------- /VisualSniff/Host.m: -------------------------------------------------------------------------------- 1 | // 2 | // EtherHost.m 3 | // VisualSniff 4 | // 5 | // Created by David Hoelzer on 10/2/11. 6 | // Copyright 2011 Enclave Forensics, Inc. All rights reserved. 7 | // 8 | 9 | #import "Host.h" 10 | 11 | @implementation Host 12 | @synthesize address; 13 | @synthesize packets; 14 | @synthesize size; 15 | @synthesize lastPacket; 16 | @synthesize color; 17 | @synthesize packetRect, sizeRect; 18 | @synthesize ethernet, IP; 19 | 20 | 21 | 22 | 23 | - (id)initWithAddress:(NSString *)my_address 24 | { 25 | self = [super init]; 26 | if (self) { 27 | self.address = [my_address copy]; 28 | [self setCenterX:0 Y:0]; 29 | ethernet = IP = NO; 30 | sizeRect = CGRectMake(-150, -150, 5, 5); 31 | packetRect = CGRectMake(-150, -150, 5, 5); 32 | color = CGColorCreateGenericRGB(0.9, 0.9, 0.1, 1.0); 33 | lastPacket = [[NSDate alloc] init]; 34 | } 35 | return self; 36 | } 37 | 38 | - (NSInteger)lastPacketReceived 39 | { 40 | return ([lastPacket timeIntervalSinceNow] * -1 ); 41 | } 42 | 43 | - (void)moveTo:(CGPoint)newCenter 44 | { 45 | CGPoint center; 46 | center = newCenter; 47 | sizeRect.origin.x = center.x - (sizeRect.size.width / 2); 48 | sizeRect.origin.y = center.y - (sizeRect.size.height / 2); 49 | packetRect.origin.x = center.x - (packetRect.size.width / 2); 50 | packetRect.origin.y = center.y - (packetRect.size.height / 2); 51 | 52 | xCenter = center.x; 53 | yCenter = center.y; 54 | } 55 | 56 | - (const char *)cStringAddress 57 | { 58 | return [address cStringUsingEncoding:NSASCIIStringEncoding]; 59 | } 60 | 61 | - (BOOL)isEthernet 62 | { 63 | return ethernet; 64 | } 65 | 66 | -(void)adjustRectSizePackets 67 | { 68 | float packetFactor = logf(packets); 69 | packetRect.size.width = (packetFactor >= 1 ? 12 + (packetFactor) : 12); 70 | packetRect.size.height = (packetFactor >= 1 ? 12 + (packetFactor) : 12); 71 | } 72 | 73 | -(void)adjustRectSizeSize 74 | { 75 | float sizeFactor = logf(size); 76 | sizeRect.size.width = (sizeFactor >= 1 ? 12 + (sizeFactor) : 12); 77 | sizeRect.size.height = (sizeFactor >= 1 ? 12 + (sizeFactor) : 12); 78 | } 79 | 80 | -(void) addSize:(int)bytes 81 | { 82 | size = size + bytes; 83 | // size = (size > 10000000 ? 10000000 : size); 84 | [self adjustRectSizeSize]; 85 | } 86 | 87 | - (void) reduceSize:(float)factor 88 | { 89 | size = size * factor; 90 | if (size < 1) size = 1; 91 | [self adjustRectSizeSize]; 92 | } 93 | 94 | 95 | -(void) addPacket 96 | { 97 | packets = packets + 1; 98 | [self adjustRectSizePackets]; 99 | [lastPacket release]; 100 | lastPacket = [[NSDate alloc] init]; 101 | } 102 | 103 | - (void) reducePackets:(float)factor 104 | { 105 | packets = packets * factor; 106 | if (packets < 1) packets = 1; 107 | [self adjustRectSizePackets]; 108 | } 109 | - (BOOL)isIP 110 | { 111 | return IP; 112 | } 113 | 114 | - (void)setEthernet 115 | { 116 | CGColorRef colorRef; 117 | ethernet = YES; 118 | CFRelease(color); 119 | if([address isEqualToString:@"ff:ff:ff:ff:ff:ff"]) 120 | { 121 | colorRef = CGColorCreateGenericRGB(0.1, 0.9, 0.1, 1.0); 122 | color = colorRef; 123 | // CGColorRetain(color); 124 | return; 125 | } 126 | colorRef = CGColorCreateGenericRGB(0.1, 0.1, 0.9, 1.0); 127 | color = colorRef; 128 | // CGColorRetain(color); 129 | } 130 | 131 | - (void)setIP 132 | { 133 | CGColorRef colorRef; 134 | IP = YES; 135 | CFRelease(color); 136 | if([address isEqualToString:@"255.255.255.255"]) 137 | { 138 | colorRef = CGColorCreateGenericRGB(0.9, 0.9, 0.1, 1.0); 139 | color = colorRef; 140 | // CGColorRetain(color); 141 | return; 142 | } 143 | if([address isEqualToString:@"169.254.255.255"]) 144 | { 145 | colorRef = CGColorCreateGenericRGB(0.9, 0.4, 0.1, 1.0); 146 | color = colorRef; 147 | // CGColorRetain(color); 148 | return; 149 | } 150 | if([address isEqualToString:@"0.0.0.0"]) 151 | { 152 | colorRef = CGColorCreateGenericRGB(0.9, 0.1, 0.9, 1.0); 153 | color = colorRef; 154 | // CGColorRetain(color); 155 | return; 156 | } 157 | if( [[[address componentsSeparatedByString:@"."] objectAtIndex:3] isEqualToString:@"255"]) 158 | { 159 | colorRef = CGColorCreateGenericRGB(0.1, 0.9, 0.9, 1.0); 160 | color = colorRef; 161 | // CGColorRetain(color); 162 | return; 163 | } 164 | if( [[[address componentsSeparatedByString:@"."] objectAtIndex:0] intValue] >= 223 165 | && [[[address componentsSeparatedByString:@"."] objectAtIndex:0] intValue] < 240) 166 | { 167 | colorRef = CGColorCreateGenericRGB(0.3, 0.3, 0.3, 1.0); 168 | color = colorRef; 169 | return; 170 | } 171 | colorRef = CGColorCreateGenericRGB(0.9, 0.1, 0.1, 1.0); 172 | color = colorRef; 173 | // CGColorRetain(color); 174 | } 175 | 176 | - (CGPoint) center 177 | { 178 | return CGPointMake(xCenter, yCenter); 179 | } 180 | 181 | - (CGPoint) setCenterX:(int)x Y:(int)y 182 | { 183 | xCenter = x; 184 | yCenter = y; 185 | return CGPointMake(xCenter, yCenter); 186 | } 187 | 188 | -(NSString *)description 189 | { 190 | return [NSString stringWithFormat:@"Host: %@ is located at %f, %f", address, xCenter, yCenter]; 191 | } 192 | @end 193 | -------------------------------------------------------------------------------- /VisualSniff/VisualSniffAppDelegate.m: -------------------------------------------------------------------------------- 1 | // 2 | // VisualSniffAppDelegate.m 3 | // VisualSniff 4 | // 5 | // Created by David Hoelzer on 10/1/11. 6 | // Copyright 2011 Enclave Forensics, Inc. All rights reserved. 7 | // 8 | 9 | #import "VisualSniffAppDelegate.h" 10 | #import "Host.h" 11 | #import "RawPacket.h" 12 | #import "Conversation.h" 13 | #import "Map.h" 14 | #import "pcap.h" 15 | 16 | 17 | @implementation VisualSniffAppDelegate 18 | { 19 | 20 | } 21 | 22 | @synthesize window, interfaceSelection, hostTimeout, timeoutLabel, settingsWindow; 23 | 24 | - (id)init 25 | { 26 | self = [super init]; 27 | if(self) 28 | { 29 | hosts = [[NSMutableArray alloc] init]; 30 | conversations = [[NSMutableArray alloc] init]; 31 | } 32 | return self; 33 | } 34 | 35 | -(IBAction)adjustTimeout:(id)sender 36 | { 37 | [timeoutLabel setIntValue:[self hostTimeoutValue]]; 38 | } 39 | 40 | -(void)removeUnecessaryInterfaceItems 41 | { 42 | [interfaceSelection setEnabled:NO]; 43 | [interfaceSelection removeFromSuperview]; 44 | [startButton removeFromSuperview]; 45 | [openPcapFileButton removeFromSuperview]; 46 | } 47 | 48 | -(void)startMap 49 | { 50 | [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(packetReceived:) name:@"packetReceived" object:nil]; 51 | [NSTimer scheduledTimerWithTimeInterval:0.05 target:self selector:@selector(updatePackets) userInfo:nil repeats:YES]; 52 | Map *map = [[Map alloc] initWithFrame:[[window contentView] bounds]]; 53 | [map setConversationDelegate:self]; 54 | [[window contentView] addSubview:map]; 55 | [map setNeedsDisplay:YES]; 56 | [map release]; 57 | } 58 | 59 | -(IBAction)openPcapFile:(id)sender 60 | { 61 | Sniffer *theSniffer; 62 | NSOpenPanel *panel = [NSOpenPanel openPanel]; 63 | NSString *theFileName; 64 | 65 | [panel setTitle:@"Select PCap File"]; 66 | [panel setPrompt: @"Open Packet Capture"]; 67 | 68 | NSInteger result=[panel runModal]; 69 | if(result == NSOKButton) 70 | { 71 | theFileName = [[panel URLs] objectAtIndex:0]; 72 | NSLog(@"%@ selected", theFileName); 73 | } 74 | else return; 75 | theSniffer = [[Sniffer alloc] initWithFile:theFileName]; 76 | if (!theSniffer) { 77 | 78 | NSAlert *alertBox = [[NSAlert alloc] init]; 79 | [alertBox setAlertStyle:NSInformationalAlertStyle]; 80 | [alertBox setMessageText:@"Invalid File"]; 81 | [alertBox setInformativeText:@"The file that you selected could not be opened or is not a packet capture!"]; 82 | [alertBox addButtonWithTitle:@"OK"]; 83 | [alertBox runModal]; 84 | [alertBox release]; 85 | return; 86 | 87 | 88 | } 89 | [self removeUnecessaryInterfaceItems]; 90 | [self startMap]; 91 | } 92 | 93 | -(int)hostTimeoutValue 94 | { 95 | int value = (int)[hostTimeout integerValue]; 96 | value = ( value < 1 ? 1 : value); 97 | value = value * 5; 98 | return value; 99 | } 100 | 101 | -(IBAction)openHelp:(id)sender 102 | { 103 | NSURL *helpURL = [[NSURL alloc] initWithString:@"http://enclaveforensics.com/page5/VisualSniff.html"]; 104 | [[NSWorkspace sharedWorkspace] openURL:helpURL]; 105 | [helpURL release]; 106 | } 107 | 108 | -(IBAction)startSniffer:(id)sender 109 | { 110 | Sniffer *theSniffer; 111 | if([[interfaceSelection stringValue] isEqualToString:@""]) 112 | { 113 | NSAlert *alertBox = [[NSAlert alloc] init]; 114 | [alertBox setAlertStyle:NSInformationalAlertStyle]; 115 | [alertBox setMessageText:@"No interface selected."]; 116 | [alertBox setInformativeText:@"You must first select an interface from the drop-down box before you can start the sniffer!"]; 117 | [alertBox addButtonWithTitle:@"OK"]; 118 | [alertBox runModal]; 119 | [alertBox release]; 120 | return; 121 | } 122 | theSniffer = [[Sniffer alloc] initWithDevice:[interfaceSelection stringValue]]; 123 | [self removeUnecessaryInterfaceItems]; 124 | [self startMap]; 125 | } 126 | 127 | -(Boolean)drawSizes 128 | { 129 | return [drawSizes state]; 130 | } 131 | 132 | -(Boolean)drawEthernetHosts 133 | { 134 | return [drawEthernetHosts state]; 135 | } 136 | 137 | -(Boolean)drawIPV4Hosts 138 | { 139 | return [drawIPV4Hosts state]; 140 | } 141 | 142 | -(IBAction)closeSettings:(id)sender 143 | { 144 | [NSApp endSheet:settingsWindow]; 145 | [settingsWindow orderOut:sender]; 146 | } 147 | 148 | -(IBAction)triggerSettings:(id)sender 149 | { 150 | NSLog(@"Trigger Settings"); 151 | [NSApp beginSheet:settingsWindow modalForWindow:window modalDelegate:nil didEndSelector:NULL contextInfo:NULL]; 152 | } 153 | 154 | - (void)awakeFromNib 155 | { 156 | pcap_if_t *allInterfaces, *currentInterface; 157 | char errbuf[4096]; 158 | 159 | NSMutableArray *interfaces = [[NSMutableArray alloc] init]; 160 | pcap_findalldevs(&allInterfaces, errbuf); 161 | currentInterface = allInterfaces; 162 | while (currentInterface) { 163 | [interfaces addObject:[NSString stringWithFormat:@"%s", currentInterface->name]]; 164 | currentInterface = currentInterface->next; 165 | } 166 | [interfaceSelection setNumberOfVisibleItems:[interfaces count]]; 167 | [interfaceSelection addItemsWithObjectValues:interfaces]; 168 | if([interfaces count] < 1) { 169 | [startButton setEnabled:NO]; 170 | [interfaceSelection setEnabled:NO]; 171 | } 172 | [hostTimeout setIntValue:7]; 173 | [self adjustTimeout:nil]; 174 | [interfaces release]; 175 | } 176 | 177 | -(NSArray *)getConversationsReference 178 | { 179 | return conversations; 180 | } 181 | 182 | -(NSArray *)getHostsReference 183 | { 184 | return hosts; 185 | } 186 | 187 | - (void) packetReceived:(NSNotification *)aNotice 188 | { 189 | Host *ehSource, *ehDest; 190 | Host *ipSource, *ipDest; 191 | RawPacket *currentPacket = [[aNotice object] retain]; 192 | NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; 193 | 194 | 195 | ehSource = [self findOrAddHostForAddress:[currentPacket getEtherSourceHost] withPacket:currentPacket isSource:YES type:@"Ethernet"]; 196 | ehDest = [self findOrAddHostForAddress:[currentPacket getEtherDestinationHost] withPacket:currentPacket isSource:NO type:@"Ethernet"]; 197 | [self findOrAddConversationFrom:ehSource To:ehDest withPacket:currentPacket]; 198 | if ([currentPacket isIP]) 199 | { 200 | ipSource = [self findOrAddHostForAddress:[currentPacket getIPSourceHost] withPacket:currentPacket isSource:YES type:@"IPV4"]; 201 | ipDest = [self findOrAddHostForAddress:[currentPacket getIPDestinationHost] withPacket:currentPacket isSource:NO type:@"IPV4"]; 202 | [self findOrAddConversationFrom:ipSource To:ipDest withPacket:currentPacket]; 203 | } 204 | 205 | 206 | [currentPacket release]; 207 | [pool drain]; 208 | } 209 | 210 | 211 | -(Conversation *)findOrAddConversationFrom:(Host *)source To:(Host *)destination withPacket:(RawPacket *)packet 212 | { 213 | NSString *signature = [NSString stringWithFormat:@"%@->%@", [source address], [destination address]]; 214 | Conversation *conversation; 215 | 216 | 217 | for (conversation in conversations) 218 | { 219 | if([[conversation idTag] isEqualToString:signature]) 220 | { 221 | [conversation addPacket]; 222 | [conversation addSize:[packet packetSize]]; 223 | return conversation; 224 | } 225 | } 226 | conversation = [[Conversation alloc] init]; 227 | [conversation setSourceHost:source]; 228 | [conversation setDestinationHost:destination]; 229 | [conversation setIdTag:signature]; 230 | [conversation addPacket]; 231 | [conversation addSize:[packet packetSize]]; 232 | [conversation reducePackets:25]; 233 | [conversations addObject:conversation]; 234 | return conversation; 235 | } 236 | 237 | -(Host *)findOrAddHostForAddress:(NSString *)hostAddress withPacket:(RawPacket *)packet isSource:(Boolean)isSource type:(NSString *)type 238 | { 239 | Host *thisHost; 240 | BOOL found=NO; 241 | 242 | for (Host *host in hosts) 243 | { 244 | if([hostAddress isEqualToString:host.address]) 245 | { 246 | thisHost = host; 247 | found = true; 248 | break; 249 | } 250 | } 251 | if (!found){ 252 | thisHost = [[[Host alloc]initWithAddress:hostAddress] autorelease]; 253 | if([type isEqualToString:@"Ethernet"]) [thisHost setEthernet]; 254 | if([type isEqualToString:@"IPV4"]) [thisHost setIP]; 255 | [hosts addObject:thisHost]; 256 | } 257 | [thisHost addPacket]; 258 | if(isSource) [thisHost addSize:[packet packetSize]]; 259 | 260 | return thisHost; 261 | } 262 | 263 | -(void)updatePackets 264 | { 265 | for (Conversation *conv in conversations) 266 | { 267 | [conv reducePackets:0.98]; 268 | [conv reduceSize:0.98]; 269 | } 270 | for (Host *host in hosts) 271 | { 272 | [host reducePackets:0.99]; 273 | [host reduceSize:0.99]; 274 | } 275 | [[window contentView] setNeedsDisplay:YES]; 276 | } 277 | 278 | - (void) dealloc 279 | { 280 | [[NSNotificationCenter defaultCenter] removeObserver:self]; 281 | [super dealloc]; 282 | } 283 | @end 284 | -------------------------------------------------------------------------------- /VisualSniff/Map.m: -------------------------------------------------------------------------------- 1 | // 2 | // Map.m 3 | // VisualSniff 4 | // 5 | // Created by David Hoelzer on 10/15/11. 6 | // Copyright 2011 Enclave Forensics, Inc. All rights reserved. 7 | // 8 | 9 | #import "Map.h" 10 | #import "Conversation.h" 11 | #import "VisualSniffAppDelegate.h" 12 | 13 | @implementation Map 14 | { 15 | } 16 | 17 | @synthesize doShowHosts; 18 | 19 | struct CGColor *aRedColor; 20 | struct CGColor *aBlueColor; 21 | 22 | - (id)initWithFrame:(NSRect)frame 23 | { 24 | CGColorRef colorRef; 25 | self = [super initWithFrame:frame]; 26 | if (self) { 27 | doShowHosts = YES; 28 | radialOffset = 0; 29 | colorRef = CGColorCreateGenericRGB(0.9, 0.1, 0.1, 1.0); 30 | aRedColor = colorRef; 31 | // CGColorRetain(redColor); 32 | colorRef = CGColorCreateGenericRGB(0.1, 0.1, 0.9, 1.0); 33 | aBlueColor = colorRef; 34 | // CGColorRetain(blueColor); 35 | } 36 | 37 | return self; 38 | } 39 | 40 | -(void)dealloc 41 | { 42 | CFRelease(aRedColor); 43 | CFRelease(aBlueColor); 44 | [super dealloc]; 45 | } 46 | 47 | -(void)awakeFromNib 48 | { 49 | } 50 | 51 | -(void)setConversationDelegate:(id)object 52 | { 53 | conversationDelegate = object; 54 | } 55 | 56 | -(void) drawHosts 57 | { 58 | int hidden_after = [conversationDelegate hostTimeoutValue]; 59 | Boolean drawSizes = [conversationDelegate drawSizes]; 60 | NSPredicate *ethernetPredicate = [NSPredicate predicateWithFormat:[NSString stringWithFormat:@"ethernet == YES AND lastPacketReceived < %d", hidden_after]]; 61 | NSPredicate *IPPredicate = [NSPredicate predicateWithFormat:[NSString stringWithFormat:@"IP == YES AND lastPacketReceived < %d", hidden_after]]; 62 | Boolean drawEthernetHosts = [conversationDelegate drawEthernetHosts]; 63 | Boolean drawIPV4Hosts = [conversationDelegate drawIPV4Hosts]; 64 | NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; 65 | 66 | NSArray *ethernetHosts = [[[NSArray alloc] initWithArray:[hosts filteredArrayUsingPredicate:ethernetPredicate]] autorelease]; 67 | NSArray *IPHosts = [[[NSArray alloc] initWithArray:[hosts filteredArrayUsingPredicate:IPPredicate]] autorelease]; 68 | 69 | 70 | unsigned long numEtherHosts = [ethernetHosts count]; 71 | unsigned long numIPHosts = [IPHosts count]; 72 | double angularSeparation = 0.0; 73 | double smallestDimension = 0; 74 | double radius, maxRadius; 75 | double transX, transY; 76 | 77 | NSRect viewFrame = [self bounds]; 78 | 79 | smallestDimension = (viewFrame.size.width > viewFrame.size.height ? viewFrame.size.height : viewFrame.size.width); 80 | maxRadius = (smallestDimension / 2); 81 | 82 | 83 | CGPoint centerPoint = CGPointMake((viewFrame.size.width / 2), (viewFrame.size.height / 2)); 84 | CGPoint newLocation; 85 | 86 | angularSeparation = (2 * 3.14157911) / numEtherHosts; 87 | radius = maxRadius * 0.75; // Radius for Ethernet hosts 88 | CGContextSetLineWidth(context, 1); 89 | float x = 0 - radialOffset; 90 | if(drawEthernetHosts){ 91 | for (Host *host in ethernetHosts) 92 | { 93 | transX = radius * cos(x); 94 | transY = radius * sin(x); 95 | newLocation = CGPointMake(transX + centerPoint.x, transY + centerPoint.y); 96 | [host moveTo:newLocation]; 97 | CGContextSetFillColorWithColor(context, [host color]); 98 | if(drawSizes){ 99 | CGContextFillEllipseInRect(context, [host sizeRect]); 100 | } 101 | else 102 | { 103 | CGContextFillEllipseInRect(context, [host packetRect]); 104 | } 105 | x = x + angularSeparation; 106 | if(doShowHosts) 107 | { 108 | CGContextSaveGState(context); 109 | newLocation.x = newLocation.x + 15; 110 | newLocation.y = newLocation.y - 7.5; 111 | [[host address] drawAtPoint:NSPointFromCGPoint(newLocation) withAttributes:nil]; 112 | CGContextRestoreGState(context); 113 | } 114 | else if (host == pointedHost) 115 | { 116 | CGContextSaveGState(context); 117 | newLocation.x = newLocation.x + 15; 118 | newLocation.y = newLocation.y - 15; 119 | [[host address] drawAtPoint:NSPointFromCGPoint(newLocation) withAttributes:nil]; 120 | CGContextRestoreGState(context); 121 | 122 | } 123 | } 124 | } 125 | 126 | angularSeparation = (2 * 3.14157911) / numIPHosts; 127 | radius = maxRadius * 0.95; // Radius for IP hosts 128 | x = 0 + radialOffset; 129 | if(drawIPV4Hosts) { 130 | for (Host *host in IPHosts) 131 | { 132 | transX = radius * cos(x); 133 | transY = radius * sin(x); 134 | x = x + angularSeparation; 135 | newLocation = CGPointMake(transX + centerPoint.x, transY + centerPoint.y); 136 | [host moveTo:newLocation]; 137 | CGContextSetFillColorWithColor(context, [host color]); 138 | if(drawSizes) 139 | { 140 | CGContextFillEllipseInRect(context, [host sizeRect]); 141 | } 142 | else 143 | { 144 | CGContextFillEllipseInRect(context, [host packetRect]); 145 | } 146 | if(doShowHosts) 147 | { 148 | CGContextSaveGState(context); 149 | newLocation.x = newLocation.x + 15; 150 | newLocation.y = newLocation.y - 7.5; 151 | [[host address] drawAtPoint:NSPointFromCGPoint(newLocation) withAttributes:nil]; 152 | CGContextRestoreGState(context); 153 | } 154 | else if (host == pointedHost) 155 | { 156 | CGContextSaveGState(context); 157 | newLocation.x = newLocation.x + 15; 158 | newLocation.y = newLocation.y - 15; 159 | [[host address] drawAtPoint:NSPointFromCGPoint(newLocation) withAttributes:nil]; 160 | CGContextRestoreGState(context); 161 | 162 | } 163 | 164 | } 165 | } 166 | [pool drain]; 167 | } 168 | 169 | - (void)drawRect:(NSRect)dirtyRect 170 | { 171 | Boolean drawSizes = [conversationDelegate drawSizes]; 172 | Boolean drawEthernetHosts = [conversationDelegate drawEthernetHosts]; 173 | Boolean drawIPV4Hosts = [conversationDelegate drawIPV4Hosts]; 174 | 175 | context = (CGContextRef)[[NSGraphicsContext currentContext] graphicsPort]; 176 | [self setFrame:[[[self window] contentView] bounds]]; 177 | 178 | conversations = [[NSArray alloc] initWithArray:[(VisualSniffAppDelegate *)conversationDelegate getConversationsReference]]; 179 | int hidden_after = [conversationDelegate hostTimeoutValue]; 180 | NSPredicate *conversationsPredicate = [NSPredicate predicateWithFormat:[NSString stringWithFormat:@"lastPacketReceived < %d", hidden_after]]; 181 | NSArray *conversationsFiltered = [[NSArray alloc] initWithArray:[conversations filteredArrayUsingPredicate:conversationsPredicate]]; 182 | 183 | hosts = [[NSArray alloc]initWithArray:[(VisualSniffAppDelegate *)conversationDelegate getHostsReference]]; 184 | 185 | for (Conversation *conversation in conversationsFiltered) 186 | { 187 | Host *source, *dest; 188 | NSBezierPath *conversationPath; 189 | 190 | if((drawIPV4Hosts && [[conversation sourceHost] isIP]) || (drawEthernetHosts && [[conversation sourceHost] isEthernet])) 191 | { 192 | source = conversation.sourceHost; 193 | dest = conversation.destinationHost; 194 | if (source.center.x < 1 || source.center.y < 1 || dest.center.x < 1 || dest.center.y < 1) 195 | { 196 | continue; 197 | } 198 | conversationPath = [NSBezierPath bezierPath]; 199 | if(drawSizes) 200 | { 201 | [conversationPath moveToPoint:NSMakePoint(source.center.x, source.center.y)]; 202 | [conversationPath lineToPoint:NSMakePoint(source.center.x - ([conversation adjustedSize]), 203 | source.center.y - ([conversation adjustedSize]))]; 204 | [conversationPath lineToPoint:NSMakePoint(dest.center.x, dest.center.y)]; 205 | [conversationPath lineToPoint:NSMakePoint(source.center.x + ([conversation adjustedSize]), 206 | source.center.y + ([conversation adjustedSize]))]; 207 | [conversationPath lineToPoint:NSMakePoint(source.center.x, source.center.y)]; 208 | } 209 | else 210 | { 211 | [conversationPath moveToPoint:NSMakePoint(source.center.x, source.center.y)]; 212 | [conversationPath lineToPoint:NSMakePoint(source.center.x - ([conversation adjustedPackets]), 213 | source.center.y - ([conversation adjustedPackets]))]; 214 | [conversationPath lineToPoint:NSMakePoint(dest.center.x, dest.center.y)]; 215 | [conversationPath lineToPoint:NSMakePoint(source.center.x + ([conversation adjustedPackets]), 216 | source.center.y + ([conversation adjustedPackets]))]; 217 | [conversationPath lineToPoint:NSMakePoint(source.center.x, source.center.y)]; 218 | 219 | } 220 | [[NSColor blueColor] setFill]; 221 | [conversationPath fill]; 222 | } 223 | } 224 | 225 | [self drawHosts]; 226 | radialOffset = radialOffset + 0.0015; 227 | [hosts release]; 228 | [conversations release]; 229 | [conversationsFiltered release]; 230 | } 231 | 232 | @end 233 | -------------------------------------------------------------------------------- /VisualSniff/en.lproj/MainMenu.xib: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 1060 5 | 11C74 6 | 1938 7 | 1138.23 8 | 567.00 9 |

36 | 37 |

40 |

43 |

46 |

321 |

708 |

711 |

714 |

914 | 915 |

1785 |

1885 | 0 1886 | IBCocoaFramework 1887 |

1891 | YES 1892 | 3 1893 | 1894 | {9, 8} 1895 | {7, 2} 1896 | {15, 15} 1897 | 1898 | 1899 | 1900 | --------------------------------------------------------------------------------