https://github.com/dispatchcode/lantern

Packet sniffer and analyzer: C Kernel module and C++ GUI application
https://github.com/dispatchcode/lantern

kernel-module networking packet-analyser tools

Last synced: 5 months ago
JSON representation

Packet sniffer and analyzer: C Kernel module and C++ GUI application

• Host: GitHub
• URL: https://github.com/dispatchcode/lantern
• Owner: DispatchCode
• License: gpl-3.0
• Created: 2024-06-18T16:21:41.000Z (11 months ago)
• Default Branch: main
• Last Pushed: 2024-11-16T23:56:30.000Z (6 months ago)
• Last Synced: 2024-11-17T00:29:37.005Z (6 months ago)
• Topics: kernel-module, networking, packet-analyser, tools
• Language: C++
• Homepage:
• Size: 81.1 KB
• Stars: 3
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        


___

*Lantern* is a lightweight packet analyzer that also supports blocking source and destination IP addresses. 

This is achieved through the interaction between a kernel module and a GUI application

## Features

✅ IPv4 & IPv6 


✅ TCP & UDP 


✅ ICMPv6 & IGMP 


❌ All other protocols not mentioned above 


## Planned feature / changes

🎯 Block/unblock IPs (currently only a context menu and message box are available) 
 

🎯 Implement proper multithreading in the user-mode application (using thread pools) 


🎯 Support for additional protocols 
 

🎯 Display more detailed information when a packet is selected 


![packet_sniffer](https://github.com/user-attachments/assets/fa0c6bae-a591-4f17-821b-b4e540faf3f7)

> The column "CPU #" shows the cpu that called the hook function (`capture()`, in the driver source code)

## How it works?

The driver, currently named packet_sniffer.c, is responsible for reading network packets using a Netfilter hook. This hook, called NF_INET_PRE_ROUTING, is triggered right after packets enter the kernel's network stack. With this hook, it's possible to re-route, accept, or drop the packet.

Each packet is collected in a buffer, which is then copied to a user-space buffer using device_read (via a character device).

The user-mode application reads a specified number of bytes from the character device, with the kernel driver ensuring that only a fixed maximum amount of data is copied.

## Let's *make* it!

- Tested on Linux v6.9 and v6.10 (atm)

- You will also need to have [wxWidget](https://www.wxwidgets.org/downloads/) installed

Compile and execute with:

```bash

make && make run

```

Each action requires `sudo` privileges - at least for now.

You can also remove the generated files:

```bash

make clean

```

The kernel module will be compiled, loaded and automatically unloaded when the application exits.