The software for the E-sniff project consists of five major parts: Drivers, packet dissection, command processing, CPU time monitoring and logging.
The drivers define a software interface to the hardware for the keyboard, display, LCD, LEDs, and the DM9000A Ethernet MAC/PHY. The DM9000A drivers are based on the drivers from Terasic technologies that shipped with the DE2 development board.
The packet dissection routines consist of a series of lookup tables. When a packet is received, the DM9000A interrupts the CPU. The DM9000A interrupt service routine reads in the packet and hands it off to a frame dissector. The frame dissector prints out the frame header and identifies the upper-layer protocol, then looks up an appropriate dissector for that protocol and passes on the packet. The packet is passed through several dissectors in this manner until the application layer data is parsed and printed on the screen. Packet dissection also includes filtering routines, which allow the user to display only a specific segment of the total network traffic. Filtering has also been implemented, and enables the user to screen up to five mutually exclusive categories of packets.
The command processor consists of a look-up table as well. The table maps strings to functions that process the various commands. When a command is entered, the keyboard ISR matches the command to one of the strings in the table, then calls the associated function. Each command contains its own help documentation, so that the user can type "command help" to view a help file for any command.
The CPU time monitor is a simple 1ms interrupt that increments a counter. When data is being processed, this interrupt is disabled; when the CPU is idle it is re-enabled. By reading and resetting the counter every second, one can determine the CPU usage during that second - 0% CPU usage would correspond to a count of 1000, and 100% CPU usage would correspond to a count of 0. After the counter is read and reset each second, the LEDs on the DE2 board are lit to indicate the current CPU load.
The logging routines write packet data to flash memory for later review by the user. The log has been implemented, but is buggy and causes the system to drop packets. A review of problems with the packet logging routines, and proposed solution is avilable in the final report.
Download the current alpha version of the E-Sniff software below.
Download the most recent stable version of the E-Sniff Software: E_SNIFF_v2.0_RELEASE