powerel7
/
tui
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
186 Commits
1 Branch
0 Tags
6.4 MiB
 
 
 
 
 
 
Tree: 28caab6f77
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '28caab6f77'
${ noResults }
tui/SOURCES/dsniff-2.4-pcap_read_dump.p...

531 lines
16 KiB
Raw Blame History

Patch by Joseph Battaglia <sephail@sephail.net> and Joshua Krage
<jkrage@guisarme.us> for dsniff >= 2.4b1, which allows the reading of
saved PCAP capture files. For further information, please have a look
to Debian bug ID #153462 and #298604.
--- dsniff-2.4b1/dsniff.8 2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/dsniff.8.pcap_dump 2005-07-11 20:41:18.000000000 +0000
@@ -10,7 +10,7 @@
.nf
.fi
\fBdsniff\fR [\fB-c\fR] [\fB-d\fR] [\fB-m\fR] [\fB-n\fR] [\fB-i
-\fIinterface\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
+\fIinterface\fR | \fB-p \fIpcapfile\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
[\fB-t \fItrigger[,...]\fR]]
[\fB-r\fR|\fB-w\fR \fIsavefile\fR] [\fIexpression\fR]
.SH DESCRIPTION
@@ -45,6 +45,9 @@
Do not resolve IP addresses to hostnames.
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Rather than processing the contents of packets observed upon the network
+process the given PCAP capture file.
.IP "\fB-s \fIsnaplen\fR"
Analyze at most the first \fIsnaplen\fR bytes of each TCP connection,
rather than the default of 1024.
--- dsniff-2.4b1/dsniff.c 2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/dsniff.c.pcap_dump 2005-07-11 20:41:18.000000000 +0000
@@ -46,8 +46,9 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: dsniff [-cdmn] [-i interface] [-s snaplen] [-f services]\n"
- " [-t trigger[,...]] [-r|-w savefile] [expression]\n");
+ "Usage: dsniff [-cdmn] [-i interface | -p pcapfile] [-s snaplen]\n"
+ " [-f services] [-t trigger[,...]] [-r|-w savefile]\n"
+ " [expression]\n");
exit(1);
}
@@ -79,7 +80,7 @@
services = savefile = triggers = NULL;
- while ((c = getopt(argc, argv, "cdf:i:mnr:s:t:w:h?V")) != -1) {
+ while ((c = getopt(argc, argv, "cdf:i:mnp:r:s:t:w:h?V")) != -1) {
switch (c) {
case 'c':
Opt_client = 1;
@@ -99,6 +100,9 @@
case 'n':
Opt_dns = 0;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
case 'r':
Opt_read = 1;
savefile = optarg;
@@ -168,10 +172,23 @@
else nids_register_tcp(trigger_tcp);
if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
}
- else warnx("listening on %s", nids_params.device);
nids_run();
--- dsniff-2.4b1/filesnarf.8 2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/filesnarf.8.pcap_dump 2005-07-11 20:41:18.000000000 +0000
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBfilesnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBfilesnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
.SH DESCRIPTION
.ad
.fi
@@ -18,6 +18,8 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fB-v\fR
"Versus" mode. Invert the sense of matching, to select non-matching
files.
--- dsniff-2.4b1/filesnarf.c 2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/filesnarf.c.pcap_dump 2005-07-11 20:41:18.000000000 +0000
@@ -51,7 +51,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: filesnarf [-i interface] [[-v] pattern [expression]]\n");
+ "Usage: filesnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
exit(1);
}
@@ -464,11 +464,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
case 'v':
Opt_invert = 1;
break;
@@ -498,11 +501,24 @@
nids_register_ip(decode_udp_nfs);
nids_register_tcp(decode_tcp_nfs);
- if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
- }
- else warnx("listening on %s", nids_params.device);
+ if (nids_params.pcap_filter != NULL) {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
--- dsniff-2.4b1/mailsnarf.8 2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/mailsnarf.8.pcap_dump 2005-07-11 20:41:18.000000000 +0000
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBmailsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBmailsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
.SH DESCRIPTION
.ad
.fi
@@ -19,6 +19,8 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fB-v\fR
"Versus" mode. Invert the sense of matching, to select non-matching
messages.
--- dsniff-2.4b1/mailsnarf.c 2005-07-11 20:41:18.000000000 +0000
+++ dsniff-2.4b1/mailsnarf.c.pcap_dump 2005-07-11 20:41:18.000000000 +0000
@@ -59,7 +59,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: mailsnarf [-i interface] [[-v] pattern [expression]]\n");
+ "Usage: mailsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
exit(1);
}
@@ -344,11 +344,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
case 'v':
Opt_invert = 1;
break;
@@ -378,10 +381,23 @@
nids_register_tcp(sniff_pop_session);
if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
}
- else warnx("listening on %s", nids_params.device);
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
--- dsniff-2.4b1/msgsnarf.8 2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/msgsnarf.8.pcap_dump 2005-07-11 20:41:18.000000000 +0000
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBmsgsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBmsgsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
.SH DESCRIPTION
.ad
.fi
@@ -19,6 +19,8 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fB-v\fR
"Versus" mode. Invert the sense of matching, to select non-matching
messages.
--- dsniff-2.4b1/msgsnarf.c 2005-07-11 20:41:18.000000000 +0000
+++ dsniff-2.4b1/msgsnarf.c.pcap_dump 2005-07-11 20:41:18.000000000 +0000
@@ -45,7 +45,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: msgsnarf [-i interface] [[-v] pattern [expression]]\n");
+ "Usage: msgsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
exit(1);
}
@@ -633,11 +633,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:hv?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:p:hv?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
case 'v':
Opt_invert = 1;
break;
@@ -666,11 +669,24 @@
nids_register_tcp(sniff_msgs);
- if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
- }
- else warnx("listening on %s", nids_params.device);
+ if (nids_params.pcap_filter != NULL) {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
--- dsniff-2.4b1/sshow.8 2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/sshow.8.pcap_dump 2005-07-11 20:41:18.000000000 +0000
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR] [\fIexpression\fR]
+\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [\fIexpression\fR]
.SH DESCRIPTION
.ad
.fi
@@ -28,6 +28,8 @@
Enable verbose debugging output.
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP "\fIexpression\fR"
Specify a tcpdump(8) filter expression to select traffic to sniff.
.SH "SEE ALSO"
--- dsniff-2.4b1/sshow.c 2005-07-11 20:41:18.000000000 +0000
+++ dsniff-2.4b1/sshow.c.pcap_dump 2005-07-11 20:41:18.000000000 +0000
@@ -82,7 +82,7 @@
static void
usage(void)
{
- fprintf(stderr, "Usage: sshow [-d] [-i interface]\n");
+ fprintf(stderr, "Usage: sshow [-d] [-i interface | -p pcapfile]\n");
exit(1);
}
@@ -616,7 +616,7 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "di:h?")) != -1) {
+ while ((c = getopt(argc, argv, "di:p:h?")) != -1) {
switch (c) {
case 'd':
debug++;
@@ -624,6 +624,9 @@
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
default:
usage();
break;
@@ -652,11 +655,24 @@
nids_register_tcp(process_event);
- if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
- }
- else warnx("listening on %s", nids_params.device);
+ if (nids_params.pcap_filter != NULL) {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
--- dsniff-2.4b1/urlsnarf.8 2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/urlsnarf.8.pcap_dump 2005-07-11 20:41:18.000000000 +0000
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
.SH DESCRIPTION
.ad
.fi
@@ -21,6 +21,9 @@
.IP \fB-n\fR
Do not resolve IP addresses to hostnames.
.IP "\fB-i \fIinterface\fR"
+Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fB-v\fR
"Versus" mode. Invert the sense of matching, to select non-matching
URLs.
--- dsniff-2.4b1/urlsnarf.c 2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/urlsnarf.c.pcap_dump 2005-07-11 20:41:18.000000000 +0000
@@ -41,7 +41,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: urlsnarf [-n] [-i interface] [[-v] pattern [expression]]\n");
+ "Usage: urlsnarf [-n] [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
exit(1);
}
@@ -201,11 +201,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:nvh?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
case 'n':
Opt_dns = 0;
break;
@@ -238,8 +241,24 @@
nids_register_tcp(sniff_http_client);
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
+ if (nids_params.pcap_filter != NULL) {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
--- dsniff-2.4b1/webspy.8 2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/webspy.8.pcap_dump 2005-07-11 20:41:18.000000000 +0000
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBwebspy\fR [\fB-i \fIinterface\fR] \fIhost\fR
+\fBwebspy\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] \fIhost\fR
.SH DESCRIPTION
.ad
.fi
@@ -20,6 +20,8 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fIhost\fR
Specify the web client to spy on.
.SH "SEE ALSO"
--- dsniff-2.4b1/webspy.c 2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/webspy.c.pcap_dump 2005-07-11 20:41:18.000000000 +0000
@@ -42,7 +42,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: %s [-i interface] host\n", progname);
+ "Usage: %s [-i interface | -p pcapfile] host\n", progname);
exit(1);
}
@@ -184,11 +184,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:h?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:p:h?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
default:
usage();
}
@@ -216,7 +219,13 @@
nids_register_tcp(sniff_http_client);
- warnx("listening on %s", nids_params.device);
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+
nids_run();