mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-08-27 01:11:33 +02:00
Code Issues Packages Projects Releases Wiki Activity
aports/testing/dsniff/03_pcap_read_dump.patch
Francesco Colista 526d616a09 testing/dsniff: new aport
2015-09-29 12:31:09 +00:00

532 lines
15 KiB
Diff
Raw Blame History

Author: Joseph Battaglia <sephail@sephail.net> and Joshua Krage <jkrage@guisarme.us>
Description: Allow the reading of saved PCAP capture files.
Closes #153462
Closes #298604
--- a/dsniff.8 2011-06-19 17:14:20.847999386 -0500
+++ b/dsniff.8 2011-06-19 17:15:01.067999376 -0500
@@ -10,7 +10,7 @@
.nf
.fi
\fBdsniff\fR [\fB-c\fR] [\fB-d\fR] [\fB-m\fR] [\fB-n\fR] [\fB-i
-\fIinterface\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
+\fIinterface\fR | \fB-p \fIpcapfile\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
[\fB-t \fItrigger[,...]\fR]]
[\fB-r\fR|\fB-w\fR \fIsavefile\fR] [\fIexpression\fR]
.SH DESCRIPTION
@@ -45,6 +45,9 @@
Do not resolve IP addresses to hostnames.
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Rather than processing the contents of packets observed upon the network
+process the given PCAP capture file.
.IP "\fB-s \fIsnaplen\fR"
Analyze at most the first \fIsnaplen\fR bytes of each TCP connection,
rather than the default of 1024.
--- a/dsniff.c 2011-06-19 17:14:20.303999384 -0500
+++ b/dsniff.c 2011-06-19 17:15:01.071999376 -0500
@@ -46,8 +46,9 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: dsniff [-cdmn] [-i interface] [-s snaplen] [-f services]\n"
- " [-t trigger[,...]] [-r|-w savefile] [expression]\n");
+ "Usage: dsniff [-cdmn] [-i interface | -p pcapfile] [-s snaplen]\n"
+ " [-f services] [-t trigger[,...]] [-r|-w savefile]\n"
+ " [expression]\n");
exit(1);
}
@@ -79,7 +80,7 @@
services = savefile = triggers = NULL;
- while ((c = getopt(argc, argv, "cdf:i:mnr:s:t:w:h?V")) != -1) {
+ while ((c = getopt(argc, argv, "cdf:i:mnp:r:s:t:w:h?V")) != -1) {
switch (c) {
case 'c':
Opt_client = 1;
@@ -99,6 +100,9 @@
case 'n':
Opt_dns = 0;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
case 'r':
Opt_read = 1;
savefile = optarg;
@@ -168,10 +172,23 @@
else nids_register_tcp(trigger_tcp);
if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
}
- else warnx("listening on %s", nids_params.device);
nids_run();
--- a/filesnarf.8 2011-06-19 17:14:22.343999384 -0500
+++ b/filesnarf.8 2011-06-19 17:15:01.071999376 -0500
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBfilesnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBfilesnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
.SH DESCRIPTION
.ad
.fi
@@ -18,6 +18,8 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fB-v\fR
"Versus" mode. Invert the sense of matching, to select non-matching
files.
--- a/filesnarf.c 2011-06-19 17:14:22.155999384 -0500
+++ b/filesnarf.c 2011-06-19 17:15:01.075999376 -0500
@@ -51,7 +51,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: filesnarf [-i interface] [[-v] pattern [expression]]\n");
+ "Usage: filesnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
exit(1);
}
@@ -464,11 +464,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
case 'v':
Opt_invert = 1;
break;
@@ -498,11 +501,24 @@
nids_register_ip(decode_udp_nfs);
nids_register_tcp(decode_tcp_nfs);
- if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
- }
- else warnx("listening on %s", nids_params.device);
+ if (nids_params.pcap_filter != NULL) {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
--- a/mailsnarf.8 2011-06-19 17:14:21.099999386 -0500
+++ b/mailsnarf.8 2011-06-19 17:15:01.079999376 -0500
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBmailsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBmailsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
.SH DESCRIPTION
.ad
.fi
@@ -19,6 +19,8 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fB-v\fR
"Versus" mode. Invert the sense of matching, to select non-matching
messages.
--- a/mailsnarf.c 2011-06-19 17:14:59.327999376 -0500
+++ b/mailsnarf.c 2011-06-19 17:15:01.083999376 -0500
@@ -59,7 +59,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: mailsnarf [-i interface] [[-v] pattern [expression]]\n");
+ "Usage: mailsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
exit(1);
}
@@ -344,11 +344,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
case 'v':
Opt_invert = 1;
break;
@@ -378,10 +381,23 @@
nids_register_tcp(sniff_pop_session);
if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
- }
- else warnx("listening on %s", nids_params.device);
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
--- a/msgsnarf.8 2011-06-19 17:14:21.771999384 -0500
+++ b/msgsnarf.8 2011-06-19 17:15:01.087999376 -0500
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBmsgsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBmsgsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
.SH DESCRIPTION
.ad
.fi
@@ -19,6 +19,8 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fB-v\fR
"Versus" mode. Invert the sense of matching, to select non-matching
messages.
--- a/msgsnarf.c 2011-06-19 17:14:56.475999377 -0500
+++ b/msgsnarf.c 2011-06-19 17:15:01.091999376 -0500
@@ -45,7 +45,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: msgsnarf [-i interface] [[-v] pattern [expression]]\n");
+ "Usage: msgsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
exit(1);
}
@@ -633,11 +633,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:hv?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:p:hv?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
case 'v':
Opt_invert = 1;
break;
@@ -666,11 +669,24 @@
nids_register_tcp(sniff_msgs);
- if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
- }
- else warnx("listening on %s", nids_params.device);
+ if (nids_params.pcap_filter != NULL) {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
--- a/sshow.8 2011-06-19 17:14:18.839999384 -0500
+++ b/sshow.8 2011-06-19 17:15:01.095999376 -0500
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR] [\fIexpression\fR]
+\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [\fIexpression\fR]
.SH DESCRIPTION
.ad
.fi
@@ -28,6 +28,8 @@
Enable verbose debugging output.
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP "\fIexpression\fR"
Specify a tcpdump(8) filter expression to select traffic to sniff.
.SH "SEE ALSO"
--- a/sshow.c 2011-06-19 17:14:56.475999377 -0500
+++ b/sshow.c 2011-06-19 17:15:01.099999376 -0500
@@ -82,7 +82,7 @@
static void
usage(void)
{
- fprintf(stderr, "Usage: sshow [-d] [-i interface]\n");
+ fprintf(stderr, "Usage: sshow [-d] [-i interface | -p pcapfile]\n");
exit(1);
}
@@ -616,7 +616,7 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "di:h?")) != -1) {
+ while ((c = getopt(argc, argv, "di:p:h?")) != -1) {
switch (c) {
case 'd':
debug++;
@@ -624,6 +624,9 @@
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
default:
usage();
break;
@@ -652,11 +655,24 @@
nids_register_tcp(process_event);
- if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
- }
- else warnx("listening on %s", nids_params.device);
+ if (nids_params.pcap_filter != NULL) {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
--- a/urlsnarf.8 2011-06-19 17:14:19.727999384 -0500
+++ b/urlsnarf.8 2011-06-19 17:15:01.099999376 -0500
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
.SH DESCRIPTION
.ad
.fi
@@ -21,6 +21,9 @@
.IP \fB-n\fR
Do not resolve IP addresses to hostnames.
.IP "\fB-i \fIinterface\fR"
+Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fB-v\fR
"Versus" mode. Invert the sense of matching, to select non-matching
URLs.
--- a/urlsnarf.c 2011-06-19 17:14:19.323999384 -0500
+++ b/urlsnarf.c 2011-06-19 17:15:01.103999376 -0500
@@ -41,7 +41,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: urlsnarf [-n] [-i interface] [[-v] pattern [expression]]\n");
+ "Usage: urlsnarf [-n] [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
exit(1);
}
@@ -201,11 +201,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:nvh?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
case 'n':
Opt_dns = 0;
break;
@@ -238,8 +241,24 @@
nids_register_tcp(sniff_http_client);
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
+ if (nids_params.pcap_filter != NULL) {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
--- a/webspy.8 2011-06-19 17:14:18.319999386 -0500
+++ b/webspy.8 2011-06-19 17:15:01.107999376 -0500
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBwebspy\fR [\fB-i \fIinterface\fR] \fIhost\fR
+\fBwebspy\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] \fIhost\fR
.SH DESCRIPTION
.ad
.fi
@@ -20,6 +20,8 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fIhost\fR
Specify the web client to spy on.
.SH "SEE ALSO"
--- a/webspy.c 2011-06-19 17:14:21.395999384 -0500
+++ b/webspy.c 2011-06-19 17:15:01.111999376 -0500
@@ -42,7 +42,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: %s [-i interface] host\n", progname);
+ "Usage: %s [-i interface | -p pcapfile] host\n", progname);
exit(1);
}
@@ -184,11 +184,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:h?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:p:h?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'p':
+ nids_params.filename = optarg;
+ break;
default:
usage();
}
@@ -216,7 +219,13 @@
nids_register_tcp(sniff_http_client);
- warnx("listening on %s", nids_params.device);
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+
nids_run();
Reference in New Issue View Git Blame Copy Permalink