|
 |
8f195e9 |
Patch by Joseph Battaglia <sephail@sephail.net> and Joshua Krage
|
|
|
8f195e9 |
<jkrage@guisarme.us> for dsniff >= 2.4b1, which allows the reading of
|
|
|
8f195e9 |
saved PCAP capture files. For further information, please have a look
|
|
|
8f195e9 |
to Debian bug ID #153462 and #298604.
|
|
|
8f195e9 |
|
|
|
8f195e9 |
--- dsniff-2.4b1/dsniff.8 2005-07-11 20:41:14.000000000 +0000
|
|
|
8f195e9 |
+++ dsniff-2.4b1/dsniff.8.pcap_dump 2005-07-11 20:41:18.000000000 +0000
|
|
|
8f195e9 |
@@ -10,7 +10,7 @@
|
|
|
8f195e9 |
.nf
|
|
|
8f195e9 |
.fi
|
|
|
8f195e9 |
\fBdsniff\fR [\fB-c\fR] [\fB-d\fR] [\fB-m\fR] [\fB-n\fR] [\fB-i
|
|
|
8f195e9 |
-\fIinterface\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
|
|
|
8f195e9 |
+\fIinterface\fR | \fB-p \fIpcapfile\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
|
|
|
8f195e9 |
[\fB-t \fItrigger[,...]\fR]]
|
|
|
8f195e9 |
[\fB-r\fR|\fB-w\fR \fIsavefile\fR] [\fIexpression\fR]
|
|
|
8f195e9 |
.SH DESCRIPTION
|
|
|
8f195e9 |
@@ -45,6 +45,9 @@
|
|
|
8f195e9 |
Do not resolve IP addresses to hostnames.
|
|
|
8f195e9 |
.IP "\fB-i \fIinterface\fR"
|
|
|
8f195e9 |
Specify the interface to listen on.
|
|
|
8f195e9 |
+.IP "\fB-p \fIpcapfile\fR"
|
|
|
8f195e9 |
+Rather than processing the contents of packets observed upon the network
|
|
|
8f195e9 |
+process the given PCAP capture file.
|
|
|
8f195e9 |
.IP "\fB-s \fIsnaplen\fR"
|
|
|
8f195e9 |
Analyze at most the first \fIsnaplen\fR bytes of each TCP connection,
|
|
|
8f195e9 |
rather than the default of 1024.
|
|
|
8f195e9 |
--- dsniff-2.4b1/dsniff.c 2005-07-11 20:41:14.000000000 +0000
|
|
|
8f195e9 |
+++ dsniff-2.4b1/dsniff.c.pcap_dump 2005-07-11 20:41:18.000000000 +0000
|
|
|
8f195e9 |
@@ -46,8 +46,9 @@
|
|
|
8f195e9 |
usage(void)
|
|
|
8f195e9 |
{
|
|
|
8f195e9 |
fprintf(stderr, "Version: " VERSION "\n"
|
|
|
8f195e9 |
- "Usage: dsniff [-cdmn] [-i interface] [-s snaplen] [-f services]\n"
|
|
|
8f195e9 |
- " [-t trigger[,...]] [-r|-w savefile] [expression]\n");
|
|
|
8f195e9 |
+ "Usage: dsniff [-cdmn] [-i interface | -p pcapfile] [-s snaplen]\n"
|
|
|
8f195e9 |
+ " [-f services] [-t trigger[,...]] [-r|-w savefile]\n"
|
|
|
8f195e9 |
+ " [expression]\n");
|
|
|
8f195e9 |
exit(1);
|
|
|
8f195e9 |
}
|
|
|
8f195e9 |
|
|
|
8f195e9 |
@@ -79,7 +80,7 @@
|
|
|
8f195e9 |
|
|
|
8f195e9 |
services = savefile = triggers = NULL;
|
|
|
8f195e9 |
|
|
|
8f195e9 |
- while ((c = getopt(argc, argv, "cdf:i:mnr:s:t:w:h?V")) != -1) {
|
|
|
8f195e9 |
+ while ((c = getopt(argc, argv, "cdf:i:mnp:r:s:t:w:h?V")) != -1) {
|
|
|
8f195e9 |
switch (c) {
|
|
|
8f195e9 |
case 'c':
|
|
|
8f195e9 |
Opt_client = 1;
|
|
|
8f195e9 |
@@ -99,6 +100,9 @@
|
|
|
8f195e9 |
case 'n':
|
|
|
8f195e9 |
Opt_dns = 0;
|
|
|
8f195e9 |
break;
|
|
|
8f195e9 |
+ case 'p':
|
|
|
8f195e9 |
+ nids_params.filename = optarg;
|
|
|
8f195e9 |
+ break;
|
|
|
8f195e9 |
case 'r':
|
|
|
8f195e9 |
Opt_read = 1;
|
|
|
8f195e9 |
savefile = optarg;
|
|
|
8f195e9 |
@@ -168,10 +172,23 @@
|
|
|
8f195e9 |
else nids_register_tcp(trigger_tcp);
|
|
|
8f195e9 |
|
|
|
8f195e9 |
if (nids_params.pcap_filter != NULL) {
|
|
|
8f195e9 |
- warnx("listening on %s [%s]", nids_params.device,
|
|
|
8f195e9 |
- nids_params.pcap_filter);
|
|
|
8f195e9 |
+ if (nids_params.filename == NULL) {
|
|
|
8f195e9 |
+ warnx("listening on %s [%s]", nids_params.device,
|
|
|
8f195e9 |
+ nids_params.pcap_filter);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ warnx("using %s [%s]", nids_params.filename,
|
|
|
8f195e9 |
+ nids_params.pcap_filter);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ if (nids_params.filename == NULL) {
|
|
|
8f195e9 |
+ warnx("listening on %s", nids_params.device);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ warnx("using %s", nids_params.filename);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
}
|
|
|
8f195e9 |
- else warnx("listening on %s", nids_params.device);
|
|
|
8f195e9 |
|
|
|
8f195e9 |
nids_run();
|
|
|
8f195e9 |
|
|
|
8f195e9 |
--- dsniff-2.4b1/filesnarf.8 2005-07-11 20:41:14.000000000 +0000
|
|
|
8f195e9 |
+++ dsniff-2.4b1/filesnarf.8.pcap_dump 2005-07-11 20:41:18.000000000 +0000
|
|
|
8f195e9 |
@@ -9,7 +9,7 @@
|
|
|
8f195e9 |
.na
|
|
|
8f195e9 |
.nf
|
|
|
8f195e9 |
.fi
|
|
|
8f195e9 |
-\fBfilesnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
|
|
|
8f195e9 |
+\fBfilesnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
|
|
|
8f195e9 |
.SH DESCRIPTION
|
|
|
8f195e9 |
.ad
|
|
|
8f195e9 |
.fi
|
|
|
8f195e9 |
@@ -18,6 +18,8 @@
|
|
|
8f195e9 |
.SH OPTIONS
|
|
|
8f195e9 |
.IP "\fB-i \fIinterface\fR"
|
|
|
8f195e9 |
Specify the interface to listen on.
|
|
|
8f195e9 |
+.IP "\fB-p \fIpcapfile\fR"
|
|
|
8f195e9 |
+Process packets from the specified PCAP capture file instead of the network.
|
|
|
8f195e9 |
.IP \fB-v\fR
|
|
|
8f195e9 |
"Versus" mode. Invert the sense of matching, to select non-matching
|
|
|
8f195e9 |
files.
|
|
|
8f195e9 |
--- dsniff-2.4b1/filesnarf.c 2005-07-11 20:41:14.000000000 +0000
|
|
|
8f195e9 |
+++ dsniff-2.4b1/filesnarf.c.pcap_dump 2005-07-11 20:41:18.000000000 +0000
|
|
|
8f195e9 |
@@ -51,7 +51,7 @@
|
|
|
8f195e9 |
usage(void)
|
|
|
8f195e9 |
{
|
|
|
8f195e9 |
fprintf(stderr, "Version: " VERSION "\n"
|
|
|
8f195e9 |
- "Usage: filesnarf [-i interface] [[-v] pattern [expression]]\n");
|
|
|
8f195e9 |
+ "Usage: filesnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
|
|
|
8f195e9 |
exit(1);
|
|
|
8f195e9 |
}
|
|
|
8f195e9 |
|
|
|
8f195e9 |
@@ -464,11 +464,14 @@
|
|
|
8f195e9 |
extern int optind;
|
|
|
8f195e9 |
int c;
|
|
|
8f195e9 |
|
|
|
8f195e9 |
- while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
|
|
|
8f195e9 |
+ while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
|
|
|
8f195e9 |
switch (c) {
|
|
|
8f195e9 |
case 'i':
|
|
|
8f195e9 |
nids_params.device = optarg;
|
|
|
8f195e9 |
break;
|
|
|
8f195e9 |
+ case 'p':
|
|
|
8f195e9 |
+ nids_params.filename = optarg;
|
|
|
8f195e9 |
+ break;
|
|
|
8f195e9 |
case 'v':
|
|
|
8f195e9 |
Opt_invert = 1;
|
|
|
8f195e9 |
break;
|
|
|
8f195e9 |
@@ -498,11 +501,24 @@
|
|
|
8f195e9 |
nids_register_ip(decode_udp_nfs);
|
|
|
8f195e9 |
nids_register_tcp(decode_tcp_nfs);
|
|
|
8f195e9 |
|
|
|
8f195e9 |
- if (nids_params.pcap_filter != NULL) {
|
|
|
8f195e9 |
- warnx("listening on %s [%s]", nids_params.device,
|
|
|
8f195e9 |
- nids_params.pcap_filter);
|
|
|
8f195e9 |
- }
|
|
|
8f195e9 |
- else warnx("listening on %s", nids_params.device);
|
|
|
8f195e9 |
+ if (nids_params.pcap_filter != NULL) {
|
|
|
8f195e9 |
+ if (nids_params.filename == NULL) {
|
|
|
8f195e9 |
+ warnx("listening on %s [%s]", nids_params.device,
|
|
|
8f195e9 |
+ nids_params.pcap_filter);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ warnx("using %s [%s]", nids_params.filename,
|
|
|
8f195e9 |
+ nids_params.pcap_filter);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ if (nids_params.filename == NULL) {
|
|
|
8f195e9 |
+ warnx("listening on %s", nids_params.device);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ warnx("using %s", nids_params.filename);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
|
|
|
8f195e9 |
nids_run();
|
|
|
8f195e9 |
|
|
|
8f195e9 |
--- dsniff-2.4b1/mailsnarf.8 2005-07-11 20:41:14.000000000 +0000
|
|
|
8f195e9 |
+++ dsniff-2.4b1/mailsnarf.8.pcap_dump 2005-07-11 20:41:18.000000000 +0000
|
|
|
8f195e9 |
@@ -9,7 +9,7 @@
|
|
|
8f195e9 |
.na
|
|
|
8f195e9 |
.nf
|
|
|
8f195e9 |
.fi
|
|
|
8f195e9 |
-\fBmailsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
|
|
|
8f195e9 |
+\fBmailsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
|
|
|
8f195e9 |
.SH DESCRIPTION
|
|
|
8f195e9 |
.ad
|
|
|
8f195e9 |
.fi
|
|
|
8f195e9 |
@@ -19,6 +19,8 @@
|
|
|
8f195e9 |
.SH OPTIONS
|
|
|
8f195e9 |
.IP "\fB-i \fIinterface\fR"
|
|
|
8f195e9 |
Specify the interface to listen on.
|
|
|
8f195e9 |
+.IP "\fB-p \fIpcapfile\fR"
|
|
|
8f195e9 |
+Process packets from the specified PCAP capture file instead of the network.
|
|
|
8f195e9 |
.IP \fB-v\fR
|
|
|
8f195e9 |
"Versus" mode. Invert the sense of matching, to select non-matching
|
|
|
8f195e9 |
messages.
|
|
|
8f195e9 |
--- dsniff-2.4b1/mailsnarf.c 2005-07-11 20:41:18.000000000 +0000
|
|
|
8f195e9 |
+++ dsniff-2.4b1/mailsnarf.c.pcap_dump 2005-07-11 20:41:18.000000000 +0000
|
|
|
8f195e9 |
@@ -59,7 +59,7 @@
|
|
|
8f195e9 |
usage(void)
|
|
|
8f195e9 |
{
|
|
|
8f195e9 |
fprintf(stderr, "Version: " VERSION "\n"
|
|
|
8f195e9 |
- "Usage: mailsnarf [-i interface] [[-v] pattern [expression]]\n");
|
|
|
8f195e9 |
+ "Usage: mailsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
|
|
|
8f195e9 |
exit(1);
|
|
|
8f195e9 |
}
|
|
|
8f195e9 |
|
|
|
8f195e9 |
@@ -344,11 +344,14 @@
|
|
|
8f195e9 |
extern int optind;
|
|
|
8f195e9 |
int c;
|
|
|
8f195e9 |
|
|
|
8f195e9 |
- while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
|
|
|
8f195e9 |
+ while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
|
|
|
8f195e9 |
switch (c) {
|
|
|
8f195e9 |
case 'i':
|
|
|
8f195e9 |
nids_params.device = optarg;
|
|
|
8f195e9 |
break;
|
|
|
8f195e9 |
+ case 'p':
|
|
|
8f195e9 |
+ nids_params.filename = optarg;
|
|
|
8f195e9 |
+ break;
|
|
|
8f195e9 |
case 'v':
|
|
|
8f195e9 |
Opt_invert = 1;
|
|
|
8f195e9 |
break;
|
|
|
8f195e9 |
@@ -378,10 +381,23 @@
|
|
|
8f195e9 |
nids_register_tcp(sniff_pop_session);
|
|
|
8f195e9 |
|
|
|
8f195e9 |
if (nids_params.pcap_filter != NULL) {
|
|
|
8f195e9 |
- warnx("listening on %s [%s]", nids_params.device,
|
|
|
8f195e9 |
- nids_params.pcap_filter);
|
|
|
8f195e9 |
+ if (nids_params.filename == NULL) {
|
|
|
8f195e9 |
+ warnx("listening on %s [%s]", nids_params.device,
|
|
|
8f195e9 |
+ nids_params.pcap_filter);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ warnx("using %s [%s]", nids_params.filename,
|
|
|
8f195e9 |
+ nids_params.pcap_filter);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
}
|
|
|
8f195e9 |
- else warnx("listening on %s", nids_params.device);
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ if (nids_params.filename == NULL) {
|
|
|
8f195e9 |
+ warnx("listening on %s", nids_params.device);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ warnx("using %s", nids_params.filename);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
|
|
|
8f195e9 |
nids_run();
|
|
|
8f195e9 |
|
|
|
8f195e9 |
--- dsniff-2.4b1/msgsnarf.8 2005-07-11 20:41:14.000000000 +0000
|
|
|
8f195e9 |
+++ dsniff-2.4b1/msgsnarf.8.pcap_dump 2005-07-11 20:41:18.000000000 +0000
|
|
|
8f195e9 |
@@ -9,7 +9,7 @@
|
|
|
8f195e9 |
.na
|
|
|
8f195e9 |
.nf
|
|
|
8f195e9 |
.fi
|
|
|
8f195e9 |
-\fBmsgsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
|
|
|
8f195e9 |
+\fBmsgsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
|
|
|
8f195e9 |
.SH DESCRIPTION
|
|
|
8f195e9 |
.ad
|
|
|
8f195e9 |
.fi
|
|
|
8f195e9 |
@@ -19,6 +19,8 @@
|
|
|
8f195e9 |
.SH OPTIONS
|
|
|
8f195e9 |
.IP "\fB-i \fIinterface\fR"
|
|
|
8f195e9 |
Specify the interface to listen on.
|
|
|
8f195e9 |
+.IP "\fB-p \fIpcapfile\fR"
|
|
|
8f195e9 |
+Process packets from the specified PCAP capture file instead of the network.
|
|
|
8f195e9 |
.IP \fB-v\fR
|
|
|
8f195e9 |
"Versus" mode. Invert the sense of matching, to select non-matching
|
|
|
8f195e9 |
messages.
|
|
|
8f195e9 |
--- dsniff-2.4b1/msgsnarf.c 2005-07-11 20:41:18.000000000 +0000
|
|
|
8f195e9 |
+++ dsniff-2.4b1/msgsnarf.c.pcap_dump 2005-07-11 20:41:18.000000000 +0000
|
|
|
8f195e9 |
@@ -45,7 +45,7 @@
|
|
|
8f195e9 |
usage(void)
|
|
|
8f195e9 |
{
|
|
|
8f195e9 |
fprintf(stderr, "Version: " VERSION "\n"
|
|
|
8f195e9 |
- "Usage: msgsnarf [-i interface] [[-v] pattern [expression]]\n");
|
|
|
8f195e9 |
+ "Usage: msgsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
|
|
|
8f195e9 |
exit(1);
|
|
|
8f195e9 |
}
|
|
|
8f195e9 |
|
|
|
8f195e9 |
@@ -633,11 +633,14 @@
|
|
|
8f195e9 |
extern int optind;
|
|
|
8f195e9 |
int c;
|
|
|
8f195e9 |
|
|
|
8f195e9 |
- while ((c = getopt(argc, argv, "i:hv?V")) != -1) {
|
|
|
8f195e9 |
+ while ((c = getopt(argc, argv, "i:p:hv?V")) != -1) {
|
|
|
8f195e9 |
switch (c) {
|
|
|
8f195e9 |
case 'i':
|
|
|
8f195e9 |
nids_params.device = optarg;
|
|
|
8f195e9 |
break;
|
|
|
8f195e9 |
+ case 'p':
|
|
|
8f195e9 |
+ nids_params.filename = optarg;
|
|
|
8f195e9 |
+ break;
|
|
|
8f195e9 |
case 'v':
|
|
|
8f195e9 |
Opt_invert = 1;
|
|
|
8f195e9 |
break;
|
|
|
8f195e9 |
@@ -666,11 +669,24 @@
|
|
|
8f195e9 |
|
|
|
8f195e9 |
nids_register_tcp(sniff_msgs);
|
|
|
8f195e9 |
|
|
|
8f195e9 |
- if (nids_params.pcap_filter != NULL) {
|
|
|
8f195e9 |
- warnx("listening on %s [%s]", nids_params.device,
|
|
|
8f195e9 |
- nids_params.pcap_filter);
|
|
|
8f195e9 |
- }
|
|
|
8f195e9 |
- else warnx("listening on %s", nids_params.device);
|
|
|
8f195e9 |
+ if (nids_params.pcap_filter != NULL) {
|
|
|
8f195e9 |
+ if (nids_params.filename == NULL) {
|
|
|
8f195e9 |
+ warnx("listening on %s [%s]", nids_params.device,
|
|
|
8f195e9 |
+ nids_params.pcap_filter);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ warnx("using %s [%s]", nids_params.filename,
|
|
|
8f195e9 |
+ nids_params.pcap_filter);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ if (nids_params.filename == NULL) {
|
|
|
8f195e9 |
+ warnx("listening on %s", nids_params.device);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ warnx("using %s", nids_params.filename);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
|
|
|
8f195e9 |
nids_run();
|
|
|
8f195e9 |
|
|
|
8f195e9 |
--- dsniff-2.4b1/sshow.8 2005-07-11 20:41:14.000000000 +0000
|
|
|
8f195e9 |
+++ dsniff-2.4b1/sshow.8.pcap_dump 2005-07-11 20:41:18.000000000 +0000
|
|
|
8f195e9 |
@@ -9,7 +9,7 @@
|
|
|
8f195e9 |
.na
|
|
|
8f195e9 |
.nf
|
|
|
8f195e9 |
.fi
|
|
|
8f195e9 |
-\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR] [\fIexpression\fR]
|
|
|
8f195e9 |
+\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [\fIexpression\fR]
|
|
|
8f195e9 |
.SH DESCRIPTION
|
|
|
8f195e9 |
.ad
|
|
|
8f195e9 |
.fi
|
|
|
8f195e9 |
@@ -28,6 +28,8 @@
|
|
|
8f195e9 |
Enable verbose debugging output.
|
|
|
8f195e9 |
.IP "\fB-i \fIinterface\fR"
|
|
|
8f195e9 |
Specify the interface to listen on.
|
|
|
8f195e9 |
+.IP "\fB-p \fIpcapfile\fR"
|
|
|
8f195e9 |
+Process packets from the specified PCAP capture file instead of the network.
|
|
|
8f195e9 |
.IP "\fIexpression\fR"
|
|
|
8f195e9 |
Specify a tcpdump(8) filter expression to select traffic to sniff.
|
|
|
8f195e9 |
.SH "SEE ALSO"
|
|
|
8f195e9 |
--- dsniff-2.4b1/sshow.c 2005-07-11 20:41:18.000000000 +0000
|
|
|
8f195e9 |
+++ dsniff-2.4b1/sshow.c.pcap_dump 2005-07-11 20:41:18.000000000 +0000
|
|
|
8f195e9 |
@@ -82,7 +82,7 @@
|
|
|
8f195e9 |
static void
|
|
|
8f195e9 |
usage(void)
|
|
|
8f195e9 |
{
|
|
|
8f195e9 |
- fprintf(stderr, "Usage: sshow [-d] [-i interface]\n");
|
|
|
8f195e9 |
+ fprintf(stderr, "Usage: sshow [-d] [-i interface | -p pcapfile]\n");
|
|
|
8f195e9 |
exit(1);
|
|
|
8f195e9 |
}
|
|
|
8f195e9 |
|
|
|
8f195e9 |
@@ -616,7 +616,7 @@
|
|
|
8f195e9 |
extern int optind;
|
|
|
8f195e9 |
int c;
|
|
|
8f195e9 |
|
|
|
8f195e9 |
- while ((c = getopt(argc, argv, "di:h?")) != -1) {
|
|
|
8f195e9 |
+ while ((c = getopt(argc, argv, "di:p:h?")) != -1) {
|
|
|
8f195e9 |
switch (c) {
|
|
|
8f195e9 |
case 'd':
|
|
|
8f195e9 |
debug++;
|
|
|
8f195e9 |
@@ -624,6 +624,9 @@
|
|
|
8f195e9 |
case 'i':
|
|
|
8f195e9 |
nids_params.device = optarg;
|
|
|
8f195e9 |
break;
|
|
|
8f195e9 |
+ case 'p':
|
|
|
8f195e9 |
+ nids_params.filename = optarg;
|
|
|
8f195e9 |
+ break;
|
|
|
8f195e9 |
default:
|
|
|
8f195e9 |
usage();
|
|
|
8f195e9 |
break;
|
|
|
8f195e9 |
@@ -652,11 +655,24 @@
|
|
|
8f195e9 |
|
|
|
8f195e9 |
nids_register_tcp(process_event);
|
|
|
8f195e9 |
|
|
|
8f195e9 |
- if (nids_params.pcap_filter != NULL) {
|
|
|
8f195e9 |
- warnx("listening on %s [%s]", nids_params.device,
|
|
|
8f195e9 |
- nids_params.pcap_filter);
|
|
|
8f195e9 |
- }
|
|
|
8f195e9 |
- else warnx("listening on %s", nids_params.device);
|
|
|
8f195e9 |
+ if (nids_params.pcap_filter != NULL) {
|
|
|
8f195e9 |
+ if (nids_params.filename == NULL) {
|
|
|
8f195e9 |
+ warnx("listening on %s [%s]", nids_params.device,
|
|
|
8f195e9 |
+ nids_params.pcap_filter);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ warnx("using %s [%s]", nids_params.filename,
|
|
|
8f195e9 |
+ nids_params.pcap_filter);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ if (nids_params.filename == NULL) {
|
|
|
8f195e9 |
+ warnx("listening on %s", nids_params.device);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ warnx("using %s", nids_params.filename);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
|
|
|
8f195e9 |
nids_run();
|
|
|
8f195e9 |
|
|
|
8f195e9 |
--- dsniff-2.4b1/urlsnarf.8 2005-07-11 20:41:14.000000000 +0000
|
|
|
8f195e9 |
+++ dsniff-2.4b1/urlsnarf.8.pcap_dump 2005-07-11 20:41:18.000000000 +0000
|
|
|
8f195e9 |
@@ -9,7 +9,7 @@
|
|
|
8f195e9 |
.na
|
|
|
8f195e9 |
.nf
|
|
|
8f195e9 |
.fi
|
|
|
8f195e9 |
-\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
|
|
|
8f195e9 |
+\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
|
|
|
8f195e9 |
.SH DESCRIPTION
|
|
|
8f195e9 |
.ad
|
|
|
8f195e9 |
.fi
|
|
|
8f195e9 |
@@ -21,6 +21,9 @@
|
|
|
8f195e9 |
.IP \fB-n\fR
|
|
|
8f195e9 |
Do not resolve IP addresses to hostnames.
|
|
|
8f195e9 |
.IP "\fB-i \fIinterface\fR"
|
|
|
8f195e9 |
+Specify the interface to listen on.
|
|
|
8f195e9 |
+.IP "\fB-p \fIpcapfile\fR"
|
|
|
8f195e9 |
+Process packets from the specified PCAP capture file instead of the network.
|
|
|
8f195e9 |
.IP \fB-v\fR
|
|
|
8f195e9 |
"Versus" mode. Invert the sense of matching, to select non-matching
|
|
|
8f195e9 |
URLs.
|
|
|
8f195e9 |
--- dsniff-2.4b1/urlsnarf.c 2005-07-11 20:41:14.000000000 +0000
|
|
|
8f195e9 |
+++ dsniff-2.4b1/urlsnarf.c.pcap_dump 2005-07-11 20:41:18.000000000 +0000
|
|
|
8f195e9 |
@@ -41,7 +41,7 @@
|
|
|
8f195e9 |
usage(void)
|
|
|
8f195e9 |
{
|
|
|
8f195e9 |
fprintf(stderr, "Version: " VERSION "\n"
|
|
|
8f195e9 |
- "Usage: urlsnarf [-n] [-i interface] [[-v] pattern [expression]]\n");
|
|
|
8f195e9 |
+ "Usage: urlsnarf [-n] [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
|
|
|
8f195e9 |
exit(1);
|
|
|
8f195e9 |
}
|
|
|
8f195e9 |
|
|
|
8f195e9 |
@@ -201,11 +201,14 @@
|
|
|
8f195e9 |
extern int optind;
|
|
|
8f195e9 |
int c;
|
|
|
8f195e9 |
|
|
|
8f195e9 |
- while ((c = getopt(argc, argv, "i:nvh?V")) != -1) {
|
|
|
8f195e9 |
+ while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) {
|
|
|
8f195e9 |
switch (c) {
|
|
|
8f195e9 |
case 'i':
|
|
|
8f195e9 |
nids_params.device = optarg;
|
|
|
8f195e9 |
break;
|
|
|
8f195e9 |
+ case 'p':
|
|
|
8f195e9 |
+ nids_params.filename = optarg;
|
|
|
8f195e9 |
+ break;
|
|
|
8f195e9 |
case 'n':
|
|
|
8f195e9 |
Opt_dns = 0;
|
|
|
8f195e9 |
break;
|
|
|
8f195e9 |
@@ -238,8 +241,24 @@
|
|
|
8f195e9 |
|
|
|
8f195e9 |
nids_register_tcp(sniff_http_client);
|
|
|
8f195e9 |
|
|
|
8f195e9 |
- warnx("listening on %s [%s]", nids_params.device,
|
|
|
8f195e9 |
- nids_params.pcap_filter);
|
|
|
8f195e9 |
+ if (nids_params.pcap_filter != NULL) {
|
|
|
8f195e9 |
+ if (nids_params.filename == NULL) {
|
|
|
8f195e9 |
+ warnx("listening on %s [%s]", nids_params.device,
|
|
|
8f195e9 |
+ nids_params.pcap_filter);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ warnx("using %s [%s]", nids_params.filename,
|
|
|
8f195e9 |
+ nids_params.pcap_filter);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ if (nids_params.filename == NULL) {
|
|
|
8f195e9 |
+ warnx("listening on %s", nids_params.device);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ warnx("using %s", nids_params.filename);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
|
|
|
8f195e9 |
nids_run();
|
|
|
8f195e9 |
|
|
|
8f195e9 |
--- dsniff-2.4b1/webspy.8 2005-07-11 20:41:14.000000000 +0000
|
|
|
8f195e9 |
+++ dsniff-2.4b1/webspy.8.pcap_dump 2005-07-11 20:41:18.000000000 +0000
|
|
|
8f195e9 |
@@ -9,7 +9,7 @@
|
|
|
8f195e9 |
.na
|
|
|
8f195e9 |
.nf
|
|
|
8f195e9 |
.fi
|
|
|
8f195e9 |
-\fBwebspy\fR [\fB-i \fIinterface\fR] \fIhost\fR
|
|
|
8f195e9 |
+\fBwebspy\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] \fIhost\fR
|
|
|
8f195e9 |
.SH DESCRIPTION
|
|
|
8f195e9 |
.ad
|
|
|
8f195e9 |
.fi
|
|
|
8f195e9 |
@@ -20,6 +20,8 @@
|
|
|
8f195e9 |
.SH OPTIONS
|
|
|
8f195e9 |
.IP "\fB-i \fIinterface\fR"
|
|
|
8f195e9 |
Specify the interface to listen on.
|
|
|
8f195e9 |
+.IP "\fB-p \fIpcapfile\fR"
|
|
|
8f195e9 |
+Process packets from the specified PCAP capture file instead of the network.
|
|
|
8f195e9 |
.IP \fIhost\fR
|
|
|
8f195e9 |
Specify the web client to spy on.
|
|
|
8f195e9 |
.SH "SEE ALSO"
|
|
|
8f195e9 |
--- dsniff-2.4b1/webspy.c 2005-07-11 20:41:14.000000000 +0000
|
|
|
8f195e9 |
+++ dsniff-2.4b1/webspy.c.pcap_dump 2005-07-11 20:41:18.000000000 +0000
|
|
|
8f195e9 |
@@ -42,7 +42,7 @@
|
|
|
8f195e9 |
usage(void)
|
|
|
8f195e9 |
{
|
|
|
8f195e9 |
fprintf(stderr, "Version: " VERSION "\n"
|
|
|
8f195e9 |
- "Usage: %s [-i interface] host\n", progname);
|
|
|
8f195e9 |
+ "Usage: %s [-i interface | -p pcapfile] host\n", progname);
|
|
|
8f195e9 |
exit(1);
|
|
|
8f195e9 |
}
|
|
|
8f195e9 |
|
|
|
8f195e9 |
@@ -184,11 +184,14 @@
|
|
|
8f195e9 |
extern int optind;
|
|
|
8f195e9 |
int c;
|
|
|
8f195e9 |
|
|
|
8f195e9 |
- while ((c = getopt(argc, argv, "i:h?V")) != -1) {
|
|
|
8f195e9 |
+ while ((c = getopt(argc, argv, "i:p:h?V")) != -1) {
|
|
|
8f195e9 |
switch (c) {
|
|
|
8f195e9 |
case 'i':
|
|
|
8f195e9 |
nids_params.device = optarg;
|
|
|
8f195e9 |
break;
|
|
|
8f195e9 |
+ case 'p':
|
|
|
8f195e9 |
+ nids_params.filename = optarg;
|
|
|
8f195e9 |
+ break;
|
|
|
8f195e9 |
default:
|
|
|
8f195e9 |
usage();
|
|
|
8f195e9 |
}
|
|
|
8f195e9 |
@@ -216,7 +219,13 @@
|
|
|
8f195e9 |
|
|
|
8f195e9 |
nids_register_tcp(sniff_http_client);
|
|
|
8f195e9 |
|
|
|
8f195e9 |
- warnx("listening on %s", nids_params.device);
|
|
|
8f195e9 |
+ if (nids_params.filename == NULL) {
|
|
|
8f195e9 |
+ warnx("listening on %s", nids_params.device);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+ else {
|
|
|
8f195e9 |
+ warnx("using %s", nids_params.filename);
|
|
|
8f195e9 |
+ }
|
|
|
8f195e9 |
+
|
|
|
8f195e9 |
|
|
|
8f195e9 |
nids_run();
|
|
|
8f195e9 |
|