Package: dsniff
Version: 2.4b1+debian-21.1
Severity: normal
== Add info. after this line ==
After upgrading to the new dsniff we ran into problem where urlsnarf exited
unexpectedly. Tracing the code revealed that this was because
pcap_next_ex() was returning zero which means a timeout happened. Not
entirely sure why it was getting a timeout, but the old urlsnarf had no
problem.
Researching the code revealed that the pcap_next_ex() was added by Debian
bugs
#636202 and #573365. These replace the nids mainloop with a new one which
apparently works slightly differently. Also the new urlsnarf can no longer
accept pcaps from stdin.
$ sudo tcpdump -i eth0 -s0 -w - -c 100 | urlsnarf -p /dev/stdin
Password:
urlsnarf: using /dev/stdin [tcp port 80 or port 8080 or port 3128]
pcap_open_offline(/dev/stdin): unknown file format
Attached is what I believe is the correct fix for #573365. Nids provides
the timestamp of the packet directly, no need to change large blocks of
code.
Thanks in advance,
--
Martijn van Oosterhout <klep...@gmail.com> http://svana.org/kleptog/
Author: Hilko Bengen <ben...@debian.org>
Description: urlsnarf: use timestamps from pcap file if available. Closes: #573365
Index: dsniff-2.4b1+debian/urlsnarf.c
===================================================================
--- dsniff-2.4b1+debian.orig/urlsnarf.c 2014-03-27 13:57:23.682751846 +0100
+++ dsniff-2.4b1+debian/urlsnarf.c 2014-03-27 13:59:16.528559030 +0100
@@ -57,7 +57,7 @@
{
static char tstr[32], sign;
struct tm *t, gmt;
- time_t tt = time(NULL);
+ time_t tt = nids_last_pcap_header->ts.tv_sec;
int days, hours, tz, len;
gmt = *gmtime(&tt);
