Package: dsniff Version: 2.4b1-9 Severity: wishlist Tags: patch
Patch enclosed to add "-r pcapfile" to the passive sniffers in dsniff (filesnarf, mailsnarf, msgsnarf, sshow, urlsnarf, and webspy). Includes man page changes. Expands on previous changes to dsniff.c for the same purpose. Single unified diff attached. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages dsniff depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [ ii libice6 4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library ii libnet0 1.0.2a-7 library for the construction and h ii libnids1 1.20-1 IP defragmentation TCP segment rea ii libpcap0.8 0.8.3-5 System interface for user-level pa ii libsm6 4.3.0.dfsg.1-12.0.1 X Window System Session Management ii libssl0.9.7 0.9.7e-3 SSL shared libraries ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol client li ii libxmu6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous util ii openssl 0.9.7e-3 Secure Socket Layer (SSL) binary a ii xlibs 4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu -- no debconf information
Common subdirectories: ../orig/dsniff-2.4b1/CVS and ./CVS Common subdirectories: ../orig/dsniff-2.4b1/debian and ./debian diff -u ../orig/dsniff-2.4b1/filesnarf.8 ./filesnarf.8 --- ../orig/dsniff-2.4b1/filesnarf.8 2000-11-19 01:23:33.000000000 -0500 +++ ./filesnarf.8 2005-03-03 10:33:59.244324732 -0500 @@ -9,7 +9,7 @@ .na .nf .fi -\fBfilesnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] +\fBfilesnarf\fR [\fB-i \fIinterface\fR | \fB-r \fIpcap dump file\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] .SH DESCRIPTION .ad .fi @@ -18,6 +18,8 @@ .SH OPTIONS .IP "\fB-i \fIinterface\fR" Specify the interface to listen on. +.IP "\fB-r \fIpcap dump file\fR" +Process packets from the specified PCAP capture file instead of the network. .IP \fB-v\fR "Versus" mode. Invert the sense of matching, to select non-matching files. diff -u ../orig/dsniff-2.4b1/filesnarf.c ./filesnarf.c --- ../orig/dsniff-2.4b1/filesnarf.c 2001-03-15 03:33:03.000000000 -0500 +++ ./filesnarf.c 2005-03-03 10:33:01.629460080 -0500 @@ -51,7 +51,7 @@ usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: filesnarf [-i interface] [[-v] pattern [expression]]\n"); + "Usage: filesnarf [-i interface | -r pcapfile] [[-v] pattern [expression]]\n"); exit(1); } @@ -464,11 +464,14 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "i:vh?V")) != -1) { + while ((c = getopt(argc, argv, "i:r:vh?V")) != -1) { switch (c) { case 'i': nids_params.device = optarg; break; + case 'r': + nids_params.filename = optarg; + break; case 'v': Opt_invert = 1; break; @@ -498,11 +501,24 @@ nids_register_ip(decode_udp_nfs); nids_register_tcp(decode_tcp_nfs); - if (nids_params.pcap_filter != NULL) { - warnx("listening on %s [%s]", nids_params.device, - nids_params.pcap_filter); - } - else warnx("listening on %s", nids_params.device); + if (nids_params.pcap_filter != NULL) { + if (nids_params.filename == NULL) { + warnx("listening on %s [%s]", nids_params.device, + nids_params.pcap_filter); + } + else { + warnx("using %s [%s]", nids_params.filename, + nids_params.pcap_filter); + } + } + else { + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + } nids_run(); diff -u ../orig/dsniff-2.4b1/mailsnarf.8 ./mailsnarf.8 --- ../orig/dsniff-2.4b1/mailsnarf.8 2000-11-19 01:09:28.000000000 -0500 +++ ./mailsnarf.8 2005-03-03 10:29:01.851290684 -0500 @@ -9,7 +9,7 @@ .na .nf .fi -\fBmailsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] +\fBmailsnarf\fR [\fB-i \fIinterface\fR | \fB-r \fIpcap dump file\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] .SH DESCRIPTION .ad .fi @@ -19,6 +19,8 @@ .SH OPTIONS .IP "\fB-i \fIinterface\fR" Specify the interface to listen on. +.IP "\fB-r \fIpcap dump file\fR" +Process packets from the specified PCAP capture file instead of the network. .IP \fB-v\fR "Versus" mode. Invert the sense of matching, to select non-matching messages. diff -u ../orig/dsniff-2.4b1/mailsnarf.c ./mailsnarf.c --- ../orig/dsniff-2.4b1/mailsnarf.c 2005-03-03 09:57:17.302999234 -0500 +++ ./mailsnarf.c 2005-03-03 10:08:03.359241974 -0500 @@ -59,7 +59,7 @@ usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: mailsnarf [-i interface] [[-v] pattern [expression]]\n"); + "Usage: mailsnarf [-i interface | -r pcapfile] [[-v] pattern [expression]]\n"); exit(1); } @@ -344,11 +344,14 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "i:vh?V")) != -1) { + while ((c = getopt(argc, argv, "i:r:vh?V")) != -1) { switch (c) { case 'i': nids_params.device = optarg; break; + case 'r': + nids_params.filename = optarg; + break; case 'v': Opt_invert = 1; break; @@ -378,10 +381,23 @@ nids_register_tcp(sniff_pop_session); if (nids_params.pcap_filter != NULL) { - warnx("listening on %s [%s]", nids_params.device, - nids_params.pcap_filter); - } - else warnx("listening on %s", nids_params.device); + if (nids_params.filename == NULL) { + warnx("listening on %s [%s]", nids_params.device, + nids_params.pcap_filter); + } + else { + warnx("using %s [%s]", nids_params.filename, + nids_params.pcap_filter); + } + } + else { + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + } nids_run(); Common subdirectories: ../orig/dsniff-2.4b1/missing and ./missing diff -u ../orig/dsniff-2.4b1/msgsnarf.8 ./msgsnarf.8 --- ../orig/dsniff-2.4b1/msgsnarf.8 2000-11-19 01:10:50.000000000 -0500 +++ ./msgsnarf.8 2005-03-03 10:41:45.868459993 -0500 @@ -9,7 +9,7 @@ .na .nf .fi -\fBmsgsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] +\fBmsgsnarf\fR [\fB-i \fIinterface\fR | \fB-r \fIpcap dump file\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] .SH DESCRIPTION .ad .fi @@ -19,6 +19,8 @@ .SH OPTIONS .IP "\fB-i \fIinterface\fR" Specify the interface to listen on. +.IP "\fB-r \fIpcap dump file\fR" +Process packets from the specified PCAP capture file instead of the network. .IP \fB-v\fR "Versus" mode. Invert the sense of matching, to select non-matching messages. diff -u ../orig/dsniff-2.4b1/msgsnarf.c ./msgsnarf.c --- ../orig/dsniff-2.4b1/msgsnarf.c 2001-03-15 03:33:04.000000000 -0500 +++ ./msgsnarf.c 2005-03-03 10:41:17.544456813 -0500 @@ -44,7 +44,7 @@ usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: msgsnarf [-i interface] [[-v] pattern [expression]]\n"); + "Usage: msgsnarf [-i interface | -r pcapfile] [[-v] pattern [expression]]\n"); exit(1); } @@ -632,11 +632,14 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "i:hv?V")) != -1) { + while ((c = getopt(argc, argv, "i:r:hv?V")) != -1) { switch (c) { case 'i': nids_params.device = optarg; break; + case 'r': + nids_params.filename = optarg; + break; case 'v': Opt_invert = 1; break; @@ -665,11 +668,24 @@ nids_register_tcp(sniff_msgs); - if (nids_params.pcap_filter != NULL) { - warnx("listening on %s [%s]", nids_params.device, - nids_params.pcap_filter); - } - else warnx("listening on %s", nids_params.device); + if (nids_params.pcap_filter != NULL) { + if (nids_params.filename == NULL) { + warnx("listening on %s [%s]", nids_params.device, + nids_params.pcap_filter); + } + else { + warnx("using %s [%s]", nids_params.filename, + nids_params.pcap_filter); + } + } + else { + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + } nids_run(); diff -u ../orig/dsniff-2.4b1/sshow.8 ./sshow.8 --- ../orig/dsniff-2.4b1/sshow.8 2001-03-17 00:37:47.000000000 -0500 +++ ./sshow.8 2005-03-03 10:45:57.396972755 -0500 @@ -9,7 +9,7 @@ .na .nf .fi -\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR] [\fIexpression\fR] +\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR | \fB-r \fIpcap dump file\fR] [\fIexpression\fR] .SH DESCRIPTION .ad .fi @@ -28,6 +28,8 @@ Enable verbose debugging output. .IP "\fB-i \fIinterface\fR" Specify the interface to listen on. +.IP "\fB-r \fIpcap dump file\fR" +Process packets from the specified PCAP capture file instead of the network. .IP "\fIexpression\fR" Specify a tcpdump(8) filter expression to select traffic to sniff. .SH "SEE ALSO" diff -u ../orig/dsniff-2.4b1/sshow.c ./sshow.c --- ../orig/dsniff-2.4b1/sshow.c 2005-03-03 09:57:17.308998391 -0500 +++ ./sshow.c 2005-03-03 10:47:41.973232083 -0500 @@ -82,7 +82,7 @@ static void usage(void) { - fprintf(stderr, "Usage: sshow [-d] [-i interface]\n"); + fprintf(stderr, "Usage: sshow [-d] [-i interface | -r pcapfile]\n"); exit(1); } @@ -616,7 +616,7 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "di:h?")) != -1) { + while ((c = getopt(argc, argv, "di:r:h?")) != -1) { switch (c) { case 'd': debug++; @@ -624,6 +624,9 @@ case 'i': nids_params.device = optarg; break; + case 'r': + nids_params.filename = optarg; + break; default: usage(); break; @@ -652,11 +655,24 @@ nids_register_tcp(process_event); - if (nids_params.pcap_filter != NULL) { - warnx("listening on %s [%s]", nids_params.device, - nids_params.pcap_filter); - } - else warnx("listening on %s", nids_params.device); + if (nids_params.pcap_filter != NULL) { + if (nids_params.filename == NULL) { + warnx("listening on %s [%s]", nids_params.device, + nids_params.pcap_filter); + } + else { + warnx("using %s [%s]", nids_params.filename, + nids_params.pcap_filter); + } + } + else { + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + } nids_run(); diff -u ../orig/dsniff-2.4b1/urlsnarf.8 ./urlsnarf.8 --- ../orig/dsniff-2.4b1/urlsnarf.8 2000-11-19 01:24:51.000000000 -0500 +++ ./urlsnarf.8 2005-03-03 10:46:22.184476164 -0500 @@ -9,7 +9,7 @@ .na .nf .fi -\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] +\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR | \fB-r \fIpcap dump file\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] .SH DESCRIPTION .ad .fi @@ -21,6 +21,9 @@ .IP \fB-n\fR Do not resolve IP addresses to hostnames. .IP "\fB-i \fIinterface\fR" +Specify the interface to listen on. +.IP "\fB-r \fIpcap dump file\fR" +Process packets from the specified PCAP capture file instead of the network. .IP \fB-v\fR "Versus" mode. Invert the sense of matching, to select non-matching URLs. diff -u ../orig/dsniff-2.4b1/urlsnarf.c ./urlsnarf.c --- ../orig/dsniff-2.4b1/urlsnarf.c 2001-03-15 04:26:13.000000000 -0500 +++ ./urlsnarf.c 2005-03-08 14:43:10.722559397 -0500 @@ -41,7 +41,7 @@ usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: urlsnarf [-n] [-i interface] [[-v] pattern [expression]]\n"); + "Usage: urlsnarf [-n] [-i interface | -r pcapfile] [[-v] pattern [expression]]\n"); exit(1); } @@ -201,11 +201,14 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "i:nvh?V")) != -1) { + while ((c = getopt(argc, argv, "i:r:nvh?V")) != -1) { switch (c) { case 'i': nids_params.device = optarg; break; + case 'i': + nids_params.filename = optarg; + break; case 'n': Opt_dns = 0; break; @@ -238,8 +241,24 @@ nids_register_tcp(sniff_http_client); - warnx("listening on %s [%s]", nids_params.device, - nids_params.pcap_filter); + if (nids_params.pcap_filter != NULL) { + if (nids_params.filename == NULL) { + warnx("listening on %s [%s]", nids_params.device, + nids_params.pcap_filter); + } + else { + warnx("using %s [%s]", nids_params.filename, + nids_params.pcap_filter); + } + } + else { + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + } nids_run(); diff -u ../orig/dsniff-2.4b1/webspy.8 ./webspy.8 --- ../orig/dsniff-2.4b1/webspy.8 2000-11-14 10:51:05.000000000 -0500 +++ ./webspy.8 2005-03-08 14:20:14.232736079 -0500 @@ -9,7 +9,7 @@ .na .nf .fi -\fBwebspy\fR [\fB-i \fIinterface\fR] \fIhost\fR +\fBwebspy\fR [\fB-i \fIinterface\fR | \fB-r \fIpcap dump file\fR] \fIhost\fR .SH DESCRIPTION .ad .fi @@ -20,6 +20,8 @@ .SH OPTIONS .IP "\fB-i \fIinterface\fR" Specify the interface to listen on. +.IP "\fB-r \fIpcap dump file\fR" +Process packets from the specified PCAP capture file instead of the network. .IP \fIhost\fR Specify the web client to spy on. .SH "SEE ALSO" diff -u ../orig/dsniff-2.4b1/webspy.c ./webspy.c --- ../orig/dsniff-2.4b1/webspy.c 2001-03-15 03:33:05.000000000 -0500 +++ ./webspy.c 2005-03-08 14:19:30.831804888 -0500 @@ -42,7 +42,7 @@ usage(void) { fprintf(stderr, "Version: " VERSION "\n" - "Usage: %s [-i interface] host\n", progname); + "Usage: %s [-i interface | -r pcapfile] host\n", progname); exit(1); } @@ -184,11 +184,14 @@ extern int optind; int c; - while ((c = getopt(argc, argv, "i:h?V")) != -1) { + while ((c = getopt(argc, argv, "i:r:h?V")) != -1) { switch (c) { case 'i': nids_params.device = optarg; break; + case 'r': + nids_params.filename = optarg; + break; default: usage(); } @@ -216,7 +219,13 @@ nids_register_tcp(sniff_http_client); - warnx("listening on %s", nids_params.device); + if (nids_params.filename == NULL) { + warnx("listening on %s", nids_params.device); + } + else { + warnx("using %s", nids_params.filename); + } + nids_run();