Package: dsniff
Version: 2.4b1-9
Severity: wishlist
Tags: patch
Patch enclosed to add "-r pcapfile" to the passive sniffers in dsniff
(filesnarf, mailsnarf, msgsnarf, sshow, urlsnarf, and webspy). Includes man
page changes. Expands on previous changes to dsniff.c for the same purpose.
Single unified diff attached.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages dsniff depends on:
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [
ii libice6 4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library
ii libnet0 1.0.2a-7 library for the construction and h
ii libnids1 1.20-1 IP defragmentation TCP segment rea
ii libpcap0.8 0.8.3-5 System interface for user-level pa
ii libsm6 4.3.0.dfsg.1-12.0.1 X Window System Session Management
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol client li
ii libxmu6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous util
ii openssl 0.9.7e-3 Secure Socket Layer (SSL) binary a
ii xlibs 4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu
-- no debconf information
Common subdirectories: ../orig/dsniff-2.4b1/CVS and ./CVS
Common subdirectories: ../orig/dsniff-2.4b1/debian and ./debian
diff -u ../orig/dsniff-2.4b1/filesnarf.8 ./filesnarf.8
--- ../orig/dsniff-2.4b1/filesnarf.8 2000-11-19 01:23:33.000000000 -0500
+++ ./filesnarf.8 2005-03-03 10:33:59.244324732 -0500
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBfilesnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern
[\fIexpression\fR]]
+\fBfilesnarf\fR [\fB-i \fIinterface\fR | \fB-r \fIpcap dump file\fR]
[[\fB-v\fR] \fIpattern [\fIexpression\fR]]
.SH DESCRIPTION
.ad
.fi
@@ -18,6 +18,8 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-r \fIpcap dump file\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fB-v\fR
"Versus" mode. Invert the sense of matching, to select non-matching
files.
diff -u ../orig/dsniff-2.4b1/filesnarf.c ./filesnarf.c
--- ../orig/dsniff-2.4b1/filesnarf.c 2001-03-15 03:33:03.000000000 -0500
+++ ./filesnarf.c 2005-03-03 10:33:01.629460080 -0500
@@ -51,7 +51,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: filesnarf [-i interface] [[-v] pattern
[expression]]\n");
+ "Usage: filesnarf [-i interface | -r pcapfile] [[-v] pattern
[expression]]\n");
exit(1);
}
@@ -464,11 +464,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:r:vh?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'r':
+ nids_params.filename = optarg;
+ break;
case 'v':
Opt_invert = 1;
break;
@@ -498,11 +501,24 @@
nids_register_ip(decode_udp_nfs);
nids_register_tcp(decode_tcp_nfs);
- if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
- }
- else warnx("listening on %s", nids_params.device);
+ if (nids_params.pcap_filter != NULL) {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
diff -u ../orig/dsniff-2.4b1/mailsnarf.8 ./mailsnarf.8
--- ../orig/dsniff-2.4b1/mailsnarf.8 2000-11-19 01:09:28.000000000 -0500
+++ ./mailsnarf.8 2005-03-03 10:29:01.851290684 -0500
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBmailsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern
[\fIexpression\fR]]
+\fBmailsnarf\fR [\fB-i \fIinterface\fR | \fB-r \fIpcap dump file\fR]
[[\fB-v\fR] \fIpattern [\fIexpression\fR]]
.SH DESCRIPTION
.ad
.fi
@@ -19,6 +19,8 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-r \fIpcap dump file\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fB-v\fR
"Versus" mode. Invert the sense of matching, to select non-matching
messages.
diff -u ../orig/dsniff-2.4b1/mailsnarf.c ./mailsnarf.c
--- ../orig/dsniff-2.4b1/mailsnarf.c 2005-03-03 09:57:17.302999234 -0500
+++ ./mailsnarf.c 2005-03-03 10:08:03.359241974 -0500
@@ -59,7 +59,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: mailsnarf [-i interface] [[-v] pattern
[expression]]\n");
+ "Usage: mailsnarf [-i interface | -r pcapfile] [[-v] pattern
[expression]]\n");
exit(1);
}
@@ -344,11 +344,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:r:vh?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'r':
+ nids_params.filename = optarg;
+ break;
case 'v':
Opt_invert = 1;
break;
@@ -378,10 +381,23 @@
nids_register_tcp(sniff_pop_session);
if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
- }
- else warnx("listening on %s", nids_params.device);
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
Common subdirectories: ../orig/dsniff-2.4b1/missing and ./missing
diff -u ../orig/dsniff-2.4b1/msgsnarf.8 ./msgsnarf.8
--- ../orig/dsniff-2.4b1/msgsnarf.8 2000-11-19 01:10:50.000000000 -0500
+++ ./msgsnarf.8 2005-03-03 10:41:45.868459993 -0500
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBmsgsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern
[\fIexpression\fR]]
+\fBmsgsnarf\fR [\fB-i \fIinterface\fR | \fB-r \fIpcap dump file\fR]
[[\fB-v\fR] \fIpattern [\fIexpression\fR]]
.SH DESCRIPTION
.ad
.fi
@@ -19,6 +19,8 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-r \fIpcap dump file\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fB-v\fR
"Versus" mode. Invert the sense of matching, to select non-matching
messages.
diff -u ../orig/dsniff-2.4b1/msgsnarf.c ./msgsnarf.c
--- ../orig/dsniff-2.4b1/msgsnarf.c 2001-03-15 03:33:04.000000000 -0500
+++ ./msgsnarf.c 2005-03-03 10:41:17.544456813 -0500
@@ -44,7 +44,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: msgsnarf [-i interface] [[-v] pattern [expression]]\n");
+ "Usage: msgsnarf [-i interface | -r pcapfile] [[-v] pattern
[expression]]\n");
exit(1);
}
@@ -632,11 +632,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:hv?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:r:hv?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'r':
+ nids_params.filename = optarg;
+ break;
case 'v':
Opt_invert = 1;
break;
@@ -665,11 +668,24 @@
nids_register_tcp(sniff_msgs);
- if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
- }
- else warnx("listening on %s", nids_params.device);
+ if (nids_params.pcap_filter != NULL) {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
diff -u ../orig/dsniff-2.4b1/sshow.8 ./sshow.8
--- ../orig/dsniff-2.4b1/sshow.8 2001-03-17 00:37:47.000000000 -0500
+++ ./sshow.8 2005-03-03 10:45:57.396972755 -0500
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR] [\fIexpression\fR]
+\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR | \fB-r \fIpcap dump file\fR]
[\fIexpression\fR]
.SH DESCRIPTION
.ad
.fi
@@ -28,6 +28,8 @@
Enable verbose debugging output.
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-r \fIpcap dump file\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP "\fIexpression\fR"
Specify a tcpdump(8) filter expression to select traffic to sniff.
.SH "SEE ALSO"
diff -u ../orig/dsniff-2.4b1/sshow.c ./sshow.c
--- ../orig/dsniff-2.4b1/sshow.c 2005-03-03 09:57:17.308998391 -0500
+++ ./sshow.c 2005-03-03 10:47:41.973232083 -0500
@@ -82,7 +82,7 @@
static void
usage(void)
{
- fprintf(stderr, "Usage: sshow [-d] [-i interface]\n");
+ fprintf(stderr, "Usage: sshow [-d] [-i interface | -r pcapfile]\n");
exit(1);
}
@@ -616,7 +616,7 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "di:h?")) != -1) {
+ while ((c = getopt(argc, argv, "di:r:h?")) != -1) {
switch (c) {
case 'd':
debug++;
@@ -624,6 +624,9 @@
case 'i':
nids_params.device = optarg;
break;
+ case 'r':
+ nids_params.filename = optarg;
+ break;
default:
usage();
break;
@@ -652,11 +655,24 @@
nids_register_tcp(process_event);
- if (nids_params.pcap_filter != NULL) {
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
- }
- else warnx("listening on %s", nids_params.device);
+ if (nids_params.pcap_filter != NULL) {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
diff -u ../orig/dsniff-2.4b1/urlsnarf.8 ./urlsnarf.8
--- ../orig/dsniff-2.4b1/urlsnarf.8 2000-11-19 01:24:51.000000000 -0500
+++ ./urlsnarf.8 2005-03-03 10:46:22.184476164 -0500
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern
[\fIexpression\fR]]
+\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR | \fB-r \fIpcap dump file\fR]
[[\fB-v\fR] \fIpattern [\fIexpression\fR]]
.SH DESCRIPTION
.ad
.fi
@@ -21,6 +21,9 @@
.IP \fB-n\fR
Do not resolve IP addresses to hostnames.
.IP "\fB-i \fIinterface\fR"
+Specify the interface to listen on.
+.IP "\fB-r \fIpcap dump file\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fB-v\fR
"Versus" mode. Invert the sense of matching, to select non-matching
URLs.
diff -u ../orig/dsniff-2.4b1/urlsnarf.c ./urlsnarf.c
--- ../orig/dsniff-2.4b1/urlsnarf.c 2001-03-15 04:26:13.000000000 -0500
+++ ./urlsnarf.c 2005-03-08 14:43:10.722559397 -0500
@@ -41,7 +41,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: urlsnarf [-n] [-i interface] [[-v] pattern
[expression]]\n");
+ "Usage: urlsnarf [-n] [-i interface | -r pcapfile] [[-v]
pattern [expression]]\n");
exit(1);
}
@@ -201,11 +201,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:nvh?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:r:nvh?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'i':
+ nids_params.filename = optarg;
+ break;
case 'n':
Opt_dns = 0;
break;
@@ -238,8 +241,24 @@
nids_register_tcp(sniff_http_client);
- warnx("listening on %s [%s]", nids_params.device,
- nids_params.pcap_filter);
+ if (nids_params.pcap_filter != NULL) {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s [%s]", nids_params.device,
+ nids_params.pcap_filter);
+ }
+ else {
+ warnx("using %s [%s]", nids_params.filename,
+ nids_params.pcap_filter);
+ }
+ }
+ else {
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+ }
nids_run();
diff -u ../orig/dsniff-2.4b1/webspy.8 ./webspy.8
--- ../orig/dsniff-2.4b1/webspy.8 2000-11-14 10:51:05.000000000 -0500
+++ ./webspy.8 2005-03-08 14:20:14.232736079 -0500
@@ -9,7 +9,7 @@
.na
.nf
.fi
-\fBwebspy\fR [\fB-i \fIinterface\fR] \fIhost\fR
+\fBwebspy\fR [\fB-i \fIinterface\fR | \fB-r \fIpcap dump file\fR] \fIhost\fR
.SH DESCRIPTION
.ad
.fi
@@ -20,6 +20,8 @@
.SH OPTIONS
.IP "\fB-i \fIinterface\fR"
Specify the interface to listen on.
+.IP "\fB-r \fIpcap dump file\fR"
+Process packets from the specified PCAP capture file instead of the network.
.IP \fIhost\fR
Specify the web client to spy on.
.SH "SEE ALSO"
diff -u ../orig/dsniff-2.4b1/webspy.c ./webspy.c
--- ../orig/dsniff-2.4b1/webspy.c 2001-03-15 03:33:05.000000000 -0500
+++ ./webspy.c 2005-03-08 14:19:30.831804888 -0500
@@ -42,7 +42,7 @@
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: %s [-i interface] host\n", progname);
+ "Usage: %s [-i interface | -r pcapfile] host\n", progname);
exit(1);
}
@@ -184,11 +184,14 @@
extern int optind;
int c;
- while ((c = getopt(argc, argv, "i:h?V")) != -1) {
+ while ((c = getopt(argc, argv, "i:r:h?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
+ case 'r':
+ nids_params.filename = optarg;
+ break;
default:
usage();
}
@@ -216,7 +219,13 @@
nids_register_tcp(sniff_http_client);
- warnx("listening on %s", nids_params.device);
+ if (nids_params.filename == NULL) {
+ warnx("listening on %s", nids_params.device);
+ }
+ else {
+ warnx("using %s", nids_params.filename);
+ }
+
nids_run();
