From fda6e32aede813b50a8035e979f0b623b7f3aa1d Mon Sep 17 00:00:00 2001 From: William Robinet Date: Thu, 3 Aug 2023 11:09:56 +0200 Subject: [PATCH] Add -z option for printing timestamps in front of TCP headers --- base/network.h | 1 + base/pcap-snoop.c | 9 ++++++--- base/tcppack.c | 7 ++++++- ssldump.1 | 3 +++ 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/base/network.h b/base/network.h index e5a809a..1760157 100644 --- a/base/network.h +++ b/base/network.h @@ -124,5 +124,6 @@ extern UINT4 NET_print_flags; #define NET_PRINT_ACKS 4 #define NET_PRINT_NO_RESOLVE 8 #define NET_PRINT_JSON 16 +#define NET_PRINT_TS 32 #endif diff --git a/base/pcap-snoop.c b/base/pcap-snoop.c index 96f11a1..3d3a85b 100644 --- a/base/pcap-snoop.c +++ b/base/pcap-snoop.c @@ -111,7 +111,7 @@ int err_exit(str,num) int usage() { fprintf(stderr,"Usage: ssldump [-r dumpfile] [-i interface] [-l sslkeylogfile] [-w outpcapfile]\n"); - fprintf(stderr," [-k keyfile] [-p password] [-vtaTnsAxVNde]\n"); + fprintf(stderr," [-k keyfile] [-p password] [-vtaTznsAxVNde]\n"); fprintf(stderr," [filter]\n"); exit(0); } @@ -120,7 +120,7 @@ int print_version() { printf(PACKAGE_STRING "\n"); printf("Maintained by a bunch of volunteers, see https://github.com/adulau/ssldump/blob/master/CREDITS\n"); - printf("Copyright (C) 2015-2021 the aforementioned volunteers\n"); + printf("Copyright (C) 2015-2023 the aforementioned volunteers\n"); printf("Copyright (C) 1998-2001 RTFM, Inc.\n"); printf("All rights reserved.\n"); #ifdef OPENSSL @@ -332,7 +332,7 @@ int main(argc,argv) signal(SIGINT,sig_handler); - while((c=getopt(argc,argv,"vr:F:f:S:jyTt:ai:k:l:w:p:nsAxXhHVNdqem:P"))!=EOF){ + while((c=getopt(argc,argv,"vr:F:f:S:jyTt:ai:k:l:w:p:znsAxXhHVNdqem:P"))!=EOF){ switch(c){ case 'v': print_version(); @@ -354,6 +354,9 @@ int main(argc,argv) NET_print_flags |= NET_PRINT_JSON; SSL_print_flags |= SSL_PRINT_JSON; break; + case 'z': + NET_print_flags |= NET_PRINT_TS; + break; case 'a': NET_print_flags |= NET_PRINT_ACKS; break; diff --git a/base/tcppack.c b/base/tcppack.c index d06885f..8763d89 100644 --- a/base/tcppack.c +++ b/base/tcppack.c @@ -397,7 +397,9 @@ static int print_tcp_packet(p) packet *p; { char *src=0,*dst=0; - + + struct timeval *ts = &p->ts; + if(!(NET_print_flags & NET_PRINT_TCP_HDR)) return(0); @@ -405,6 +407,9 @@ static int print_tcp_packet(p) lookuphostname(&p->r_addr.so_st,&dst); if(!(NET_print_flags & NET_PRINT_JSON)) { + if(NET_print_flags & NET_PRINT_TS) { + printf("%lld%c%4.4lld ", (long long)ts->tv_sec,'.',(long long)ts->tv_usec/100); + } printf("TCP: %s(%d) -> %s(%d) ", src, ntohs(p->tcp->th_sport), diff --git a/ssldump.1 b/ssldump.1 index 348aea0..027aca7 100644 --- a/ssldump.1 +++ b/ssldump.1 @@ -251,6 +251,9 @@ program. Decorate the output for processing with nroff/troff. Not very useful for the average user. .TP +.B \-z +Add timestamp in front of TCP packet description (-T) +.TP \fIexpression\fP .RS Selects what packets \fIssldump\fP will examine. Technically speaking,