mirror of
https://github.com/adulau/ssldump.git
synced 2025-02-06 22:25:15 +00:00
ssldump_0.9b3.orig.tar.gz Import
This commit is contained in:
commit
ea12dfe6d2
100 changed files with 22293 additions and 0 deletions
60
COPYRIGHT
Normal file
60
COPYRIGHT
Normal file
|
@ -0,0 +1,60 @@
|
|||
SSLDUMP LICENSE
|
||||
Copyright (C) 1999-2001 RTFM, Inc.
|
||||
All Rights Reserved
|
||||
|
||||
This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla
|
||||
<ekr@rtfm.com> and licensed by RTFM, Inc.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. All advertising materials mentioning features or use of this software
|
||||
must display the following acknowledgement:
|
||||
|
||||
This product includes software developed by Eric Rescorla for
|
||||
RTFM, Inc.
|
||||
|
||||
4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be
|
||||
used to endorse or promote products derived from this
|
||||
software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE ERIC RESCORLA AND RTFM ``AS IS'' AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
SUCH DAMAGE.
|
||||
|
||||
TCPDUMP LICENSE
|
||||
The manual page for this software is partially excerpted from
|
||||
the tcpdump manual page, which is subject to the following license:
|
||||
Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997
|
||||
The Regents of the University of California. All rights reserved.
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that: (1) source code distributions
|
||||
retain the above copyright notice and this paragraph in its entirety, (2)
|
||||
distributions including binary code include the above copyright notice and
|
||||
this paragraph in its entirety in the documentation or other materials
|
||||
provided with the distribution, and (3) all advertising materials mentioning
|
||||
features or use of this software display the following acknowledgement:
|
||||
``This product includes software developed by the University of California,
|
||||
Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
|
||||
the University nor the names of its contributors may be used to endorse
|
||||
or promote products derived from this software without specific prior
|
||||
written permission.
|
||||
THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
|
||||
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
|
20
CREDITS
Normal file
20
CREDITS
Normal file
|
@ -0,0 +1,20 @@
|
|||
ssldump was written by Eric Rescorla <ekr@rtfm.com>
|
||||
|
||||
The Windows port of ssldump was provided by Greg Stark.
|
||||
|
||||
The following people have provided bug fixes, bug reports, or suggestions.
|
||||
Adam Cain
|
||||
Pavel Curtis
|
||||
Chris Jepeway
|
||||
Alexander Fetke
|
||||
Jeffrey Hafey
|
||||
Lutz Jaenicke
|
||||
Dave Jagoda
|
||||
Norbert Klasen
|
||||
Richard Levitte
|
||||
Hugh Mandeville
|
||||
Eric Murray
|
||||
Henrik Nordstrom
|
||||
|
||||
If you think you should be on this list, send me mail at <ekr@rtfm.com>.
|
||||
|
158
ChangeLog
Normal file
158
ChangeLog
Normal file
|
@ -0,0 +1,158 @@
|
|||
Wed Aug 21 10:48:45 2002 EKR <ekr@rtfm.com>
|
||||
* Installed Greg Stark's new Win32 patches.
|
||||
|
||||
* Added updated VLAN support (Jeffrey Hafey)
|
||||
|
||||
Fri Aug 16 16:56:23 2002 EKR <ekr@rtfm.com>
|
||||
* Cleaned up 56-bit ciphersuites in ciphersuites.c
|
||||
|
||||
* Fixed memory errors in packet copying.
|
||||
|
||||
* Fixed bugs in processing of bogus SSLv2 messages.
|
||||
|
||||
* Fixed bugs in TCP packet reassembly code.
|
||||
|
||||
Tue Aug 13 13:03:41 2002 EKR <ekr@rtfm.com>
|
||||
* Fixed EXPORT1024 DES cipher suites
|
||||
|
||||
Mon Aug 12 16:49:51 2002 EKR <ekr@rtfm.com>
|
||||
* Added support for VLAN networks (Jeffrey Hafey)
|
||||
|
||||
* Fixed printing of data with embedded tabs (Pavel Curtis)
|
||||
|
||||
* Added support for non-promiscuous mode (-P flag)
|
||||
(Bruce M Simpson)
|
||||
|
||||
* Fixed potential small overrun in RSA decryption.
|
||||
|
||||
Fri Sep 28 15:54:47 2001 EKR <ekr@rtfm.com>
|
||||
* Fixed install so that we install in /usr/local/sbin
|
||||
with mode 755. Bug report ssldump/22.
|
||||
(Dave Jagoda)
|
||||
|
||||
* Fixed compilation warning about create_null_analyzer
|
||||
Bug report ssldump/23.
|
||||
|
||||
Wed Sep 26 14:49:06 2001 EKR <ekr@rtfm.com>
|
||||
* Fixed SYN & SYN/ACK detection to that it works with ECN.
|
||||
(Henrik Nordstrom)
|
||||
|
||||
* Added /usr/include/pcap to the PCAP search path
|
||||
(Henrik Nordstrom)
|
||||
|
||||
Sat Sep 15 13:41:10 2001 EKR <ekr@rtfm.com>
|
||||
* Fix to ssldecode.c to remove error with empty
|
||||
struct when compiling with VC++ and no OpenSSL
|
||||
(Greg Stark)
|
||||
|
||||
* Change to vcwin32.mak to print out that you're not
|
||||
using OpenSSL (Greg Stark)
|
||||
|
||||
* Automatic version changing courtesy of version-change.pl
|
||||
|
||||
Fri Sep 14 15:22:29 2001 EKR <ekr@rtfm.com>
|
||||
* Fixed bug 4. Delete the MS after decrypting a PMS
|
||||
to force new MS generation in the key generation phase.
|
||||
This makes decryption of renegotiated connections work
|
||||
correctly. This got broken when session resumption
|
||||
was added.
|
||||
|
||||
2001-09-14 Eric Rescorla <ekr@rtfm.com>
|
||||
|
||||
* Imported Greg Stark's Win32 port
|
||||
|
||||
Sun Sep 2 15:53:06 2001 EKR <ekr@rtfm.com>
|
||||
* Fixed the reassembler so it doesn't crash when
|
||||
FIN/RST segments have data.
|
||||
|
||||
* closure/connection freeing now works, thus meaning less
|
||||
memory leakage and less crashing.
|
||||
|
||||
* A bunch of trivial makefile/configure fixes.
|
||||
|
||||
Fri Jul 20 16:40:51 2001 EKR <ekr@rtfm.com>
|
||||
* Removed loading of certificate file. This served
|
||||
no real purpose. Fix for bug 5.
|
||||
|
||||
Fri Jul 20 11:02:09 2001 EKR <ekr@rtfm.com>
|
||||
* Fixed initialization so that the key file is loaded
|
||||
only once.
|
||||
|
||||
Removed default keyfile and password. You now must
|
||||
specify them. You also get an error if you specify
|
||||
a bad password or keyfile.
|
||||
|
||||
Fri Jul 20 10:17:36 2001 EKR <ekr@rtfm.com>
|
||||
* Added support for session resumption.
|
||||
|
||||
Fri Jul 20 10:17:16 2001 EKR <ekr@rtfm.com>
|
||||
* Fixed SEQ_LT problems on Linux and other compilation
|
||||
problems.
|
||||
|
||||
Tue Mar 6 2001 EKR <ekr@rtfm.com>
|
||||
* Removed statically allocated conn array. We can now
|
||||
have an arbitrary number of
|
||||
|
||||
Thu Nov 9 12:14:15 2000 EKR <ekr@rtfm.com>
|
||||
* Cleanups to the man page and cleaned up some cases
|
||||
where printing didn't work quite right.
|
||||
|
||||
Mon Nov 6 10:22:25 2000 EKR <ekr@rtfm.com>
|
||||
* Added the -X flag to force hex-only printing when
|
||||
binary data is displayed as hex dumps.
|
||||
|
||||
Fri Nov 3 09:23:35 2000 EKR <ekr@rtfm.com>
|
||||
* cleaned up the case where multiple handshake messages
|
||||
are in the same SSL record.
|
||||
|
||||
Fri Nov 3 09:14:39 2000 EKR <ekr@rtfm.com>
|
||||
* Modified printing so that when we're printing hex dumps
|
||||
of application data traffic we also print the printable
|
||||
sections of the data itself in a column on the side.
|
||||
|
||||
Thu Nov 2 14:14:21 2000 EKR <ekr@rtfm.com>
|
||||
* Modified cipher suite printing so that the names have
|
||||
SSL_ if we're doing SSLv3 and TLS_ if we're doing TLS.
|
||||
Suggestion by Eric Murray.
|
||||
|
||||
Thu Nov 2 13:07:09 2000 EKR <ekr@rtfm.com>
|
||||
* Fixed an ABW in ssldecode.c that caused crashes
|
||||
on Solaris. Also, fixed a bunch of memory leaks
|
||||
using Purify.
|
||||
|
||||
Thu Nov 2 08:45:42 2000 EKR <ekr@rtfm.com>
|
||||
* Various Portability fixes
|
||||
CC=gcc -> CC=@CC@ in Makefile
|
||||
Removed FLAGS in Makefile (it was a noop)
|
||||
in base/tcpconn.c, changed {} to {0} to appease HPUX's compiler
|
||||
made create_null_analyzer.c static as it should be.
|
||||
Removed the final (bogus) entry in null_vtbl.
|
||||
made sslx__print_serial() static to match its prototype
|
||||
Rearranged library order for better linkage
|
||||
Thanks to Lutze Jainecke for these fixes.
|
||||
|
||||
Thu Nov 2 08:41:10 2000 EKR <ekr@rtfm.com>
|
||||
* Added -r as a synonym for -f. -f will eventually
|
||||
be removed and reused for some other option.
|
||||
This was done for option compatibility with tcpdump
|
||||
and on the theory that someday I might add a -w.
|
||||
|
||||
* Renamed -h to -H and added it to the documentation.
|
||||
-h now triggers usage info.
|
||||
|
||||
Thu Nov 2 08:38:06 2000 EKR <ekr@rtfm.com>
|
||||
* Removed blank lines in the man page. This confuses some
|
||||
man page formatters. (Thanks to Hugh Mandeville for pointing
|
||||
this one out)
|
||||
|
||||
Thu Nov 2 08:37:59 2000 EKR <ekr@rtfm.com>
|
||||
* Wired up -N (it was unwired)
|
||||
|
||||
Thu Nov 2 08:37:47 2000 EKR <ekr@rtfm.com>
|
||||
* Added -D_BSD_SOURCE=1 when you're compiling on Linux.
|
||||
(Allowing it to compile)
|
||||
|
||||
|
||||
|
||||
|
||||
|
9
FILES
Normal file
9
FILES
Normal file
|
@ -0,0 +1,9 @@
|
|||
record-fmt.txt
|
||||
record_analyze.c
|
||||
record_analyze.h
|
||||
targets.mk
|
||||
|
||||
CVS:
|
||||
Entries
|
||||
Repository
|
||||
Root
|
46
INSTALL
Normal file
46
INSTALL
Normal file
|
@ -0,0 +1,46 @@
|
|||
$Id: INSTALL,v 1.5 2001/09/14 22:29:13 ekr Exp $
|
||||
|
||||
If you don't have libpcap, you'll need to get it and install it. You
|
||||
can obtain it from:
|
||||
http://www.tcpdump.org/
|
||||
|
||||
If you want to be able to decrypt SSL traffic or view certificates,
|
||||
get OpenSSL if you don't have it:
|
||||
http://www.openssl.org/
|
||||
|
||||
Once you've built and installed libpcap and OpenSSL, you're ready to
|
||||
build ssldump.
|
||||
|
||||
ssldump uses a GNU autoconf-based configuration to automatically
|
||||
configure the build.
|
||||
|
||||
In the simplest form you can simply do:
|
||||
./configure
|
||||
|
||||
If the configure script can't find libpcap, it will abort. If you've
|
||||
installed it in unobvious place, you may need to give configure a hint
|
||||
using the '--with-pcap' or '--with-pcap-{lib,inc}' switches.
|
||||
|
||||
If the configure script can't find OpenSSL, it will continue without
|
||||
it. If your OpenSSL is in a nonstandard location, you may need to give
|
||||
configure a hint with the '--with-openssl' or
|
||||
'--with-openssl-{lib,include}' switches.
|
||||
|
||||
Once you've done the configure, you can simply run 'make'. Note that
|
||||
on some platforms (HP/UX) you will have to use GNU make (gmake).
|
||||
|
||||
If the make succeeds, run a 'make install' (you will probably need to
|
||||
be root to do this.)
|
||||
|
||||
TESTED PLATFORMS
|
||||
FreeBSD 2.2.8, 3.4
|
||||
HP/UX 10.20
|
||||
Linux (Red Hat, Debian)
|
||||
Solaris 2.x
|
||||
|
||||
If you get ssldump to work on a platform not listed above, please send mail
|
||||
to ssldump@rtfm.com with the platform and any fixes you had to make.
|
||||
|
||||
INSTALLING ON WINDOWS
|
||||
Read the file INSTALL.W32 in this directory for instructions on
|
||||
installing on Windows.
|
114
INSTALL.W32
Normal file
114
INSTALL.W32
Normal file
|
@ -0,0 +1,114 @@
|
|||
Notes
|
||||
|
||||
|
||||
First, make sure you've read the README file.
|
||||
|
||||
Build Environment
|
||||
-----------------
|
||||
|
||||
The build environment is assumed to be Microsoft Visual C++ 6.0 SP4
|
||||
(VC6), although earlier or later versions may work. In particular, the
|
||||
make-like utility used to build this port of ssldump is NMAKE version
|
||||
6.00.x from Microsoft.
|
||||
|
||||
The basis for this port is ssldump version 0.9b3. The win32 directory
|
||||
contains the win32-specific stuff, including the NMAKE makefile
|
||||
vcwin32.mak.
|
||||
|
||||
You need to have your environment variables and PATH correctly setup
|
||||
to properly use the command-line VC6 tools. In the VC6\bin directory
|
||||
is a batch file, VCVARS32.bat, which should set things up
|
||||
correctly. You should run this batch file prior to attempting a build.
|
||||
|
||||
|
||||
|
||||
What you need (besides the ssldump source)
|
||||
------------------------------------------
|
||||
|
||||
You must have downloaded and installed the following from the
|
||||
WinPcap/Windump project:
|
||||
|
||||
1. The Winpcap developer's pack, version 2.3, from
|
||||
http://winpcap.polito.it/install/bin/WPdpack_2_3.zip contains the
|
||||
pcap.h and net/bpf.h files, and the pcap import library. Place these
|
||||
in the win32 directory.
|
||||
|
||||
2. The Winpcap source code distribution, version 2.3, from
|
||||
http://winpcap.polito.it/install/bin/WPcapSrc_2_3.zip. It contains
|
||||
some .h files commonly found on UNIX systems that ssldump
|
||||
expects. Place these in the win32 directory.
|
||||
|
||||
3. The Winpcap auto-installer, version 2.3, from
|
||||
http://winpcap.polito.it/install/bin/WinPcap_2_3_nogui.exe. This is
|
||||
only needed to run ssldump, not needed to build it. It is needed on
|
||||
*any* windows system on which ssldump is run. It installs a device
|
||||
driver and the pcap library DLL.
|
||||
|
||||
4. Possibly the Windump utility from
|
||||
http://windump.polito.it/install/bin/WinDump.exe. This is essentially
|
||||
a Windows port of tcpdump, with an extra -D option. This option
|
||||
enumerates the interface names so that you at least have a clue to
|
||||
what to supply the -i option (see below).
|
||||
|
||||
The win32 directory should look like the following after these files
|
||||
are downloaded and extracted:
|
||||
|
||||
winpcap <directory>
|
||||
WPdpack <directory>
|
||||
Ssldump.html
|
||||
vcwin32.mak
|
||||
|
||||
|
||||
|
||||
OpenSSL Support
|
||||
---------------
|
||||
|
||||
By default, the OpenSSL libraries are not linked into ssldump. If you
|
||||
want to link in the OpenSSL libraries, you'll need to customize the
|
||||
makefile. First, look for the macro OPENSSL and change its value to
|
||||
"yes". Next, look for the macro OPENSSL_DIR and make sure it points to
|
||||
the openssl distribution on your machine. You must build a version(s)
|
||||
of SSL that links to the static C run-time library; these are
|
||||
distinguished by the use of the compiler flag /MT for release
|
||||
versions, and /MTd for debug versions. Then you must set the
|
||||
OPENSSL_RELEASE and OPENSSL_DEBUG macros to point to the directories
|
||||
that contain the libraries for these versions. If you only intend to
|
||||
build one of either the debug or release versions, you only need to
|
||||
define the corresponding OPENSSL_ macro.
|
||||
|
||||
|
||||
|
||||
Building ssldump
|
||||
----------------
|
||||
|
||||
To build, run (from the ssldump root directory):
|
||||
|
||||
nmake /f win32\vcwin32.mak all
|
||||
|
||||
this creates a directory, out32, which contains the object files and
|
||||
the ssldump.exe executable. The build produces a simple command-line
|
||||
ssldump.exe which must be run from a console window (i.e. a DOS
|
||||
box). It builds the release version by default. Set the macro
|
||||
CFG="debug" to build a debug version, e.g. nmake /f vcwin32.mak all
|
||||
CFG="debug".
|
||||
|
||||
win32\ssldump.html contains an HTML version of the ssldump.1
|
||||
manpage. You should read this to learn the options.
|
||||
|
||||
|
||||
|
||||
What are the names of the Interfaces?
|
||||
-------------------------------------
|
||||
|
||||
One tricky aspect is choosing the correct interface name for the -i
|
||||
option of ssldump. AFAIK, there is no standard windows utility that
|
||||
will give you the correct names for the interfaces. For example, on my
|
||||
system they are named PPPMAC (for the PPP adapter) and CBEN5 (for my
|
||||
Ethernet Adapter). I did find these names in the registry under
|
||||
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Net\nnnn\NDIS\LogDriverName,
|
||||
but this may be different on other Windows OSes. The Windump utility
|
||||
from the WinPcap folks has an option, -D, to enumerate these interface
|
||||
names. Use the Windump utility or hunt through the registry to find
|
||||
the names of your interfaces. If you don't specify the interface
|
||||
explicitly with the -i option, ssldump will select the 'first'
|
||||
interface and this may be exactly what you want.
|
111
Makefile.in
Normal file
111
Makefile.in
Normal file
|
@ -0,0 +1,111 @@
|
|||
# Copyright (C) 1999-2000 RTFM, Inc.
|
||||
# All Rights Reserved
|
||||
|
||||
# This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla
|
||||
# <ekr\@rtfm.com> and licensed by RTFM, Inc.
|
||||
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# 2. Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in the
|
||||
# documentation and/or other materials provided with the distribution.
|
||||
# 3. All advertising materials mentioning features or use of this software
|
||||
# must display the following acknowledgement:
|
||||
#
|
||||
# This product includes software developed by Eric Rescorla for
|
||||
# RTFM, Inc.
|
||||
|
||||
# 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be
|
||||
# used to endorse or promote products derived from this
|
||||
# software without specific prior written permission.
|
||||
|
||||
# THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND
|
||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE.
|
||||
PLATFORM=freebsd31
|
||||
CC=@CC@
|
||||
|
||||
all: ssldump
|
||||
|
||||
OBJSUFFIX=o
|
||||
LIBSUFFIX=a
|
||||
INSTALL=@INSTALL@
|
||||
prefix=@prefix@
|
||||
exec_prefix=@exec_prefix@
|
||||
BINDIR=@sbindir@
|
||||
MANDIR=@mandir@
|
||||
RM=rm -f
|
||||
|
||||
ROOT=./
|
||||
ANALYZE_SRCDIR=$(ROOT)base/
|
||||
COMMONDIR=common/
|
||||
COMMON_LIB_SRCDIR=$(COMMONDIR)lib/
|
||||
ANALYZE_NULL_SRCDIR=$(ROOT)null/
|
||||
ANALYZE_SSL_SRCDIR=$(ROOT)ssl/
|
||||
ANALYZE_RECORD_SRCDIR=$(ROOT)@RECORD_MOD@/
|
||||
include rules.mk
|
||||
|
||||
include $(COMMON_LIB_SRCDIR)/targets.mk
|
||||
include $(ANALYZE_SRCDIR)targets.mk
|
||||
include $(ANALYZE_NULL_SRCDIR)targets.mk
|
||||
include $(ANALYZE_SSL_SRCDIR)targets.mk
|
||||
include $(ANALYZE_RECORD_SRCDIR)targets.mk
|
||||
|
||||
INCLUDES += -I$(COMMONDIR)include/ -I$(ANALYZE_NULL_SRCDIR) -I$(ANALYZE_SSL_SRCDIR)
|
||||
|
||||
|
||||
DEFINES += @DEFINES@
|
||||
INCLUDES += @INCLUDES@
|
||||
LIBS += @LDFLAGS@ @LIBS@
|
||||
|
||||
CFLAGS += @CFLAGS@ @DEFS@
|
||||
|
||||
|
||||
ssldump: $(OBJECTS)
|
||||
$(CC) $(OBJECTS) -o $@ $(LIBS)
|
||||
|
||||
clean:
|
||||
rm -f $(OBJECTS) ssldump
|
||||
|
||||
install:
|
||||
[ -d $(BINDIR) ] || mkdir -p $(BINDIR)
|
||||
$(INSTALL) -m 755 ssldump $(BINDIR)/ssldump
|
||||
[ -d $(MANDIR) ] || mkdir -p $(MANDIR)/man1
|
||||
$(INSTALL) -m 444 ssldump.1 $(MANDIR)/man1/ssldump.1
|
||||
|
||||
dist:
|
||||
perl "./version-check.pl"
|
||||
- name=ssldump-`cat VERSION`; \
|
||||
rm -rf /dist/ship/$$name; \
|
||||
mkdir /dist/ship/$$name; \
|
||||
cp -pR * /dist/ship/$$name; \
|
||||
cd /dist/ship/$$name; \
|
||||
make -f Makefile.in clean; \
|
||||
rm Makefile; \
|
||||
find . -name '*~' -exec rm {} \; -print;\
|
||||
find . -name '*.o' -exec rm {} \; -print;\
|
||||
find . -name '#*#' -exec rm {} \; -print;\
|
||||
find . -name 'CVS' -exec rm -rf {} \; -print;\
|
||||
find . -name '*bak' -exec rm -rf {} \; -print;\
|
||||
find . -name '*.core' -exec rm -rf {} \; -print;\
|
||||
find . -name '*.tr' -exec rm -rf {} \; -print;\
|
||||
find . -name '*.pl' -exec rm -rf {} \; -print;\
|
||||
find . -name '*.pem' -exec rm -rf {} \; -print;\
|
||||
find . -name '*orig' -exec rm -rf {} \; -print;\
|
||||
find . -name '*.rej' -exec rm -rf {} \; -print;\
|
||||
rm -f TODO TAGS; \
|
||||
rm -f config.status config.log config.cache config.h; \
|
||||
rm -f ssl/a.out all; \
|
||||
cd /dist/ship; tar cf - $$name | gzip > $$name.tar.gz
|
||||
|
||||
|
85
README
Normal file
85
README
Normal file
|
@ -0,0 +1,85 @@
|
|||
$Id: README,v 1.9 2002/08/17 01:33:15 ekr Exp $
|
||||
|
||||
SSLDUMP 0.9b3
|
||||
|
||||
ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP
|
||||
connections on the chosen network interface and attempts to interpret
|
||||
them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it
|
||||
decodes the records and displays them in a textual form to stdout. If
|
||||
provided with the appropriate keying material, it will also decrypt
|
||||
the connections and display the application data traffic.
|
||||
|
||||
ssldump depends on the libpcap packet capture library. Some systems
|
||||
(e.g. FreeBSD) now have libpcap as part of their standard install. On
|
||||
other systems, you will need to install it. You can obtain the
|
||||
distribution from:
|
||||
http://www.tcpdump.org/
|
||||
|
||||
If linked with OpenSSL, ssldump can display certificates in decoded
|
||||
form and decrypt traffic (provided that it has the appropriate keying
|
||||
material). Again, OpenSSL may be installed on your system. Otherwise
|
||||
you can obtain it from:
|
||||
http://www.openssl.org/
|
||||
|
||||
See the file INSTALL for instructions on building and installing
|
||||
ssldump.
|
||||
|
||||
STABILITY
|
||||
This is a beta release of ssldump. The UNIX portions have received
|
||||
extensive testing and are believed to be quite solid. The Windows
|
||||
port is substantially less stable.
|
||||
|
||||
CHANGES SINCE 0.9b2
|
||||
Security fix: some potential over and underflows
|
||||
Added support for VLANs.
|
||||
Added -P flag to disable promiscuous mode.
|
||||
Fixed bugs in the TCP reassembly code.
|
||||
A lot of bug fixes.
|
||||
|
||||
See the ChangeLog for a more complete list of changes.
|
||||
|
||||
MAILING LIST
|
||||
For support questions and general discussion on ssldump, please
|
||||
subscribe to the ssldump-users mailing list. Subscription is by
|
||||
majordomo. To subscribe, send a message with no subject and a body
|
||||
consisting of the single line:
|
||||
|
||||
subscribe ssldump-users
|
||||
|
||||
to majordomo@rtfm.com. Note, you cannot send messages to the list
|
||||
unless you are subscribed.
|
||||
|
||||
BUG REPORTS
|
||||
Please send bug reports either to the ssldump-users mailing list
|
||||
or to ssldump@rtfm.com.
|
||||
|
||||
INTEROPERABILITY NOTE
|
||||
Previous versions of ssldump automatically looked for the keyfile
|
||||
in 'server.pem' and used the password 'password'. This version
|
||||
removes those defaults. For decryption to work you MUST specify
|
||||
the keyfile (and password if the keyfile is encrypted.)
|
||||
|
||||
NEW VERSIONS
|
||||
Newer versions of ssldump can be found at:
|
||||
http://www.rtfm.com/ssldump/
|
||||
|
||||
|
||||
SSL REFERENCES
|
||||
The SSLv3 specification can be found at:
|
||||
http://home.netscape.com/eng/ssl3/draft302.txt
|
||||
|
||||
The TLS specification is in RFC 2246 and can be found at:
|
||||
http://www.ietf.org/rfc/rfc2246.txt
|
||||
|
||||
SHAMELESS PLUG
|
||||
Extremely detailed coverage of SSL/TLS can be found in
|
||||
|
||||
_SSL_and_TLS:_Designing_and_Building_Secure_Systems_
|
||||
Eric Rescorla
|
||||
Addison-Wesley, 2001
|
||||
ISBN 0-201-61598-3
|
||||
|
||||
_SSL_and_TLS_ makes extensive use of ssldump to demonstrate real-life
|
||||
SSL behavior. If you like ssldump and want to learn about SSL, you
|
||||
might consider buying my book.
|
||||
|
1
VERSION
Normal file
1
VERSION
Normal file
|
@ -0,0 +1 @@
|
|||
0.9b3
|
66
base/common.c
Normal file
66
base/common.c
Normal file
|
@ -0,0 +1,66 @@
|
|||
/**
|
||||
common.c
|
||||
|
||||
|
||||
Copyright (C) 1999-2000 RTFM, Inc.
|
||||
All Rights Reserved
|
||||
|
||||
This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla
|
||||
<ekr@rtfm.com> and licensed by RTFM, Inc.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. All advertising materials mentioning features or use of this software
|
||||
must display the following acknowledgement:
|
||||
|
||||
This product includes software developed by Eric Rescorla for
|
||||
RTFM, Inc.
|
||||
|
||||
4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be
|
||||
used to endorse or promote products derived from this
|
||||
software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE.
|
||||
|
||||
$Id: common.c,v 1.2 2000/10/17 16:09:57 ekr Exp $
|
||||
|
||||
|
||||
ekr@rtfm.com Tue Dec 29 09:59:39 1998
|
||||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: common.c,v 1.2 2000/10/17 16:09:57 ekr Exp $";
|
||||
|
||||
#include <r_common.h>
|
||||
|
||||
int xdump(label,data,len)
|
||||
char *label;
|
||||
UCHAR *data;
|
||||
int len;
|
||||
{
|
||||
int i;
|
||||
|
||||
printf("%s[%d]",label,len);
|
||||
for(i=0;i<len;i++){
|
||||
if((len>8) && !(i%20)) printf("\n");
|
||||
printf("%.2x ",data[i]&255);
|
||||
}
|
||||
|
||||
printf("\n");
|
||||
return(0);
|
||||
}
|
60
base/data
Normal file
60
base/data
Normal file
|
@ -0,0 +1,60 @@
|
|||
network.c:126: off=ntohs(p.ip->ip_off);
|
||||
network.c:134: hlen=p.ip->ip_hl * 4;
|
||||
network.c:136: p.len =ntohs(p.ip->ip_len)-hlen;
|
||||
network.c:139: switch(p.ip->ip_p){
|
||||
network.c:159: memcpy(&p->ts,&in->ts,sizeof(struct timeval));
|
||||
network.c:160: if(!(p->base=(UCHAR *)malloc(in->_len)))
|
||||
network.c:162: memcpy(p->base,in->base,p->_len=in->_len);
|
||||
network.c:164: p->data=p->base + (in->data -> in->base);
|
||||
network.c:165: p->len=in->len;
|
||||
network.c:167: p->ip=(struct ip *)(p->base + ((UCHAR *)in->ip - in->base));
|
||||
network.c:168: p->tcp=(struct tcphdr *)(p->base + ((UCHAR *)in->tcp - in->base));
|
||||
network.c:186: FREE(p->base);
|
||||
pcap-snoop.c:2: pcap-snoop.c
|
||||
pcap-snoop.c:40: $Id: pcap-snoop.c,v 1.12 2002/01/21 17:36:51 ekr Exp $
|
||||
pcap-snoop.c:47:static char *RCSSTRING="$Id: pcap-snoop.c,v 1.12 2002/01/21 17:36:51 ekr Exp $";
|
||||
tcppack.c:84: p->tcp=(struct tcphdr *)p->data;
|
||||
tcppack.c:88: if(r=tcp_find_conn(&conn,&direction,&p->ip->ip_src,
|
||||
tcppack.c:89: ntohs(p->tcp->th_sport),&p->ip->ip_dst,ntohs(p->tcp->th_dport))){
|
||||
tcppack.c:96: if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=TH_SYN){
|
||||
tcppack.c:104: conn->i2r.seq=ntohl(p->tcp->th_seq)+1;
|
||||
tcppack.c:114: if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=(TH_SYN|TH_ACK))
|
||||
tcppack.c:116: conn->r2i.seq=ntohl(p->tcp->th_seq)+1;
|
||||
tcppack.c:117: conn->r2i.ack=ntohl(p->tcp->th_ack)+1;
|
||||
tcppack.c:127: conn->i2r.ack=ntohl(p->tcp->th_ack)+1;
|
||||
tcppack.c:148: if(p->tcp->th_flags & TH_SYN)
|
||||
tcppack.c:150: length=p->len - (p->tcp->th_off * 4);
|
||||
tcppack.c:178: if(r=tcp_create_conn(&conn,&p->ip->ip_src,ntohs(p->tcp->th_sport),
|
||||
tcppack.c:179: &p->ip->ip_dst,ntohs(p->tcp->th_dport)))
|
||||
tcppack.c:183: memcpy(&conn->start_time,&p->ts,sizeof(struct timeval));
|
||||
tcppack.c:184: if(r=create_proto_handler(handler,ctx,&conn->analyzer,conn,&p->ts))
|
||||
tcppack.c:197: off=(s)->p->tcp->th_off*4; \
|
||||
tcppack.c:198: if(l>((s)->p->len-off)) ERETURN(R_BAD_DATA);\
|
||||
tcppack.c:199: (s)->data=(s)->p->data + off + (l) ; \
|
||||
tcppack.c:200: (s)->len=(s)->p->len - off + (l); \
|
||||
tcppack.c:227: l=p->len - p->tcp->th_off * 4;
|
||||
tcppack.c:238: seq=ntohl(p->tcp->th_seq);
|
||||
tcppack.c:241: if(p->tcp->th_flags & TH_ACK){
|
||||
tcppack.c:245: acknum=ntohl(p->tcp->th_ack);
|
||||
tcppack.c:250: if(r=timestamp_diff(&p->ts,&conn->start_time,&dt))
|
||||
tcppack.c:268: if(!(p->tcp->th_flags & (TH_RST)) && SEQ_LT(seq,stream->seq))
|
||||
tcppack.c:310: if(_seg.p->tcp->th_flags & (TH_RST)){
|
||||
tcppack.c:311: stream->close=_seg.p->tcp->th_flags & (TH_RST);
|
||||
tcppack.c:319: if(_seg.p->tcp->th_flags & (TH_FIN)){
|
||||
tcppack.c:320: stream->close=_seg.p->tcp->th_flags & (TH_FIN);
|
||||
tcppack.c:325: if(seg->p->tcp->th_flags & (TH_FIN)){
|
||||
tcppack.c:326: stream->close=_seg.p->tcp->th_flags & (TH_FIN);
|
||||
tcppack.c:338: if(seg->p->tcp->th_flags & (TH_FIN) ){
|
||||
tcppack.c:374: lookuphostname(&p->ip->ip_src,&src);
|
||||
tcppack.c:375: lookuphostname(&p->ip->ip_dst,&dst);
|
||||
tcppack.c:379: ntohs(p->tcp->th_sport),
|
||||
tcppack.c:381: ntohs(p->tcp->th_dport));
|
||||
tcppack.c:384: ntohl(p->tcp->th_seq),
|
||||
tcppack.c:385: p->len - p->tcp->th_off *4);
|
||||
tcppack.c:387: if(p->tcp->th_flags & TH_ACK)
|
||||
tcppack.c:388: printf("ACK %ld ",ntohl(p->tcp->th_ack));
|
||||
tcppack.c:390: if(p->tcp->th_flags & TH_FIN)
|
||||
tcppack.c:392: if(p->tcp->th_flags & TH_SYN)
|
||||
tcppack.c:394: if(p->tcp->th_flags & TH_RST)
|
||||
tcppack.c:396: if(p->tcp->th_flags & TH_PUSH)
|
||||
tcppack.c:398: if(p->tcp->th_flags & TH_URG)
|
68
base/debug.c
Normal file
68
base/debug.c
Normal file
|
@ -0,0 +1,68 @@
|
|||
/**
|
||||
debug.c
|
||||
|
||||
|
||||
Copyright (C) 1999-2000 RTFM, Inc.
|
||||
All Rights Reserved
|
||||
|
||||
This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla
|
||||
<ekr@rtfm.com> and licensed by RTFM, Inc.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. All advertising materials mentioning features or use of this software
|
||||
must display the following acknowledgement:
|
||||
|
||||
This product includes software developed by Eric Rescorla for
|
||||
RTFM, Inc.
|
||||
|
||||
4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be
|
||||
used to endorse or promote products derived from this
|
||||
software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE.
|
||||
|
||||
$Id: debug.c,v 1.2 2000/10/17 16:09:57 ekr Exp $
|
||||
|
||||
|
||||
ekr@rtfm.com Wed Jan 6 17:08:58 1999
|
||||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: debug.c,v 1.2 2000/10/17 16:09:57 ekr Exp $";
|
||||
|
||||
#ifdef DEBUG
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
|
||||
int debug(int class,char *format,...)
|
||||
{
|
||||
va_list ap;
|
||||
|
||||
va_start(ap,format);
|
||||
vfprintf(stderr,format,ap);
|
||||
fprintf(stderr,"\n");
|
||||
return(0);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
|
58
base/debug.h
Normal file
58
base/debug.h
Normal file
|
@ -0,0 +1,58 @@
|
|||
/**
|
||||
debug.h
|
||||
|
||||
|
||||
Copyright (C) 1999-2000 RTFM, Inc.
|
||||
All Rights Reserved
|
||||
|
||||
This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla
|
||||
<ekr@rtfm.com> and licensed by RTFM, Inc.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. All advertising materials mentioning features or use of this software
|
||||
must display the following acknowledgement:
|
||||
|
||||
This product includes software developed by Eric Rescorla for
|
||||
RTFM, Inc.
|
||||
|
||||
4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be
|
||||
used to endorse or promote products derived from this
|
||||
software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE.
|
||||
|
||||
$Id: debug.h,v 1.2 2000/10/17 16:09:57 ekr Exp $
|
||||
|
||||
|
||||
ekr@rtfm.com Wed Jan 6 17:13:00 1999
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _debug_h
|
||||
#define _debug_h
|
||||
|
||||
#ifdef DEBUG
|
||||
#define DBG(a) debug a
|
||||
int debug(int class,char *format,...);
|
||||
#else
|
||||
#define DBG(a)
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
241
base/network.c
Normal file
241
base/network.c
Normal file
|
@ -0,0 +1,241 @@
|
|||
/**
|
||||
network.c
|
||||
|
||||
|
||||
Copyright (C) 1999-2000 RTFM, Inc.
|
||||
All Rights Reserved
|
||||
|
||||
This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla
|
||||
<ekr@rtfm.com> and licensed by RTFM, Inc.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. All advertising materials mentioning features or use of this software
|
||||
must display the following acknowledgement:
|
||||
|
||||
This product includes software developed by Eric Rescorla for
|
||||
RTFM, Inc.
|
||||
|
||||
4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be
|
||||
used to endorse or promote products derived from this
|
||||
software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE.
|
||||
|
||||
$Id: network.c,v 1.10 2002/09/09 21:02:58 ekr Exp $
|
||||
|
||||
|
||||
ekr@rtfm.com Tue Dec 29 09:52:54 1998
|
||||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: network.c,v 1.10 2002/09/09 21:02:58 ekr Exp $";
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <r_common.h>
|
||||
#include "network.h"
|
||||
#ifndef _WIN32
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <netdb.h>
|
||||
#endif
|
||||
|
||||
#include "tcppack.h"
|
||||
|
||||
#ifdef STDC_HEADERS
|
||||
#include <string.h>
|
||||
#endif
|
||||
|
||||
UINT4 NET_print_flags;
|
||||
|
||||
struct network_handler_ {
|
||||
proto_mod *mod;
|
||||
proto_ctx *ctx;
|
||||
};
|
||||
|
||||
int network_handler_create(mod,handlerp)
|
||||
proto_mod *mod;
|
||||
n_handler **handlerp;
|
||||
{
|
||||
int r,_status;
|
||||
n_handler *handler=0;
|
||||
|
||||
if(!(handler=(n_handler *)malloc(sizeof(n_handler))))
|
||||
ABORT(R_NO_MEMORY);
|
||||
if(mod->vtbl->create_ctx){
|
||||
if(r=mod->vtbl->create_ctx(mod->handle,&handler->ctx))
|
||||
ABORT(r);
|
||||
}
|
||||
handler->mod=mod;
|
||||
*handlerp=handler;
|
||||
_status=0;
|
||||
abort:
|
||||
if(_status){
|
||||
network_handler_destroy(&handler);
|
||||
}
|
||||
return(_status);
|
||||
}
|
||||
|
||||
int network_handler_destroy(handlerp)
|
||||
n_handler **handlerp;
|
||||
{
|
||||
if(!handlerp || !*handlerp)
|
||||
return(0);
|
||||
|
||||
free(*handlerp);
|
||||
*handlerp=0;
|
||||
return(0);
|
||||
}
|
||||
|
||||
int network_process_packet(handler,timestamp,data,length)
|
||||
n_handler *handler;
|
||||
struct timeval *timestamp;
|
||||
UCHAR *data;
|
||||
int length;
|
||||
{
|
||||
int r;
|
||||
int hlen;
|
||||
packet p;
|
||||
u_short off;
|
||||
|
||||
/*We can pretty much ignore all the options*/
|
||||
memcpy(&p.ts,timestamp,sizeof(struct timeval));
|
||||
p.base=data;
|
||||
p._len=length;
|
||||
p.data=data;
|
||||
p.len=length;
|
||||
p.ip=(struct ip *)data;
|
||||
|
||||
/*Handle, or rather mishandle, fragmentation*/
|
||||
off=ntohs(p.ip->ip_off);
|
||||
|
||||
if((off & 0x1fff) || /*Later fragment*/
|
||||
(off & 0x2000)){ /*More fragments*/
|
||||
/* fprintf(stderr,"Fragmented packet! rejecting\n"); */
|
||||
return(0);
|
||||
}
|
||||
|
||||
hlen=p.ip->ip_hl * 4;
|
||||
p.data += hlen;
|
||||
p.len =ntohs(p.ip->ip_len)-hlen;
|
||||
|
||||
|
||||
switch(p.ip->ip_p){
|
||||
case IPPROTO_TCP:
|
||||
if(r=process_tcp_packet(handler->mod,handler->ctx,&p))
|
||||
ERETURN(r);
|
||||
break;
|
||||
}
|
||||
return(0);
|
||||
}
|
||||
|
||||
int packet_copy(in,out)
|
||||
packet *in;
|
||||
packet **out;
|
||||
{
|
||||
int _status;
|
||||
|
||||
packet *p=0;
|
||||
|
||||
if(!(p=(packet *)calloc(sizeof(packet),1)))
|
||||
ABORT(R_NO_MEMORY);
|
||||
|
||||
memcpy(&p->ts,&in->ts,sizeof(struct timeval));
|
||||
if(!(p->base=(UCHAR *)malloc(in->_len)))
|
||||
ABORT(R_NO_MEMORY);
|
||||
memcpy(p->base,in->base,p->_len=in->_len);
|
||||
|
||||
p->data=p->base + (in->data - in->base);
|
||||
p->len=in->len;
|
||||
|
||||
p->ip=(struct ip *)(p->base + ((UCHAR *)in->ip - in->base));
|
||||
p->tcp=(struct tcphdr *)(p->base + ((UCHAR *)in->tcp - in->base));
|
||||
|
||||
*out=p;
|
||||
|
||||
_status=0;
|
||||
abort:
|
||||
if(_status){
|
||||
packet_destroy(p);
|
||||
}
|
||||
return(_status);
|
||||
}
|
||||
|
||||
int packet_destroy(p)
|
||||
packet *p;
|
||||
{
|
||||
if(!p)
|
||||
return(0);
|
||||
|
||||
FREE(p->base);
|
||||
return(0);
|
||||
}
|
||||
|
||||
int timestamp_diff(t1,t0,diff)
|
||||
struct timeval *t1;
|
||||
struct timeval *t0;
|
||||
struct timeval *diff;
|
||||
{
|
||||
long d;
|
||||
|
||||
if(t0->tv_sec > t1->tv_sec)
|
||||
ERETURN(R_BAD_ARGS);
|
||||
|
||||
/*Easy case*/
|
||||
if(t0->tv_usec <= t1->tv_usec){
|
||||
diff->tv_sec=t1->tv_sec - t0->tv_sec;
|
||||
diff->tv_usec=t1->tv_usec - t0->tv_usec;
|
||||
return(0);
|
||||
}
|
||||
|
||||
/*Hard case*/
|
||||
d=t0->tv_usec - t1->tv_usec;
|
||||
if(t1->tv_sec < (t0->tv_sec + 1))
|
||||
ERETURN(R_BAD_ARGS);
|
||||
diff->tv_sec=t1->tv_sec - (t0->tv_sec + 1);
|
||||
diff->tv_usec=1000000 - d;
|
||||
|
||||
return(0);
|
||||
}
|
||||
|
||||
|
||||
|
||||
int lookuphostname(addr,namep)
|
||||
struct in_addr *addr;
|
||||
char **namep;
|
||||
{
|
||||
struct hostent *ne=0;
|
||||
|
||||
if(!(NET_print_flags & NET_PRINT_NO_RESOLVE)){
|
||||
ne=gethostbyaddr((char *)addr,4,AF_INET);
|
||||
}
|
||||
|
||||
if(!ne){
|
||||
*namep=strdup((char *)inet_ntoa(*addr));
|
||||
}
|
||||
else{
|
||||
*namep=strdup(ne->h_name);
|
||||
}
|
||||
|
||||
return(0);
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
106
base/network.h
Normal file
106
base/network.h
Normal file
|
@ -0,0 +1,106 @@
|
|||
/**
|
||||
network.h
|
||||
|
||||
|
||||
Copyright (C) 1999-2000 RTFM, Inc.
|
||||
All Rights Reserved
|
||||
|
||||
This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla
|
||||
<ekr@rtfm.com> and licensed by RTFM, Inc.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. All advertising materials mentioning features or use of this software
|
||||
must display the following acknowledgement:
|
||||
|
||||
This product includes software developed by Eric Rescorla for
|
||||
RTFM, Inc.
|
||||
|
||||
4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be
|
||||
used to endorse or promote products derived from this
|
||||
software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE.
|
||||
|
||||
$Id: network.h,v 1.3 2001/09/14 22:29:14 ekr Exp $
|
||||
|
||||
|
||||
ekr@rtfm.com Tue Dec 29 09:53:50 1998
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _network_h
|
||||
#define _network_h
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <r_common.h>
|
||||
#include <sys/types.h>
|
||||
#ifndef _WIN32
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#else
|
||||
#include <winsock2.h>
|
||||
#endif
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <r_time.h>
|
||||
#include <r_data.h>
|
||||
|
||||
typedef struct network_handler_ n_handler;
|
||||
typedef struct proto_mod_ proto_mod;
|
||||
typedef struct proto_handler_ proto_handler;
|
||||
typedef struct packet_ packet;
|
||||
|
||||
int network_handler_create PROTO_LIST((proto_mod *mod,
|
||||
n_handler **handlerp));
|
||||
int network_handler_destroy PROTO_LIST((n_handler **handlerp));
|
||||
int network_process_packet PROTO_LIST((n_handler *handler,
|
||||
struct timeval *timestamp,UCHAR *data,int length));
|
||||
int packet_copy PROTO_LIST((packet *in,packet **out));
|
||||
int packet_destroy PROTO_LIST((packet *p));
|
||||
int timestamp_diff PROTO_LIST(( struct timeval *t1,struct timeval *t0,
|
||||
struct timeval *diff));
|
||||
int lookuphostname PROTO_LIST((struct in_addr *addr,char **name));
|
||||
|
||||
struct packet_ {
|
||||
struct timeval ts;
|
||||
UCHAR *base; /*The base of the packet*/
|
||||
int _len;
|
||||
UCHAR *data; /*The data ptr appropriate to this layer*/
|
||||
int len; /*The length of the data segment*/
|
||||
|
||||
/*These just save us the effort of doing casts to the data
|
||||
segments*/
|
||||
struct ip *ip; /*The IP header*/
|
||||
struct tcphdr *tcp; /*The TCP header*/
|
||||
};
|
||||
|
||||
#include "tcpconn.h"
|
||||
#include "proto_mod.h"
|
||||
|
||||
extern UINT4 NET_print_flags;
|
||||
|
||||
#define NET_PRINT_TCP_HDR 1
|
||||
#define NET_PRINT_TYPESET 2
|
||||
#define NET_PRINT_ACKS 4
|
||||
#define NET_PRINT_NO_RESOLVE 8
|
||||
#endif
|
||||
|
365
base/pcap-snoop.c
Normal file
365
base/pcap-snoop.c
Normal file
|
@ -0,0 +1,365 @@
|
|||
/**
|
||||
pcap-snoop.c
|
||||
|
||||
|
||||
Copyright (C) 1999-2001 RTFM, Inc.
|
||||
All Rights Reserved
|
||||
|
||||
This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla
|
||||
<ekr@rtfm.com> and licensed by RTFM, Inc.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. All advertising materials mentioning features or use of this software
|
||||
must display the following acknowledgement:
|
||||
|
||||
This product includes software developed by Eric Rescorla for
|
||||
RTFM, Inc.
|
||||
|
||||
4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be
|
||||
used to endorse or promote products derived from this
|
||||
software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE.
|
||||
|
||||
$Id: pcap-snoop.c,v 1.14 2002/09/09 21:02:58 ekr Exp $
|
||||
|
||||
|
||||
ekr@rtfm.com Tue Dec 29 10:17:41 1998
|
||||
*/
|
||||
|
||||
|
||||
static char *RCSSTRING="$Id: pcap-snoop.c,v 1.14 2002/09/09 21:02:58 ekr Exp $";
|
||||
|
||||
|
||||
#include <pcap.h>
|
||||
#include <unistd.h>
|
||||
#include <net/bpf.h>
|
||||
#ifndef _WIN32
|
||||
#include <sys/param.h>
|
||||
#endif
|
||||
#include <sys/types.h>
|
||||
#ifndef _WIN32
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#else
|
||||
#include <winsock2.h>
|
||||
#include <bittypes.h>
|
||||
#endif
|
||||
#include <signal.h>
|
||||
|
||||
#include <net/if.h>
|
||||
#include <netinet/if_ether.h>
|
||||
#include "network.h"
|
||||
#include <r_common.h>
|
||||
#include <r_time.h>
|
||||
#include "null_analyze.h"
|
||||
#include "ssl_analyze.h"
|
||||
#ifdef ENABLE_RECORD
|
||||
#include "record_analyze.h"
|
||||
#endif
|
||||
|
||||
#ifndef ETHERTYPE_8021Q
|
||||
# define ETHERTYPE_8021Q 0x8100
|
||||
#endif
|
||||
|
||||
char *collapse_args PROTO_LIST((int argc,char **argv));
|
||||
static int pcap_if_type=DLT_NULL;
|
||||
int err_exit PROTO_LIST((char *str,int num));
|
||||
int usage PROTO_LIST((void));
|
||||
int print_version PROTO_LIST((void));
|
||||
RETSIGTYPE sig_handler PROTO_LIST((void));
|
||||
void pcap_cb PROTO_LIST((u_char *ptr,struct pcap_pkthdr *hdr,u_char *data));
|
||||
int main PROTO_LIST((int argc,char **argv));
|
||||
|
||||
int err_exit(str,num)
|
||||
char *str;
|
||||
int num;
|
||||
{
|
||||
fprintf(stderr,"ERROR: %s\n",str);
|
||||
exit(num);
|
||||
}
|
||||
|
||||
int usage()
|
||||
{
|
||||
fprintf(stderr,"Usage: ssldump [-r dumpfile] [-i interface] \n");
|
||||
fprintf(stderr," [-k keyfile] [-p password] [-vtaTnsAxVNde]\n");
|
||||
fprintf(stderr," [filter]\n");
|
||||
exit(0);
|
||||
}
|
||||
|
||||
int print_version()
|
||||
{
|
||||
printf("ssldump 0.9b3\n");
|
||||
printf("Copyright (C) 1998-2001 RTFM, Inc.\n");
|
||||
printf("All rights reserved.\n");
|
||||
#ifdef OPENSSL
|
||||
printf("Compiled with OpenSSL: decryption enabled\n");
|
||||
#endif
|
||||
exit(0);
|
||||
}
|
||||
|
||||
RETSIGTYPE sig_handler()
|
||||
{
|
||||
fflush(stdout);
|
||||
exit(0);
|
||||
}
|
||||
|
||||
void pcap_cb(ptr,hdr,data)
|
||||
u_char *ptr;
|
||||
struct pcap_pkthdr *hdr;
|
||||
u_char *data;
|
||||
{
|
||||
n_handler *n;
|
||||
int len;
|
||||
struct ether_header *e_hdr=(struct ether_header *)data;
|
||||
int type;
|
||||
|
||||
n=(n_handler *)ptr;
|
||||
if(hdr->caplen!=hdr->len) err_exit("Length mismatch",-1);
|
||||
|
||||
len=hdr->len;
|
||||
|
||||
switch(pcap_if_type){
|
||||
case DLT_NULL:
|
||||
data+=4;
|
||||
len-=4;
|
||||
break;
|
||||
case DLT_EN10MB:
|
||||
type=ntohs(e_hdr->ether_type);
|
||||
|
||||
data+=sizeof(struct ether_header);
|
||||
len-=sizeof(struct ether_header);
|
||||
|
||||
/* if vlans, push past VLAN header (4 bytes) */
|
||||
if(type==ETHERTYPE_8021Q) {
|
||||
type=ntohs(*(u_int16_t *)(data + 2));
|
||||
|
||||
data+=4;
|
||||
len+=4;
|
||||
}
|
||||
|
||||
if(type!=ETHERTYPE_IP)
|
||||
return;
|
||||
|
||||
break;
|
||||
}
|
||||
network_process_packet(n,&hdr->ts,data,len);
|
||||
}
|
||||
|
||||
typedef struct module_def_ {
|
||||
char *name;
|
||||
proto_mod *mod;
|
||||
} module_def;
|
||||
|
||||
static module_def modules[]={
|
||||
{"SSL",&ssl_mod},
|
||||
{"NULL",&null_mod},
|
||||
#ifdef ENABLE_RECORD
|
||||
{"RECORD",&record_mod},
|
||||
#endif
|
||||
{0,0}
|
||||
};
|
||||
|
||||
|
||||
int parse_ssl_flag PROTO_LIST((int c));
|
||||
|
||||
int main(argc,argv)
|
||||
int argc;
|
||||
char **argv;
|
||||
{
|
||||
pcap_t *p;
|
||||
int r;
|
||||
n_handler *n;
|
||||
#ifdef _WIN32
|
||||
__declspec(dllimport) char *optarg;
|
||||
__declspec(dllimport) int optind;
|
||||
#else
|
||||
extern char *optarg;
|
||||
extern int optind;
|
||||
#endif
|
||||
char *interface_name=0;
|
||||
char *file=0;
|
||||
char *filter=0;
|
||||
proto_mod *mod=&ssl_mod;
|
||||
bpf_u_int32 localnet,netmask;
|
||||
int c;
|
||||
module_def *m=0;
|
||||
int no_promiscuous=0;
|
||||
|
||||
char errbuf[PCAP_ERRBUF_SIZE];
|
||||
|
||||
signal(SIGINT,sig_handler);
|
||||
|
||||
while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdqem:P"))!=EOF){
|
||||
switch(c){
|
||||
case 'v':
|
||||
print_version();
|
||||
break;
|
||||
case 'f':
|
||||
fprintf(stderr,"-f option replaced by -r. Use that in the future\n");
|
||||
case 'r':
|
||||
file=strdup(optarg);
|
||||
break;
|
||||
case 'S':
|
||||
ssl_mod.vtbl->parse_flags(optarg);
|
||||
break;
|
||||
case 'y':
|
||||
NET_print_flags|=NET_PRINT_TYPESET;
|
||||
/*Kludge*/
|
||||
SSL_print_flags |= SSL_PRINT_NROFF;
|
||||
break;
|
||||
case 'a':
|
||||
NET_print_flags |= NET_PRINT_ACKS;
|
||||
break;
|
||||
case 'T':
|
||||
NET_print_flags |= NET_PRINT_TCP_HDR;
|
||||
break;
|
||||
case 'i':
|
||||
interface_name=strdup(optarg);
|
||||
break;
|
||||
case 'k':
|
||||
SSL_keyfile=strdup(optarg);
|
||||
break;
|
||||
case 'p':
|
||||
SSL_password=strdup(optarg);
|
||||
break;
|
||||
case 'P':
|
||||
++no_promiscuous;
|
||||
break;
|
||||
case 'n':
|
||||
NET_print_flags |= NET_PRINT_NO_RESOLVE;
|
||||
break;
|
||||
case 'm':
|
||||
for(m=modules;m->name!=0;m++){
|
||||
if(!strcmp(m->name,optarg)){
|
||||
mod=m->mod;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if(!m->name){
|
||||
fprintf(stderr,"Request analysis module %s not found\n",
|
||||
optarg);
|
||||
exit(1);
|
||||
}
|
||||
break;
|
||||
case 'h':
|
||||
usage();
|
||||
printf("Do 'man ssldump' for documentation\n");
|
||||
exit(1);
|
||||
|
||||
case '?':
|
||||
usage();
|
||||
exit(1);
|
||||
|
||||
/* must be an SSL flag. This is kind of a gross
|
||||
special case */
|
||||
default:
|
||||
parse_ssl_flag(c);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
argv+=optind;
|
||||
argc-=optind;
|
||||
|
||||
if(!file){
|
||||
if(!interface_name){
|
||||
interface_name=pcap_lookupdev(errbuf);
|
||||
if(!interface_name){
|
||||
fprintf(stderr,"PCAP: %s\n",errbuf);
|
||||
err_exit("Aborting",-1);
|
||||
}
|
||||
}
|
||||
if(!(p=pcap_open_live(interface_name,5000,!no_promiscuous,1000,errbuf))){
|
||||
fprintf(stderr,"PCAP: %s\n",errbuf);
|
||||
err_exit("Aborting",-1);
|
||||
}
|
||||
|
||||
if (pcap_lookupnet(interface_name, &localnet, &netmask, errbuf) < 0)
|
||||
verr_exit("PCAP: %s\n",errbuf);
|
||||
|
||||
}
|
||||
else{
|
||||
if(!(p=pcap_open_offline(file,errbuf))){
|
||||
fprintf(stderr,"PCAP: %s\n",errbuf);
|
||||
err_exit("Aborting",-1);
|
||||
}
|
||||
|
||||
netmask=0;
|
||||
localnet=0;
|
||||
}
|
||||
|
||||
if(argc!=0)
|
||||
filter=collapse_args(argc,argv);
|
||||
|
||||
if(filter){
|
||||
struct bpf_program fp;
|
||||
|
||||
if(pcap_compile(p,&fp,filter,0,netmask)<0)
|
||||
verr_exit("PCAP: %s\n",pcap_geterr(p));
|
||||
|
||||
if(pcap_setfilter(p,&fp)<0)
|
||||
verr_exit("PCAP: %s\n",pcap_geterr(p));
|
||||
}
|
||||
|
||||
pcap_if_type=pcap_datalink(p);
|
||||
|
||||
if(NET_print_flags & NET_PRINT_TYPESET)
|
||||
printf("\n |