summaryrefslogtreecommitdiffstats
path: root/network/dsniff/patches/03_pcap_read_dump.patch
blob: 3cc0374840f90fabcd216674ff2a3748596ee671 (plain)
Author: Joseph Battaglia <sephail@sephail.net> and Joshua Krage <jkrage@guisarme.us>
Description: Allow the reading of saved PCAP capture files.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=153462
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298604
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/

--- a/dsniff.8
+++ b/dsniff.8
@@ -10,7 +10,7 @@
 .nf
 .fi
 \fBdsniff\fR [\fB-c\fR] [\fB-d\fR] [\fB-m\fR] [\fB-n\fR] [\fB-i
-\fIinterface\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
+\fIinterface\fR | \fB-p \fIpcapfile\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
 [\fB-t \fItrigger[,...]\fR]]
 [\fB-r\fR|\fB-w\fR \fIsavefile\fR] [\fIexpression\fR]
 .SH DESCRIPTION
@@ -45,6 +45,9 @@
 Do not resolve IP addresses to hostnames.
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Rather than processing the contents of packets observed upon the network 
+process the given PCAP capture file.
 .IP "\fB-s \fIsnaplen\fR"
 Analyze at most the first \fIsnaplen\fR bytes of each TCP connection,
 rather than the default of 1024.
--- a/dsniff.c
+++ b/dsniff.c
@@ -46,8 +46,9 @@
 usage(void)
 {
 	fprintf(stderr, "Version: " VERSION "\n"
-		"Usage: dsniff [-cdmn] [-i interface] [-s snaplen] [-f services]\n"
-		"              [-t trigger[,...]] [-r|-w savefile] [expression]\n");
+		"Usage: dsniff [-cdmn] [-i interface | -p pcapfile] [-s snaplen]\n"
+		"              [-f services] [-t trigger[,...]] [-r|-w savefile]\n"
+		"              [expression]\n");
 	exit(1);
 }
 
@@ -79,7 +80,7 @@
 
 	services = savefile = triggers = NULL;
 	
-	while ((c = getopt(argc, argv, "cdf:i:mnr:s:t:w:h?V")) != -1) {
+	while ((c = getopt(argc, argv, "cdf:i:mnp:r:s:t:w:h?V")) != -1) {
 		switch (c) {
 		case 'c':
 			Opt_client = 1;
@@ -99,6 +100,9 @@
 		case 'n':
 			Opt_dns = 0;
 			break;
+		case 'p':
+			nids_params.filename = optarg;
+			break;
 		case 'r':
 			Opt_read = 1;
 			savefile = optarg;
@@ -168,10 +172,23 @@
 	else nids_register_tcp(trigger_tcp);
 	
 	if (nids_params.pcap_filter != NULL) {
-		warnx("listening on %s [%s]", nids_params.device,
-		      nids_params.pcap_filter);
+		if (nids_params.filename == NULL) {
+			warnx("listening on %s [%s]", nids_params.device,
+		        nids_params.pcap_filter);
+		}
+		else {
+			warnx("using %s [%s]", nids_params.filename,
+		        nids_params.pcap_filter);
+		}
+	}
+	else {
+		if (nids_params.filename == NULL) {
+			warnx("listening on %s", nids_params.device);
+		}
+		else {
+			warnx("using %s", nids_params.filename);
+		}
 	}
-	else warnx("listening on %s", nids_params.device);
 	
 	nids_run();
 	
--- a/filesnarf.8
+++ b/filesnarf.8
@@ -9,7 +9,7 @@
 .na
 .nf
 .fi
-\fBfilesnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBfilesnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
 .SH DESCRIPTION
 .ad
 .fi
@@ -18,6 +18,8 @@
 .SH OPTIONS
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP \fB-v\fR
 "Versus" mode. Invert the sense of matching, to select non-matching
 files.
--- a/filesnarf.c
+++ b/filesnarf.c
@@ -51,7 +51,7 @@
 usage(void)
 {
 	fprintf(stderr, "Version: " VERSION "\n"
-		"Usage: filesnarf [-i interface] [[-v] pattern [expression]]\n");
+		"Usage: filesnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
 	exit(1);
 }
 
@@ -464,11 +464,14 @@
 	extern int optind;
 	int c;
 
-	while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
+	while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
 		switch (c) {
 		case 'i':
 			nids_params.device = optarg;
 			break;
+		case 'p':
+			nids_params.filename = optarg;
+			break;
 		case 'v':
 			Opt_invert = 1;
 			break;
@@ -498,11 +501,24 @@
 	nids_register_ip(decode_udp_nfs);
 	nids_register_tcp(decode_tcp_nfs);
 
-	if (nids_params.pcap_filter != NULL) {
-		warnx("listening on %s [%s]", nids_params.device,
-		      nids_params.pcap_filter);
-	}
-	else warnx("listening on %s", nids_params.device);
+        if (nids_params.pcap_filter != NULL) {
+                if (nids_params.filename == NULL) {
+                        warnx("listening on %s [%s]", nids_params.device,
+                              nids_params.pcap_filter);
+                }
+                else {
+                        warnx("using %s [%s]", nids_params.filename,
+                              nids_params.pcap_filter);
+                }
+        }
+        else {
+                if (nids_params.filename == NULL) {
+                        warnx("listening on %s", nids_params.device);
+                }
+                else {
+                        warnx("using %s", nids_params.filename);
+                }
+        }
 
 	nids_run();
 
--- a/mailsnarf.8
+++ b/mailsnarf.8
@@ -9,7 +9,7 @@
 .na
 .nf
 .fi
-\fBmailsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBmailsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
 .SH DESCRIPTION
 .ad
 .fi
@@ -19,6 +19,8 @@
 .SH OPTIONS
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP \fB-v\fR
 "Versus" mode. Invert the sense of matching, to select non-matching
 messages.
--- a/mailsnarf.c
+++ b/mailsnarf.c
@@ -59,7 +59,7 @@
 usage(void)
 {
 	fprintf(stderr, "Version: " VERSION "\n"
-		"Usage: mailsnarf [-i interface] [[-v] pattern [expression]]\n");
+		"Usage: mailsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
 	exit(1);
 }
 
@@ -344,11 +344,14 @@
 	extern int optind;
 	int c;
 	
-	while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
+	while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
 		switch (c) {
 		case 'i':
 			nids_params.device = optarg;
 			break;
+                case 'p':
+                        nids_params.filename = optarg;
+                        break;
 		case 'v':
 			Opt_invert = 1;
 			break;
@@ -378,10 +381,23 @@
 	nids_register_tcp(sniff_pop_session);
 
 	if (nids_params.pcap_filter != NULL) {
-		warnx("listening on %s [%s]", nids_params.device,
-		      nids_params.pcap_filter);
-	}
-	else warnx("listening on %s", nids_params.device);
+                if (nids_params.filename == NULL) {
+		        warnx("listening on %s [%s]", nids_params.device,
+		              nids_params.pcap_filter);
+                }
+                else {
+		        warnx("using %s [%s]", nids_params.filename,
+		              nids_params.pcap_filter);
+                }
+	}
+	else {
+                if (nids_params.filename == NULL) {
+                    warnx("listening on %s", nids_params.device);
+                }
+                else {
+                    warnx("using %s", nids_params.filename);
+                }
+        }
 	
 	nids_run();
 	
--- a/msgsnarf.8
+++ b/msgsnarf.8
@@ -9,7 +9,7 @@
 .na
 .nf
 .fi
-\fBmsgsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBmsgsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
 .SH DESCRIPTION
 .ad
 .fi
@@ -19,6 +19,8 @@
 .SH OPTIONS
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP \fB-v\fR
 "Versus" mode. Invert the sense of matching, to select non-matching
 messages.
--- a/msgsnarf.c
+++ b/msgsnarf.c
@@ -45,7 +45,7 @@
 usage(void)
 {
 	fprintf(stderr, "Version: " VERSION "\n"
-		"Usage: msgsnarf [-i interface] [[-v] pattern [expression]]\n");
+		"Usage: msgsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
 	exit(1);
 }
 
@@ -633,11 +633,14 @@
 	extern int optind;
 	int c;
 	
-	while ((c = getopt(argc, argv, "i:hv?V")) != -1) {
+	while ((c = getopt(argc, argv, "i:p:hv?V")) != -1) {
 		switch (c) {
 		case 'i':
 			nids_params.device = optarg;
 			break;
+		case 'p':
+			nids_params.filename = optarg;
+			break;
 		case 'v':
 			Opt_invert = 1;
 			break;
@@ -666,11 +669,24 @@
 	
 	nids_register_tcp(sniff_msgs);
 
-	if (nids_params.pcap_filter != NULL) {
-		warnx("listening on %s [%s]", nids_params.device,
-		      nids_params.pcap_filter);
-	}
-	else warnx("listening on %s", nids_params.device);
+        if (nids_params.pcap_filter != NULL) {
+                if (nids_params.filename == NULL) {
+                        warnx("listening on %s [%s]", nids_params.device,
+                              nids_params.pcap_filter);
+                }
+                else {
+                        warnx("using %s [%s]", nids_params.filename,
+                              nids_params.pcap_filter);
+                }
+        }
+        else {
+                if (nids_params.filename == NULL) {
+                    warnx("listening on %s", nids_params.device);
+                }
+                else {
+                    warnx("using %s", nids_params.filename);
+                }
+        }
 
 	nids_run();
 	
--- a/sshow.8
+++ b/sshow.8
@@ -9,7 +9,7 @@
 .na
 .nf
 .fi
-\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR] [\fIexpression\fR]
+\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [\fIexpression\fR]
 .SH DESCRIPTION
 .ad
 .fi
@@ -28,6 +28,8 @@
 Enable verbose debugging output.
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP "\fIexpression\fR"
 Specify a tcpdump(8) filter expression to select traffic to sniff.
 .SH "SEE ALSO"
--- a/sshow.c
+++ b/sshow.c
@@ -82,7 +82,7 @@
 static void
 usage(void)
 {
-	fprintf(stderr, "Usage: sshow [-d] [-i interface]\n");
+	fprintf(stderr, "Usage: sshow [-d] [-i interface | -p pcapfile]\n");
 	exit(1);
 }
 
@@ -616,7 +616,7 @@
 	extern int optind;
 	int c;
 	
-	while ((c = getopt(argc, argv, "di:h?")) != -1) {
+	while ((c = getopt(argc, argv, "di:p:h?")) != -1) {
 		switch (c) {
 		case 'd':
 			debug++;
@@ -624,6 +624,9 @@
 		case 'i':
 			nids_params.device = optarg;
 			break;
+		case 'p':
+			nids_params.filename = optarg;
+			break;
 		default:
 			usage();
 			break;
@@ -652,11 +655,24 @@
 	
 	nids_register_tcp(process_event);
 
-	if (nids_params.pcap_filter != NULL) {
-		warnx("listening on %s [%s]", nids_params.device,
-		      nids_params.pcap_filter);
-	}
-	else warnx("listening on %s", nids_params.device);
+        if (nids_params.pcap_filter != NULL) {
+                if (nids_params.filename == NULL) {
+                        warnx("listening on %s [%s]", nids_params.device,
+                              nids_params.pcap_filter);
+                }
+                else {
+                        warnx("using %s [%s]", nids_params.filename,
+                              nids_params.pcap_filter);
+                }
+        }
+        else {
+                if (nids_params.filename == NULL) {
+                    warnx("listening on %s", nids_params.device);
+                }
+                else {
+                    warnx("using %s", nids_params.filename);
+                }
+        }
 
 	nids_run();
 	
--- a/urlsnarf.8
+++ b/urlsnarf.8
@@ -9,7 +9,7 @@
 .na
 .nf
 .fi
-\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR]  [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR]  [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
 .SH DESCRIPTION
 .ad
 .fi
@@ -21,6 +21,9 @@
 .IP \fB-n\fR
 Do not resolve IP addresses to hostnames.
 .IP "\fB-i \fIinterface\fR"
+Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP \fB-v\fR
 "Versus" mode. Invert the sense of matching, to select non-matching
 URLs.
--- a/urlsnarf.c
+++ b/urlsnarf.c
@@ -41,7 +41,7 @@
 usage(void)
 {
 	fprintf(stderr, "Version: " VERSION "\n"
-		"Usage: urlsnarf [-n] [-i interface] [[-v] pattern [expression]]\n");
+		"Usage: urlsnarf [-n] [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
 	exit(1);
 }
 
@@ -201,11 +201,14 @@
 	extern int optind;
 	int c;
 	
-	while ((c = getopt(argc, argv, "i:nvh?V")) != -1) {
+	while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) {
 		switch (c) {
 		case 'i':
 			nids_params.device = optarg;
 			break;
+		case 'p':
+			nids_params.filename = optarg;
+			break;
 		case 'n':
 			Opt_dns = 0;
 			break;
@@ -238,8 +241,24 @@
 	
 	nids_register_tcp(sniff_http_client);
 
-	warnx("listening on %s [%s]", nids_params.device,
-	      nids_params.pcap_filter);
+        if (nids_params.pcap_filter != NULL) {
+                if (nids_params.filename == NULL) {
+                        warnx("listening on %s [%s]", nids_params.device,
+                              nids_params.pcap_filter);
+                }
+                else {
+                        warnx("using %s [%s]", nids_params.filename,
+                              nids_params.pcap_filter);
+                }
+        }
+        else {
+                if (nids_params.filename == NULL) {
+                    warnx("listening on %s", nids_params.device);
+                }
+                else {
+                    warnx("using %s", nids_params.filename);
+                }
+        }
 
 	nids_run();
 	
--- a/webspy.8
+++ b/webspy.8
@@ -9,7 +9,7 @@
 .na
 .nf
 .fi
-\fBwebspy\fR [\fB-i \fIinterface\fR] \fIhost\fR
+\fBwebspy\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] \fIhost\fR
 .SH DESCRIPTION
 .ad
 .fi
@@ -20,6 +20,8 @@
 .SH OPTIONS
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP \fIhost\fR
 Specify the web client to spy on.
 .SH "SEE ALSO"
--- a/webspy.c
+++ b/webspy.c
@@ -42,7 +42,7 @@
 usage(void)
 {
 	fprintf(stderr, "Version: " VERSION "\n"
-		"Usage: %s [-i interface] host\n", progname);
+		"Usage: %s [-i interface | -p pcapfile] host\n", progname);
 	exit(1);
 }
 
@@ -184,11 +184,14 @@
 	extern int optind;
 	int c;
 	
-	while ((c = getopt(argc, argv, "i:h?V")) != -1) {
+	while ((c = getopt(argc, argv, "i:p:h?V")) != -1) {
 		switch (c) {
 		case 'i':
 			nids_params.device = optarg;
 			break;
+		case 'p':
+			nids_params.filename = optarg;
+			break;
 		default:
 			usage();
 		}
@@ -216,7 +219,13 @@
 	
 	nids_register_tcp(sniff_http_client);
 
-	warnx("listening on %s", nids_params.device);
+        if (nids_params.filename == NULL) {
+                warnx("listening on %s", nids_params.device);
+        }
+        else {
+                warnx("using %s", nids_params.filename);
+        }
+
 
 	nids_run();