Network packet sniffer

PR:		ports/6160
Submitted by:	Adam McDougall <mcdouga9@egr.msu.edu> and reworked by me
This commit is contained in:
David E. O'Brien 1998-04-04 04:58:26 +00:00
parent 286082af6c
commit 997f89e8a7
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=10407
8 changed files with 112 additions and 0 deletions

31
net/sniffit/Makefile Normal file
View File

@ -0,0 +1,31 @@
# ex:ts=8
# New ports collection makefile for: sniffit
# Version required: 0.3.5
# Date created: 28 Mar 1998
# Whom: bsdx
#
# $Id$
#
DISTNAME= sniffit.0.3.5
PKGNAME= sniffit-0.3.5
CATEGORIES= net security
MASTER_SITES= http://reptile.rug.ac.be/~coder/sniffit/files/
MAINTAINER= obrien@FreeBSD.ORG
GNU_CONFIGURE= yes
ALL_TARGET=
MAN5= sniffit.5
MAN8= sniffit.8
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/sniffit ${PREFIX}/sbin
${INSTALL_MAN} ${WRKSRC}/sniffit.5 ${PREFIX}/man/man5
${INSTALL_MAN} ${WRKSRC}/sniffit.8 ${PREFIX}/man/man8
.if !defined(NOPORTDOCS)
${MKDIR} ${PREFIX}/share/doc/sniffit
${INSTALL_MAN} ${WRKSRC}/README.FIRST ${PREFIX}/share/doc/sniffit
.endif
.include <bsd.port.mk>

1
net/sniffit/distinfo Normal file
View File

@ -0,0 +1 @@
MD5 (sniffit.0.3.5.tar.gz) = bd116c62669372d7ea7f59c337f6822a

View File

@ -0,0 +1,23 @@
--- Makefile.in.orig Fri Apr 18 02:33:57 1997
+++ Makefile.in Fri Apr 3 20:50:47 1998
@@ -11,9 +11,9 @@
DEFS = @DEFS@
OS_OPT = @OS_OPT@
OBJ_FLAG = -w -O2 -c
-OBJ_OPT = -I./libpcap-0.3 -L./libpcap-0.3
+#OBJ_OPT = -I./libpcap-0.3 -L./libpcap-0.3
EXE_FLAG = -w -O2 -o sniffit
-EXE_OPT = -I./libpcap-0.3 -L./libpcap-0.3 -lpcap
+EXE_OPT = -lpcap
EXE_OBJ = sn_packets.o sn_generation.o sn_interface.o sn_cfgfile.o \
sn_logfile.o
DEP_FILES = sn_config.h pcap.h sn_data.h sn_defines.h sn_plugins.h \
@@ -21,7 +21,7 @@
sn_generation.o sn_interface.o sn_cfgfile.o sn_logfile.o
sniffit: $(SNIFFIT) $(DEP_FILES)
- cd libpcap-0.3; make; cd ..
+ #cd libpcap-0.3; make; cd ..
$(CC) $(EXE_FLAG) $(SNIFFIT) $(EXE_OBJ) $(EXE_OPT) $(LIBS) $(DEFS) $(OS_OPT)
strip sniffit

View File

@ -0,0 +1,35 @@
--- sniffit.0.3.5.c.orig Fri Apr 18 02:33:58 1997
+++ sniffit.0.3.5.c Fri Apr 3 20:44:10 1998
@@ -411,11 +411,22 @@
proto=unwrap_packet(sp, info);
if(proto == NO_IP) return DONT_EXAMINE; /* no use in trying */
if(proto == NO_IP_4) return DONT_EXAMINE; /* no use in trying */
+ if(proto == CORRUPT_IP)
+ {
+ printf("Suspicious Packet detected... (Split header)\n");
+ return DONT_EXAMINE;
+ }
memcpy(&iphead,(sp+PROTO_HEAD),sizeof(struct IP_header));
so=(unsigned char *)&(iphead.source);
dest=(unsigned char *)&(iphead.destination);
+ if(info->FRAG_nf!=0)
+ {
+ printf("Fragment Skipped...\n");
+ return DONT_EXAMINE;
+ }
+
if((proto==TCP)&&(PROTOCOLS&F_TCP))
{
#ifdef DEBUG_ONSCREEN
@@ -1220,6 +1231,9 @@
proto=unwrap_packet(sp, info);
if(proto == NO_IP) return DONT_EXAMINE; /* no use in trying */
if(proto == NO_IP_4) return DONT_EXAMINE; /* no use in trying */
+ if(proto == CORRUPT_IP) return DONT_EXAMINE; /* no use in trying */
+
+ if(info->FRAG_nf!=0) return DONT_EXAMINE;
(*IP_nr_of_packets)++;
if(proto==ICMP)

View File

@ -0,0 +1,8 @@
--- sn_packetstructs.h.orig Fri Apr 18 02:33:58 1997
+++ sn_packetstructs.h Fri Apr 3 20:41:08 1998
@@ -48,4 +48,5 @@
{
int IP_len, TCP_len, ICMP_len, UDP_len; /* header lengths */
int DATA_len;
+ char FRAG_nf; /* not the first fragment */
};

1
net/sniffit/pkg-comment Normal file
View File

@ -0,0 +1 @@
A packet sniffer program. For educational use.

8
net/sniffit/pkg-descr Normal file
View File

@ -0,0 +1,8 @@
Sniffit is a network sniffer for TCP/UDP/ICMP packets.
Sniffit produces very detailed technical details about the packets flowing
through your network (SEQ, ACK, TTL, Window, ...) and also packet contence
in different formats (hex or plain text, ...)
- Adam McDougall
mcdouga9@egr.msu.edu

5
net/sniffit/pkg-plist Normal file
View File

@ -0,0 +1,5 @@
sbin/sniffit
man/man5/sniffit.5.gz
man/man8/sniffit.8.gz
share/doc/sniffit/README.FIRST
@dirrm share/doc/sniffit