cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new parse port - watch tcpdump traces in real-time

Browse Source
This commit is contained in:
dugsong 2000-01-27 20:31:50 +00:00
parent c7c4af8749
commit 0cb5be8acb
10 changed files with 312 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
security/parse/Makefile Normal file
View File

@ -0,0 +1,24 @@
# Makefile for: parse
# Version required: 1.0
# Date created: 27 Jan 2000
# Whom: dugsong@monkey.org
#
# $OpenBSD: Makefile,v 1.1.1.1 2000/01/27 20:31:50 dugsong Exp $
PKGNAME= parse-1.0
CATEGORIES= security
MAINTAINER= dugsong@monkey.org
NO_CDROM= "not for resale"
MASTER_SITES= ftp://ftp.sdsc.edu/pub/security/PICS/parse/
DISTNAME= parse
EXTRACT_SUFX= .t.gz
NO_CONFIGURE= yes
.include <bsd.port.mk>

3
security/parse/files/md5 Normal file
View File

@ -0,0 +1,3 @@
MD5 (parse.t.gz) = 76423b0357edacd3107bb49b624401a3
RMD160 (parse.t.gz) = 8d22abd6dbb4bf2bac5a017db85ae13bf78e2645
SHA1 (parse.t.gz) = 54f9407786b2f0e3ca57c8427d18cabf7a27934f

27
security/parse/patches/patch-aa Normal file
View File

@ -0,0 +1,27 @@
--- Makefile.orig Thu Jan 27 14:49:45 2000
+++ Makefile Thu Jan 27 15:27:25 2000
@@ -1,11 +1,12 @@
CC=gcc
-CFLAGS=-g -Ilibpcap -Ilibpcap/bpf
+
+PREFIX?=/usr/local
all: parse
OBJS=comment.o summarize.o parse_input.o display.o
-LIBS=-Llibpcap -lpcap
+LIBS= -lpcap
parse: $(OBJS)
$(CC) -o parse $(OBJS) $(LIBS)
@@ -13,6 +14,9 @@
display.o: parse.h
summarize.o: parse.h
+
+install: parse
+ install -c -m 755 parse $(PREFIX)/bin
clean:
rm -f *.o parse

20
security/parse/patches/patch-ab Normal file
View File

@ -0,0 +1,20 @@
--- comment.c.orig Thu Jan 27 14:50:26 2000
+++ comment.c Thu Jan 27 14:56:52 2000
@@ -28,8 +28,8 @@
*/
#include <stdio.h>
+#include <string.h>
#include <syslog.h>
-#include <alloca.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
@@ -42,6 +42,7 @@
#include <netinet/ip_icmp.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
+#include <arpa/inet.h>
#include <sgtty.h>

159
security/parse/patches/patch-ac Normal file
View File

@ -0,0 +1,159 @@
--- display.c.orig Thu Jan 27 14:51:39 2000
+++ display.c Thu Jan 27 15:14:55 2000
@@ -27,7 +27,10 @@
*/
#include <stdio.h>
-#include <alloca.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <ctype.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
@@ -40,6 +43,7 @@
#include <netinet/ip_icmp.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
+#include <arpa/inet.h>
#include <sgtty.h>
@@ -59,8 +63,10 @@
static void write_stoc(); /* Server to Client */
static void initialize_screen(); /* Clear screen, setup windows, etc */
static void dump_handler();
+extern void cleanup_output();
extern int ignore_user;
+void
display_connection(input_filename, con_id)
char *input_filename;
int con_id;
@@ -108,7 +114,6 @@
}
pcap_close(pcp);
- return;
}
char init_user=0;
@@ -136,15 +141,13 @@
struct ip *ip;
struct tcphdr *tcph;
u_char *abuf, *abuf2;
- int flags, length;
+ int length;
static struct timeval last_time;
static int offset_set=0;
- struct timeval ct;
fd_set fdset;
struct timeval timeout;
char inchar;
- char outbuf[64];
/* tjk timing */
static struct timeval session_start, cur_delta;
@@ -218,7 +221,6 @@
}
for (;;) {
- int sel_out;
struct timeval t1,t2,t3;
bcopy(subtract_timeval(&pkth->ts, &session_start),
@@ -477,12 +479,10 @@
if (length > 46) {
len = 46;
- strncpy(s, p+(length-46), len); /* Get last 46 characters */
- *(s+len)=0;
+ strlcpy(s, p+(length-46), len); /* Get last 46 characters */
} else {
len = length;
- strncpy(s, p, len);
- *(s+len)=0;
+ strlcpy(s, p, len);
}
mode=0;
@@ -561,8 +561,7 @@
if (len == 46) {
printf("\033[26;34H\033[7m%s\033[0m", new_buffer);
former_buflen = 46;
- strncpy(former_buffer, printable, len);
- *(former_buffer+len)=0;
+ strlcpy(former_buffer, printable, len);
} else {
if ((former_buflen + len) > 46) {
diff = (former_buflen + len - 46);
@@ -572,17 +571,14 @@
printf("\033[26;%dH", 34+former_buflen-(diff));
printf("\033[7m%s\033[0m", new_buffer);
former_buflen = 46;
- strncpy(temp, former_buffer+diff, 46-diff);
- *(temp+(46-diff))=0;
- strcat(temp, printable, len);
- *(temp+46)=0;
+ strlcpy(temp, former_buffer+diff, 46-diff);
+ strlcat(temp, printable, len);
strcpy(former_buffer, temp);
} else {
printf("\033[26;%dH", 34+former_buflen);
printf("\033[7m%s\033[0m", new_buffer);
former_buflen += len;
- strncat(former_buffer, printable, len);
- *(former_buffer+former_buflen)=0;
+ strlcat(former_buffer, printable, len);
}
}
}
@@ -600,7 +596,7 @@
char *p;
int length;
{
- char *x, *y, *beg, value;
+ char *x, value, *beg = NULL;
int i;
int redraw_status=0;
enum { STATE_NOTHING, STATE_ESCAPE, STATE_BRACKET, STATE_ARGUMENTS } state;
@@ -741,6 +737,7 @@
static FILE *sfp=NULL, *cfp=NULL;
static char dumpbase[1024];
+void
dump_connection(input_filename, con_id)
char *input_filename;
int con_id;
@@ -754,7 +751,8 @@
printf("Enter basename for output files (server side will append '.srv', client '.cli'\n");
printf(":");
fflush(stdout);
- gets(dumpbase);
+ fgets(dumpbase, sizeof(dumpbase), stdin);
+ strtok(dumpbase, "\r\n");
if ((pcp = pcap_open_offline(input_filename, ebuf)) == NULL) {
fprintf(stderr, "Can't open input file: %s\n", ebuf);
@@ -798,8 +796,6 @@
printf("NOTE: You may want to run:\n");
printf("tr -d '\\015' <basename.srv - and/or -\n");
printf("tr '\\015' '\\012' <basename.cli\n");
-
- return;
}
static void
@@ -812,9 +808,7 @@
struct ip *ip;
struct tcphdr *tcph;
u_char *abuf, *abuf2;
- int flags, length;
- char inchar;
- char outbuf[64];
+ int length;
char buf[1024], buf2[1024];
if (sfp==NULL) {

33
security/parse/patches/patch-ad Normal file
View File

@ -0,0 +1,33 @@
--- parse_input.c.orig Thu Jan 27 14:57:40 2000
+++ parse_input.c Thu Jan 27 15:14:22 2000
@@ -32,6 +32,8 @@
*/
#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
#include <fcntl.h>
#include <sys/signal.h>
@@ -48,6 +50,12 @@
extern int reverseFlag;
+extern void summarize_logfile(char *filename);
+extern void display_connection(char *input_filename, int con_id);
+extern void dump_connection(char *input_filename, int con_id);
+extern void parse_stdin(char *output_filename);
+
+int
main(argc, argv)
int argc;
char *argv[];
@@ -55,8 +63,6 @@
int dump=0;
char *input_filename=NULL, *output_filename=NULL;
int con_id=-1, c;
- extern int optind, opterr;
- extern char *optarg;
extern void cleanup_output();
struct tm tm_offset;

31
security/parse/patches/patch-ae Normal file
View File

@ -0,0 +1,31 @@
--- summarize.c.orig Thu Jan 27 14:51:23 2000
+++ summarize.c Thu Jan 27 14:57:12 2000
@@ -31,7 +31,8 @@
*/
#include <stdio.h>
-#include <alloca.h>
+#include <stdlib.h>
+#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
@@ -44,7 +45,8 @@
#include <netinet/ip_icmp.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
-#include "pcap.h"
+#include <arpa/inet.h>
+#include <pcap.h>
#include "parse.h"
void summarize_handler();
@@ -90,7 +92,7 @@
u_char *abuf, *abuf2;
u_long src, dst;
u_short src_port, dst_port;
- int flags, length;
+ int length;
ep = (struct ether_header *)p;
p += sizeof(struct ether_header);

1
security/parse/pkg/COMMENT Normal file
View File

@ -0,0 +1 @@
watch a tcpdump trace in real-time

13
security/parse/pkg/DESCR Normal file
View File

@ -0,0 +1,13 @@
from README:
Parse can be used to view a TCP trace, or to collect and report on live
traffic. This can be used to record and view what an intruder is doing on
your system. This is also useful for monitoring connections that are traveling
over a particular network. For example, if an intruder logs into a system while
parse is running that strange connection may be noticed. Upon further
investigation it may appear that the intruder is a hacker who seems to be
exploring the system. By collecting a log of what they are doing, evidence
can be gathered to prosecute the hacker; and the damage done by the intruder
can also be assessed.
-d.

1
security/parse/pkg/PLIST Normal file
View File

@ -0,0 +1 @@
bin/parse