sniffit 0.3.5, TCP/UDP/ICMP packets sniffer

1998-05-07 08:31:49 +00:00 · 1998-05-07 08:31:49 +00:00 · 7da105e113
commit 7da105e113
parent a92b09ef0b
12 changed files with 362 additions and 0 deletions
--- a/net/sniffit/Makefile
+++ b/net/sniffit/Makefile
@ -0,0 +1,33 @@
+# New ports collection makefile for:	sniffit
+# Version required:	0.3.5
+# Date created:		7 May 1998
+# Whom:			form
+#
+# $OpenBSD: Makefile,v 1.1.1.1 1998/05/07 08:31:49 form Exp $
+# FreeBSD: Makefile,v 1.1.1.1 1998/04/04 04:58:25 obrien Exp
+#
+
+DISTNAME=	sniffit.0.3.5
+PKGNAME=	sniffit-0.3.5
+CATEGORIES=	net security
+MASTER_SITES=	http://reptile.rug.ac.be/~coder/sniffit/files/ \
+		ftp://ftphost.manawatu.gen.nz/pub/unix/net/security/sniffers/sniffit/ \
+		ftp://ftp.netbsd.org/pub/NetBSD/packages/distfiles
+
+MAINTAINER=	form@vs.itam.nsc.ru
+
+GNU_CONFIGURE=	yes
+ALL_TARGET=
+MAN5=		sniffit.5
+MAN8=		sniffit.8
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/sniffit ${PREFIX}/sbin
+	${INSTALL_MAN} ${WRKSRC}/sniffit.5 ${PREFIX}/man/man5
+	${INSTALL_MAN} ${WRKSRC}/sniffit.8 ${PREFIX}/man/man8
+.if !defined(NOPORTDOCS)
+	${MKDIR} ${PREFIX}/share/doc/sniffit
+	${INSTALL_MAN} ${WRKSRC}/README.FIRST ${PREFIX}/share/doc/sniffit
+.endif
+
+.include <bsd.port.mk>
--- a/net/sniffit/files/md5
+++ b/net/sniffit/files/md5
@ -0,0 +1 @@
+MD5 (sniffit.0.3.5.tar.gz) = bd116c62669372d7ea7f59c337f6822a
--- a/net/sniffit/patches/patch-aa
+++ b/net/sniffit/patches/patch-aa
@ -0,0 +1,40 @@
+*** Makefile.in.orig	Fri Apr 18 16:33:57 1997
+--- Makefile.in	Thu May  7 15:02:13 1998
+***************
+*** 11,19 ****
+  DEFS	   = @DEFS@
+  OS_OPT     = @OS_OPT@
+  OBJ_FLAG   = -w -O2 -c
+! OBJ_OPT    = -I./libpcap-0.3 -L./libpcap-0.3
+  EXE_FLAG   = -w -O2 -o sniffit
+! EXE_OPT    = -I./libpcap-0.3 -L./libpcap-0.3 -lpcap
+  EXE_OBJ    = sn_packets.o sn_generation.o sn_interface.o sn_cfgfile.o \
+               sn_logfile.o
+  DEP_FILES  = sn_config.h pcap.h sn_data.h sn_defines.h sn_plugins.h \
+--- 11,19 ----
+  DEFS	   = @DEFS@
+  OS_OPT     = @OS_OPT@
+  OBJ_FLAG   = -w -O2 -c
+! #OBJ_OPT    = -I./libpcap-0.3 -L./libpcap-0.3
+  EXE_FLAG   = -w -O2 -o sniffit
+! EXE_OPT    = -lpcap
+  EXE_OBJ    = sn_packets.o sn_generation.o sn_interface.o sn_cfgfile.o \
+               sn_logfile.o
+  DEP_FILES  = sn_config.h pcap.h sn_data.h sn_defines.h sn_plugins.h \
+***************
+*** 21,27 ****
+               sn_generation.o sn_interface.o sn_cfgfile.o sn_logfile.o
+  
+  sniffit: $(SNIFFIT) $(DEP_FILES)
+! 	cd libpcap-0.3; make; cd ..
+  	$(CC) $(EXE_FLAG) $(SNIFFIT) $(EXE_OBJ) $(EXE_OPT) $(LIBS) $(DEFS) $(OS_OPT) 
+  	strip sniffit
+  
+--- 21,27 ----
+               sn_generation.o sn_interface.o sn_cfgfile.o sn_logfile.o
+  
+  sniffit: $(SNIFFIT) $(DEP_FILES)
+! 	#cd libpcap-0.3; make; cd ..
+  	$(CC) $(EXE_FLAG) $(SNIFFIT) $(EXE_OBJ) $(EXE_OPT) $(LIBS) $(DEFS) $(OS_OPT) 
+  	strip sniffit
+  
--- a/net/sniffit/patches/patch-ab
+++ b/net/sniffit/patches/patch-ab
@ -0,0 +1,39 @@
+*** sniffit.0.3.5.c.orig	Fri Apr 18 16:33:58 1997
+--- sniffit.0.3.5.c	Thu May  7 15:02:13 1998
+***************
+*** 411,421 ****
+--- 411,432 ----
+  	proto=unwrap_packet(sp, info); 
+  	if(proto == NO_IP)	return DONT_EXAMINE; /* no use in trying */
+  	if(proto == NO_IP_4)	return DONT_EXAMINE; /* no use in trying */
+ 	if(proto == CORRUPT_IP)
+ 	  {
+ 		printf("Suspicious Packet detected... (Split header)\n");
+ 		return DONT_EXAMINE;
+ 	  }
+  
+          memcpy(&iphead,(sp+PROTO_HEAD),sizeof(struct IP_header));
+  	so=(unsigned char *)&(iphead.source);
+         	dest=(unsigned char *)&(iphead.destination);
+  
+ 	if(info->FRAG_nf!=0)
+ 	  {
+ 		printf("Fragment Skipped...\n"); 
+ 		return DONT_EXAMINE;
+ 	  }
+ 
+  	if((proto==TCP)&&(PROTOCOLS&F_TCP)) 
+  		{
+  #ifdef DEBUG_ONSCREEN
+***************
+*** 1220,1225 ****
+--- 1231,1239 ----
+  	proto=unwrap_packet(sp, info);
+  	if(proto == NO_IP)	return DONT_EXAMINE; /* no use in trying */
+  	if(proto == NO_IP_4)	return DONT_EXAMINE; /* no use in trying */
+ 	if(proto == CORRUPT_IP) return DONT_EXAMINE; /* no use in trying */
+ 
+ 	if(info->FRAG_nf!=0)	return DONT_EXAMINE;
+  
+  	(*IP_nr_of_packets)++;
+  	if(proto==ICMP)  
--- a/net/sniffit/patches/patch-ac
+++ b/net/sniffit/patches/patch-ac
@ -0,0 +1,10 @@
+*** sn_packetstructs.h.orig	Fri Apr 18 16:33:58 1997
+--- sn_packetstructs.h	Thu May  7 15:02:13 1998
+***************
+*** 48,51 ****
+--- 48,52 ----
+  {
+  	int IP_len, TCP_len, ICMP_len, UDP_len;         /* header lengths */ 
+  	int DATA_len;
+ 	char FRAG_nf;									/* not the first fragment */
+  };
--- a/net/sniffit/patches/patch-ad
+++ b/net/sniffit/patches/patch-ad
@ -0,0 +1,99 @@
+*** sn_packets.c.orig	Fri Apr 18 16:33:58 1997
+--- sn_packets.c	Thu May  7 15:02:14 1998
+***************
+*** 43,48 ****
+--- 43,49 ----
+  	struct UDP_header UDPhead;
+  
+  	int i;
+ 	short int dummy;	/* 2 bytes, important */
+  
+  	memcpy(&IPhead,(sp+PROTO_HEAD),sizeof(struct IP_header));
+                                                    /* IP header Conversion */
+***************
+*** 51,56 ****
+--- 52,58 ----
+  	unwrapped->TCP_len = 0;         	/* Reset structure NEEDED!!! */
+  	unwrapped->UDP_len = 0;
+  	unwrapped->DATA_len = 0;
+ 	unwrapped->FRAG_nf = 0;
+          
+  	if(NO_CHKSUM == 0)
+  		{
+***************
+*** 75,106 ****
+--- 77,150 ----
+  					/* restore orig buffer      */
+          			 	/* general programming rule */
+  		}
+ 
+ #ifdef DEBUG_ONSCREEN
+  	printf("IPheadlen: %d   total length: %d\n", unwrapped->IP_len,
+  						    ntohs(IPhead.length)); 
+ #endif
+  
+ 	dummy=ntohs(IPhead.flag_offset); dummy<<=3;
+ 	if( dummy!=0 )                            /* we have offset */
+ 		{
+ 		unwrapped->FRAG_nf = 1;
+ 		}
+ 
+  	if(IPhead.protocol == TCP )		             /* TCP */
+  		{
+ 		if(unwrapped->FRAG_nf == 0)
+ 			{
+ 			if( (ntohs(IPhead.length)-(unwrapped->IP_len))<20 )
+ 				return CORRUPT_IP;
+ 			
+  		memcpy(&TCPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)),
+  						sizeof(struct TCP_header));
+  		unwrapped->TCP_len = ntohs(TCPhead.offset_flag) & 0xF000;
+  		unwrapped->TCP_len >>= 10; 
+  		unwrapped->DATA_len = ntohs(IPhead.length) -
+  				(unwrapped->IP_len) - (unwrapped->TCP_len); 
+ 			}
+ 		else
+ 			{
+ 				unwrapped->DATA_len = ntohs(IPhead.length) 
+ 		    				- (unwrapped->IP_len);
+ 			}
+  		return TCP;
+  		}
+  	if(IPhead.protocol == ICMP )		             /* ICMP */
+  		{
+ 		if(unwrapped->FRAG_nf == 0)
+ 			{
+ 			if( (ntohs(IPhead.length)-(unwrapped->IP_len))<4 )
+ 				return CORRUPT_IP;
+  		memcpy(&ICMPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)),
+  						sizeof(struct ICMP_header));
+  		unwrapped->ICMP_len = ICMP_HEADLENGTH;
+  		unwrapped->DATA_len = ntohs(IPhead.length) -
+  				(unwrapped->IP_len) - (unwrapped->ICMP_len); 
+  		return ICMP; 
+ 			}
+ 		else
+ 			{
+ 			return -1;	/* don't handle fragmented ICMP */
+ 			}
+  		}
+  	if(IPhead.protocol == UDP )		               /* UDP */
+  		{
+ 		if(unwrapped->FRAG_nf == 0)
+ 			{
+ 			if( (ntohs(IPhead.length)-(unwrapped->IP_len))<8 )
+ 				return CORRUPT_IP;
+  		memcpy(&UDPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)),
+  						sizeof(struct UDP_header));
+  		unwrapped->UDP_len = UDP_HEADLENGTH;
+  		unwrapped->DATA_len = ntohs(IPhead.length) -
+  				(unwrapped->IP_len) - (unwrapped->UDP_len); 
+ 			}
+ 		else
+ 			{
+ 			unwrapped->DATA_len = ntohs(IPhead.length)
+ 			    			- (unwrapped->IP_len); 
+ 			}
+  		return UDP; 
+  		}
+  	return -1; 
--- a/net/sniffit/patches/patch-ae
+++ b/net/sniffit/patches/patch-ae
@ -0,0 +1,12 @@
+*** sn_defines.h.orig	Fri Apr 18 16:33:58 1997
+--- sn_defines.h	Thu May  7 15:02:14 1998
+***************
+*** 82,87 ****
+--- 82,88 ----
+  
+  #define NO_IP   0
+  #define NO_IP_4 1000
+ #define CORRUPT_IP 1001
+  #define ICMP    1                       /* Protocol Numbers */
+  #define TCP     6
+  #define UDP     17
--- a/net/sniffit/patches/patch-af
+++ b/net/sniffit/patches/patch-af
@ -0,0 +1,95 @@
+*** configure.orig	Fri Apr 18 16:33:57 1997
+--- configure	Thu May  7 15:18:45 1998
+***************
+*** 712,726 ****
+  fi
+  
+  
+! NCURSES_PATH=/usr/include:/usr/include/ncurses:/usr/include/curses:/usr/local/include:/usr/local/include/ncurses:/usr/local/include/curses
+! echo $ac_n "checking for main in -lncurses""... $ac_c" 1>&6
+! echo "configure:718: checking for main in -lncurses" >&5
+! ac_lib_var=`echo ncurses'_'main | sed 'y%./+-%__p_%'`
+  if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+    echo $ac_n "(cached) $ac_c" 1>&6
+  else
+    ac_save_LIBS="$LIBS"
+! LIBS="-lncurses  $LIBS"
+  cat > conftest.$ac_ext <<EOF
+  #line 726 "configure"
+  #include "confdefs.h"
+--- 712,726 ----
+  fi
+  
+  
+! NCURSES_PATH=/usr/include:/usr/include/curses:/usr/include/curses:/usr/local/include:/usr/local/include/curses:/usr/local/include/curses
+! echo $ac_n "checking for main in -lcurses""... $ac_c" 1>&6
+! echo "configure:718: checking for main in -lcurses" >&5
+! ac_lib_var=`echo curses'_'main | sed 'y%./+-%__p_%'`
+  if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+    echo $ac_n "(cached) $ac_c" 1>&6
+  else
+    ac_save_LIBS="$LIBS"
+! LIBS="-lcurses  $LIBS"
+  cat > conftest.$ac_ext <<EOF
+  #line 726 "configure"
+  #include "confdefs.h"
+***************
+*** 744,763 ****
+  fi
+  if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+    echo "$ac_t""yes" 1>&6
+!     ac_tr_lib=HAVE_LIB`echo ncurses | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+      -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+    cat >> confdefs.h <<EOF
+  #define $ac_tr_lib 1
+  EOF
+  
+!   LIBS="-lncurses $LIBS"
+  
+  else
+    echo "$ac_t""no" 1>&6
+  fi
+  
+  
+! for ac_prog in ncurses.h
+  do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+  set dummy $ac_prog; ac_word=$2
+--- 744,763 ----
+  fi
+  if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+    echo "$ac_t""yes" 1>&6
+!     ac_tr_lib=HAVE_LIB`echo curses | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+      -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+    cat >> confdefs.h <<EOF
+  #define $ac_tr_lib 1
+  EOF
+  
+!   LIBS="-lcurses $LIBS"
+  
+  else
+    echo "$ac_t""no" 1>&6
+  fi
+  
+  
+! for ac_prog in curses.h
+  do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+  set dummy $ac_prog; ac_word=$2
+***************
+*** 1299,1304 ****
+--- 1299,1312 ----
+  freebsd*)
+  	cat >> confdefs.h <<\EOF
+  #define FREEBSD 1
+ EOF
+ 
+ 	OS_OPT=
+ 	
+         ;;
+ openbsd*)
+ 	cat >> confdefs.h <<\EOF
+ #define OPENBSD 1
+  EOF
+  
+  	OS_OPT=
--- a/net/sniffit/patches/patch-ag
+++ b/net/sniffit/patches/patch-ag
@ -0,0 +1,19 @@
+*** sn_data.h.orig	Thu May  7 15:04:04 1998
+--- sn_data.h	Thu May  7 15:04:38 1998
+***************
+*** 20,26 ****
+  char *ETH_DEV[]={"et"};
+  #endif
+  
+! #ifdef FREEBSD
+  #define ETH_DEV_NR      1
+  char *ETH_DEV[]={"ed"};
+  #endif
+--- 20,26 ----
+  char *ETH_DEV[]={"et"};
+  #endif
+  
+! #if defined(FREEBSD) || defined(OPENBSD)
+  #define ETH_DEV_NR      1
+  char *ETH_DEV[]={"ed"};
+  #endif
--- a/net/sniffit/pkg/COMMENT
+++ b/net/sniffit/pkg/COMMENT
@ -0,0 +1 @@
+A packet sniffer program.  For educational use.
--- a/net/sniffit/pkg/DESCR
+++ b/net/sniffit/pkg/DESCR
@ -0,0 +1,8 @@
+Sniffit is a network sniffer for TCP/UDP/ICMP packets. 
+
+Sniffit produces very detailed technical details about the packets flowing
+through your network (SEQ, ACK, TTL, Window, ...) and also packet contence
+in different formats (hex or plain text, ...)
+
+- Adam McDougall
+mcdouga9@egr.msu.edu 
--- a/net/sniffit/pkg/PLIST
+++ b/net/sniffit/pkg/PLIST
@ -0,0 +1,5 @@
+sbin/sniffit
+man/man5/sniffit.5
+man/man8/sniffit.8
+share/doc/sniffit/README.FIRST
+@dirrm share/doc/sniffit
				`@ -0,0 +1 @@`
				`MD5 (sniffit.0.3.5.tar.gz) = bd116c62669372d7ea7f59c337f6822a`
				`@ -0,0 +1 @@`
				`A packet sniffer program. For educational use.`