diff options
| author | Parabola <dev@list.parabolagnulinux.org> | 2011-04-05 14:26:38 +0000 |
|---|---|---|
| committer | Parabola <dev@list.parabolagnulinux.org> | 2011-04-05 14:26:38 +0000 |
| commit | 415856bdd4f48ab4f2732996f0bae58595092bbe (patch) | |
| tree | ede2018b591f6dfb477fe9341ba17b9bc000fab9 /community/sniffit | |
Tue Apr 5 14:26:38 UTC 2011
Diffstat (limited to 'community/sniffit')
| -rw-r--r-- | community/sniffit/PKGBUILD | 35 | ||||
| -rw-r--r-- | community/sniffit/sniffit-fix.patch | 937 |
2 files changed, 972 insertions, 0 deletions
diff --git a/community/sniffit/PKGBUILD b/community/sniffit/PKGBUILD new file mode 100644 index 000000000..56fca9456 --- /dev/null +++ b/community/sniffit/PKGBUILD @@ -0,0 +1,35 @@ +# $Id: PKGBUILD 21978 2010-07-19 13:45:26Z spupykin $ +# Maintainer: Sergej Pupykin <pupykin.s+arch@gmail.com> +# Maintainer: Kessia 'even' Pinheiro <kessiapinheiro at gmail.com> + +pkgname=sniffit +pkgver=0.3.7.beta +pkgrel=10 +pkgdesc="very good packet sniffer for unix with ncurses interactive mode." +arch=('i686' 'x86_64') +url="http://packages.ubuntu.com/source/sniffit" +#seems the website are out, ubuntu have all sources +#url=http://reptile.rug.ac.be/~coder/sniffit/sniffit.html" +license=('GPL') +depends=('ncurses' 'libpcap') +makedepends=('libtool') +source=("http://archive.ubuntu.com/ubuntu/pool/universe/s/${pkgname}/${pkgname}_${pkgver}.orig.tar.gz" + 'sniffit-fix.patch') +md5sums=('2697cc18878480199fe6db1e61134d5a' + 'e66e45dac8fd088accd62160cf8b569f') + +build() { + cd "${srcdir}" + patch -Np0 < ${srcdir}/sniffit-fix.patch || return 1 + + cd "${srcdir}/${pkgname}.${pkgver}" + + rm -f config.sub config.guess + cp /usr/share/libtool/config/config.{guess,sub} . + + ./configure --prefix=/usr --no-recursion + make || return 1 + install -d -m0755 -g root -o root ${pkgdir}/usr/{sbin,share/licenses/${pkgname}} || return 1 + install -D -m0744 -g root -o root sniffit ${pkgdir}/usr/sbin/sniffit + install -D -m0644 LICENSE ${pkgdir}/usr/share/licenses/${pkgname} +} diff --git a/community/sniffit/sniffit-fix.patch b/community/sniffit/sniffit-fix.patch new file mode 100644 index 000000000..e933c70cb --- /dev/null +++ b/community/sniffit/sniffit-fix.patch @@ -0,0 +1,937 @@ +--- sniffit.0.3.7.beta.orig/sniffit.5 ++++ sniffit.0.3.7.beta/sniffit.5 +@@ -122,7 +122,6 @@ + a) Send by hosts '100.100.12.*' + b) Send from/to 100.100.12.2 (useless line) + c) deselecting all WWW packets on the subnet +-.ni + + .SH AUTHOR + Brecht Claerhout <coder@reptile.rug.ac.be> +--- sniffit.0.3.7.beta.orig/sn_structs.h ++++ sniffit.0.3.7.beta/sn_structs.h +@@ -67,7 +67,7 @@ + struct snif_mask /* struct for mask */ + { + _32_bit source_ip, destination_ip; +- _32_bit short source_port, destination_port; ++ _16_bit source_port, destination_port; + }; + + /* (packet generation) */ +--- sniffit.0.3.7.beta.orig/sniffit.0.3.7.c ++++ sniffit.0.3.7.beta/sniffit.0.3.7.c +@@ -48,15 +48,15 @@ + { + printf ( + "usage: %s [-xdabvnN] [-P proto] [-A char] [-p port] [(-r|-R) recordfile]\n" +- " [-l sniflen] [-L logparam] [-F snifdevice] [-M plugin]\n" ++ " [-l sniflen] [-L logparam] [-F snifdevice] [-M plugin]\n", ++ prog_name); + #ifdef INCLUDE_INTERFACE +- " [-D tty]" ++ printf ( " [-D tty]" + " (-t<Target IP> | -s<Source IP>)" +- " | (-i|-I) | -c<config file>]\n", ++ " | (-i|-I) | -c<config file>]\n"); + #else +- " (-t<Target IP> | -s<Source IP>) | -c<config file>]\n", ++ printf ( " (-t<Target IP> | -s<Source IP>) | -c<config file>]\n"); + #endif +- prog_name); + printf ("Plugins Available:\n"); + #ifdef PLUGIN0_NAME + printf (" 0 -- %s\n", PLUGIN0_NAME); +--- sniffit.0.3.7.beta.orig/sn_analyse.c ++++ sniffit.0.3.7.beta/sn_analyse.c +@@ -151,16 +151,18 @@ + { + char workbuf1[MTU]; + char *wb_dummy; ++ char *p; ++ size_t len = info.DATA_len <= MTU-1 ? info.DATA_len : MTU-1; + +- strncpy(workbuf1,data,info.DATA_len); +- workbuf1[info.DATA_len]=0; ++ strncpy(workbuf1,data,len); ++ workbuf1[len]=0; + strlower(workbuf1); + +- if(strstr(workbuf1,"mail from")!=NULL) ++ if((p=strstr(workbuf1,"mail from"))!=NULL) + { + char workbuf2[MTU]; + +- strcpy(workbuf2, strstr(workbuf1,"mail from")); ++ strcpy(workbuf2, p); + if(strchr(workbuf2,13)!=NULL) /* remove trailing enter */ + {wb_dummy=strchr(workbuf2,13); *wb_dummy=0;} + if(strchr(workbuf2,10)!=NULL) +@@ -168,11 +170,11 @@ + print_mail(filename,workbuf2); + } + +- if(strstr(workbuf1,"rcpt to")!=NULL) ++ if((p=strstr(workbuf1,"rcpt to"))!=NULL) + { + char workbuf2[MTU]; + +- strcpy(workbuf2, strstr(workbuf1,"rcpt to")); ++ strcpy(workbuf2, p); + if(strchr(workbuf2,13)!=NULL) /* remove trailing enter */ + {wb_dummy=strchr(workbuf2,13); *wb_dummy=0;} + if(strchr(workbuf2,10)!=NULL) +--- sniffit.0.3.7.beta.orig/README.FIRST ++++ sniffit.0.3.7.beta/README.FIRST +@@ -6,7 +6,7 @@ + * No illegal activities are encouraged! * + # Please read the LICENSE file # + * * +-# Sniffit grew a little upon it's original intentions and is now # ++# Sniffit grew a little upon its original intentions and is now # + * extended for network debugging (UDP, ICMP, netload, etc.) * + #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*# + * Libpcap library * +@@ -45,19 +45,19 @@ + + I hope you enjoy this beta version. Like always, I removed some bugs. There + is a new 'logging' feature. It is now possible to record traffic with +-Sniffit and process it later! (it is completely different from te logging ++Sniffit and process it later! (it is completely different from the logging + done in the 0.3.6 version, that is known to some hardcore Sniffit users) + Please take a minute to skim through the text and read the passages marked + with a '*', these are the new features. + (Please read BETA-TESTING) + +-I use the libpcap library developped at Berkeley Laboratory, for easy ++I use the libpcap library developed at Berkeley Laboratory, for easy + porting (Read the licence). + + 0.1 Credits and contact + ----------------------- + +-Credits go to (in order of apperance on the Sniffit scene): ++Credits go to (in order of appearance on the Sniffit scene): + Wim Vandeputte <wvdputte@reptile.rug.ac.be>, + best friend and UNIX guru, for support, testing and + providing me with a WWW site. +@@ -71,17 +71,17 @@ + Qing Long, for the bash/zsh libpcap/configure script. + Guy Gustavson, for giving me a FreeBSD account. + Woju <woju@freebsd.ee.ntu.edu.tw>, for the ncurses SunOS/FreeBSD fixing, +- and for his other effords. ++ and for his other efforts. + Amlan Saha <eng40607@nus.sg>, for adding Packet Generation to + Sniffit, and adding other features (not implemented yet). + I'm sure that in the near future you will see more of his + work in Sniffit. + Shudoh Kazuyuki, for changing getaddrbyname() and improving the + config-file interpreting. +- Fyodor <fyodor@dhp.com>, for pointing out the hidious small ++ Fyodor <fyodor@dhp.com>, for pointing out the hideous small + fragments problem. + David O'Brien <obrien@nuxi.com>, for netbsd information. +- everybody, who ever mailed me with sugestions help, etc... ++ everybody, who ever mailed me with suggestions help, etc... + + Also a big thanks to my Beta testers (alphabetically, I hope)... + Charles G Stuart <charles.stuart@juno.com> IRIX / RedHat LINUX +@@ -91,7 +91,7 @@ + + And many others who wish to be anonymous.... + +-Sugestions and comments can be sent to: ++Suggestions and comments can be sent to: + coder@reptile.rug.ac.be + + Brecht Claerhout +@@ -99,10 +99,10 @@ + 8700 Tielt + Belgium + +-The original distribution program can be optained from (my site): ++The original distribution program can be obtained from (my site): + http://sniffit.rug.ac.be/sniffit/sniffit.html + +-MIND YOU: this program is ran as root, and thus could easily contain ++MIND YOU: this program is run as root, and thus could easily contain + dangerous trojans. If you get it from the above site you can + safely compile and use it. + (no trojan versions are discovered yet.. it's just a warning) +@@ -178,7 +178,7 @@ + -v Show version and exit (just added because it's such a + wide spread option) + -t <IP nr/name> tells the sniffer to check out packets GOING TO <IP> +- -s <IP nr/name> tells the sniffer to check out packets COMMING FROM <IP> ++ -s <IP nr/name> tells the sniffer to check out packets COMING FROM <IP> + You can use the '@' wildcard (only IP NUMBERS of course). + e.g. -t 199.145.@ + -t 199.14@ +@@ -197,15 +197,15 @@ + Parameters for all modes: + -F <device> force sniffit to use a network device + (READ 3.2 ON THIS SUBJECT, IMPORTANT) +- -n Turn of IP checksum checking. This can show you ++ -n Turn off IP checksum checking. This can show you + bogus packets. (mind you ARP, RARP, other non-IP + packets will show up bogus too) (compatible with + ALL options) +- -N Disables all functions that Sniffit has build in, usefull ++ -N Disables all functions that Sniffit has build in, useful + for wanting to run ONLY a plugin + + Parameters for not running in -i: +- -b does both -t and -s, doesn't mather what function you used ++ -b does both -t and -s, doesn't matter what function you used + (-t or -s) + -d Dump mode, shows the packets on the screen in bytes (not + like tcpdump). For test purposes. (numbers are hex) +@@ -231,7 +231,7 @@ + They can be combined. + -p <port> Logs connections on port <port>, 0 means all ports, default + is 0 (all), look out with that on loaded nets! +- -l <length> Ammount of information to log (default 300 bytes). ++ -l <length> Amount of information to log (default 300 bytes). + Length 0 logs everything. (look out with diskspace when + logging everything!) + -M <Plugin> Activate Plugin nr. <Plugin>, for a list on all plugins +@@ -260,7 +260,7 @@ + + Some examples: + Imagine the following setup: 2 hosts on a subnet, one is running the +- sniffer (sniffit.com), the otherone is 66.66.66.7 (target.com). ++ sniffer (sniffit.com), the other one is 66.66.66.7 (target.com). + 1. You want to test if the sniffer is working: + sniffit:~/# sniffit -d -p 7 -t 66.66.66.7 + and in another window: +@@ -272,7 +272,7 @@ + 3. Root of target.com tells me he gets strange ftp connections and + wants to find out the commands typed: + sniffit:~/# sniffit -p 21 -l 0 -t 66.66.66.7 +- 4. You want to read all incomming and outgoing mail on target.com: ++ 4. You want to read all incoming and outgoing mail on target.com: + sniffit:~/# sniffit -p 25 -l 0 -b -t 66.66.66.7 & + or + sniffit:~/# sniffit -p 25 -l 0 -b -s 66.66.66.7 & +@@ -314,9 +314,9 @@ + F5 or '5' : Start a program 'sniffit_key5' with arguments + <from IP> <from port> <to IP> <to port> + If the program doesn't exist, nothing is done. Sniffit should +- be in the same path as sniffit was STARTED FROM (not necessarely ++ be in the same path as sniffit was STARTED FROM (not necessarily + the path sniffit is stored in) +- This is usefull for interactive connection killing or extra ++ This is useful for interactive connection killing or extra + monitoring. A little shell script can always transform the + arguments given and pass them on to other programs. + F6 or '6' : Same as F5 or '5', but with program 'sniffit_key6' +@@ -330,12 +330,12 @@ + the config.h file to change this (could be needed if y'r + computer is slow). + 'g' : Generate Packets! +- Sniffit is now able to generate some trafic load. Currently +- this is a 'underdevelloped' feature with very few options, ++ Sniffit is now able to generate some traffic load. Currently ++ this is a 'underdeveloped' feature with very few options, + but it will be expanded a lot... + Currently only UDP packets are generated. When pressing 'G' +- you will be asked the source/dest IP/port and how much packets +- are needed to be transmitted. ++ you will be asked the source/dest IP/port and how many packets ++ are to be transmitted. + Packets contain the line: "This Packet was fired with Sniffit!" + 'r' : Reset.. clears all current connections from memory and restarts. + +@@ -348,14 +348,14 @@ + + When forcing network devices, sniffit tries to find out what device it is. + If sniffit recognises the name, everything is okay. +-If it does not recognise the name it will set the variable +-FORCED_HEAD_LENGHTH to the ethernet headlength. The ethernet headlength +-is the length in bytes of an ethernet packet hearder. +-So if you have to force a non-ethernet device, that is not recognised by ++If it does not recognise the name it will set the ethernet headlength ++according to the compiled-in value FORCED_HEAD_LENGTH. The ethernet ++headlength is the length in bytes of an ethernet packet header. ++So if you have to force a non-ethernet device that is not recognised by + sniffit, make sure you change that headlength correctly in the 'sn_config.h' + file. + +-The -F option was added, because I noticed devicenames can differ from ++The -F option was added, because I noticed device names can differ from + system to system, and because some ppl have multiple devices present. + When having problems with this option, please think twice before you mail me. + +@@ -370,7 +370,7 @@ + + The configfile should have lines with the following format: + <field1> <field2> <field3> <field4> [<field5>] +-(seperators are spaces (any number of), NO TABS!!!) ++(separators are spaces (any number of), NO TABS!!!) + + Lines that don't match this pattern are discarded, so standard unix + comments '#' can be used in this file... (this also means that if you +@@ -399,10 +399,10 @@ + host : The (de)selection criteria involves a hostname. + port : similar, ... a portnumber + mhosts : The (de)selection criteria involves multiple-hosts, like +- with the wildcars in 0.3.0, but without the 'x' ++ with the wildcards in 0.3.0, but without the 'x' + + <field4> can be: +-* either a hostname, a portnumber, a service name or a numbet-dot partial ++* either a hostname, a portnumber, a service name or a number-dot partial + * notation indicating multiple hosts depending on <field3> + * (service names like 'ftp' are resolved as the services available + * present on the host that runs Sniffit, and translated into a port nr) +@@ -411,7 +411,7 @@ + a portnumber or service name, if <field3> was 'host' or 'mhosts' + + +- Maybe it would have been wise to mention explicitely, that the config-file ++ Maybe it would have been wise to mention explicitly, that the config-file + currently only works with TCP packets. + + examples: +@@ -425,7 +425,7 @@ + a) Send by host 100.100.12.2 + b) Send by host 100.100.12.3 from port 1400 + c) Send to coder.sniffit.com +- d) All packets on our subnet going to or comming from a telnet port. ++ d) All packets on our subnet going to or coming from a telnet port. + + 2. another example: + select both mhosts 100.100.12. +@@ -436,7 +436,7 @@ + b) EXCEPT the WWW packets + c) BUT showing the WWW packets concerning enemy.sniffit.com + +- The config file in interpreted SEQUENTIAL, so mixing up those lines ++ The config file is interpreted SEQUENTIALLY, so mixing up those lines + could have unwanted results e.g.: + select both mhosts 100.100.12. + select both host enemy.sniffit.org +@@ -455,7 +455,7 @@ + select both mhosts 2 + deselect both mhosts 1 80 + deselect both mhosts 2 80 +- This would show you all subnet trafic excluding WWW trafic ++ This would show you all subnet traffic excluding WWW traffic + (concerning port 80.) + + 4. example: +@@ -476,12 +476,12 @@ + * you will like it more this way. + * + * Loglevels are now activated by '-L <logparam>'. +-* The folowing <logparam>'s are valid (concatenation is alowed): ++* The following <logparam>'s are valid (concatenation is allowed): + * + * 'raw': + * Log all SYN, FIN, RST packets. This will give you an overview of +-* all network (TCP) trafic in a 'RAW' way (a connection starting could +-* gives you at least 2 SYN packets, etc...). ++* all network (TCP) traffic in a 'RAW' way (a connection starting could ++* give you at least 2 SYN packets, etc...). + * This is a great way to waste diskspace... + * Messages are: + * Connection initiated. (SYN) +@@ -507,7 +507,7 @@ + * A '~' in the login and passwords fields can be a nonprintable + * character (if in the beginning of a field, probably due to an early + * start of registration) or a '~'. +-* This all makes it sound a little messy, but I 'testdrived' a lot and ++* This all makes it sound a little messy, but I 'test-drove' a lot and + * was pleased with the results after adding some funky shit (if y'r + * interested have a look at in function 'packethandler' in + * sniffit.*.c) +@@ -521,7 +521,7 @@ + * + * 'mail': + * Interested in who writes mail to who? Well you get all senders and +-* recepients nicely logged with this feature (port 25 mail). ++* recipients nicely logged with this feature (port 25 mail). + + + 4. The output +@@ -563,7 +563,7 @@ + connections, you will need to use 'joe' or something else that can + support control chars (look for '-A <char>' below). + Telnet 'negotiates' (binary) in the beginning of every connection, and +- 'catting' a output file, will most of the time show nothing (due to ++ 'catting' an output file, will most of the time show nothing (due to + control chars). + Of course when logging mail, there are no problems. + The new '-A <char>' takes care of the control characters, that way you +@@ -612,14 +612,14 @@ + + - UDP Packets (not logged, displayed) + +- You get the package id. When using -d, -a you get the contence of the ++ You get the package id. When using -d, -a you get the contents of the + package. (pretty basic) + + + 4.2 Logfile + ----------- + +-If you use a configfile (-c) and enable the Logging option a logfile is ++If you use a configfile (-c) and enable the Logging option, a logfile is + created. Unless you set 'logfile' in the config file, that file will be + named 'sniffit.log'. + It will contain lines with the following FIXED format: +@@ -635,7 +635,7 @@ + + 3) Lines containing other data (future versions), will NOT begin with '[' + and will have also easily interpretable formats. +- Other data is e.g. packet contence ++ Other data is e.g. packet contents + + I do this because I can imagine (when this is more expanded) that people + will use their own parsers for these logfiles. Well, if you respect those 3 +@@ -651,13 +651,13 @@ + Some other notes: + + - Sniffers can only be run by ROOT +- - Sniffers can only log packets that 'travel' on THEIR ethernetcable. ++ - Sniffers can only log packets that 'travel' on THEIR ethernet cable. + So there has to be some host on your subnet involved (either as + sender or receiver). +- - Working with '-d' or '-a' give you raw packets, they are still +- packed in IP, when logging to files, only send data is logged, ++ - Working with '-d' or '-a' gives you raw packets, they are still ++ packed in IP, when logging to files, only sent data is logged, + the packets are 'unwrapped'. +- - Sniffers can NORMALY not be detected by outsiders (or outsiders ++ - Sniffers can NORMALLY not be detected by outsiders (or outsiders + SHOULD not be able to...). + Unfortunately some systems contain bugs that will allow outsiders to + probe your network device for PROMISC mode (which is a good indication +--- sniffit.0.3.7.beta.orig/sniffit.8 ++++ sniffit.0.3.7.beta/sniffit.8 +@@ -39,7 +39,7 @@ + is a packet sniffer for TCP/UDP/ICMP packets. + .B sniffit + is able to give you very detailed technical info on these +-packets (SEQ, ACK, TTL, Window, ...) but also packet contence in ++packets (SEQ, ACK, TTL, Window, ...) but also packet contents in + different formats (hex or plain text, ...). + .LP + .B sniffit +@@ -76,7 +76,7 @@ + + .IP "-t Target-IP" + Only process packets TO Target-IP. If Target-IP is in dot-nr notation, +-'x' is allowed as wildcard. (e.g. '-t 157.193.x', '-t x', ...) ++\'x' is allowed as wildcard. (e.g. '-t 157.193.x', '-t x', ...) + .I "(NOT compatible with: '-s' '-i' '-I' '-c' '-v' '-L')" + + .IP "-s Source-IP" +@@ -84,7 +84,7 @@ + .I "(NOT compatible with: '-t' '-i' '-I' '-c' '-v' '-L')" + + .IP -b +-'both' mode, together with '-s' or '-t', only process FROM/TO the IP ++\'both' mode, together with '-s' or '-t', only process FROM/TO the IP + specified by '-s' or '-t' + .I "(NOT compatible with: '-t' '-i' '-I' '-c' '-v' '-L')" + +@@ -115,7 +115,7 @@ + .IP "-R <file>" + Record all traffic in + .I <file> +-.This file can then be fed to Sniffit with the '-r' option. ++This file can then be fed to Sniffit with the '-r' option. + .I "(Needs a selection parameter like '-c' '-t' '-s')" + .I "(NOT compatible with '-i' '-I' '-v' '-L' '-r')" + +@@ -149,12 +149,12 @@ + .I "(NOT compatible with: '-i' 'I' '-v')" + + .IP -d +-'dump mode', shows the packets on the screen (stdout) instead of logging ++\'dump mode', shows the packets on the screen (stdout) instead of logging + into files (default). Data is printed in bytes (hex). + .I "(NOT compatible with: '-i' 'I' '-v' '-L')" + + .IP -a +-'dump mode', same of '-d' but outputs ASCII. Non printable chars are ++\'dump mode', same of '-d' but outputs ASCII. Non printable chars are + replaced by '.'. + ('-d' and '-a' mix without any problem) + .I "(NOT compatible with: '-i' '-I' '-v' '-L')" +@@ -193,8 +193,7 @@ + can be found with + .I ifconfig + (see +-.BR ifconfig (8) +-). ++.BR ifconfig (8)). + .B sniffit + supports ethernet and PPP by default. Read + .B README.FIRST +@@ -210,7 +209,7 @@ + .B Plugin + , for a list on all plugins compiled in your version, just type ' + .B sniffit +-'. Read all about Plugins in the PLUGIN-HOWTO (READ IT!) ++\'. Read all about Plugins in the PLUGIN-HOWTO (READ IT!) + .I "(NOT compatible with: '-i' '-I' '-v')" + + .IP "-L logparam" +@@ -235,7 +234,7 @@ + receiving host (port 'o'). + + .SH "DUMP MODE ('-d' and/or '-a')" +-Output is dumped to stdout, the packet contence is shown in it's ++Output is dumped to stdout, the packet contents is shown in it's + unwrapped form (the complete IP packet). + + .SH "INTERACTIVE MODE ('-i' or '-I')" +@@ -320,7 +319,7 @@ + .SH "IP ICMP UDP LOGGING" + Information on these packets is dumped to stdout. Packet + Filtering options only refer to TCP and UDP packets. +-The contence of UDP packets is only shown when enabling '-a' or '-d'. ++The contents of UDP packets is only shown when enabling '-a' or '-d'. + + .SH AUTHOR + Brecht Claerhout <coder@reptile.rug.ac.be> +--- sniffit.0.3.7.beta.orig/sn_interface.c ++++ sniffit.0.3.7.beta/sn_interface.c +@@ -5,6 +5,7 @@ + + #ifdef INCLUDE_INTERFACE + #include <signal.h> ++#include <termios.h> + #include <unistd.h> + #include <sys/ipc.h> + #include <sys/shm.h> +@@ -513,8 +514,11 @@ + + void screen_exit (void) + { +-clear(); + endwin(); ++/* next line added by Edward Betts <edward@debian.org>, should not be needed ++ * because endwin should be calling it, without this the console has no echo ++ * after exiting in an xterm */ ++reset_shell_mode(); + }; + + void mem_exit (void) +--- sniffit.0.3.7.beta.orig/sn_logfile.c ++++ sniffit.0.3.7.beta/sn_logfile.c +@@ -44,42 +44,42 @@ + void print_ftp_user (char *conn, char *user) + { + char line[250]; +-sprintf(line,"%s: USER [%s]",conn,user); ++snprintf(line,sizeof(line),"%s: USER [%s]",conn,user); + print_logline (line); + } + + void print_ftp_pass(char *conn, char *pass) + { + char line[250]; +-sprintf(line,"%s: PASS [%s]",conn,pass); ++snprintf(line,sizeof(line),"%s: PASS [%s]",conn,pass); + print_logline (line); + } + + void print_login (char *conn, char *login) + { + char line[250]; +-sprintf(line,"%s: login [%s]",conn,login); ++snprintf(line,sizeof(line),"%s: login [%s]",conn,login); + print_logline (line); + } + + void print_mail (char *conn, char *msg) + { + char line[250]; +-sprintf(line,"%s: mail [%s]",conn,msg); ++snprintf(line,sizeof(line),"%s: mail [%s]",conn,msg); + print_logline (line); + } + + void print_pwd (char *conn, char *pwd) + { + char line[250]; +-sprintf(line,"%s: password [%s]",conn,pwd); ++snprintf(line,sizeof(line),"%s: password [%s]",conn,pwd); + print_logline (line); + } + + void print_conn (char *conn, char *msg) + { + char line[250]; +-sprintf(line,"%s: %s",conn,msg); ++snprintf(line,sizeof(line),"%s: %s",conn,msg); + print_logline (line); + } + +--- sniffit.0.3.7.beta.orig/Makefile.in ++++ sniffit.0.3.7.beta/Makefile.in +@@ -26,9 +26,8 @@ + @echo "Succesfull compilation..." + + sniffit: $(SNIFFIT) $(DEP_FILES) +- cd libpcap; make; cd .. ++# cd libpcap; make; cd .. + $(CC) $(EXE_FLAG) $(SNIFFIT) $(EXE_OBJ) $(EXE_OPT) $(LIBS) $(DEFS) $(OS_OPT) +- strip sniffit + + sn_cfgfile.o: sn_cfgfile.h sn_cfgfile.c sn_defines.h sn_structs.h sn_config.h + $(CC) $(OBJ_FLAG) sn_cfgfile.c $(OBJ_OPT) $(DEFS) +@@ -52,12 +51,12 @@ + + #Clean up everthing... + clean: +- cd libpcap; make clean; rm -f config.cache; cd .. ++# cd libpcap; make clean; rm -f config.cache; cd .. + rm -f Makefile + rm -f config.cache + rm -f config.status + rm -f config.log +- rm -f ./libpcap/config.cache +- rm -f ./libpcap/config.status +- rm -f ./libpcap/config.log ++# rm -f ./libpcap/config.cache ++# rm -f ./libpcap/config.status ++# rm -f ./libpcap/config.log + rm -f *.o sniffit +--- sniffit.0.3.7.beta.orig/debian/rules ++++ sniffit.0.3.7.beta/debian/rules +@@ -0,0 +1,28 @@ ++#!/usr/bin/make -f ++ ++build: ++ dh build --before configure ++ cp /usr/share/misc/config.guess . ++ cp /usr/share/misc/config.sub . ++ ./configure --prefix=/usr --no-recursion ++ $(MAKE) OBJ_OPT="" EXE_OPT="-lpcap" ++ dh build --after build ++ ++clean: ++ dh clean ++ rm -f config.sub config.guess ++ ++install: build ++ dh install --before dh_auto_install ++ dh_install sniffit usr/sbin ++ dh_installman sniffit.5 sniffit.8 ++ dh_installchangelogs HISTORY ++ dh install --after dh_auto_install ++ ++binary-arch: install ++ dh binary-arch ++ ++binary-indep: install ++ dh binary-indep ++ ++binary: binary-arch binary-indep +--- sniffit.0.3.7.beta.orig/debian/README ++++ sniffit.0.3.7.beta/debian/README +@@ -0,0 +1,48 @@ ++sniffit for Debian ++---------------------- ++ ++What follows are one of the previous maintainers, Patrick J. Edwards ++<edwards@cambridgenet.sk.ca>, thoughts on this package, and its security ++implications. ++ ++Notes on Security ++----------------- ++ This program is highly dangerous, with this program hackers no ++longer need qcrack or crack for your system. Instead, they can just wait ++till a user logs in and *BAM* they have a new password. So the point is, ++this program should be promptly removed in any of the following situations: ++ ++ 1. You are in doubt of the security of your system. Granted that ++ some one who has already creatively aquired (meaning hacked) root ++ can install this program his/her self there is no point in ++ pre-installing this program for them. ++ ++ 2. You have a tendency to act unethically and snoop on you users for ++ no apparent reason. "Good" system admins won't do this. ++ ++ 3. You don't actively search for security holes in your system. If ++ your not doing this and you box is on the Internet 24/7 perhaps you ++ should. ++ ++Notes on Usage ++-------------- ++ 1. Don't use this program unless you have to, and once you're done ++with it uninstall it. ++ 2. Don't scan all ports and all addresses in the hoping of catching ++a hacker cause you won't, you'll just have vast quantities of logs to search ++through and very little disk space. Instead wait till you recognize that you ++have a program user/hacker and then find out what the person is doing (how ++the hacker is trying to penetrate the system) then start using sniffit to ++collect your evidence against the offender. [I know this is flying in the ++face of traditional anti-system-terrorism policies but it leads into my next ++point] ++ 3. If you persist in using sniffit as a security net for your system ++DON'T. Plain and simple. Instead of trying to catch the hacker who has ++already hacked into your system spend your efforts security proofing your ++system (up to date versions on cron, sendmail, libraries, etc -- almost ++anything that runs as root or sudo). ++ ++ The overall point is: ++ "Practice preventive medicine not reactive." ++ ++ -- Edward Betts <edward@debian.org> Sun, 12 Sep 1999 11:04:08 +0100 +--- sniffit.0.3.7.beta.orig/debian/sniffit.docs ++++ sniffit.0.3.7.beta/debian/sniffit.docs +@@ -0,0 +1,4 @@ ++BETA-TESTING ++PLUGIN-HOWTO ++README.FIRST ++sniffit-FAQ +--- sniffit.0.3.7.beta.orig/debian/compat ++++ sniffit.0.3.7.beta/debian/compat +@@ -0,0 +1 @@ ++7 +--- sniffit.0.3.7.beta.orig/debian/control ++++ sniffit.0.3.7.beta/debian/control +@@ -0,0 +1,16 @@ ++Source: sniffit ++Section: net ++Priority: optional ++Maintainer: William Vera <billy@billy.com.mx> ++Standards-Version: 3.8.0 ++Build-Depends: debhelper (>= 7), libpcap-dev, libncurses5-dev, autotools-dev ++ ++Package: sniffit ++Architecture: any ++Depends: ${shlibs:Depends} ++Description: packet sniffer and monitoring tool ++ sniffit is a packet sniffer for TCP/UDP/ICMP packets. ++ sniffit is able to give you very detailed technical info ++ on these packets (SEC, ACK, TTL, Window, ...) but also ++ packet contents in different formats (hex or plain text, ++ etc. ). +--- sniffit.0.3.7.beta.orig/debian/copyright ++++ sniffit.0.3.7.beta/debian/copyright +@@ -0,0 +1,40 @@ ++This package was debianized by Damjan Marion <dmarion@debian.org> on ++Tue, 7 Apr 1998 22:57:01 +0200. ++ ++It was taken over by Edward Betts <edward@debian.org> on ++Fri, 12 Nov 1999 23:20:20 +0000 ++ ++It was downloaded from ++http://reptile.rug.ac.be/~coder/sniffit/files/sniffit.0.3.7.beta.tar.gz ++ ++Upstream Author: Brecht Claerhout ++ ++Copyright: ++ ++Sniffit 0.3.7 Copyright (c) 1996-1998 Brecht Claerhout ++All rights reserved. ++ ++Redistribution and use in source and binary forms, with or without ++modification, are permitted provided that the following conditions ++are met: ++1. Redistributions of source code must retain the above copyright ++ notice, this list of conditions and the following disclaimer. ++2. Redistributions in binary form must reproduce the above copyright ++ notice, this list of conditions and the following disclaimer in the ++ documentation and/or other materials provided with the distribution. ++3. The name of the author may not be used to endorse or promote products ++ derived from this software without specific prior written permission. ++4. Redistribution of source code must be conform with the 'libpcap' ++ copyright conditions, if that library is included. ++ ++THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ +--- sniffit.0.3.7.beta.orig/debian/changelog ++++ sniffit.0.3.7.beta/debian/changelog +@@ -0,0 +1,165 @@ ++sniffit (0.3.7.beta-13) unstable; urgency=low ++ ++ * New maintainer. (Closes: #465931). ++ * Some format corrections on the man pages (sniffit(5) sniffit(8)). ++ * Don't include config.{sub,guess} in .diff.gz ++ ++ -- William Vera <billy@billy.com.mx> Sat, 07 Jun 2008 12:56:48 -0500 ++ ++sniffit (0.3.7.beta-12) unstable; urgency=low ++ ++ * Use debhelper v7, rules file minimisation. ++ * Makefile.in: don't strip binary Closes: #438032 ++ * debian/control: Updated to Standards-Version: 3.7.3, no changes needed ++ ++ -- Edward Betts <edward@debian.org> Wed, 30 Apr 2008 11:00:19 +0100 ++ ++sniffit (0.3.7.beta-11) unstable; urgency=low ++ ++ * Acknowledge NMU ++ * sn_structs.h: Sitting at Debcamp, fixing FTBFS bugs, and Alberto Gonzalez ++ Iniesta <agi@debian.org> sitting next to me points out there is one in ++ this package. Thanks to Joshua Kwan <joshk@triplehelix.org> for the patch ++ to fix it. (closes: #195548) ++ * config.{guess,sub}: updated ++ * debian/control: Updated to Standards-Version: 3.6.0, no changes needed ++ * sn_interface.c: sniffit was leaving echo turned off when exiting from the ++ interactive mode in an xterm, added reset_shell_mode() to screen_exit() ++ and it works. This should not be needed because endwin should be calling ++ it. ++ ++ -- Edward Betts <edward@debian.org> Mon, 14 Jul 2003 10:50:24 +0200 ++ ++sniffit (0.3.7.beta-10.1) unstable; urgency=low ++ ++ * Non maintainer upload ++ * Rebuilt with new libpcap to remove dependency on libpcap0, which I ++ got removed from unstable by accident. Sorry about this... ++ ++ -- Torsten Landschoff <torsten@debian.org> Sat, 10 Aug 2002 11:37:33 +0200 ++ ++sniffit (0.3.7.beta-10) unstable; urgency=low ++ ++ * README.FIRST: apply patch "James R. Van Zandt" <jrv@mitre.org> to correct ++ spelling and other mistakes in README.FIRST ++ ++ -- Edward Betts <edward@debian.org> Thu, 13 Dec 2001 17:35:25 +0000 ++ ++sniffit (0.3.7.beta-9) unstable; urgency=low ++ ++ * debian/control: Standards-Version: 3.5.5 ++ * debian/rules: Support DEB_BUILD_OPTIONS ++ * config.{guess,sub}: updated files to version from libtool package ++ (Closes: Bug#103633) ++ * sniffit.c: applied patch from Bug#103633 ++ ++ -- Edward Betts <edward@debian.org> Thu, 5 Jul 2001 10:44:23 +0200 ++ ++sniffit (0.3.7.beta-8) unstable; urgency=low ++ ++ * debian/control: Standards-Version: 3.5.2 ++ * debian/rules: Changed to debhelper 3 ++ * debian/rules: Removed dh_suidregister ++ * debian/rules: Removed dh_testversion ++ * debian/rules: Changed dh_installman to dh_installmanpages ++ * debian/rules: Support DEB_BUILD_OPTIONS ++ ++ -- Edward Betts <edward@debian.org> Sun, 25 Mar 2001 04:41:39 -0700 ++ ++sniffit (0.3.7.beta-7) frozen unstable; urgency=high ++ ++ * debian/rules: do not install pcap.3 (closes: Bug#77769). ++ * debian/control: updated Standards-Version to 3.2.1 ++ * debian/control: added version to build-depends on debhelper for lintian: ++ E: sniffit: package-uses-dh_testversion-but-lacks-versioned-build-depends ++ * Package now lintian clean. ++ ++ -- Edward Betts <edward@debian.org> Tue, 28 Nov 2000 07:00:24 -0700 ++ ++sniffit (0.3.7.beta-6.1) frozen unstable; urgency=high ++ ++ * Non maintainer upload. ++ * [security] sn_logfile.c: Replaced sprintfs by snprintfs fixing a buffer ++ overflow (bugtraq). ++ * [security] sn_analyse.c: Limit length of TCP packets to the buffer ++ size (buffer overflow with MTU > 5000). ++ ++ -- Torsten Landschoff <torsten@debian.org> Fri, 26 May 2000 08:40:14 +0200 ++ ++sniffit (0.3.7.beta-6) frozen unstable; urgency=low ++ ++ * Update config.{guess,sub} to versions from the automake package. ++ Should now compile better on ARM (closes: Bug#56915). ++ ++ -- Edward Betts <edward@debian.org> Thu, 3 Feb 2000 09:22:16 +0000 ++ ++sniffit (0.3.7.beta-5) unstable; urgency=low ++ ++ * debian/control: updated Standards-Version to 3.1.1 ++ * debian/control: added Build-Depends. ++ * debian/rules: rewritten. ++ ++ -- Edward Betts <edward@debian.org> Thu, 6 Jan 2000 23:12:32 +0000 ++ ++sniffit (0.3.7.beta-4) unstable; urgency=low ++ ++ * Recompile to try and fix bug #49979 ++ ++ -- Edward Betts <edward@debian.org> Fri, 12 Nov 1999 23:21:17 +0000 ++ ++sniffit (0.3.7.beta-3) unstable; urgency=low ++ ++ * Changed to Debhelper 2.0 ++ * Updated to Standards-Version: 3.0.1 ++ * This package includes a copy of libpcap, ensured that it is not built ++ * Moved config file /etc/sniffit.cfg to ++ /usr/doc/sniffit/examples/sample_config_file ++ * Lintain clean ++ ++ -- Edward Betts <edward@debian.org> Fri, 12 Nov 1999 23:20:20 +0000 ++ ++sniffit (0.3.7.beta-2) unstable; urgency=low ++ ++ * Updated /usr/doc/sniffit/copyright from README.FIRST (fixes #39765) ++ * sniffit 0.3.7.beta is free software (BSD-like license) ++ * Changed section to main/net ++ * Added conffiles entry for /etc/sniffit.cfg ++ ++ -- Hamish Moffatt <hamish@debian.org> Fri, 25 Jun 1999 22:30:00 +1000 ++ ++sniffit (0.3.7.beta-1) unstable; urgency=low ++ ++ * QA group upload ++ * New upstream release (fixes #28510) ++ * Fixed spelling error in description (fixes #26859) ++ * Recompiled with ncurses 4.0 (fixes #37431) ++ ++ -- Hamish Moffatt <hamish@debian.org> Sun, 23 May 1999 01:03:00 +1000 ++ ++sniffit (0.3.5-3) frozen unstable; urgency=low ++ ++ * After long waiting for new copyright i must move it to non-free ++ (fixes bug #21832) ++ ++ -- Damjan Marion <dmarion@debian.org> Thu, 28 May 1998 15:10:35 +0200 ++ ++sniffit (0.3.5-2) frozen unstable; urgency=low ++ ++ * Moved to frozen (resurected from orphaned) ++ * Updated to standards 2.4.1.0 ++ ++ -- Damjan Marion <dmarion@debian.org> Tue, 15 Apr 1998 23:56:11 +0200 ++ ++sniffit (0.3.5-1) unstable; urgency=low ++ ++ * New maintainer ++ * New upstream release ++ * Updated to standards 2.4.0.0 ++ ++ -- Damjan Marion <dmarion@debian.org> Tue, 7 Apr 1998 22:57:01 +0200 ++ ++sniffit (0.3.3-1) unstable; urgency=low ++ ++ * Initial Release. ++ ++ -- Patrick J. Edwards <edwards@cambridgenet.sk.ca> Mon, 17 Mar 1997 17:46:24 -0600 +--- sniffit.0.3.7.beta.orig/debian/sniffit.examples ++++ sniffit.0.3.7.beta/debian/sniffit.examples +@@ -0,0 +1,3 @@ ++sample_config_file ++dns_plugin.plug ++dummy_plugin.plug +--- sniffit.0.3.7.beta.orig/debian/watch ++++ sniffit.0.3.7.beta/debian/watch +@@ -0,0 +1,2 @@ ++version=3 ++http://reptile.rug.ac.be /~coder/sniffit/files/ sniffit.(.*)\.tar\.gz debian uupdate |