diff options
Diffstat (limited to 'community/sniffit')
| -rw-r--r-- | community/sniffit/PKGBUILD | 39 | ||||
| -rw-r--r-- | community/sniffit/sniffit-fix.patch | 937 |
2 files changed, 0 insertions, 976 deletions
diff --git a/community/sniffit/PKGBUILD b/community/sniffit/PKGBUILD deleted file mode 100644 index de69794b6..000000000 --- a/community/sniffit/PKGBUILD +++ /dev/null @@ -1,39 +0,0 @@ -# $Id: PKGBUILD 91957 2013-05-30 09:44:15Z spupykin $ -# Maintainer: Sergej Pupykin <pupykin.s+arch@gmail.com> -# Maintainer: Kessia 'even' Pinheiro <kessiapinheiro at gmail.com> - -pkgname=sniffit -pkgver=0.3.7.beta -pkgrel=13 -pkgdesc="Very good packet sniffer for unix with ncurses interactive mode" -arch=('i686' 'x86_64') -url="http://packages.ubuntu.com/source/sniffit" -#seems the website are out, ubuntu have all sources -#url=http://reptile.rug.ac.be/~coder/sniffit/sniffit.html" -license=('GPL') -depends=('ncurses' 'libpcap') -makedepends=('libtool') -source=("http://archive.ubuntu.com/ubuntu/pool/universe/s/${pkgname}/${pkgname}_${pkgver}.orig.tar.gz" - 'sniffit-fix.patch') -md5sums=('2697cc18878480199fe6db1e61134d5a' - 'e66e45dac8fd088accd62160cf8b569f') - -build() { - cd "${srcdir}" - patch -Np0 < ${srcdir}/sniffit-fix.patch - - cd "${srcdir}/${pkgname}.${pkgver}" - - rm -f config.sub config.guess - cp /usr/share/libtool/config/config.{guess,sub} . - - ./configure --prefix=/usr --no-recursion --sbindir=/usr/bin - make -} - -package() { - cd "${srcdir}/${pkgname}.${pkgver}" - install -d -m0755 -g root -o root ${pkgdir}/usr/{bin,share/licenses/${pkgname}} - install -D -m0744 -g root -o root sniffit ${pkgdir}/usr/bin/sniffit - install -D -m0644 LICENSE ${pkgdir}/usr/share/licenses/${pkgname} -} diff --git a/community/sniffit/sniffit-fix.patch b/community/sniffit/sniffit-fix.patch deleted file mode 100644 index e933c70cb..000000000 --- a/community/sniffit/sniffit-fix.patch +++ /dev/null @@ -1,937 +0,0 @@ ---- sniffit.0.3.7.beta.orig/sniffit.5 -+++ sniffit.0.3.7.beta/sniffit.5 -@@ -122,7 +122,6 @@ - a) Send by hosts '100.100.12.*' - b) Send from/to 100.100.12.2 (useless line) - c) deselecting all WWW packets on the subnet --.ni - - .SH AUTHOR - Brecht Claerhout <coder@reptile.rug.ac.be> ---- sniffit.0.3.7.beta.orig/sn_structs.h -+++ sniffit.0.3.7.beta/sn_structs.h -@@ -67,7 +67,7 @@ - struct snif_mask /* struct for mask */ - { - _32_bit source_ip, destination_ip; -- _32_bit short source_port, destination_port; -+ _16_bit source_port, destination_port; - }; - - /* (packet generation) */ ---- sniffit.0.3.7.beta.orig/sniffit.0.3.7.c -+++ sniffit.0.3.7.beta/sniffit.0.3.7.c -@@ -48,15 +48,15 @@ - { - printf ( - "usage: %s [-xdabvnN] [-P proto] [-A char] [-p port] [(-r|-R) recordfile]\n" -- " [-l sniflen] [-L logparam] [-F snifdevice] [-M plugin]\n" -+ " [-l sniflen] [-L logparam] [-F snifdevice] [-M plugin]\n", -+ prog_name); - #ifdef INCLUDE_INTERFACE -- " [-D tty]" -+ printf ( " [-D tty]" - " (-t<Target IP> | -s<Source IP>)" -- " | (-i|-I) | -c<config file>]\n", -+ " | (-i|-I) | -c<config file>]\n"); - #else -- " (-t<Target IP> | -s<Source IP>) | -c<config file>]\n", -+ printf ( " (-t<Target IP> | -s<Source IP>) | -c<config file>]\n"); - #endif -- prog_name); - printf ("Plugins Available:\n"); - #ifdef PLUGIN0_NAME - printf (" 0 -- %s\n", PLUGIN0_NAME); ---- sniffit.0.3.7.beta.orig/sn_analyse.c -+++ sniffit.0.3.7.beta/sn_analyse.c -@@ -151,16 +151,18 @@ - { - char workbuf1[MTU]; - char *wb_dummy; -+ char *p; -+ size_t len = info.DATA_len <= MTU-1 ? info.DATA_len : MTU-1; - -- strncpy(workbuf1,data,info.DATA_len); -- workbuf1[info.DATA_len]=0; -+ strncpy(workbuf1,data,len); -+ workbuf1[len]=0; - strlower(workbuf1); - -- if(strstr(workbuf1,"mail from")!=NULL) -+ if((p=strstr(workbuf1,"mail from"))!=NULL) - { - char workbuf2[MTU]; - -- strcpy(workbuf2, strstr(workbuf1,"mail from")); -+ strcpy(workbuf2, p); - if(strchr(workbuf2,13)!=NULL) /* remove trailing enter */ - {wb_dummy=strchr(workbuf2,13); *wb_dummy=0;} - if(strchr(workbuf2,10)!=NULL) -@@ -168,11 +170,11 @@ - print_mail(filename,workbuf2); - } - -- if(strstr(workbuf1,"rcpt to")!=NULL) -+ if((p=strstr(workbuf1,"rcpt to"))!=NULL) - { - char workbuf2[MTU]; - -- strcpy(workbuf2, strstr(workbuf1,"rcpt to")); -+ strcpy(workbuf2, p); - if(strchr(workbuf2,13)!=NULL) /* remove trailing enter */ - {wb_dummy=strchr(workbuf2,13); *wb_dummy=0;} - if(strchr(workbuf2,10)!=NULL) ---- sniffit.0.3.7.beta.orig/README.FIRST -+++ sniffit.0.3.7.beta/README.FIRST -@@ -6,7 +6,7 @@ - * No illegal activities are encouraged! * - # Please read the LICENSE file # - * * --# Sniffit grew a little upon it's original intentions and is now # -+# Sniffit grew a little upon its original intentions and is now # - * extended for network debugging (UDP, ICMP, netload, etc.) * - #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*# - * Libpcap library * -@@ -45,19 +45,19 @@ - - I hope you enjoy this beta version. Like always, I removed some bugs. There - is a new 'logging' feature. It is now possible to record traffic with --Sniffit and process it later! (it is completely different from te logging -+Sniffit and process it later! (it is completely different from the logging - done in the 0.3.6 version, that is known to some hardcore Sniffit users) - Please take a minute to skim through the text and read the passages marked - with a '*', these are the new features. - (Please read BETA-TESTING) - --I use the libpcap library developped at Berkeley Laboratory, for easy -+I use the libpcap library developed at Berkeley Laboratory, for easy - porting (Read the licence). - - 0.1 Credits and contact - ----------------------- - --Credits go to (in order of apperance on the Sniffit scene): -+Credits go to (in order of appearance on the Sniffit scene): - Wim Vandeputte <wvdputte@reptile.rug.ac.be>, - best friend and UNIX guru, for support, testing and - providing me with a WWW site. -@@ -71,17 +71,17 @@ - Qing Long, for the bash/zsh libpcap/configure script. - Guy Gustavson, for giving me a FreeBSD account. - Woju <woju@freebsd.ee.ntu.edu.tw>, for the ncurses SunOS/FreeBSD fixing, -- and for his other effords. -+ and for his other efforts. - Amlan Saha <eng40607@nus.sg>, for adding Packet Generation to - Sniffit, and adding other features (not implemented yet). - I'm sure that in the near future you will see more of his - work in Sniffit. - Shudoh Kazuyuki, for changing getaddrbyname() and improving the - config-file interpreting. -- Fyodor <fyodor@dhp.com>, for pointing out the hidious small -+ Fyodor <fyodor@dhp.com>, for pointing out the hideous small - fragments problem. - David O'Brien <obrien@nuxi.com>, for netbsd information. -- everybody, who ever mailed me with sugestions help, etc... -+ everybody, who ever mailed me with suggestions help, etc... - - Also a big thanks to my Beta testers (alphabetically, I hope)... - Charles G Stuart <charles.stuart@juno.com> IRIX / RedHat LINUX -@@ -91,7 +91,7 @@ - - And many others who wish to be anonymous.... - --Sugestions and comments can be sent to: -+Suggestions and comments can be sent to: - coder@reptile.rug.ac.be - - Brecht Claerhout -@@ -99,10 +99,10 @@ - 8700 Tielt - Belgium - --The original distribution program can be optained from (my site): -+The original distribution program can be obtained from (my site): - http://sniffit.rug.ac.be/sniffit/sniffit.html - --MIND YOU: this program is ran as root, and thus could easily contain -+MIND YOU: this program is run as root, and thus could easily contain - dangerous trojans. If you get it from the above site you can - safely compile and use it. - (no trojan versions are discovered yet.. it's just a warning) -@@ -178,7 +178,7 @@ - -v Show version and exit (just added because it's such a - wide spread option) - -t <IP nr/name> tells the sniffer to check out packets GOING TO <IP> -- -s <IP nr/name> tells the sniffer to check out packets COMMING FROM <IP> -+ -s <IP nr/name> tells the sniffer to check out packets COMING FROM <IP> - You can use the '@' wildcard (only IP NUMBERS of course). - e.g. -t 199.145.@ - -t 199.14@ -@@ -197,15 +197,15 @@ - Parameters for all modes: - -F <device> force sniffit to use a network device - (READ 3.2 ON THIS SUBJECT, IMPORTANT) -- -n Turn of IP checksum checking. This can show you -+ -n Turn off IP checksum checking. This can show you - bogus packets. (mind you ARP, RARP, other non-IP - packets will show up bogus too) (compatible with - ALL options) -- -N Disables all functions that Sniffit has build in, usefull -+ -N Disables all functions that Sniffit has build in, useful - for wanting to run ONLY a plugin - - Parameters for not running in -i: -- -b does both -t and -s, doesn't mather what function you used -+ -b does both -t and -s, doesn't matter what function you used - (-t or -s) - -d Dump mode, shows the packets on the screen in bytes (not - like tcpdump). For test purposes. (numbers are hex) -@@ -231,7 +231,7 @@ - They can be combined. - -p <port> Logs connections on port <port>, 0 means all ports, default - is 0 (all), look out with that on loaded nets! -- -l <length> Ammount of information to log (default 300 bytes). -+ -l <length> Amount of information to log (default 300 bytes). - Length 0 logs everything. (look out with diskspace when - logging everything!) - -M <Plugin> Activate Plugin nr. <Plugin>, for a list on all plugins -@@ -260,7 +260,7 @@ - - Some examples: - Imagine the following setup: 2 hosts on a subnet, one is running the -- sniffer (sniffit.com), the otherone is 66.66.66.7 (target.com). -+ sniffer (sniffit.com), the other one is 66.66.66.7 (target.com). - 1. You want to test if the sniffer is working: - sniffit:~/# sniffit -d -p 7 -t 66.66.66.7 - and in another window: -@@ -272,7 +272,7 @@ - 3. Root of target.com tells me he gets strange ftp connections and - wants to find out the commands typed: - sniffit:~/# sniffit -p 21 -l 0 -t 66.66.66.7 -- 4. You want to read all incomming and outgoing mail on target.com: -+ 4. You want to read all incoming and outgoing mail on target.com: - sniffit:~/# sniffit -p 25 -l 0 -b -t 66.66.66.7 & - or - sniffit:~/# sniffit -p 25 -l 0 -b -s 66.66.66.7 & -@@ -314,9 +314,9 @@ - F5 or '5' : Start a program 'sniffit_key5' with arguments - <from IP> <from port> <to IP> <to port> - If the program doesn't exist, nothing is done. Sniffit should -- be in the same path as sniffit was STARTED FROM (not necessarely -+ be in the same path as sniffit was STARTED FROM (not necessarily - the path sniffit is stored in) -- This is usefull for interactive connection killing or extra -+ This is useful for interactive connection killing or extra - monitoring. A little shell script can always transform the - arguments given and pass them on to other programs. - F6 or '6' : Same as F5 or '5', but with program 'sniffit_key6' -@@ -330,12 +330,12 @@ - the config.h file to change this (could be needed if y'r - computer is slow). - 'g' : Generate Packets! -- Sniffit is now able to generate some trafic load. Currently -- this is a 'underdevelloped' feature with very few options, -+ Sniffit is now able to generate some traffic load. Currently -+ this is a 'underdeveloped' feature with very few options, - but it will be expanded a lot... - Currently only UDP packets are generated. When pressing 'G' -- you will be asked the source/dest IP/port and how much packets -- are needed to be transmitted. -+ you will be asked the source/dest IP/port and how many packets -+ are to be transmitted. - Packets contain the line: "This Packet was fired with Sniffit!" - 'r' : Reset.. clears all current connections from memory and restarts. - -@@ -348,14 +348,14 @@ - - When forcing network devices, sniffit tries to find out what device it is. - If sniffit recognises the name, everything is okay. --If it does not recognise the name it will set the variable --FORCED_HEAD_LENGHTH to the ethernet headlength. The ethernet headlength --is the length in bytes of an ethernet packet hearder. --So if you have to force a non-ethernet device, that is not recognised by -+If it does not recognise the name it will set the ethernet headlength -+according to the compiled-in value FORCED_HEAD_LENGTH. The ethernet -+headlength is the length in bytes of an ethernet packet header. -+So if you have to force a non-ethernet device that is not recognised by - sniffit, make sure you change that headlength correctly in the 'sn_config.h' - file. - --The -F option was added, because I noticed devicenames can differ from -+The -F option was added, because I noticed device names can differ from - system to system, and because some ppl have multiple devices present. - When having problems with this option, please think twice before you mail me. - -@@ -370,7 +370,7 @@ - - The configfile should have lines with the following format: - <field1> <field2> <field3> <field4> [<field5>] --(seperators are spaces (any number of), NO TABS!!!) -+(separators are spaces (any number of), NO TABS!!!) - - Lines that don't match this pattern are discarded, so standard unix - comments '#' can be used in this file... (this also means that if you -@@ -399,10 +399,10 @@ - host : The (de)selection criteria involves a hostname. - port : similar, ... a portnumber - mhosts : The (de)selection criteria involves multiple-hosts, like -- with the wildcars in 0.3.0, but without the 'x' -+ with the wildcards in 0.3.0, but without the 'x' - - <field4> can be: --* either a hostname, a portnumber, a service name or a numbet-dot partial -+* either a hostname, a portnumber, a service name or a number-dot partial - * notation indicating multiple hosts depending on <field3> - * (service names like 'ftp' are resolved as the services available - * present on the host that runs Sniffit, and translated into a port nr) -@@ -411,7 +411,7 @@ - a portnumber or service name, if <field3> was 'host' or 'mhosts' - - -- Maybe it would have been wise to mention explicitely, that the config-file -+ Maybe it would have been wise to mention explicitly, that the config-file - currently only works with TCP packets. - - examples: -@@ -425,7 +425,7 @@ - a) Send by host 100.100.12.2 - b) Send by host 100.100.12.3 from port 1400 - c) Send to coder.sniffit.com -- d) All packets on our subnet going to or comming from a telnet port. -+ d) All packets on our subnet going to or coming from a telnet port. - - 2. another example: - select both mhosts 100.100.12. -@@ -436,7 +436,7 @@ - b) EXCEPT the WWW packets - c) BUT showing the WWW packets concerning enemy.sniffit.com - -- The config file in interpreted SEQUENTIAL, so mixing up those lines -+ The config file is interpreted SEQUENTIALLY, so mixing up those lines - could have unwanted results e.g.: - select both mhosts 100.100.12. - select both host enemy.sniffit.org -@@ -455,7 +455,7 @@ - select both mhosts 2 - deselect both mhosts 1 80 - deselect both mhosts 2 80 -- This would show you all subnet trafic excluding WWW trafic -+ This would show you all subnet traffic excluding WWW traffic - (concerning port 80.) - - 4. example: -@@ -476,12 +476,12 @@ - * you will like it more this way. - * - * Loglevels are now activated by '-L <logparam>'. --* The folowing <logparam>'s are valid (concatenation is alowed): -+* The following <logparam>'s are valid (concatenation is allowed): - * - * 'raw': - * Log all SYN, FIN, RST packets. This will give you an overview of --* all network (TCP) trafic in a 'RAW' way (a connection starting could --* gives you at least 2 SYN packets, etc...). -+* all network (TCP) traffic in a 'RAW' way (a connection starting could -+* give you at least 2 SYN packets, etc...). - * This is a great way to waste diskspace... - * Messages are: - * Connection initiated. (SYN) -@@ -507,7 +507,7 @@ - * A '~' in the login and passwords fields can be a nonprintable - * character (if in the beginning of a field, probably due to an early - * start of registration) or a '~'. --* This all makes it sound a little messy, but I 'testdrived' a lot and -+* This all makes it sound a little messy, but I 'test-drove' a lot and - * was pleased with the results after adding some funky shit (if y'r - * interested have a look at in function 'packethandler' in - * sniffit.*.c) -@@ -521,7 +521,7 @@ - * - * 'mail': - * Interested in who writes mail to who? Well you get all senders and --* recepients nicely logged with this feature (port 25 mail). -+* recipients nicely logged with this feature (port 25 mail). - - - 4. The output -@@ -563,7 +563,7 @@ - connections, you will need to use 'joe' or something else that can - support control chars (look for '-A <char>' below). - Telnet 'negotiates' (binary) in the beginning of every connection, and -- 'catting' a output file, will most of the time show nothing (due to -+ 'catting' an output file, will most of the time show nothing (due to - control chars). - Of course when logging mail, there are no problems. - The new '-A <char>' takes care of the control characters, that way you -@@ -612,14 +612,14 @@ - - - UDP Packets (not logged, displayed) - -- You get the package id. When using -d, -a you get the contence of the -+ You get the package id. When using -d, -a you get the contents of the - package. (pretty basic) - - - 4.2 Logfile - ----------- - --If you use a configfile (-c) and enable the Logging option a logfile is -+If you use a configfile (-c) and enable the Logging option, a logfile is - created. Unless you set 'logfile' in the config file, that file will be - named 'sniffit.log'. - It will contain lines with the following FIXED format: -@@ -635,7 +635,7 @@ - - 3) Lines containing other data (future versions), will NOT begin with '[' - and will have also easily interpretable formats. -- Other data is e.g. packet contence -+ Other data is e.g. packet contents - - I do this because I can imagine (when this is more expanded) that people - will use their own parsers for these logfiles. Well, if you respect those 3 -@@ -651,13 +651,13 @@ - Some other notes: - - - Sniffers can only be run by ROOT -- - Sniffers can only log packets that 'travel' on THEIR ethernetcable. -+ - Sniffers can only log packets that 'travel' on THEIR ethernet cable. - So there has to be some host on your subnet involved (either as - sender or receiver). -- - Working with '-d' or '-a' give you raw packets, they are still -- packed in IP, when logging to files, only send data is logged, -+ - Working with '-d' or '-a' gives you raw packets, they are still -+ packed in IP, when logging to files, only sent data is logged, - the packets are 'unwrapped'. -- - Sniffers can NORMALY not be detected by outsiders (or outsiders -+ - Sniffers can NORMALLY not be detected by outsiders (or outsiders - SHOULD not be able to...). - Unfortunately some systems contain bugs that will allow outsiders to - probe your network device for PROMISC mode (which is a good indication ---- sniffit.0.3.7.beta.orig/sniffit.8 -+++ sniffit.0.3.7.beta/sniffit.8 -@@ -39,7 +39,7 @@ - is a packet sniffer for TCP/UDP/ICMP packets. - .B sniffit - is able to give you very detailed technical info on these --packets (SEQ, ACK, TTL, Window, ...) but also packet contence in -+packets (SEQ, ACK, TTL, Window, ...) but also packet contents in - different formats (hex or plain text, ...). - .LP - .B sniffit -@@ -76,7 +76,7 @@ - - .IP "-t Target-IP" - Only process packets TO Target-IP. If Target-IP is in dot-nr notation, --'x' is allowed as wildcard. (e.g. '-t 157.193.x', '-t x', ...) -+\'x' is allowed as wildcard. (e.g. '-t 157.193.x', '-t x', ...) - .I "(NOT compatible with: '-s' '-i' '-I' '-c' '-v' '-L')" - - .IP "-s Source-IP" -@@ -84,7 +84,7 @@ - .I "(NOT compatible with: '-t' '-i' '-I' '-c' '-v' '-L')" - - .IP -b --'both' mode, together with '-s' or '-t', only process FROM/TO the IP -+\'both' mode, together with '-s' or '-t', only process FROM/TO the IP - specified by '-s' or '-t' - .I "(NOT compatible with: '-t' '-i' '-I' '-c' '-v' '-L')" - -@@ -115,7 +115,7 @@ - .IP "-R <file>" - Record all traffic in - .I <file> --.This file can then be fed to Sniffit with the '-r' option. -+This file can then be fed to Sniffit with the '-r' option. - .I "(Needs a selection parameter like '-c' '-t' '-s')" - .I "(NOT compatible with '-i' '-I' '-v' '-L' '-r')" - -@@ -149,12 +149,12 @@ - .I "(NOT compatible with: '-i' 'I' '-v')" - - .IP -d --'dump mode', shows the packets on the screen (stdout) instead of logging -+\'dump mode', shows the packets on the screen (stdout) instead of logging - into files (default). Data is printed in bytes (hex). - .I "(NOT compatible with: '-i' 'I' '-v' '-L')" - - .IP -a --'dump mode', same of '-d' but outputs ASCII. Non printable chars are -+\'dump mode', same of '-d' but outputs ASCII. Non printable chars are - replaced by '.'. - ('-d' and '-a' mix without any problem) - .I "(NOT compatible with: '-i' '-I' '-v' '-L')" -@@ -193,8 +193,7 @@ - can be found with - .I ifconfig - (see --.BR ifconfig (8) --). -+.BR ifconfig (8)). - .B sniffit - supports ethernet and PPP by default. Read - .B README.FIRST -@@ -210,7 +209,7 @@ - .B Plugin - , for a list on all plugins compiled in your version, just type ' - .B sniffit --'. Read all about Plugins in the PLUGIN-HOWTO (READ IT!) -+\'. Read all about Plugins in the PLUGIN-HOWTO (READ IT!) - .I "(NOT compatible with: '-i' '-I' '-v')" - - .IP "-L logparam" -@@ -235,7 +234,7 @@ - receiving host (port 'o'). - - .SH "DUMP MODE ('-d' and/or '-a')" --Output is dumped to stdout, the packet contence is shown in it's -+Output is dumped to stdout, the packet contents is shown in it's - unwrapped form (the complete IP packet). - - .SH "INTERACTIVE MODE ('-i' or '-I')" -@@ -320,7 +319,7 @@ - .SH "IP ICMP UDP LOGGING" - Information on these packets is dumped to stdout. Packet - Filtering options only refer to TCP and UDP packets. --The contence of UDP packets is only shown when enabling '-a' or '-d'. -+The contents of UDP packets is only shown when enabling '-a' or '-d'. - - .SH AUTHOR - Brecht Claerhout <coder@reptile.rug.ac.be> ---- sniffit.0.3.7.beta.orig/sn_interface.c -+++ sniffit.0.3.7.beta/sn_interface.c -@@ -5,6 +5,7 @@ - - #ifdef INCLUDE_INTERFACE - #include <signal.h> -+#include <termios.h> - #include <unistd.h> - #include <sys/ipc.h> - #include <sys/shm.h> -@@ -513,8 +514,11 @@ - - void screen_exit (void) - { --clear(); - endwin(); -+/* next line added by Edward Betts <edward@debian.org>, should not be needed -+ * because endwin should be calling it, without this the console has no echo -+ * after exiting in an xterm */ -+reset_shell_mode(); - }; - - void mem_exit (void) ---- sniffit.0.3.7.beta.orig/sn_logfile.c -+++ sniffit.0.3.7.beta/sn_logfile.c -@@ -44,42 +44,42 @@ - void print_ftp_user (char *conn, char *user) - { - char line[250]; --sprintf(line,"%s: USER [%s]",conn,user); -+snprintf(line,sizeof(line),"%s: USER [%s]",conn,user); - print_logline (line); - } - - void print_ftp_pass(char *conn, char *pass) - { - char line[250]; --sprintf(line,"%s: PASS [%s]",conn,pass); -+snprintf(line,sizeof(line),"%s: PASS [%s]",conn,pass); - print_logline (line); - } - - void print_login (char *conn, char *login) - { - char line[250]; --sprintf(line,"%s: login [%s]",conn,login); -+snprintf(line,sizeof(line),"%s: login [%s]",conn,login); - print_logline (line); - } - - void print_mail (char *conn, char *msg) - { - char line[250]; --sprintf(line,"%s: mail [%s]",conn,msg); -+snprintf(line,sizeof(line),"%s: mail [%s]",conn,msg); - print_logline (line); - } - - void print_pwd (char *conn, char *pwd) - { - char line[250]; --sprintf(line,"%s: password [%s]",conn,pwd); -+snprintf(line,sizeof(line),"%s: password [%s]",conn,pwd); - print_logline (line); - } - - void print_conn (char *conn, char *msg) - { - char line[250]; --sprintf(line,"%s: %s",conn,msg); -+snprintf(line,sizeof(line),"%s: %s",conn,msg); - print_logline (line); - } - ---- sniffit.0.3.7.beta.orig/Makefile.in -+++ sniffit.0.3.7.beta/Makefile.in -@@ -26,9 +26,8 @@ - @echo "Succesfull compilation..." - - sniffit: $(SNIFFIT) $(DEP_FILES) -- cd libpcap; make; cd .. -+# cd libpcap; make; cd .. - $(CC) $(EXE_FLAG) $(SNIFFIT) $(EXE_OBJ) $(EXE_OPT) $(LIBS) $(DEFS) $(OS_OPT) -- strip sniffit - - sn_cfgfile.o: sn_cfgfile.h sn_cfgfile.c sn_defines.h sn_structs.h sn_config.h - $(CC) $(OBJ_FLAG) sn_cfgfile.c $(OBJ_OPT) $(DEFS) -@@ -52,12 +51,12 @@ - - #Clean up everthing... - clean: -- cd libpcap; make clean; rm -f config.cache; cd .. -+# cd libpcap; make clean; rm -f config.cache; cd .. - rm -f Makefile - rm -f config.cache - rm -f config.status - rm -f config.log -- rm -f ./libpcap/config.cache -- rm -f ./libpcap/config.status -- rm -f ./libpcap/config.log -+# rm -f ./libpcap/config.cache -+# rm -f ./libpcap/config.status -+# rm -f ./libpcap/config.log - rm -f *.o sniffit ---- sniffit.0.3.7.beta.orig/debian/rules -+++ sniffit.0.3.7.beta/debian/rules -@@ -0,0 +1,28 @@ -+#!/usr/bin/make -f -+ -+build: -+ dh build --before configure -+ cp /usr/share/misc/config.guess . -+ cp /usr/share/misc/config.sub . -+ ./configure --prefix=/usr --no-recursion -+ $(MAKE) OBJ_OPT="" EXE_OPT="-lpcap" -+ dh build --after build -+ -+clean: -+ dh clean -+ rm -f config.sub config.guess -+ -+install: build -+ dh install --before dh_auto_install -+ dh_install sniffit usr/sbin -+ dh_installman sniffit.5 sniffit.8 -+ dh_installchangelogs HISTORY -+ dh install --after dh_auto_install -+ -+binary-arch: install -+ dh binary-arch -+ -+binary-indep: install -+ dh binary-indep -+ -+binary: binary-arch binary-indep ---- sniffit.0.3.7.beta.orig/debian/README -+++ sniffit.0.3.7.beta/debian/README -@@ -0,0 +1,48 @@ -+sniffit for Debian -+---------------------- -+ -+What follows are one of the previous maintainers, Patrick J. Edwards -+<edwards@cambridgenet.sk.ca>, thoughts on this package, and its security -+implications. -+ -+Notes on Security -+----------------- -+ This program is highly dangerous, with this program hackers no -+longer need qcrack or crack for your system. Instead, they can just wait -+till a user logs in and *BAM* they have a new password. So the point is, -+this program should be promptly removed in any of the following situations: -+ -+ 1. You are in doubt of the security of your system. Granted that -+ some one who has already creatively aquired (meaning hacked) root -+ can install this program his/her self there is no point in -+ pre-installing this program for them. -+ -+ 2. You have a tendency to act unethically and snoop on you users for -+ no apparent reason. "Good" system admins won't do this. -+ -+ 3. You don't actively search for security holes in your system. If -+ your not doing this and you box is on the Internet 24/7 perhaps you -+ should. -+ -+Notes on Usage -+-------------- -+ 1. Don't use this program unless you have to, and once you're done -+with it uninstall it. -+ 2. Don't scan all ports and all addresses in the hoping of catching -+a hacker cause you won't, you'll just have vast quantities of logs to search -+through and very little disk space. Instead wait till you recognize that you -+have a program user/hacker and then find out what the person is doing (how -+the hacker is trying to penetrate the system) then start using sniffit to -+collect your evidence against the offender. [I know this is flying in the -+face of traditional anti-system-terrorism policies but it leads into my next -+point] -+ 3. If you persist in using sniffit as a security net for your system -+DON'T. Plain and simple. Instead of trying to catch the hacker who has -+already hacked into your system spend your efforts security proofing your -+system (up to date versions on cron, sendmail, libraries, etc -- almost -+anything that runs as root or sudo). -+ -+ The overall point is: -+ "Practice preventive medicine not reactive." -+ -+ -- Edward Betts <edward@debian.org> Sun, 12 Sep 1999 11:04:08 +0100 ---- sniffit.0.3.7.beta.orig/debian/sniffit.docs -+++ sniffit.0.3.7.beta/debian/sniffit.docs -@@ -0,0 +1,4 @@ -+BETA-TESTING -+PLUGIN-HOWTO -+README.FIRST -+sniffit-FAQ ---- sniffit.0.3.7.beta.orig/debian/compat -+++ sniffit.0.3.7.beta/debian/compat -@@ -0,0 +1 @@ -+7 ---- sniffit.0.3.7.beta.orig/debian/control -+++ sniffit.0.3.7.beta/debian/control -@@ -0,0 +1,16 @@ -+Source: sniffit -+Section: net -+Priority: optional -+Maintainer: William Vera <billy@billy.com.mx> -+Standards-Version: 3.8.0 -+Build-Depends: debhelper (>= 7), libpcap-dev, libncurses5-dev, autotools-dev -+ -+Package: sniffit -+Architecture: any -+Depends: ${shlibs:Depends} -+Description: packet sniffer and monitoring tool -+ sniffit is a packet sniffer for TCP/UDP/ICMP packets. -+ sniffit is able to give you very detailed technical info -+ on these packets (SEC, ACK, TTL, Window, ...) but also -+ packet contents in different formats (hex or plain text, -+ etc. ). ---- sniffit.0.3.7.beta.orig/debian/copyright -+++ sniffit.0.3.7.beta/debian/copyright -@@ -0,0 +1,40 @@ -+This package was debianized by Damjan Marion <dmarion@debian.org> on -+Tue, 7 Apr 1998 22:57:01 +0200. -+ -+It was taken over by Edward Betts <edward@debian.org> on -+Fri, 12 Nov 1999 23:20:20 +0000 -+ -+It was downloaded from -+http://reptile.rug.ac.be/~coder/sniffit/files/sniffit.0.3.7.beta.tar.gz -+ -+Upstream Author: Brecht Claerhout -+ -+Copyright: -+ -+Sniffit 0.3.7 Copyright (c) 1996-1998 Brecht Claerhout -+All rights reserved. -+ -+Redistribution and use in source and binary forms, with or without -+modification, are permitted provided that the following conditions -+are met: -+1. Redistributions of source code must retain the above copyright -+ notice, this list of conditions and the following disclaimer. -+2. Redistributions in binary form must reproduce the above copyright -+ notice, this list of conditions and the following disclaimer in the -+ documentation and/or other materials provided with the distribution. -+3. The name of the author may not be used to endorse or promote products -+ derived from this software without specific prior written permission. -+4. Redistribution of source code must be conform with the 'libpcap' -+ copyright conditions, if that library is included. -+ -+THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -+IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -+IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -+THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ ---- sniffit.0.3.7.beta.orig/debian/changelog -+++ sniffit.0.3.7.beta/debian/changelog -@@ -0,0 +1,165 @@ -+sniffit (0.3.7.beta-13) unstable; urgency=low -+ -+ * New maintainer. (Closes: #465931). -+ * Some format corrections on the man pages (sniffit(5) sniffit(8)). -+ * Don't include config.{sub,guess} in .diff.gz -+ -+ -- William Vera <billy@billy.com.mx> Sat, 07 Jun 2008 12:56:48 -0500 -+ -+sniffit (0.3.7.beta-12) unstable; urgency=low -+ -+ * Use debhelper v7, rules file minimisation. -+ * Makefile.in: don't strip binary Closes: #438032 -+ * debian/control: Updated to Standards-Version: 3.7.3, no changes needed -+ -+ -- Edward Betts <edward@debian.org> Wed, 30 Apr 2008 11:00:19 +0100 -+ -+sniffit (0.3.7.beta-11) unstable; urgency=low -+ -+ * Acknowledge NMU -+ * sn_structs.h: Sitting at Debcamp, fixing FTBFS bugs, and Alberto Gonzalez -+ Iniesta <agi@debian.org> sitting next to me points out there is one in -+ this package. Thanks to Joshua Kwan <joshk@triplehelix.org> for the patch -+ to fix it. (closes: #195548) -+ * config.{guess,sub}: updated -+ * debian/control: Updated to Standards-Version: 3.6.0, no changes needed -+ * sn_interface.c: sniffit was leaving echo turned off when exiting from the -+ interactive mode in an xterm, added reset_shell_mode() to screen_exit() -+ and it works. This should not be needed because endwin should be calling -+ it. -+ -+ -- Edward Betts <edward@debian.org> Mon, 14 Jul 2003 10:50:24 +0200 -+ -+sniffit (0.3.7.beta-10.1) unstable; urgency=low -+ -+ * Non maintainer upload -+ * Rebuilt with new libpcap to remove dependency on libpcap0, which I -+ got removed from unstable by accident. Sorry about this... -+ -+ -- Torsten Landschoff <torsten@debian.org> Sat, 10 Aug 2002 11:37:33 +0200 -+ -+sniffit (0.3.7.beta-10) unstable; urgency=low -+ -+ * README.FIRST: apply patch "James R. Van Zandt" <jrv@mitre.org> to correct -+ spelling and other mistakes in README.FIRST -+ -+ -- Edward Betts <edward@debian.org> Thu, 13 Dec 2001 17:35:25 +0000 -+ -+sniffit (0.3.7.beta-9) unstable; urgency=low -+ -+ * debian/control: Standards-Version: 3.5.5 -+ * debian/rules: Support DEB_BUILD_OPTIONS -+ * config.{guess,sub}: updated files to version from libtool package -+ (Closes: Bug#103633) -+ * sniffit.c: applied patch from Bug#103633 -+ -+ -- Edward Betts <edward@debian.org> Thu, 5 Jul 2001 10:44:23 +0200 -+ -+sniffit (0.3.7.beta-8) unstable; urgency=low -+ -+ * debian/control: Standards-Version: 3.5.2 -+ * debian/rules: Changed to debhelper 3 -+ * debian/rules: Removed dh_suidregister -+ * debian/rules: Removed dh_testversion -+ * debian/rules: Changed dh_installman to dh_installmanpages -+ * debian/rules: Support DEB_BUILD_OPTIONS -+ -+ -- Edward Betts <edward@debian.org> Sun, 25 Mar 2001 04:41:39 -0700 -+ -+sniffit (0.3.7.beta-7) frozen unstable; urgency=high -+ -+ * debian/rules: do not install pcap.3 (closes: Bug#77769). -+ * debian/control: updated Standards-Version to 3.2.1 -+ * debian/control: added version to build-depends on debhelper for lintian: -+ E: sniffit: package-uses-dh_testversion-but-lacks-versioned-build-depends -+ * Package now lintian clean. -+ -+ -- Edward Betts <edward@debian.org> Tue, 28 Nov 2000 07:00:24 -0700 -+ -+sniffit (0.3.7.beta-6.1) frozen unstable; urgency=high -+ -+ * Non maintainer upload. -+ * [security] sn_logfile.c: Replaced sprintfs by snprintfs fixing a buffer -+ overflow (bugtraq). -+ * [security] sn_analyse.c: Limit length of TCP packets to the buffer -+ size (buffer overflow with MTU > 5000). -+ -+ -- Torsten Landschoff <torsten@debian.org> Fri, 26 May 2000 08:40:14 +0200 -+ -+sniffit (0.3.7.beta-6) frozen unstable; urgency=low -+ -+ * Update config.{guess,sub} to versions from the automake package. -+ Should now compile better on ARM (closes: Bug#56915). -+ -+ -- Edward Betts <edward@debian.org> Thu, 3 Feb 2000 09:22:16 +0000 -+ -+sniffit (0.3.7.beta-5) unstable; urgency=low -+ -+ * debian/control: updated Standards-Version to 3.1.1 -+ * debian/control: added Build-Depends. -+ * debian/rules: rewritten. -+ -+ -- Edward Betts <edward@debian.org> Thu, 6 Jan 2000 23:12:32 +0000 -+ -+sniffit (0.3.7.beta-4) unstable; urgency=low -+ -+ * Recompile to try and fix bug #49979 -+ -+ -- Edward Betts <edward@debian.org> Fri, 12 Nov 1999 23:21:17 +0000 -+ -+sniffit (0.3.7.beta-3) unstable; urgency=low -+ -+ * Changed to Debhelper 2.0 -+ * Updated to Standards-Version: 3.0.1 -+ * This package includes a copy of libpcap, ensured that it is not built -+ * Moved config file /etc/sniffit.cfg to -+ /usr/doc/sniffit/examples/sample_config_file -+ * Lintain clean -+ -+ -- Edward Betts <edward@debian.org> Fri, 12 Nov 1999 23:20:20 +0000 -+ -+sniffit (0.3.7.beta-2) unstable; urgency=low -+ -+ * Updated /usr/doc/sniffit/copyright from README.FIRST (fixes #39765) -+ * sniffit 0.3.7.beta is free software (BSD-like license) -+ * Changed section to main/net -+ * Added conffiles entry for /etc/sniffit.cfg -+ -+ -- Hamish Moffatt <hamish@debian.org> Fri, 25 Jun 1999 22:30:00 +1000 -+ -+sniffit (0.3.7.beta-1) unstable; urgency=low -+ -+ * QA group upload -+ * New upstream release (fixes #28510) -+ * Fixed spelling error in description (fixes #26859) -+ * Recompiled with ncurses 4.0 (fixes #37431) -+ -+ -- Hamish Moffatt <hamish@debian.org> Sun, 23 May 1999 01:03:00 +1000 -+ -+sniffit (0.3.5-3) frozen unstable; urgency=low -+ -+ * After long waiting for new copyright i must move it to non-free -+ (fixes bug #21832) -+ -+ -- Damjan Marion <dmarion@debian.org> Thu, 28 May 1998 15:10:35 +0200 -+ -+sniffit (0.3.5-2) frozen unstable; urgency=low -+ -+ * Moved to frozen (resurected from orphaned) -+ * Updated to standards 2.4.1.0 -+ -+ -- Damjan Marion <dmarion@debian.org> Tue, 15 Apr 1998 23:56:11 +0200 -+ -+sniffit (0.3.5-1) unstable; urgency=low -+ -+ * New maintainer -+ * New upstream release -+ * Updated to standards 2.4.0.0 -+ -+ -- Damjan Marion <dmarion@debian.org> Tue, 7 Apr 1998 22:57:01 +0200 -+ -+sniffit (0.3.3-1) unstable; urgency=low -+ -+ * Initial Release. -+ -+ -- Patrick J. Edwards <edwards@cambridgenet.sk.ca> Mon, 17 Mar 1997 17:46:24 -0600 ---- sniffit.0.3.7.beta.orig/debian/sniffit.examples -+++ sniffit.0.3.7.beta/debian/sniffit.examples -@@ -0,0 +1,3 @@ -+sample_config_file -+dns_plugin.plug -+dummy_plugin.plug ---- sniffit.0.3.7.beta.orig/debian/watch -+++ sniffit.0.3.7.beta/debian/watch -@@ -0,0 +1,2 @@ -+version=3 -+http://reptile.rug.ac.be /~coder/sniffit/files/ sniffit.(.*)\.tar\.gz debian uupdate |