tags 372536 + patch
thanks
The problem comes from the fact, that modern Linux kernels often don't
calculate the checksum for outgoing packets, and that libnids by
default filters packets with incorrect checksum. The attached patch
disables this filtering.
A more fine-grained solution might be to disable filtering only for
outgoing packets. As false positives are probably harmless in this
case, this seems to be unnecessary. If you wish to do so, anyway,
please remember that since urlsnarf supports reading captured (perhaps
on another machine) traffic from a file, an option to tell urlsnarf
which addresses are considered local would be needed.
diff -ur dsniff-2.4b1/urlsnarf.c dsniff/urlsnarf.c
--- dsniff-2.4b1/urlsnarf.c 2006-09-21 01:50:01.000000000 +0200
+++ dsniff/urlsnarf.c 2006-09-21 01:51:13.000000000 +0200
@@ -200,6 +200,7 @@
extern char *optarg;
extern int optind;
int c;
+ struct nids_chksum_ctl chksum_ctl;
while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) {
switch (c) {
@@ -260,6 +261,12 @@
}
}
+ chksum_ctl.netaddr = 0;
+ chksum_ctl.mask = 0;
+ chksum_ctl.action = NIDS_DONT_CHKSUM;
+
+ nids_register_chksum_ctl(&chksum_ctl, 1);
+
nids_run();
/* NOTREACHED */
