[tcpdump-workers] sniffex.c - libpcap example code proposal
Hello, I've attached "sniffex.c", which is intended to be libpcap example code. It's based on Tim Carstens "sniffer.c" source. I hope "sniffex" will serve as a decent working example of libpcap code and provide basic documentation via comments for beginners. I also hope this can serve as a template or "starting point" and be modified and refined in the future. I've added a "Tcpdump Group" copyright notice and terms while complying (I think) with Tim Carstens terms. Please take a look at this copyright and license and let me know what you think. Or go ahead and change it so everyone agrees. There's one issue I've run into: after displaying certain packets (see function print_payload), my xterm/bash shell loses the ability to display newlines (i.e scroll lines). I suppose this is due to the display of a certain sequence of characters to my xterm/shell. Any ideas? Any comments, suggestions or ideas are welcome. -Nathan - This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the LabCorp Privacy Officer at [EMAIL PROTECTED] or call (877) 23-HIPAA / (877) 234-4722. /* * sniffex.c * * Sniffer example of TCP/IP packet capture using libpcap. * * Version 0.1 (2005-05-09) * Copyright (c) 2005 The Tcpdump Group * * This software is intended to be used as a practical example and * demonstration of the libpcap library; available at: * http://www.tcpdump.org/ * * * This software is a modification of Tim Carstens' "sniffer.c" * demonstration source code, released as follows: * * sniffer.c * Copyright (c) 2002 Tim Carstens * 2002-01-07 * Demonstration of using libpcap * timcarst -at- yahoo -dot- com * * "sniffer.c" is distributed under these terms: * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright *notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in the *documentation and/or other materials provided with the distribution. * 4. The name "Tim Carstens" may not be used to endorse or promote *products derived from this software without prior written permission * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * * This software, "sniffex.c", is a derivative work of "sniffer.c" and is * covered by the following terms: * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Because this is a derivative work, you must comply with the "sniffer.c" *terms reproduced above. * 2. Redistributions of source code must retain the Tcpdump Group copyright *notice at the top of this source file, this list of conditions and the *following disclaimer. * 3. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in the *documentation and/or other materials provided with the distribution. * 4. The names "tcpdump" or "libpcap" may not be used to endorse or promote *products derived from this software without prior written permission. * * THERE IS ABSOLUTELY NO WARRANTY FOR THIS PROGRAM. * BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY * FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN * OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES * PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED * OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS * TO THE QUALITY AND PERFORMANCE
[tcpdump-workers] sniffex.c - libpcap example code proposal
Guy Harris wrote: > > On Jun 29, 2005, at 1:20 PM, Guy Harris wrote: > >> Use "isprint()" rather than "isascii()" in "print_payload()". > > > ...and, while you're at it, print the payload in hex, as well as > ASCII, to emphasize that there's *no* guarantee that TCP data is text. > A format such as > > 00 00 48 65 6c 6c 6f 2c 20 73 61 69 7c 6f 72 21 > ..Hello, sailor! > > with an offset (perhaps hex), a sequence of hex byte values (perhaps > with an extra space separating the first 8 from the second 8 values), > and the same byte values as text (with values that don't correspond to > printable ASCII characters shown as ".") might be reasonable. Thanks for the help and suggestions. They are implemented in the updated attached "sniffex.c" source file, v0.1.1. The offset counter I printed in decimal, since the total payload is printed in decimal and it just seemed more intuitive, at least for me (I have enough trouble with base10 :). I also added a "Comments" section and referenced these comments in the code with footnotes (e.g. [1]). I think this is a good compromise between readability and explanation and not having to give up one for the other. Please let me know if you think of additional things that might help. -Nathan - This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the LabCorp Privacy Officer at [EMAIL PROTECTED] or call (877) 23-HIPAA / (877) 234-4722. /* * sniffex.c * * Sniffer example of TCP/IP packet capture using libpcap. * * Version 0.1.1 (2005-07-05) * Copyright (c) 2005 The Tcpdump Group * * This software is intended to be used as a practical example and * demonstration of the libpcap library; available at: * http://www.tcpdump.org/ * * * This software is a modification of Tim Carstens' "sniffer.c" * demonstration source code, released as follows: * * sniffer.c * Copyright (c) 2002 Tim Carstens * 2002-01-07 * Demonstration of using libpcap * timcarst -at- yahoo -dot- com * * "sniffer.c" is distributed under these terms: * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright *notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in the *documentation and/or other materials provided with the distribution. * 4. The name "Tim Carstens" may not be used to endorse or promote *products derived from this software without prior written permission * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * * This software, "sniffex.c", is a derivative work of "sniffer.c" and is * covered by the following terms: * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Because this is a derivative work, you must comply with the "sniffer.c" *terms reproduced above. * 2. Redistributions of source code must retain the Tcpdump Group copyright *notice at the top of this source file, this list of conditions and the *following disclaimer. * 3. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in the *documentation and/or other materials provided with the distribution. * 4. The names "tcpdump" or "libpcap" may not be used to endorse or promote *products derived from this software without prior written permission. * * THERE IS ABSOLUTELY NO WARRANTY FOR THIS PROGRAM. * BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY * FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN * OTHERWISE STA
Re: [tcpdump-workers] Running TCPDUMP over a web interface
Hi Tek, I actually wrote something like you're describing years ago for a 2nd-level support team so they could help troubleshoot issues (kept me from getting calls :). It's a distributed sniffer of sorts; it sends tcpdump capture filters to remote sniffers via ssh, which are then executed remotely and the captures are sent back to the web server for display in the browser. The CGI app uses tshark to send the summary line (text) to the browser. It does some basic syntax highlighting in html based on the protocol. Someone else might as well use it, so send me an email if you think you'd like to try it. It's running on Linux via Apache via CGI. I always thought I should have started a project for it via SourceForge or something. -Nathan- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
