#!/usr/bin/perl
# pdump.pl v0.780 [http://pdump.LucidX.com] (perl low-level, highly configurable, packet sniffer/injector)
# started: 07/11/00 14:31:10.874351
# last updated: 09/05/00 20:18:39.547794
#
# currently clones: tcpdump/ngrep/dsniff/macof/webspy/urlsnarf/tcpkill/mailsnarf/carnivore
# along with other utilities and powerful configuration
#
# check the README or docs/README.html for the arguements and all kinds of other stuff.
#
# tested on (using Net::RawIP 0.9 and libpcap 0.4/0.5.2):
# BSD: # FreeBSD 3.1-RELEASE, 3.4-(RELEASE|STABLE), 4.0-(RELEASE|STABLE), 4.1-(RC|RELEASE|STABLE) # OpenBSD ? # All BSD kernels that were tested: 3.1, 3.4, 4.0, 4.1 # # Linux: # Slackware 7.0, kernels 2.2.17, 2.3.6 # Red Hat 5.2, 6.2, kernels 2.0.36, 2.2.14-5.0smp # Mandrake 7.1, kernels 2.2.15-4mdk, 2.2.15-4mdksmp # All Linux kernels that were tested: 2.0.36, 2.2.12-20, 2.2.14-5.0smp, 2.2.15-4mdk(|smp), 2.2.17, 2.3.6
#
BEGIN {
for ($a = 0; $a < @ARGV; $a++) {
if ($ARGV[$a] =~ /^-l$/) {
$req = $ARGV[$a+1];
}
}
my $filesep = '/';
my $basedir = '.';
my $libsdir = 'lib';
if ($req) {
$basedir = $req;
$basedir =~ s/\/$//;
}
my $fulpath = $basedir . $filesep . $libsdir;
# my $fulpath = '/usr/local/pdump/lib';
opendir(DIR, $fulpath) or die "Unable to open $fulpath: $!\n\nMake sure you are in the main pdump directory\nor run pdump with the -l option.\n";
while ($file = readdir DIR) {
next unless $file =~ /\.pl$/;
require $fulpath . $filesep . $file;
}
closedir DIR;
}
################################################################################### ### Don't change anything below (unless you know what you're doing, of course)! ### ###################################################################################
use Socket;
use POSIX qw(strftime);
use Net::RawIP qw(:pcap);
&ansi;
$SIG{'INT'} = \¨
$tout = 10;
$dev = Net::RawIP::lookupdev($tout);
$snaplen = 200;
$xprc = " ";
$version = "0.780";
&get_args;
if ($omni or $ngrp) {
$snaplen = 65535;
}
$| = 1;
$ip = ${ifaddrlist()}{$dev};
$top = 0;
$xprc =~ s/\$localhost/$ip/;
if ($ntshst) {
# ($haddr) = (gethostbyname($ntshst))[4];
# $raddr = join(".", unpack("C4", $haddr));
$raddr = &ip2dot($ntshst);
}
if ($ansi) {
print STDERR colored("(", 'blue');
print STDERR colored("pdump.pl", 'bold');
print STDERR colored(")", 'blue');
print " ";
print STDERR colored($version, 'underline');
print STDERR colored(":", 'green');
print " ";
print STDERR colored("by", 'white');
print " ";
print STDERR colored("CommPort5", 'bold green');
print STDERR colored("(", 'bold blue');
print STDERR colored("\@", 'bold red');
print STDERR colored("LucidX.com", 'bold green');
print STDERR colored(")", 'bold blue');
print "\n";
print STDERR colored("(", 'blue');
print STDERR colored($0, 'underline');
print STDERR colored(")", 'blue');
print STDERR colored(":", 'green');
print " ";
print STDERR colored("listening", 'white');
print " ";
print colored("on", 'white');
print " ";
print STDERR colored($dev, 'green');
print " ";
print STDERR colored("::", 'bold');
print " ";
print STDERR colored($ip, 'green');
print " ";
print STDERR colored("[", 'bold red');
print STDERR colored($host, 'bold cyan');
print STDERR colored("]", 'bold red');
print "\n";
if ($ngrp and !$ngrq) {
print colored("match", 'bold green');
print colored(":", 'bold');
print " ";
print colored($ngrr, 'underline');
print "\n";
}
}
else {
print STDERR "(pdump.pl) $version: by CommPort5(\@LucidX.com)\n";
print STDERR "($0): listening on $dev :: $ip [$host]\n";
if ($ngrp and !$ngrq) {
print "match: $ngrr\n";
}
}
if ($macof) {
&macof;
}
else {
if ($expr) {
$packet_all = new Net::RawIP;
$filt_all = $xprc;
if ($ntsnf) {
if ($lcls) {
$filt_all = "tcp and dst port 80 or dst port 8080 or dst port 3128";
}
elsif ($omni) {
$filt_all = "tcp port 25";
}
elsif ($term) {
unless ($xprc) {
$filt_all = "tcp[13] & 16 != 0";
}
}
else {
$filt_all = "tcp and dst port 80 or dst port 8080 or dst port 3128 and not host $ip";
}
}
if ($snff) {
$filt_all = " ";
}
if ($nopr) {
$pcap_all = $packet_all->pcapinit($dev, $filt_all, $snaplen, 60, 0);
}
else {
$pcap_all = $packet_all->pcapinit($dev, $filt_all, $snaplen, 60);
}
$offset_all = linkoffset($pcap_all);
if ($wrt) {
$awr = dump_open($pcap_all, $write);
}
}
else {
$packet_udp = new Net::RawIP({udp=>{}});
$packet_tcp = new Net::RawIP({tcp=>{}});
$packet_icmp = new Net::RawIP({icmp=>{}});
$filt_udp = "ip proto \\udp";
$filt_tcp = "ip proto \\tcp";
$filt_icmp = "ip proto \\icmp";
if ($nopr) {
$pcap_tcp = $packet_tcp->pcapinit($dev, $filt_tcp, $snaplen, 60, 0);
$pcap_udp = $packet_udp->pcapinit($dev, $filt_udp, $snaplen, 60, 0);
$pcap_icmp = $packet_icmp->pcapinit($dev, $filt_icmp, $snaplen, 60, 0);
}
else {
$pcap_tcp = $packet_tcp->pcapinit($dev, $filt_tcp, $snaplen, 60);
$pcap_udp = $packet_udp->pcapinit($dev, $filt_udp, $snaplen, 60);
$pcap_icmp = $packet_icmp->pcapinit($dev, $filt_icmp, $snaplen, 60);
}
$offset_tcp = linkoffset($pcap_tcp);
$offset_udp = linkoffset($pcap_udp);
$offset_icmp = linkoffset($pcap_icmp);
if ($wrt) {
$twr = dump_open($pcap_tcp, $write); $uwr = dump_open($pcap_udp, $write); $iwr = dump_open($pcap_icmp, $write);
}
}
}
unless ($macof) {
if ($expr) {
if ($wrt) {
if ($ntsnf) {
loop $pcap_all, -1, \&check_web, \$awr;
}
elsif ($snff) {
@pws = split(/,\s*/, $snft);
loop $pcap_all, -1, \&pwsniff, \$awr;
}
elsif ($omni) {
loop $pcap_all, -1, \&omnivore, \$awr;
}
elsif ($term) {
loop $pcap_all, -1, \&terminator, \$awr;
}
else {
loop $pcap_all, -1, \&check_all, \$awr;
}
}
else {
if ($ntsnf) {
loop $pcap_all, -1, \&check_web, \@packet_all;
}
elsif ($snff) {
@pws = split(/,\s*/, $snft);
loop $pcap_all, -1, \&pwsniff, \@packet_all;
}
elsif ($omni) {
loop $pcap_all, -1, \&omnivore, \@packet_all;
}
elsif ($term) {
loop $pcap_all, -1, \&terminator, \@packet_all;
}
else {
loop $pcap_all, -1, \&check_all, \@packet_all;
}
}
}
else {
if ($wrt) {
if ($tf = fork) {
loop $pcap_tcp, -1, \&check_tcp, \$twr;
}
if ($uf = fork) {
loop $pcap_udp, -1, \&check_udp, \$uwr;
}
if ($if = fork) {
loop $pcap_icmp, -1, \&check_icmp, \$iwr;
}
}
else {
if ($tf = fork) {
loop $pcap_tcp, -1, \&check_tcp, \@packet_tcp;
}
if ($uf = fork) {
loop $pcap_udp, -1, \&check_udp, \@packet_udp;
}
if ($if = fork) {
loop $pcap_icmp, -1, \&check_icmp, \@packet_icmp;
}
}
}
}