[arch-commits] Commit in sniffit/repos/community-x86_64 (4 files)
Felix Yan
felixonmars at archlinux.org
Thu Jun 7 06:11:36 UTC 2018
Date: Thursday, June 7, 2018 @ 06:11:36
Author: felixonmars
Revision: 341670
archrelease: copy trunk to community-x86_64
Added:
sniffit/repos/community-x86_64/PKGBUILD
(from rev 341669, sniffit/trunk/PKGBUILD)
sniffit/repos/community-x86_64/sniffit-fix.patch
(from rev 341669, sniffit/trunk/sniffit-fix.patch)
Deleted:
sniffit/repos/community-x86_64/PKGBUILD
sniffit/repos/community-x86_64/sniffit-fix.patch
-------------------+
PKGBUILD | 100 +-
sniffit-fix.patch | 1874 ++++++++++++++++++++++++++--------------------------
2 files changed, 987 insertions(+), 987 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2018-06-07 06:11:17 UTC (rev 341669)
+++ PKGBUILD 2018-06-07 06:11:36 UTC (rev 341670)
@@ -1,50 +0,0 @@
-# $Id$
-# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
-# Maintainer: Kessia 'even' Pinheiro <kessiapinheiro at gmail.com>
-
-pkgname=sniffit
-pkgver=0.3.7.beta
-pkgrel=16
-pkgdesc="Very good packet sniffer for unix with ncurses interactive mode"
-arch=('i686' 'x86_64')
-url="http://packages.ubuntu.com/source/sniffit"
-#seems the website are out, ubuntu have all sources
-#url=http://reptile.rug.ac.be/~coder/sniffit/sniffit.html"
-license=('BSD')
-depends=('ncurses' 'libpcap')
-makedepends=('libtool')
-source=("http://archive.ubuntu.com/ubuntu/pool/universe/s/${pkgname}/${pkgname}_${pkgver}.orig.tar.gz"
- 'sniffit-fix.patch')
-md5sums=('2697cc18878480199fe6db1e61134d5a'
- 'e66e45dac8fd088accd62160cf8b569f')
-
-build() {
- cd "${srcdir}"
- patch -Np0 < ${srcdir}/sniffit-fix.patch
-
- cd "${srcdir}/${pkgname}.${pkgver}"
-
- rm -f config.sub config.guess
- cp /usr/share/libtool/build-aux/config.{guess,sub} .
-
- ./configure --prefix=/usr --no-recursion --sbindir=/usr/bin
- make
-}
-
-package() {
- cd "${srcdir}/${pkgname}.${pkgver}"
- install -dm0755 -g root -o root ${pkgdir}/usr/{bin,share/licenses/${pkgname}}
- install -Dm0744 -g root -o root sniffit ${pkgdir}/usr/bin/sniffit
- install -Dm0644 LICENSE ${pkgdir}/usr/share/licenses/${pkgname}
-
- # docs
- install -Dm0644 sniffit.5 $pkgdir/usr/share/man/man5/sniffit.5
- install -Dm0644 sniffit.8 $pkgdir/usr/share/man/man8/sniffit.8
-
- for i in BETA-TESTING PLUGIN-HOWTO README.FIRST sniffit-FAQ; do
- install -Dm0644 $i $pkgdir/usr/share/doc/sniffit/$i
- done
- for i in dns_plugin.plug dummy_plugin.plug sample_config_file; do
- install -Dm0644 $i $pkgdir/usr/share/doc/sniffit/examples/$i
- done
-}
Copied: sniffit/repos/community-x86_64/PKGBUILD (from rev 341669, sniffit/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2018-06-07 06:11:36 UTC (rev 341670)
@@ -0,0 +1,50 @@
+# $Id$
+# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
+# Maintainer: Kessia 'even' Pinheiro <kessiapinheiro at gmail.com>
+
+pkgname=sniffit
+pkgver=0.3.7.beta
+pkgrel=17
+pkgdesc="Very good packet sniffer for unix with ncurses interactive mode"
+arch=('x86_64')
+url="http://packages.ubuntu.com/source/sniffit"
+#seems the website are out, ubuntu have all sources
+#url=http://reptile.rug.ac.be/~coder/sniffit/sniffit.html"
+license=('BSD')
+depends=('ncurses' 'libpcap')
+makedepends=('libtool')
+source=("http://archive.ubuntu.com/ubuntu/pool/universe/s/${pkgname}/${pkgname}_${pkgver}.orig.tar.gz"
+ 'sniffit-fix.patch')
+sha512sums=('b32d1f17d589ee1d1afc7986640a2b9f451cdb26ee2d077db1eaec1bb77ed353bbbb6a79bd25f915b3a40b7a279f9fc7855706150ec3a24f8937a152ac91b8d1'
+ 'db2c29e3ccf58b661014294b6542b3642aeaaa5d64e0424b6a3d9c39243abd16ab2e07f08e1d82e4fc02076c83351bf1e856fc4e8daad6319b53fa43c44a6574')
+
+build() {
+ cd "${srcdir}"
+ patch -Np0 < "$srcdir"/sniffit-fix.patch
+
+ cd "${srcdir}/${pkgname}.${pkgver}"
+
+ rm -f config.sub config.guess
+ cp /usr/share/libtool/build-aux/config.{guess,sub} .
+
+ ./configure --prefix=/usr --no-recursion --sbindir=/usr/bin
+ make
+}
+
+package() {
+ cd "${srcdir}/${pkgname}.${pkgver}"
+ install -dm0755 -g root -o root "$pkgdir"/usr/{bin,share/licenses/${pkgname}}
+ install -Dm0744 -g root -o root sniffit "$pkgdir"/usr/bin/sniffit
+ install -Dm0644 LICENSE "$pkgdir"/usr/share/licenses/${pkgname}
+
+ # docs
+ install -Dm0644 sniffit.5 "$pkgdir"/usr/share/man/man5/sniffit.5
+ install -Dm0644 sniffit.8 "$pkgdir"/usr/share/man/man8/sniffit.8
+
+ for i in BETA-TESTING PLUGIN-HOWTO README.FIRST sniffit-FAQ; do
+ install -Dm0644 $i "$pkgdir"/usr/share/doc/sniffit/$i
+ done
+ for i in dns_plugin.plug dummy_plugin.plug sample_config_file; do
+ install -Dm0644 $i "$pkgdir"/usr/share/doc/sniffit/examples/$i
+ done
+}
Deleted: sniffit-fix.patch
===================================================================
--- sniffit-fix.patch 2018-06-07 06:11:17 UTC (rev 341669)
+++ sniffit-fix.patch 2018-06-07 06:11:36 UTC (rev 341670)
@@ -1,937 +0,0 @@
---- sniffit.0.3.7.beta.orig/sniffit.5
-+++ sniffit.0.3.7.beta/sniffit.5
-@@ -122,7 +122,6 @@
- a) Send by hosts '100.100.12.*'
- b) Send from/to 100.100.12.2 (useless line)
- c) deselecting all WWW packets on the subnet
--.ni
-
- .SH AUTHOR
- Brecht Claerhout <coder at reptile.rug.ac.be>
---- sniffit.0.3.7.beta.orig/sn_structs.h
-+++ sniffit.0.3.7.beta/sn_structs.h
-@@ -67,7 +67,7 @@
- struct snif_mask /* struct for mask */
- {
- _32_bit source_ip, destination_ip;
-- _32_bit short source_port, destination_port;
-+ _16_bit source_port, destination_port;
- };
-
- /* (packet generation) */
---- sniffit.0.3.7.beta.orig/sniffit.0.3.7.c
-+++ sniffit.0.3.7.beta/sniffit.0.3.7.c
-@@ -48,15 +48,15 @@
- {
- printf (
- "usage: %s [-xdabvnN] [-P proto] [-A char] [-p port] [(-r|-R) recordfile]\n"
-- " [-l sniflen] [-L logparam] [-F snifdevice] [-M plugin]\n"
-+ " [-l sniflen] [-L logparam] [-F snifdevice] [-M plugin]\n",
-+ prog_name);
- #ifdef INCLUDE_INTERFACE
-- " [-D tty]"
-+ printf ( " [-D tty]"
- " (-t<Target IP> | -s<Source IP>)"
-- " | (-i|-I) | -c<config file>]\n",
-+ " | (-i|-I) | -c<config file>]\n");
- #else
-- " (-t<Target IP> | -s<Source IP>) | -c<config file>]\n",
-+ printf ( " (-t<Target IP> | -s<Source IP>) | -c<config file>]\n");
- #endif
-- prog_name);
- printf ("Plugins Available:\n");
- #ifdef PLUGIN0_NAME
- printf (" 0 -- %s\n", PLUGIN0_NAME);
---- sniffit.0.3.7.beta.orig/sn_analyse.c
-+++ sniffit.0.3.7.beta/sn_analyse.c
-@@ -151,16 +151,18 @@
- {
- char workbuf1[MTU];
- char *wb_dummy;
-+ char *p;
-+ size_t len = info.DATA_len <= MTU-1 ? info.DATA_len : MTU-1;
-
-- strncpy(workbuf1,data,info.DATA_len);
-- workbuf1[info.DATA_len]=0;
-+ strncpy(workbuf1,data,len);
-+ workbuf1[len]=0;
- strlower(workbuf1);
-
-- if(strstr(workbuf1,"mail from")!=NULL)
-+ if((p=strstr(workbuf1,"mail from"))!=NULL)
- {
- char workbuf2[MTU];
-
-- strcpy(workbuf2, strstr(workbuf1,"mail from"));
-+ strcpy(workbuf2, p);
- if(strchr(workbuf2,13)!=NULL) /* remove trailing enter */
- {wb_dummy=strchr(workbuf2,13); *wb_dummy=0;}
- if(strchr(workbuf2,10)!=NULL)
-@@ -168,11 +170,11 @@
- print_mail(filename,workbuf2);
- }
-
-- if(strstr(workbuf1,"rcpt to")!=NULL)
-+ if((p=strstr(workbuf1,"rcpt to"))!=NULL)
- {
- char workbuf2[MTU];
-
-- strcpy(workbuf2, strstr(workbuf1,"rcpt to"));
-+ strcpy(workbuf2, p);
- if(strchr(workbuf2,13)!=NULL) /* remove trailing enter */
- {wb_dummy=strchr(workbuf2,13); *wb_dummy=0;}
- if(strchr(workbuf2,10)!=NULL)
---- sniffit.0.3.7.beta.orig/README.FIRST
-+++ sniffit.0.3.7.beta/README.FIRST
-@@ -6,7 +6,7 @@
- * No illegal activities are encouraged! *
- # Please read the LICENSE file #
- * *
--# Sniffit grew a little upon it's original intentions and is now #
-+# Sniffit grew a little upon its original intentions and is now #
- * extended for network debugging (UDP, ICMP, netload, etc.) *
- #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
- * Libpcap library *
-@@ -45,19 +45,19 @@
-
- I hope you enjoy this beta version. Like always, I removed some bugs. There
- is a new 'logging' feature. It is now possible to record traffic with
--Sniffit and process it later! (it is completely different from te logging
-+Sniffit and process it later! (it is completely different from the logging
- done in the 0.3.6 version, that is known to some hardcore Sniffit users)
- Please take a minute to skim through the text and read the passages marked
- with a '*', these are the new features.
- (Please read BETA-TESTING)
-
--I use the libpcap library developped at Berkeley Laboratory, for easy
-+I use the libpcap library developed at Berkeley Laboratory, for easy
- porting (Read the licence).
-
- 0.1 Credits and contact
- -----------------------
-
--Credits go to (in order of apperance on the Sniffit scene):
-+Credits go to (in order of appearance on the Sniffit scene):
- Wim Vandeputte <wvdputte at reptile.rug.ac.be>,
- best friend and UNIX guru, for support, testing and
- providing me with a WWW site.
-@@ -71,17 +71,17 @@
- Qing Long, for the bash/zsh libpcap/configure script.
- Guy Gustavson, for giving me a FreeBSD account.
- Woju <woju at freebsd.ee.ntu.edu.tw>, for the ncurses SunOS/FreeBSD fixing,
-- and for his other effords.
-+ and for his other efforts.
- Amlan Saha <eng40607 at nus.sg>, for adding Packet Generation to
- Sniffit, and adding other features (not implemented yet).
- I'm sure that in the near future you will see more of his
- work in Sniffit.
- Shudoh Kazuyuki, for changing getaddrbyname() and improving the
- config-file interpreting.
-- Fyodor <fyodor at dhp.com>, for pointing out the hidious small
-+ Fyodor <fyodor at dhp.com>, for pointing out the hideous small
- fragments problem.
- David O'Brien <obrien at nuxi.com>, for netbsd information.
-- everybody, who ever mailed me with sugestions help, etc...
-+ everybody, who ever mailed me with suggestions help, etc...
-
- Also a big thanks to my Beta testers (alphabetically, I hope)...
- Charles G Stuart <charles.stuart at juno.com> IRIX / RedHat LINUX
-@@ -91,7 +91,7 @@
-
- And many others who wish to be anonymous....
-
--Sugestions and comments can be sent to:
-+Suggestions and comments can be sent to:
- coder at reptile.rug.ac.be
-
- Brecht Claerhout
-@@ -99,10 +99,10 @@
- 8700 Tielt
- Belgium
-
--The original distribution program can be optained from (my site):
-+The original distribution program can be obtained from (my site):
- http://sniffit.rug.ac.be/sniffit/sniffit.html
-
--MIND YOU: this program is ran as root, and thus could easily contain
-+MIND YOU: this program is run as root, and thus could easily contain
- dangerous trojans. If you get it from the above site you can
- safely compile and use it.
- (no trojan versions are discovered yet.. it's just a warning)
-@@ -178,7 +178,7 @@
- -v Show version and exit (just added because it's such a
- wide spread option)
- -t <IP nr/name> tells the sniffer to check out packets GOING TO <IP>
-- -s <IP nr/name> tells the sniffer to check out packets COMMING FROM <IP>
-+ -s <IP nr/name> tells the sniffer to check out packets COMING FROM <IP>
- You can use the '@' wildcard (only IP NUMBERS of course).
- e.g. -t 199.145.@
- -t 199.14@
-@@ -197,15 +197,15 @@
- Parameters for all modes:
- -F <device> force sniffit to use a network device
- (READ 3.2 ON THIS SUBJECT, IMPORTANT)
-- -n Turn of IP checksum checking. This can show you
-+ -n Turn off IP checksum checking. This can show you
- bogus packets. (mind you ARP, RARP, other non-IP
- packets will show up bogus too) (compatible with
- ALL options)
-- -N Disables all functions that Sniffit has build in, usefull
-+ -N Disables all functions that Sniffit has build in, useful
- for wanting to run ONLY a plugin
-
- Parameters for not running in -i:
-- -b does both -t and -s, doesn't mather what function you used
-+ -b does both -t and -s, doesn't matter what function you used
- (-t or -s)
- -d Dump mode, shows the packets on the screen in bytes (not
- like tcpdump). For test purposes. (numbers are hex)
-@@ -231,7 +231,7 @@
- They can be combined.
- -p <port> Logs connections on port <port>, 0 means all ports, default
- is 0 (all), look out with that on loaded nets!
-- -l <length> Ammount of information to log (default 300 bytes).
-+ -l <length> Amount of information to log (default 300 bytes).
- Length 0 logs everything. (look out with diskspace when
- logging everything!)
- -M <Plugin> Activate Plugin nr. <Plugin>, for a list on all plugins
-@@ -260,7 +260,7 @@
-
- Some examples:
- Imagine the following setup: 2 hosts on a subnet, one is running the
-- sniffer (sniffit.com), the otherone is 66.66.66.7 (target.com).
-+ sniffer (sniffit.com), the other one is 66.66.66.7 (target.com).
- 1. You want to test if the sniffer is working:
- sniffit:~/# sniffit -d -p 7 -t 66.66.66.7
- and in another window:
-@@ -272,7 +272,7 @@
- 3. Root of target.com tells me he gets strange ftp connections and
- wants to find out the commands typed:
- sniffit:~/# sniffit -p 21 -l 0 -t 66.66.66.7
-- 4. You want to read all incomming and outgoing mail on target.com:
-+ 4. You want to read all incoming and outgoing mail on target.com:
- sniffit:~/# sniffit -p 25 -l 0 -b -t 66.66.66.7 &
- or
- sniffit:~/# sniffit -p 25 -l 0 -b -s 66.66.66.7 &
-@@ -314,9 +314,9 @@
- F5 or '5' : Start a program 'sniffit_key5' with arguments
- <from IP> <from port> <to IP> <to port>
- If the program doesn't exist, nothing is done. Sniffit should
-- be in the same path as sniffit was STARTED FROM (not necessarely
-+ be in the same path as sniffit was STARTED FROM (not necessarily
- the path sniffit is stored in)
-- This is usefull for interactive connection killing or extra
-+ This is useful for interactive connection killing or extra
- monitoring. A little shell script can always transform the
- arguments given and pass them on to other programs.
- F6 or '6' : Same as F5 or '5', but with program 'sniffit_key6'
-@@ -330,12 +330,12 @@
- the config.h file to change this (could be needed if y'r
- computer is slow).
- 'g' : Generate Packets!
-- Sniffit is now able to generate some trafic load. Currently
-- this is a 'underdevelloped' feature with very few options,
-+ Sniffit is now able to generate some traffic load. Currently
-+ this is a 'underdeveloped' feature with very few options,
- but it will be expanded a lot...
- Currently only UDP packets are generated. When pressing 'G'
-- you will be asked the source/dest IP/port and how much packets
-- are needed to be transmitted.
-+ you will be asked the source/dest IP/port and how many packets
-+ are to be transmitted.
- Packets contain the line: "This Packet was fired with Sniffit!"
- 'r' : Reset.. clears all current connections from memory and restarts.
-
-@@ -348,14 +348,14 @@
-
- When forcing network devices, sniffit tries to find out what device it is.
- If sniffit recognises the name, everything is okay.
--If it does not recognise the name it will set the variable
--FORCED_HEAD_LENGHTH to the ethernet headlength. The ethernet headlength
--is the length in bytes of an ethernet packet hearder.
--So if you have to force a non-ethernet device, that is not recognised by
-+If it does not recognise the name it will set the ethernet headlength
-+according to the compiled-in value FORCED_HEAD_LENGTH. The ethernet
-+headlength is the length in bytes of an ethernet packet header.
-+So if you have to force a non-ethernet device that is not recognised by
- sniffit, make sure you change that headlength correctly in the 'sn_config.h'
- file.
-
--The -F option was added, because I noticed devicenames can differ from
-+The -F option was added, because I noticed device names can differ from
- system to system, and because some ppl have multiple devices present.
- When having problems with this option, please think twice before you mail me.
-
-@@ -370,7 +370,7 @@
-
- The configfile should have lines with the following format:
- <field1> <field2> <field3> <field4> [<field5>]
--(seperators are spaces (any number of), NO TABS!!!)
-+(separators are spaces (any number of), NO TABS!!!)
-
- Lines that don't match this pattern are discarded, so standard unix
- comments '#' can be used in this file... (this also means that if you
-@@ -399,10 +399,10 @@
- host : The (de)selection criteria involves a hostname.
- port : similar, ... a portnumber
- mhosts : The (de)selection criteria involves multiple-hosts, like
-- with the wildcars in 0.3.0, but without the 'x'
-+ with the wildcards in 0.3.0, but without the 'x'
-
- <field4> can be:
--* either a hostname, a portnumber, a service name or a numbet-dot partial
-+* either a hostname, a portnumber, a service name or a number-dot partial
- * notation indicating multiple hosts depending on <field3>
- * (service names like 'ftp' are resolved as the services available
- * present on the host that runs Sniffit, and translated into a port nr)
-@@ -411,7 +411,7 @@
- a portnumber or service name, if <field3> was 'host' or 'mhosts'
-
-
-- Maybe it would have been wise to mention explicitely, that the config-file
-+ Maybe it would have been wise to mention explicitly, that the config-file
- currently only works with TCP packets.
-
- examples:
-@@ -425,7 +425,7 @@
- a) Send by host 100.100.12.2
- b) Send by host 100.100.12.3 from port 1400
- c) Send to coder.sniffit.com
-- d) All packets on our subnet going to or comming from a telnet port.
-+ d) All packets on our subnet going to or coming from a telnet port.
-
- 2. another example:
- select both mhosts 100.100.12.
-@@ -436,7 +436,7 @@
- b) EXCEPT the WWW packets
- c) BUT showing the WWW packets concerning enemy.sniffit.com
-
-- The config file in interpreted SEQUENTIAL, so mixing up those lines
-+ The config file is interpreted SEQUENTIALLY, so mixing up those lines
- could have unwanted results e.g.:
- select both mhosts 100.100.12.
- select both host enemy.sniffit.org
-@@ -455,7 +455,7 @@
- select both mhosts 2
- deselect both mhosts 1 80
- deselect both mhosts 2 80
-- This would show you all subnet trafic excluding WWW trafic
-+ This would show you all subnet traffic excluding WWW traffic
- (concerning port 80.)
-
- 4. example:
-@@ -476,12 +476,12 @@
- * you will like it more this way.
- *
- * Loglevels are now activated by '-L <logparam>'.
--* The folowing <logparam>'s are valid (concatenation is alowed):
-+* The following <logparam>'s are valid (concatenation is allowed):
- *
- * 'raw':
- * Log all SYN, FIN, RST packets. This will give you an overview of
--* all network (TCP) trafic in a 'RAW' way (a connection starting could
--* gives you at least 2 SYN packets, etc...).
-+* all network (TCP) traffic in a 'RAW' way (a connection starting could
-+* give you at least 2 SYN packets, etc...).
- * This is a great way to waste diskspace...
- * Messages are:
- * Connection initiated. (SYN)
-@@ -507,7 +507,7 @@
- * A '~' in the login and passwords fields can be a nonprintable
- * character (if in the beginning of a field, probably due to an early
- * start of registration) or a '~'.
--* This all makes it sound a little messy, but I 'testdrived' a lot and
-+* This all makes it sound a little messy, but I 'test-drove' a lot and
- * was pleased with the results after adding some funky shit (if y'r
- * interested have a look at in function 'packethandler' in
- * sniffit.*.c)
-@@ -521,7 +521,7 @@
- *
- * 'mail':
- * Interested in who writes mail to who? Well you get all senders and
--* recepients nicely logged with this feature (port 25 mail).
-+* recipients nicely logged with this feature (port 25 mail).
-
-
- 4. The output
-@@ -563,7 +563,7 @@
- connections, you will need to use 'joe' or something else that can
- support control chars (look for '-A <char>' below).
- Telnet 'negotiates' (binary) in the beginning of every connection, and
-- 'catting' a output file, will most of the time show nothing (due to
-+ 'catting' an output file, will most of the time show nothing (due to
- control chars).
- Of course when logging mail, there are no problems.
- The new '-A <char>' takes care of the control characters, that way you
-@@ -612,14 +612,14 @@
-
- - UDP Packets (not logged, displayed)
-
-- You get the package id. When using -d, -a you get the contence of the
-+ You get the package id. When using -d, -a you get the contents of the
- package. (pretty basic)
-
-
- 4.2 Logfile
- -----------
-
--If you use a configfile (-c) and enable the Logging option a logfile is
-+If you use a configfile (-c) and enable the Logging option, a logfile is
- created. Unless you set 'logfile' in the config file, that file will be
- named 'sniffit.log'.
- It will contain lines with the following FIXED format:
-@@ -635,7 +635,7 @@
-
- 3) Lines containing other data (future versions), will NOT begin with '['
- and will have also easily interpretable formats.
-- Other data is e.g. packet contence
-+ Other data is e.g. packet contents
-
- I do this because I can imagine (when this is more expanded) that people
- will use their own parsers for these logfiles. Well, if you respect those 3
-@@ -651,13 +651,13 @@
- Some other notes:
-
- - Sniffers can only be run by ROOT
-- - Sniffers can only log packets that 'travel' on THEIR ethernetcable.
-+ - Sniffers can only log packets that 'travel' on THEIR ethernet cable.
- So there has to be some host on your subnet involved (either as
- sender or receiver).
-- - Working with '-d' or '-a' give you raw packets, they are still
-- packed in IP, when logging to files, only send data is logged,
-+ - Working with '-d' or '-a' gives you raw packets, they are still
-+ packed in IP, when logging to files, only sent data is logged,
- the packets are 'unwrapped'.
-- - Sniffers can NORMALY not be detected by outsiders (or outsiders
-+ - Sniffers can NORMALLY not be detected by outsiders (or outsiders
- SHOULD not be able to...).
- Unfortunately some systems contain bugs that will allow outsiders to
- probe your network device for PROMISC mode (which is a good indication
---- sniffit.0.3.7.beta.orig/sniffit.8
-+++ sniffit.0.3.7.beta/sniffit.8
-@@ -39,7 +39,7 @@
- is a packet sniffer for TCP/UDP/ICMP packets.
- .B sniffit
- is able to give you very detailed technical info on these
--packets (SEQ, ACK, TTL, Window, ...) but also packet contence in
-+packets (SEQ, ACK, TTL, Window, ...) but also packet contents in
- different formats (hex or plain text, ...).
- .LP
- .B sniffit
-@@ -76,7 +76,7 @@
-
- .IP "-t Target-IP"
- Only process packets TO Target-IP. If Target-IP is in dot-nr notation,
--'x' is allowed as wildcard. (e.g. '-t 157.193.x', '-t x', ...)
-+\'x' is allowed as wildcard. (e.g. '-t 157.193.x', '-t x', ...)
- .I "(NOT compatible with: '-s' '-i' '-I' '-c' '-v' '-L')"
-
- .IP "-s Source-IP"
-@@ -84,7 +84,7 @@
- .I "(NOT compatible with: '-t' '-i' '-I' '-c' '-v' '-L')"
-
- .IP -b
--'both' mode, together with '-s' or '-t', only process FROM/TO the IP
-+\'both' mode, together with '-s' or '-t', only process FROM/TO the IP
- specified by '-s' or '-t'
- .I "(NOT compatible with: '-t' '-i' '-I' '-c' '-v' '-L')"
-
-@@ -115,7 +115,7 @@
- .IP "-R <file>"
- Record all traffic in
- .I <file>
--.This file can then be fed to Sniffit with the '-r' option.
-+This file can then be fed to Sniffit with the '-r' option.
- .I "(Needs a selection parameter like '-c' '-t' '-s')"
- .I "(NOT compatible with '-i' '-I' '-v' '-L' '-r')"
-
-@@ -149,12 +149,12 @@
- .I "(NOT compatible with: '-i' 'I' '-v')"
-
- .IP -d
--'dump mode', shows the packets on the screen (stdout) instead of logging
-+\'dump mode', shows the packets on the screen (stdout) instead of logging
- into files (default). Data is printed in bytes (hex).
- .I "(NOT compatible with: '-i' 'I' '-v' '-L')"
-
- .IP -a
--'dump mode', same of '-d' but outputs ASCII. Non printable chars are
-+\'dump mode', same of '-d' but outputs ASCII. Non printable chars are
- replaced by '.'.
- ('-d' and '-a' mix without any problem)
- .I "(NOT compatible with: '-i' '-I' '-v' '-L')"
-@@ -193,8 +193,7 @@
- can be found with
- .I ifconfig
- (see
--.BR ifconfig (8)
--).
-+.BR ifconfig (8)).
- .B sniffit
- supports ethernet and PPP by default. Read
- .B README.FIRST
-@@ -210,7 +209,7 @@
- .B Plugin
- , for a list on all plugins compiled in your version, just type '
- .B sniffit
--'. Read all about Plugins in the PLUGIN-HOWTO (READ IT!)
-+\'. Read all about Plugins in the PLUGIN-HOWTO (READ IT!)
- .I "(NOT compatible with: '-i' '-I' '-v')"
-
- .IP "-L logparam"
-@@ -235,7 +234,7 @@
- receiving host (port 'o').
-
- .SH "DUMP MODE ('-d' and/or '-a')"
--Output is dumped to stdout, the packet contence is shown in it's
-+Output is dumped to stdout, the packet contents is shown in it's
- unwrapped form (the complete IP packet).
-
- .SH "INTERACTIVE MODE ('-i' or '-I')"
-@@ -320,7 +319,7 @@
- .SH "IP ICMP UDP LOGGING"
- Information on these packets is dumped to stdout. Packet
- Filtering options only refer to TCP and UDP packets.
--The contence of UDP packets is only shown when enabling '-a' or '-d'.
-+The contents of UDP packets is only shown when enabling '-a' or '-d'.
-
- .SH AUTHOR
- Brecht Claerhout <coder at reptile.rug.ac.be>
---- sniffit.0.3.7.beta.orig/sn_interface.c
-+++ sniffit.0.3.7.beta/sn_interface.c
-@@ -5,6 +5,7 @@
-
- #ifdef INCLUDE_INTERFACE
- #include <signal.h>
-+#include <termios.h>
- #include <unistd.h>
- #include <sys/ipc.h>
- #include <sys/shm.h>
-@@ -513,8 +514,11 @@
-
- void screen_exit (void)
- {
--clear();
- endwin();
-+/* next line added by Edward Betts <edward at debian.org>, should not be needed
-+ * because endwin should be calling it, without this the console has no echo
-+ * after exiting in an xterm */
-+reset_shell_mode();
- };
-
- void mem_exit (void)
---- sniffit.0.3.7.beta.orig/sn_logfile.c
-+++ sniffit.0.3.7.beta/sn_logfile.c
-@@ -44,42 +44,42 @@
- void print_ftp_user (char *conn, char *user)
- {
- char line[250];
--sprintf(line,"%s: USER [%s]",conn,user);
-+snprintf(line,sizeof(line),"%s: USER [%s]",conn,user);
- print_logline (line);
- }
-
- void print_ftp_pass(char *conn, char *pass)
- {
- char line[250];
--sprintf(line,"%s: PASS [%s]",conn,pass);
-+snprintf(line,sizeof(line),"%s: PASS [%s]",conn,pass);
- print_logline (line);
- }
-
- void print_login (char *conn, char *login)
- {
- char line[250];
--sprintf(line,"%s: login [%s]",conn,login);
-+snprintf(line,sizeof(line),"%s: login [%s]",conn,login);
- print_logline (line);
- }
-
- void print_mail (char *conn, char *msg)
- {
- char line[250];
--sprintf(line,"%s: mail [%s]",conn,msg);
-+snprintf(line,sizeof(line),"%s: mail [%s]",conn,msg);
- print_logline (line);
- }
-
- void print_pwd (char *conn, char *pwd)
- {
- char line[250];
--sprintf(line,"%s: password [%s]",conn,pwd);
-+snprintf(line,sizeof(line),"%s: password [%s]",conn,pwd);
- print_logline (line);
- }
-
- void print_conn (char *conn, char *msg)
- {
- char line[250];
--sprintf(line,"%s: %s",conn,msg);
-+snprintf(line,sizeof(line),"%s: %s",conn,msg);
- print_logline (line);
- }
-
---- sniffit.0.3.7.beta.orig/Makefile.in
-+++ sniffit.0.3.7.beta/Makefile.in
-@@ -26,9 +26,8 @@
- @echo "Succesfull compilation..."
-
- sniffit: $(SNIFFIT) $(DEP_FILES)
-- cd libpcap; make; cd ..
-+# cd libpcap; make; cd ..
- $(CC) $(EXE_FLAG) $(SNIFFIT) $(EXE_OBJ) $(EXE_OPT) $(LIBS) $(DEFS) $(OS_OPT)
-- strip sniffit
-
- sn_cfgfile.o: sn_cfgfile.h sn_cfgfile.c sn_defines.h sn_structs.h sn_config.h
- $(CC) $(OBJ_FLAG) sn_cfgfile.c $(OBJ_OPT) $(DEFS)
-@@ -52,12 +51,12 @@
-
- #Clean up everthing...
- clean:
-- cd libpcap; make clean; rm -f config.cache; cd ..
-+# cd libpcap; make clean; rm -f config.cache; cd ..
- rm -f Makefile
- rm -f config.cache
- rm -f config.status
- rm -f config.log
-- rm -f ./libpcap/config.cache
-- rm -f ./libpcap/config.status
-- rm -f ./libpcap/config.log
-+# rm -f ./libpcap/config.cache
-+# rm -f ./libpcap/config.status
-+# rm -f ./libpcap/config.log
- rm -f *.o sniffit
---- sniffit.0.3.7.beta.orig/debian/rules
-+++ sniffit.0.3.7.beta/debian/rules
-@@ -0,0 +1,28 @@
-+#!/usr/bin/make -f
-+
-+build:
-+ dh build --before configure
-+ cp /usr/share/misc/config.guess .
-+ cp /usr/share/misc/config.sub .
-+ ./configure --prefix=/usr --no-recursion
-+ $(MAKE) OBJ_OPT="" EXE_OPT="-lpcap"
-+ dh build --after build
-+
-+clean:
-+ dh clean
-+ rm -f config.sub config.guess
-+
-+install: build
-+ dh install --before dh_auto_install
-+ dh_install sniffit usr/sbin
-+ dh_installman sniffit.5 sniffit.8
-+ dh_installchangelogs HISTORY
-+ dh install --after dh_auto_install
-+
-+binary-arch: install
-+ dh binary-arch
-+
-+binary-indep: install
-+ dh binary-indep
-+
-+binary: binary-arch binary-indep
---- sniffit.0.3.7.beta.orig/debian/README
-+++ sniffit.0.3.7.beta/debian/README
-@@ -0,0 +1,48 @@
-+sniffit for Debian
-+----------------------
-+
-+What follows are one of the previous maintainers, Patrick J. Edwards
-+<edwards at cambridgenet.sk.ca>, thoughts on this package, and its security
-+implications.
-+
-+Notes on Security
-+-----------------
-+ This program is highly dangerous, with this program hackers no
-+longer need qcrack or crack for your system. Instead, they can just wait
-+till a user logs in and *BAM* they have a new password. So the point is,
-+this program should be promptly removed in any of the following situations:
-+
-+ 1. You are in doubt of the security of your system. Granted that
-+ some one who has already creatively aquired (meaning hacked) root
-+ can install this program his/her self there is no point in
-+ pre-installing this program for them.
-+
-+ 2. You have a tendency to act unethically and snoop on you users for
-+ no apparent reason. "Good" system admins won't do this.
-+
-+ 3. You don't actively search for security holes in your system. If
-+ your not doing this and you box is on the Internet 24/7 perhaps you
-+ should.
-+
-+Notes on Usage
-+--------------
-+ 1. Don't use this program unless you have to, and once you're done
-+with it uninstall it.
-+ 2. Don't scan all ports and all addresses in the hoping of catching
-+a hacker cause you won't, you'll just have vast quantities of logs to search
-+through and very little disk space. Instead wait till you recognize that you
-+have a program user/hacker and then find out what the person is doing (how
-+the hacker is trying to penetrate the system) then start using sniffit to
-+collect your evidence against the offender. [I know this is flying in the
-+face of traditional anti-system-terrorism policies but it leads into my next
-+point]
-+ 3. If you persist in using sniffit as a security net for your system
-+DON'T. Plain and simple. Instead of trying to catch the hacker who has
-+already hacked into your system spend your efforts security proofing your
-+system (up to date versions on cron, sendmail, libraries, etc -- almost
-+anything that runs as root or sudo).
-+
-+ The overall point is:
-+ "Practice preventive medicine not reactive."
-+
-+ -- Edward Betts <edward at debian.org> Sun, 12 Sep 1999 11:04:08 +0100
---- sniffit.0.3.7.beta.orig/debian/sniffit.docs
-+++ sniffit.0.3.7.beta/debian/sniffit.docs
-@@ -0,0 +1,4 @@
-+BETA-TESTING
-+PLUGIN-HOWTO
-+README.FIRST
-+sniffit-FAQ
---- sniffit.0.3.7.beta.orig/debian/compat
-+++ sniffit.0.3.7.beta/debian/compat
-@@ -0,0 +1 @@
-+7
---- sniffit.0.3.7.beta.orig/debian/control
-+++ sniffit.0.3.7.beta/debian/control
-@@ -0,0 +1,16 @@
-+Source: sniffit
-+Section: net
-+Priority: optional
-+Maintainer: William Vera <billy at billy.com.mx>
-+Standards-Version: 3.8.0
-+Build-Depends: debhelper (>= 7), libpcap-dev, libncurses5-dev, autotools-dev
-+
-+Package: sniffit
-+Architecture: any
-+Depends: ${shlibs:Depends}
-+Description: packet sniffer and monitoring tool
-+ sniffit is a packet sniffer for TCP/UDP/ICMP packets.
-+ sniffit is able to give you very detailed technical info
-+ on these packets (SEC, ACK, TTL, Window, ...) but also
-+ packet contents in different formats (hex or plain text,
-+ etc. ).
---- sniffit.0.3.7.beta.orig/debian/copyright
-+++ sniffit.0.3.7.beta/debian/copyright
-@@ -0,0 +1,40 @@
-+This package was debianized by Damjan Marion <dmarion at debian.org> on
-+Tue, 7 Apr 1998 22:57:01 +0200.
-+
-+It was taken over by Edward Betts <edward at debian.org> on
-+Fri, 12 Nov 1999 23:20:20 +0000
-+
-+It was downloaded from
-+http://reptile.rug.ac.be/~coder/sniffit/files/sniffit.0.3.7.beta.tar.gz
-+
-+Upstream Author: Brecht Claerhout
-+
-+Copyright:
-+
-+Sniffit 0.3.7 Copyright (c) 1996-1998 Brecht Claerhout
-+All rights reserved.
-+
-+Redistribution and use in source and binary forms, with or without
-+modification, are permitted provided that the following conditions
-+are met:
-+1. Redistributions of source code must retain the above copyright
-+ notice, this list of conditions and the following disclaimer.
-+2. Redistributions in binary form must reproduce the above copyright
-+ notice, this list of conditions and the following disclaimer in the
-+ documentation and/or other materials provided with the distribution.
-+3. The name of the author may not be used to endorse or promote products
-+ derived from this software without specific prior written permission.
-+4. Redistribution of source code must be conform with the 'libpcap'
-+ copyright conditions, if that library is included.
-+
-+THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-+IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-+IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-+THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+
---- sniffit.0.3.7.beta.orig/debian/changelog
-+++ sniffit.0.3.7.beta/debian/changelog
-@@ -0,0 +1,165 @@
-+sniffit (0.3.7.beta-13) unstable; urgency=low
-+
-+ * New maintainer. (Closes: #465931).
-+ * Some format corrections on the man pages (sniffit(5) sniffit(8)).
-+ * Don't include config.{sub,guess} in .diff.gz
-+
-+ -- William Vera <billy at billy.com.mx> Sat, 07 Jun 2008 12:56:48 -0500
-+
-+sniffit (0.3.7.beta-12) unstable; urgency=low
-+
-+ * Use debhelper v7, rules file minimisation.
-+ * Makefile.in: don't strip binary Closes: #438032
-+ * debian/control: Updated to Standards-Version: 3.7.3, no changes needed
-+
-+ -- Edward Betts <edward at debian.org> Wed, 30 Apr 2008 11:00:19 +0100
-+
-+sniffit (0.3.7.beta-11) unstable; urgency=low
-+
-+ * Acknowledge NMU
-+ * sn_structs.h: Sitting at Debcamp, fixing FTBFS bugs, and Alberto Gonzalez
-+ Iniesta <agi at debian.org> sitting next to me points out there is one in
-+ this package. Thanks to Joshua Kwan <joshk at triplehelix.org> for the patch
-+ to fix it. (closes: #195548)
-+ * config.{guess,sub}: updated
-+ * debian/control: Updated to Standards-Version: 3.6.0, no changes needed
-+ * sn_interface.c: sniffit was leaving echo turned off when exiting from the
-+ interactive mode in an xterm, added reset_shell_mode() to screen_exit()
-+ and it works. This should not be needed because endwin should be calling
-+ it.
-+
-+ -- Edward Betts <edward at debian.org> Mon, 14 Jul 2003 10:50:24 +0200
-+
-+sniffit (0.3.7.beta-10.1) unstable; urgency=low
-+
-+ * Non maintainer upload
-+ * Rebuilt with new libpcap to remove dependency on libpcap0, which I
-+ got removed from unstable by accident. Sorry about this...
-+
-+ -- Torsten Landschoff <torsten at debian.org> Sat, 10 Aug 2002 11:37:33 +0200
-+
-+sniffit (0.3.7.beta-10) unstable; urgency=low
-+
-+ * README.FIRST: apply patch "James R. Van Zandt" <jrv at mitre.org> to correct
-+ spelling and other mistakes in README.FIRST
-+
-+ -- Edward Betts <edward at debian.org> Thu, 13 Dec 2001 17:35:25 +0000
-+
-+sniffit (0.3.7.beta-9) unstable; urgency=low
-+
-+ * debian/control: Standards-Version: 3.5.5
-+ * debian/rules: Support DEB_BUILD_OPTIONS
-+ * config.{guess,sub}: updated files to version from libtool package
-+ (Closes: Bug#103633)
-+ * sniffit.c: applied patch from Bug#103633
-+
-+ -- Edward Betts <edward at debian.org> Thu, 5 Jul 2001 10:44:23 +0200
-+
-+sniffit (0.3.7.beta-8) unstable; urgency=low
-+
-+ * debian/control: Standards-Version: 3.5.2
-+ * debian/rules: Changed to debhelper 3
-+ * debian/rules: Removed dh_suidregister
-+ * debian/rules: Removed dh_testversion
-+ * debian/rules: Changed dh_installman to dh_installmanpages
-+ * debian/rules: Support DEB_BUILD_OPTIONS
-+
-+ -- Edward Betts <edward at debian.org> Sun, 25 Mar 2001 04:41:39 -0700
-+
-+sniffit (0.3.7.beta-7) frozen unstable; urgency=high
-+
-+ * debian/rules: do not install pcap.3 (closes: Bug#77769).
-+ * debian/control: updated Standards-Version to 3.2.1
-+ * debian/control: added version to build-depends on debhelper for lintian:
-+ E: sniffit: package-uses-dh_testversion-but-lacks-versioned-build-depends
-+ * Package now lintian clean.
-+
-+ -- Edward Betts <edward at debian.org> Tue, 28 Nov 2000 07:00:24 -0700
-+
-+sniffit (0.3.7.beta-6.1) frozen unstable; urgency=high
-+
-+ * Non maintainer upload.
-+ * [security] sn_logfile.c: Replaced sprintfs by snprintfs fixing a buffer
-+ overflow (bugtraq).
-+ * [security] sn_analyse.c: Limit length of TCP packets to the buffer
-+ size (buffer overflow with MTU > 5000).
-+
-+ -- Torsten Landschoff <torsten at debian.org> Fri, 26 May 2000 08:40:14 +0200
-+
-+sniffit (0.3.7.beta-6) frozen unstable; urgency=low
-+
-+ * Update config.{guess,sub} to versions from the automake package.
-+ Should now compile better on ARM (closes: Bug#56915).
-+
-+ -- Edward Betts <edward at debian.org> Thu, 3 Feb 2000 09:22:16 +0000
-+
-+sniffit (0.3.7.beta-5) unstable; urgency=low
-+
-+ * debian/control: updated Standards-Version to 3.1.1
-+ * debian/control: added Build-Depends.
-+ * debian/rules: rewritten.
-+
-+ -- Edward Betts <edward at debian.org> Thu, 6 Jan 2000 23:12:32 +0000
-+
-+sniffit (0.3.7.beta-4) unstable; urgency=low
-+
-+ * Recompile to try and fix bug #49979
-+
-+ -- Edward Betts <edward at debian.org> Fri, 12 Nov 1999 23:21:17 +0000
-+
-+sniffit (0.3.7.beta-3) unstable; urgency=low
-+
-+ * Changed to Debhelper 2.0
-+ * Updated to Standards-Version: 3.0.1
-+ * This package includes a copy of libpcap, ensured that it is not built
-+ * Moved config file /etc/sniffit.cfg to
-+ /usr/doc/sniffit/examples/sample_config_file
-+ * Lintain clean
-+
-+ -- Edward Betts <edward at debian.org> Fri, 12 Nov 1999 23:20:20 +0000
-+
-+sniffit (0.3.7.beta-2) unstable; urgency=low
-+
-+ * Updated /usr/doc/sniffit/copyright from README.FIRST (fixes #39765)
-+ * sniffit 0.3.7.beta is free software (BSD-like license)
-+ * Changed section to main/net
-+ * Added conffiles entry for /etc/sniffit.cfg
-+
-+ -- Hamish Moffatt <hamish at debian.org> Fri, 25 Jun 1999 22:30:00 +1000
-+
-+sniffit (0.3.7.beta-1) unstable; urgency=low
-+
-+ * QA group upload
-+ * New upstream release (fixes #28510)
-+ * Fixed spelling error in description (fixes #26859)
-+ * Recompiled with ncurses 4.0 (fixes #37431)
-+
-+ -- Hamish Moffatt <hamish at debian.org> Sun, 23 May 1999 01:03:00 +1000
-+
-+sniffit (0.3.5-3) frozen unstable; urgency=low
-+
-+ * After long waiting for new copyright i must move it to non-free
-+ (fixes bug #21832)
-+
-+ -- Damjan Marion <dmarion at debian.org> Thu, 28 May 1998 15:10:35 +0200
-+
-+sniffit (0.3.5-2) frozen unstable; urgency=low
-+
-+ * Moved to frozen (resurected from orphaned)
-+ * Updated to standards 2.4.1.0
-+
-+ -- Damjan Marion <dmarion at debian.org> Tue, 15 Apr 1998 23:56:11 +0200
-+
-+sniffit (0.3.5-1) unstable; urgency=low
-+
-+ * New maintainer
-+ * New upstream release
-+ * Updated to standards 2.4.0.0
-+
-+ -- Damjan Marion <dmarion at debian.org> Tue, 7 Apr 1998 22:57:01 +0200
-+
-+sniffit (0.3.3-1) unstable; urgency=low
-+
-+ * Initial Release.
-+
-+ -- Patrick J. Edwards <edwards at cambridgenet.sk.ca> Mon, 17 Mar 1997 17:46:24 -0600
---- sniffit.0.3.7.beta.orig/debian/sniffit.examples
-+++ sniffit.0.3.7.beta/debian/sniffit.examples
-@@ -0,0 +1,3 @@
-+sample_config_file
-+dns_plugin.plug
-+dummy_plugin.plug
---- sniffit.0.3.7.beta.orig/debian/watch
-+++ sniffit.0.3.7.beta/debian/watch
-@@ -0,0 +1,2 @@
-+version=3
-+http://reptile.rug.ac.be /~coder/sniffit/files/ sniffit.(.*)\.tar\.gz debian uupdate
Copied: sniffit/repos/community-x86_64/sniffit-fix.patch (from rev 341669, sniffit/trunk/sniffit-fix.patch)
===================================================================
--- sniffit-fix.patch (rev 0)
+++ sniffit-fix.patch 2018-06-07 06:11:36 UTC (rev 341670)
@@ -0,0 +1,937 @@
+--- sniffit.0.3.7.beta.orig/sniffit.5
++++ sniffit.0.3.7.beta/sniffit.5
+@@ -122,7 +122,6 @@
+ a) Send by hosts '100.100.12.*'
+ b) Send from/to 100.100.12.2 (useless line)
+ c) deselecting all WWW packets on the subnet
+-.ni
+
+ .SH AUTHOR
+ Brecht Claerhout <coder at reptile.rug.ac.be>
+--- sniffit.0.3.7.beta.orig/sn_structs.h
++++ sniffit.0.3.7.beta/sn_structs.h
+@@ -67,7 +67,7 @@
+ struct snif_mask /* struct for mask */
+ {
+ _32_bit source_ip, destination_ip;
+- _32_bit short source_port, destination_port;
++ _16_bit source_port, destination_port;
+ };
+
+ /* (packet generation) */
+--- sniffit.0.3.7.beta.orig/sniffit.0.3.7.c
++++ sniffit.0.3.7.beta/sniffit.0.3.7.c
+@@ -48,15 +48,15 @@
+ {
+ printf (
+ "usage: %s [-xdabvnN] [-P proto] [-A char] [-p port] [(-r|-R) recordfile]\n"
+- " [-l sniflen] [-L logparam] [-F snifdevice] [-M plugin]\n"
++ " [-l sniflen] [-L logparam] [-F snifdevice] [-M plugin]\n",
++ prog_name);
+ #ifdef INCLUDE_INTERFACE
+- " [-D tty]"
++ printf ( " [-D tty]"
+ " (-t<Target IP> | -s<Source IP>)"
+- " | (-i|-I) | -c<config file>]\n",
++ " | (-i|-I) | -c<config file>]\n");
+ #else
+- " (-t<Target IP> | -s<Source IP>) | -c<config file>]\n",
++ printf ( " (-t<Target IP> | -s<Source IP>) | -c<config file>]\n");
+ #endif
+- prog_name);
+ printf ("Plugins Available:\n");
+ #ifdef PLUGIN0_NAME
+ printf (" 0 -- %s\n", PLUGIN0_NAME);
+--- sniffit.0.3.7.beta.orig/sn_analyse.c
++++ sniffit.0.3.7.beta/sn_analyse.c
+@@ -151,16 +151,18 @@
+ {
+ char workbuf1[MTU];
+ char *wb_dummy;
++ char *p;
++ size_t len = info.DATA_len <= MTU-1 ? info.DATA_len : MTU-1;
+
+- strncpy(workbuf1,data,info.DATA_len);
+- workbuf1[info.DATA_len]=0;
++ strncpy(workbuf1,data,len);
++ workbuf1[len]=0;
+ strlower(workbuf1);
+
+- if(strstr(workbuf1,"mail from")!=NULL)
++ if((p=strstr(workbuf1,"mail from"))!=NULL)
+ {
+ char workbuf2[MTU];
+
+- strcpy(workbuf2, strstr(workbuf1,"mail from"));
++ strcpy(workbuf2, p);
+ if(strchr(workbuf2,13)!=NULL) /* remove trailing enter */
+ {wb_dummy=strchr(workbuf2,13); *wb_dummy=0;}
+ if(strchr(workbuf2,10)!=NULL)
+@@ -168,11 +170,11 @@
+ print_mail(filename,workbuf2);
+ }
+
+- if(strstr(workbuf1,"rcpt to")!=NULL)
++ if((p=strstr(workbuf1,"rcpt to"))!=NULL)
+ {
+ char workbuf2[MTU];
+
+- strcpy(workbuf2, strstr(workbuf1,"rcpt to"));
++ strcpy(workbuf2, p);
+ if(strchr(workbuf2,13)!=NULL) /* remove trailing enter */
+ {wb_dummy=strchr(workbuf2,13); *wb_dummy=0;}
+ if(strchr(workbuf2,10)!=NULL)
+--- sniffit.0.3.7.beta.orig/README.FIRST
++++ sniffit.0.3.7.beta/README.FIRST
+@@ -6,7 +6,7 @@
+ * No illegal activities are encouraged! *
+ # Please read the LICENSE file #
+ * *
+-# Sniffit grew a little upon it's original intentions and is now #
++# Sniffit grew a little upon its original intentions and is now #
+ * extended for network debugging (UDP, ICMP, netload, etc.) *
+ #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
+ * Libpcap library *
+@@ -45,19 +45,19 @@
+
+ I hope you enjoy this beta version. Like always, I removed some bugs. There
+ is a new 'logging' feature. It is now possible to record traffic with
+-Sniffit and process it later! (it is completely different from te logging
++Sniffit and process it later! (it is completely different from the logging
+ done in the 0.3.6 version, that is known to some hardcore Sniffit users)
+ Please take a minute to skim through the text and read the passages marked
+ with a '*', these are the new features.
+ (Please read BETA-TESTING)
+
+-I use the libpcap library developped at Berkeley Laboratory, for easy
++I use the libpcap library developed at Berkeley Laboratory, for easy
+ porting (Read the licence).
+
+ 0.1 Credits and contact
+ -----------------------
+
+-Credits go to (in order of apperance on the Sniffit scene):
++Credits go to (in order of appearance on the Sniffit scene):
+ Wim Vandeputte <wvdputte at reptile.rug.ac.be>,
+ best friend and UNIX guru, for support, testing and
+ providing me with a WWW site.
+@@ -71,17 +71,17 @@
+ Qing Long, for the bash/zsh libpcap/configure script.
+ Guy Gustavson, for giving me a FreeBSD account.
+ Woju <woju at freebsd.ee.ntu.edu.tw>, for the ncurses SunOS/FreeBSD fixing,
+- and for his other effords.
++ and for his other efforts.
+ Amlan Saha <eng40607 at nus.sg>, for adding Packet Generation to
+ Sniffit, and adding other features (not implemented yet).
+ I'm sure that in the near future you will see more of his
+ work in Sniffit.
+ Shudoh Kazuyuki, for changing getaddrbyname() and improving the
+ config-file interpreting.
+- Fyodor <fyodor at dhp.com>, for pointing out the hidious small
++ Fyodor <fyodor at dhp.com>, for pointing out the hideous small
+ fragments problem.
+ David O'Brien <obrien at nuxi.com>, for netbsd information.
+- everybody, who ever mailed me with sugestions help, etc...
++ everybody, who ever mailed me with suggestions help, etc...
+
+ Also a big thanks to my Beta testers (alphabetically, I hope)...
+ Charles G Stuart <charles.stuart at juno.com> IRIX / RedHat LINUX
+@@ -91,7 +91,7 @@
+
+ And many others who wish to be anonymous....
+
+-Sugestions and comments can be sent to:
++Suggestions and comments can be sent to:
+ coder at reptile.rug.ac.be
+
+ Brecht Claerhout
+@@ -99,10 +99,10 @@
+ 8700 Tielt
+ Belgium
+
+-The original distribution program can be optained from (my site):
++The original distribution program can be obtained from (my site):
+ http://sniffit.rug.ac.be/sniffit/sniffit.html
+
+-MIND YOU: this program is ran as root, and thus could easily contain
++MIND YOU: this program is run as root, and thus could easily contain
+ dangerous trojans. If you get it from the above site you can
+ safely compile and use it.
+ (no trojan versions are discovered yet.. it's just a warning)
+@@ -178,7 +178,7 @@
+ -v Show version and exit (just added because it's such a
+ wide spread option)
+ -t <IP nr/name> tells the sniffer to check out packets GOING TO <IP>
+- -s <IP nr/name> tells the sniffer to check out packets COMMING FROM <IP>
++ -s <IP nr/name> tells the sniffer to check out packets COMING FROM <IP>
+ You can use the '@' wildcard (only IP NUMBERS of course).
+ e.g. -t 199.145.@
+ -t 199.14@
+@@ -197,15 +197,15 @@
+ Parameters for all modes:
+ -F <device> force sniffit to use a network device
+ (READ 3.2 ON THIS SUBJECT, IMPORTANT)
+- -n Turn of IP checksum checking. This can show you
++ -n Turn off IP checksum checking. This can show you
+ bogus packets. (mind you ARP, RARP, other non-IP
+ packets will show up bogus too) (compatible with
+ ALL options)
+- -N Disables all functions that Sniffit has build in, usefull
++ -N Disables all functions that Sniffit has build in, useful
+ for wanting to run ONLY a plugin
+
+ Parameters for not running in -i:
+- -b does both -t and -s, doesn't mather what function you used
++ -b does both -t and -s, doesn't matter what function you used
+ (-t or -s)
+ -d Dump mode, shows the packets on the screen in bytes (not
+ like tcpdump). For test purposes. (numbers are hex)
+@@ -231,7 +231,7 @@
+ They can be combined.
+ -p <port> Logs connections on port <port>, 0 means all ports, default
+ is 0 (all), look out with that on loaded nets!
+- -l <length> Ammount of information to log (default 300 bytes).
++ -l <length> Amount of information to log (default 300 bytes).
+ Length 0 logs everything. (look out with diskspace when
+ logging everything!)
+ -M <Plugin> Activate Plugin nr. <Plugin>, for a list on all plugins
+@@ -260,7 +260,7 @@
+
+ Some examples:
+ Imagine the following setup: 2 hosts on a subnet, one is running the
+- sniffer (sniffit.com), the otherone is 66.66.66.7 (target.com).
++ sniffer (sniffit.com), the other one is 66.66.66.7 (target.com).
+ 1. You want to test if the sniffer is working:
+ sniffit:~/# sniffit -d -p 7 -t 66.66.66.7
+ and in another window:
+@@ -272,7 +272,7 @@
+ 3. Root of target.com tells me he gets strange ftp connections and
+ wants to find out the commands typed:
+ sniffit:~/# sniffit -p 21 -l 0 -t 66.66.66.7
+- 4. You want to read all incomming and outgoing mail on target.com:
++ 4. You want to read all incoming and outgoing mail on target.com:
+ sniffit:~/# sniffit -p 25 -l 0 -b -t 66.66.66.7 &
+ or
+ sniffit:~/# sniffit -p 25 -l 0 -b -s 66.66.66.7 &
+@@ -314,9 +314,9 @@
+ F5 or '5' : Start a program 'sniffit_key5' with arguments
+ <from IP> <from port> <to IP> <to port>
+ If the program doesn't exist, nothing is done. Sniffit should
+- be in the same path as sniffit was STARTED FROM (not necessarely
++ be in the same path as sniffit was STARTED FROM (not necessarily
+ the path sniffit is stored in)
+- This is usefull for interactive connection killing or extra
++ This is useful for interactive connection killing or extra
+ monitoring. A little shell script can always transform the
+ arguments given and pass them on to other programs.
+ F6 or '6' : Same as F5 or '5', but with program 'sniffit_key6'
+@@ -330,12 +330,12 @@
+ the config.h file to change this (could be needed if y'r
+ computer is slow).
+ 'g' : Generate Packets!
+- Sniffit is now able to generate some trafic load. Currently
+- this is a 'underdevelloped' feature with very few options,
++ Sniffit is now able to generate some traffic load. Currently
++ this is a 'underdeveloped' feature with very few options,
+ but it will be expanded a lot...
+ Currently only UDP packets are generated. When pressing 'G'
+- you will be asked the source/dest IP/port and how much packets
+- are needed to be transmitted.
++ you will be asked the source/dest IP/port and how many packets
++ are to be transmitted.
+ Packets contain the line: "This Packet was fired with Sniffit!"
+ 'r' : Reset.. clears all current connections from memory and restarts.
+
+@@ -348,14 +348,14 @@
+
+ When forcing network devices, sniffit tries to find out what device it is.
+ If sniffit recognises the name, everything is okay.
+-If it does not recognise the name it will set the variable
+-FORCED_HEAD_LENGHTH to the ethernet headlength. The ethernet headlength
+-is the length in bytes of an ethernet packet hearder.
+-So if you have to force a non-ethernet device, that is not recognised by
++If it does not recognise the name it will set the ethernet headlength
++according to the compiled-in value FORCED_HEAD_LENGTH. The ethernet
++headlength is the length in bytes of an ethernet packet header.
++So if you have to force a non-ethernet device that is not recognised by
+ sniffit, make sure you change that headlength correctly in the 'sn_config.h'
+ file.
+
+-The -F option was added, because I noticed devicenames can differ from
++The -F option was added, because I noticed device names can differ from
+ system to system, and because some ppl have multiple devices present.
+ When having problems with this option, please think twice before you mail me.
+
+@@ -370,7 +370,7 @@
+
+ The configfile should have lines with the following format:
+ <field1> <field2> <field3> <field4> [<field5>]
+-(seperators are spaces (any number of), NO TABS!!!)
++(separators are spaces (any number of), NO TABS!!!)
+
+ Lines that don't match this pattern are discarded, so standard unix
+ comments '#' can be used in this file... (this also means that if you
+@@ -399,10 +399,10 @@
+ host : The (de)selection criteria involves a hostname.
+ port : similar, ... a portnumber
+ mhosts : The (de)selection criteria involves multiple-hosts, like
+- with the wildcars in 0.3.0, but without the 'x'
++ with the wildcards in 0.3.0, but without the 'x'
+
+ <field4> can be:
+-* either a hostname, a portnumber, a service name or a numbet-dot partial
++* either a hostname, a portnumber, a service name or a number-dot partial
+ * notation indicating multiple hosts depending on <field3>
+ * (service names like 'ftp' are resolved as the services available
+ * present on the host that runs Sniffit, and translated into a port nr)
+@@ -411,7 +411,7 @@
+ a portnumber or service name, if <field3> was 'host' or 'mhosts'
+
+
+- Maybe it would have been wise to mention explicitely, that the config-file
++ Maybe it would have been wise to mention explicitly, that the config-file
+ currently only works with TCP packets.
+
+ examples:
+@@ -425,7 +425,7 @@
+ a) Send by host 100.100.12.2
+ b) Send by host 100.100.12.3 from port 1400
+ c) Send to coder.sniffit.com
+- d) All packets on our subnet going to or comming from a telnet port.
++ d) All packets on our subnet going to or coming from a telnet port.
+
+ 2. another example:
+ select both mhosts 100.100.12.
+@@ -436,7 +436,7 @@
+ b) EXCEPT the WWW packets
+ c) BUT showing the WWW packets concerning enemy.sniffit.com
+
+- The config file in interpreted SEQUENTIAL, so mixing up those lines
++ The config file is interpreted SEQUENTIALLY, so mixing up those lines
+ could have unwanted results e.g.:
+ select both mhosts 100.100.12.
+ select both host enemy.sniffit.org
+@@ -455,7 +455,7 @@
+ select both mhosts 2
+ deselect both mhosts 1 80
+ deselect both mhosts 2 80
+- This would show you all subnet trafic excluding WWW trafic
++ This would show you all subnet traffic excluding WWW traffic
+ (concerning port 80.)
+
+ 4. example:
+@@ -476,12 +476,12 @@
+ * you will like it more this way.
+ *
+ * Loglevels are now activated by '-L <logparam>'.
+-* The folowing <logparam>'s are valid (concatenation is alowed):
++* The following <logparam>'s are valid (concatenation is allowed):
+ *
+ * 'raw':
+ * Log all SYN, FIN, RST packets. This will give you an overview of
+-* all network (TCP) trafic in a 'RAW' way (a connection starting could
+-* gives you at least 2 SYN packets, etc...).
++* all network (TCP) traffic in a 'RAW' way (a connection starting could
++* give you at least 2 SYN packets, etc...).
+ * This is a great way to waste diskspace...
+ * Messages are:
+ * Connection initiated. (SYN)
+@@ -507,7 +507,7 @@
+ * A '~' in the login and passwords fields can be a nonprintable
+ * character (if in the beginning of a field, probably due to an early
+ * start of registration) or a '~'.
+-* This all makes it sound a little messy, but I 'testdrived' a lot and
++* This all makes it sound a little messy, but I 'test-drove' a lot and
+ * was pleased with the results after adding some funky shit (if y'r
+ * interested have a look at in function 'packethandler' in
+ * sniffit.*.c)
+@@ -521,7 +521,7 @@
+ *
+ * 'mail':
+ * Interested in who writes mail to who? Well you get all senders and
+-* recepients nicely logged with this feature (port 25 mail).
++* recipients nicely logged with this feature (port 25 mail).
+
+
+ 4. The output
+@@ -563,7 +563,7 @@
+ connections, you will need to use 'joe' or something else that can
+ support control chars (look for '-A <char>' below).
+ Telnet 'negotiates' (binary) in the beginning of every connection, and
+- 'catting' a output file, will most of the time show nothing (due to
++ 'catting' an output file, will most of the time show nothing (due to
+ control chars).
+ Of course when logging mail, there are no problems.
+ The new '-A <char>' takes care of the control characters, that way you
+@@ -612,14 +612,14 @@
+
+ - UDP Packets (not logged, displayed)
+
+- You get the package id. When using -d, -a you get the contence of the
++ You get the package id. When using -d, -a you get the contents of the
+ package. (pretty basic)
+
+
+ 4.2 Logfile
+ -----------
+
+-If you use a configfile (-c) and enable the Logging option a logfile is
++If you use a configfile (-c) and enable the Logging option, a logfile is
+ created. Unless you set 'logfile' in the config file, that file will be
+ named 'sniffit.log'.
+ It will contain lines with the following FIXED format:
+@@ -635,7 +635,7 @@
+
+ 3) Lines containing other data (future versions), will NOT begin with '['
+ and will have also easily interpretable formats.
+- Other data is e.g. packet contence
++ Other data is e.g. packet contents
+
+ I do this because I can imagine (when this is more expanded) that people
+ will use their own parsers for these logfiles. Well, if you respect those 3
+@@ -651,13 +651,13 @@
+ Some other notes:
+
+ - Sniffers can only be run by ROOT
+- - Sniffers can only log packets that 'travel' on THEIR ethernetcable.
++ - Sniffers can only log packets that 'travel' on THEIR ethernet cable.
+ So there has to be some host on your subnet involved (either as
+ sender or receiver).
+- - Working with '-d' or '-a' give you raw packets, they are still
+- packed in IP, when logging to files, only send data is logged,
++ - Working with '-d' or '-a' gives you raw packets, they are still
++ packed in IP, when logging to files, only sent data is logged,
+ the packets are 'unwrapped'.
+- - Sniffers can NORMALY not be detected by outsiders (or outsiders
++ - Sniffers can NORMALLY not be detected by outsiders (or outsiders
+ SHOULD not be able to...).
+ Unfortunately some systems contain bugs that will allow outsiders to
+ probe your network device for PROMISC mode (which is a good indication
+--- sniffit.0.3.7.beta.orig/sniffit.8
++++ sniffit.0.3.7.beta/sniffit.8
+@@ -39,7 +39,7 @@
+ is a packet sniffer for TCP/UDP/ICMP packets.
+ .B sniffit
+ is able to give you very detailed technical info on these
+-packets (SEQ, ACK, TTL, Window, ...) but also packet contence in
++packets (SEQ, ACK, TTL, Window, ...) but also packet contents in
+ different formats (hex or plain text, ...).
+ .LP
+ .B sniffit
+@@ -76,7 +76,7 @@
+
+ .IP "-t Target-IP"
+ Only process packets TO Target-IP. If Target-IP is in dot-nr notation,
+-'x' is allowed as wildcard. (e.g. '-t 157.193.x', '-t x', ...)
++\'x' is allowed as wildcard. (e.g. '-t 157.193.x', '-t x', ...)
+ .I "(NOT compatible with: '-s' '-i' '-I' '-c' '-v' '-L')"
+
+ .IP "-s Source-IP"
+@@ -84,7 +84,7 @@
+ .I "(NOT compatible with: '-t' '-i' '-I' '-c' '-v' '-L')"
+
+ .IP -b
+-'both' mode, together with '-s' or '-t', only process FROM/TO the IP
++\'both' mode, together with '-s' or '-t', only process FROM/TO the IP
+ specified by '-s' or '-t'
+ .I "(NOT compatible with: '-t' '-i' '-I' '-c' '-v' '-L')"
+
+@@ -115,7 +115,7 @@
+ .IP "-R <file>"
+ Record all traffic in
+ .I <file>
+-.This file can then be fed to Sniffit with the '-r' option.
++This file can then be fed to Sniffit with the '-r' option.
+ .I "(Needs a selection parameter like '-c' '-t' '-s')"
+ .I "(NOT compatible with '-i' '-I' '-v' '-L' '-r')"
+
+@@ -149,12 +149,12 @@
+ .I "(NOT compatible with: '-i' 'I' '-v')"
+
+ .IP -d
+-'dump mode', shows the packets on the screen (stdout) instead of logging
++\'dump mode', shows the packets on the screen (stdout) instead of logging
+ into files (default). Data is printed in bytes (hex).
+ .I "(NOT compatible with: '-i' 'I' '-v' '-L')"
+
+ .IP -a
+-'dump mode', same of '-d' but outputs ASCII. Non printable chars are
++\'dump mode', same of '-d' but outputs ASCII. Non printable chars are
+ replaced by '.'.
+ ('-d' and '-a' mix without any problem)
+ .I "(NOT compatible with: '-i' '-I' '-v' '-L')"
+@@ -193,8 +193,7 @@
+ can be found with
+ .I ifconfig
+ (see
+-.BR ifconfig (8)
+-).
++.BR ifconfig (8)).
+ .B sniffit
+ supports ethernet and PPP by default. Read
+ .B README.FIRST
+@@ -210,7 +209,7 @@
+ .B Plugin
+ , for a list on all plugins compiled in your version, just type '
+ .B sniffit
+-'. Read all about Plugins in the PLUGIN-HOWTO (READ IT!)
++\'. Read all about Plugins in the PLUGIN-HOWTO (READ IT!)
+ .I "(NOT compatible with: '-i' '-I' '-v')"
+
+ .IP "-L logparam"
+@@ -235,7 +234,7 @@
+ receiving host (port 'o').
+
+ .SH "DUMP MODE ('-d' and/or '-a')"
+-Output is dumped to stdout, the packet contence is shown in it's
++Output is dumped to stdout, the packet contents is shown in it's
+ unwrapped form (the complete IP packet).
+
+ .SH "INTERACTIVE MODE ('-i' or '-I')"
+@@ -320,7 +319,7 @@
+ .SH "IP ICMP UDP LOGGING"
+ Information on these packets is dumped to stdout. Packet
+ Filtering options only refer to TCP and UDP packets.
+-The contence of UDP packets is only shown when enabling '-a' or '-d'.
++The contents of UDP packets is only shown when enabling '-a' or '-d'.
+
+ .SH AUTHOR
+ Brecht Claerhout <coder at reptile.rug.ac.be>
+--- sniffit.0.3.7.beta.orig/sn_interface.c
++++ sniffit.0.3.7.beta/sn_interface.c
+@@ -5,6 +5,7 @@
+
+ #ifdef INCLUDE_INTERFACE
+ #include <signal.h>
++#include <termios.h>
+ #include <unistd.h>
+ #include <sys/ipc.h>
+ #include <sys/shm.h>
+@@ -513,8 +514,11 @@
+
+ void screen_exit (void)
+ {
+-clear();
+ endwin();
++/* next line added by Edward Betts <edward at debian.org>, should not be needed
++ * because endwin should be calling it, without this the console has no echo
++ * after exiting in an xterm */
++reset_shell_mode();
+ };
+
+ void mem_exit (void)
+--- sniffit.0.3.7.beta.orig/sn_logfile.c
++++ sniffit.0.3.7.beta/sn_logfile.c
+@@ -44,42 +44,42 @@
+ void print_ftp_user (char *conn, char *user)
+ {
+ char line[250];
+-sprintf(line,"%s: USER [%s]",conn,user);
++snprintf(line,sizeof(line),"%s: USER [%s]",conn,user);
+ print_logline (line);
+ }
+
+ void print_ftp_pass(char *conn, char *pass)
+ {
+ char line[250];
+-sprintf(line,"%s: PASS [%s]",conn,pass);
++snprintf(line,sizeof(line),"%s: PASS [%s]",conn,pass);
+ print_logline (line);
+ }
+
+ void print_login (char *conn, char *login)
+ {
+ char line[250];
+-sprintf(line,"%s: login [%s]",conn,login);
++snprintf(line,sizeof(line),"%s: login [%s]",conn,login);
+ print_logline (line);
+ }
+
+ void print_mail (char *conn, char *msg)
+ {
+ char line[250];
+-sprintf(line,"%s: mail [%s]",conn,msg);
++snprintf(line,sizeof(line),"%s: mail [%s]",conn,msg);
+ print_logline (line);
+ }
+
+ void print_pwd (char *conn, char *pwd)
+ {
+ char line[250];
+-sprintf(line,"%s: password [%s]",conn,pwd);
++snprintf(line,sizeof(line),"%s: password [%s]",conn,pwd);
+ print_logline (line);
+ }
+
+ void print_conn (char *conn, char *msg)
+ {
+ char line[250];
+-sprintf(line,"%s: %s",conn,msg);
++snprintf(line,sizeof(line),"%s: %s",conn,msg);
+ print_logline (line);
+ }
+
+--- sniffit.0.3.7.beta.orig/Makefile.in
++++ sniffit.0.3.7.beta/Makefile.in
+@@ -26,9 +26,8 @@
+ @echo "Succesfull compilation..."
+
+ sniffit: $(SNIFFIT) $(DEP_FILES)
+- cd libpcap; make; cd ..
++# cd libpcap; make; cd ..
+ $(CC) $(EXE_FLAG) $(SNIFFIT) $(EXE_OBJ) $(EXE_OPT) $(LIBS) $(DEFS) $(OS_OPT)
+- strip sniffit
+
+ sn_cfgfile.o: sn_cfgfile.h sn_cfgfile.c sn_defines.h sn_structs.h sn_config.h
+ $(CC) $(OBJ_FLAG) sn_cfgfile.c $(OBJ_OPT) $(DEFS)
+@@ -52,12 +51,12 @@
+
+ #Clean up everthing...
+ clean:
+- cd libpcap; make clean; rm -f config.cache; cd ..
++# cd libpcap; make clean; rm -f config.cache; cd ..
+ rm -f Makefile
+ rm -f config.cache
+ rm -f config.status
+ rm -f config.log
+- rm -f ./libpcap/config.cache
+- rm -f ./libpcap/config.status
+- rm -f ./libpcap/config.log
++# rm -f ./libpcap/config.cache
++# rm -f ./libpcap/config.status
++# rm -f ./libpcap/config.log
+ rm -f *.o sniffit
+--- sniffit.0.3.7.beta.orig/debian/rules
++++ sniffit.0.3.7.beta/debian/rules
+@@ -0,0 +1,28 @@
++#!/usr/bin/make -f
++
++build:
++ dh build --before configure
++ cp /usr/share/misc/config.guess .
++ cp /usr/share/misc/config.sub .
++ ./configure --prefix=/usr --no-recursion
++ $(MAKE) OBJ_OPT="" EXE_OPT="-lpcap"
++ dh build --after build
++
++clean:
++ dh clean
++ rm -f config.sub config.guess
++
++install: build
++ dh install --before dh_auto_install
++ dh_install sniffit usr/sbin
++ dh_installman sniffit.5 sniffit.8
++ dh_installchangelogs HISTORY
++ dh install --after dh_auto_install
++
++binary-arch: install
++ dh binary-arch
++
++binary-indep: install
++ dh binary-indep
++
++binary: binary-arch binary-indep
+--- sniffit.0.3.7.beta.orig/debian/README
++++ sniffit.0.3.7.beta/debian/README
+@@ -0,0 +1,48 @@
++sniffit for Debian
++----------------------
++
++What follows are one of the previous maintainers, Patrick J. Edwards
++<edwards at cambridgenet.sk.ca>, thoughts on this package, and its security
++implications.
++
++Notes on Security
++-----------------
++ This program is highly dangerous, with this program hackers no
++longer need qcrack or crack for your system. Instead, they can just wait
++till a user logs in and *BAM* they have a new password. So the point is,
++this program should be promptly removed in any of the following situations:
++
++ 1. You are in doubt of the security of your system. Granted that
++ some one who has already creatively aquired (meaning hacked) root
++ can install this program his/her self there is no point in
++ pre-installing this program for them.
++
++ 2. You have a tendency to act unethically and snoop on you users for
++ no apparent reason. "Good" system admins won't do this.
++
++ 3. You don't actively search for security holes in your system. If
++ your not doing this and you box is on the Internet 24/7 perhaps you
++ should.
++
++Notes on Usage
++--------------
++ 1. Don't use this program unless you have to, and once you're done
++with it uninstall it.
++ 2. Don't scan all ports and all addresses in the hoping of catching
++a hacker cause you won't, you'll just have vast quantities of logs to search
++through and very little disk space. Instead wait till you recognize that you
++have a program user/hacker and then find out what the person is doing (how
++the hacker is trying to penetrate the system) then start using sniffit to
++collect your evidence against the offender. [I know this is flying in the
++face of traditional anti-system-terrorism policies but it leads into my next
++point]
++ 3. If you persist in using sniffit as a security net for your system
++DON'T. Plain and simple. Instead of trying to catch the hacker who has
++already hacked into your system spend your efforts security proofing your
++system (up to date versions on cron, sendmail, libraries, etc -- almost
++anything that runs as root or sudo).
++
++ The overall point is:
++ "Practice preventive medicine not reactive."
++
++ -- Edward Betts <edward at debian.org> Sun, 12 Sep 1999 11:04:08 +0100
+--- sniffit.0.3.7.beta.orig/debian/sniffit.docs
++++ sniffit.0.3.7.beta/debian/sniffit.docs
+@@ -0,0 +1,4 @@
++BETA-TESTING
++PLUGIN-HOWTO
++README.FIRST
++sniffit-FAQ
+--- sniffit.0.3.7.beta.orig/debian/compat
++++ sniffit.0.3.7.beta/debian/compat
+@@ -0,0 +1 @@
++7
+--- sniffit.0.3.7.beta.orig/debian/control
++++ sniffit.0.3.7.beta/debian/control
+@@ -0,0 +1,16 @@
++Source: sniffit
++Section: net
++Priority: optional
++Maintainer: William Vera <billy at billy.com.mx>
++Standards-Version: 3.8.0
++Build-Depends: debhelper (>= 7), libpcap-dev, libncurses5-dev, autotools-dev
++
++Package: sniffit
++Architecture: any
++Depends: ${shlibs:Depends}
++Description: packet sniffer and monitoring tool
++ sniffit is a packet sniffer for TCP/UDP/ICMP packets.
++ sniffit is able to give you very detailed technical info
++ on these packets (SEC, ACK, TTL, Window, ...) but also
++ packet contents in different formats (hex or plain text,
++ etc. ).
+--- sniffit.0.3.7.beta.orig/debian/copyright
++++ sniffit.0.3.7.beta/debian/copyright
+@@ -0,0 +1,40 @@
++This package was debianized by Damjan Marion <dmarion at debian.org> on
++Tue, 7 Apr 1998 22:57:01 +0200.
++
++It was taken over by Edward Betts <edward at debian.org> on
++Fri, 12 Nov 1999 23:20:20 +0000
++
++It was downloaded from
++http://reptile.rug.ac.be/~coder/sniffit/files/sniffit.0.3.7.beta.tar.gz
++
++Upstream Author: Brecht Claerhout
++
++Copyright:
++
++Sniffit 0.3.7 Copyright (c) 1996-1998 Brecht Claerhout
++All rights reserved.
++
++Redistribution and use in source and binary forms, with or without
++modification, are permitted provided that the following conditions
++are met:
++1. Redistributions of source code must retain the above copyright
++ notice, this list of conditions and the following disclaimer.
++2. Redistributions in binary form must reproduce the above copyright
++ notice, this list of conditions and the following disclaimer in the
++ documentation and/or other materials provided with the distribution.
++3. The name of the author may not be used to endorse or promote products
++ derived from this software without specific prior written permission.
++4. Redistribution of source code must be conform with the 'libpcap'
++ copyright conditions, if that library is included.
++
++THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
++IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
++INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++
+--- sniffit.0.3.7.beta.orig/debian/changelog
++++ sniffit.0.3.7.beta/debian/changelog
+@@ -0,0 +1,165 @@
++sniffit (0.3.7.beta-13) unstable; urgency=low
++
++ * New maintainer. (Closes: #465931).
++ * Some format corrections on the man pages (sniffit(5) sniffit(8)).
++ * Don't include config.{sub,guess} in .diff.gz
++
++ -- William Vera <billy at billy.com.mx> Sat, 07 Jun 2008 12:56:48 -0500
++
++sniffit (0.3.7.beta-12) unstable; urgency=low
++
++ * Use debhelper v7, rules file minimisation.
++ * Makefile.in: don't strip binary Closes: #438032
++ * debian/control: Updated to Standards-Version: 3.7.3, no changes needed
++
++ -- Edward Betts <edward at debian.org> Wed, 30 Apr 2008 11:00:19 +0100
++
++sniffit (0.3.7.beta-11) unstable; urgency=low
++
++ * Acknowledge NMU
++ * sn_structs.h: Sitting at Debcamp, fixing FTBFS bugs, and Alberto Gonzalez
++ Iniesta <agi at debian.org> sitting next to me points out there is one in
++ this package. Thanks to Joshua Kwan <joshk at triplehelix.org> for the patch
++ to fix it. (closes: #195548)
++ * config.{guess,sub}: updated
++ * debian/control: Updated to Standards-Version: 3.6.0, no changes needed
++ * sn_interface.c: sniffit was leaving echo turned off when exiting from the
++ interactive mode in an xterm, added reset_shell_mode() to screen_exit()
++ and it works. This should not be needed because endwin should be calling
++ it.
++
++ -- Edward Betts <edward at debian.org> Mon, 14 Jul 2003 10:50:24 +0200
++
++sniffit (0.3.7.beta-10.1) unstable; urgency=low
++
++ * Non maintainer upload
++ * Rebuilt with new libpcap to remove dependency on libpcap0, which I
++ got removed from unstable by accident. Sorry about this...
++
++ -- Torsten Landschoff <torsten at debian.org> Sat, 10 Aug 2002 11:37:33 +0200
++
++sniffit (0.3.7.beta-10) unstable; urgency=low
++
++ * README.FIRST: apply patch "James R. Van Zandt" <jrv at mitre.org> to correct
++ spelling and other mistakes in README.FIRST
++
++ -- Edward Betts <edward at debian.org> Thu, 13 Dec 2001 17:35:25 +0000
++
++sniffit (0.3.7.beta-9) unstable; urgency=low
++
++ * debian/control: Standards-Version: 3.5.5
++ * debian/rules: Support DEB_BUILD_OPTIONS
++ * config.{guess,sub}: updated files to version from libtool package
++ (Closes: Bug#103633)
++ * sniffit.c: applied patch from Bug#103633
++
++ -- Edward Betts <edward at debian.org> Thu, 5 Jul 2001 10:44:23 +0200
++
++sniffit (0.3.7.beta-8) unstable; urgency=low
++
++ * debian/control: Standards-Version: 3.5.2
++ * debian/rules: Changed to debhelper 3
++ * debian/rules: Removed dh_suidregister
++ * debian/rules: Removed dh_testversion
++ * debian/rules: Changed dh_installman to dh_installmanpages
++ * debian/rules: Support DEB_BUILD_OPTIONS
++
++ -- Edward Betts <edward at debian.org> Sun, 25 Mar 2001 04:41:39 -0700
++
++sniffit (0.3.7.beta-7) frozen unstable; urgency=high
++
++ * debian/rules: do not install pcap.3 (closes: Bug#77769).
++ * debian/control: updated Standards-Version to 3.2.1
++ * debian/control: added version to build-depends on debhelper for lintian:
++ E: sniffit: package-uses-dh_testversion-but-lacks-versioned-build-depends
++ * Package now lintian clean.
++
++ -- Edward Betts <edward at debian.org> Tue, 28 Nov 2000 07:00:24 -0700
++
++sniffit (0.3.7.beta-6.1) frozen unstable; urgency=high
++
++ * Non maintainer upload.
++ * [security] sn_logfile.c: Replaced sprintfs by snprintfs fixing a buffer
++ overflow (bugtraq).
++ * [security] sn_analyse.c: Limit length of TCP packets to the buffer
++ size (buffer overflow with MTU > 5000).
++
++ -- Torsten Landschoff <torsten at debian.org> Fri, 26 May 2000 08:40:14 +0200
++
++sniffit (0.3.7.beta-6) frozen unstable; urgency=low
++
++ * Update config.{guess,sub} to versions from the automake package.
++ Should now compile better on ARM (closes: Bug#56915).
++
++ -- Edward Betts <edward at debian.org> Thu, 3 Feb 2000 09:22:16 +0000
++
++sniffit (0.3.7.beta-5) unstable; urgency=low
++
++ * debian/control: updated Standards-Version to 3.1.1
++ * debian/control: added Build-Depends.
++ * debian/rules: rewritten.
++
++ -- Edward Betts <edward at debian.org> Thu, 6 Jan 2000 23:12:32 +0000
++
++sniffit (0.3.7.beta-4) unstable; urgency=low
++
++ * Recompile to try and fix bug #49979
++
++ -- Edward Betts <edward at debian.org> Fri, 12 Nov 1999 23:21:17 +0000
++
++sniffit (0.3.7.beta-3) unstable; urgency=low
++
++ * Changed to Debhelper 2.0
++ * Updated to Standards-Version: 3.0.1
++ * This package includes a copy of libpcap, ensured that it is not built
++ * Moved config file /etc/sniffit.cfg to
++ /usr/doc/sniffit/examples/sample_config_file
++ * Lintain clean
++
++ -- Edward Betts <edward at debian.org> Fri, 12 Nov 1999 23:20:20 +0000
++
++sniffit (0.3.7.beta-2) unstable; urgency=low
++
++ * Updated /usr/doc/sniffit/copyright from README.FIRST (fixes #39765)
++ * sniffit 0.3.7.beta is free software (BSD-like license)
++ * Changed section to main/net
++ * Added conffiles entry for /etc/sniffit.cfg
++
++ -- Hamish Moffatt <hamish at debian.org> Fri, 25 Jun 1999 22:30:00 +1000
++
++sniffit (0.3.7.beta-1) unstable; urgency=low
++
++ * QA group upload
++ * New upstream release (fixes #28510)
++ * Fixed spelling error in description (fixes #26859)
++ * Recompiled with ncurses 4.0 (fixes #37431)
++
++ -- Hamish Moffatt <hamish at debian.org> Sun, 23 May 1999 01:03:00 +1000
++
++sniffit (0.3.5-3) frozen unstable; urgency=low
++
++ * After long waiting for new copyright i must move it to non-free
++ (fixes bug #21832)
++
++ -- Damjan Marion <dmarion at debian.org> Thu, 28 May 1998 15:10:35 +0200
++
++sniffit (0.3.5-2) frozen unstable; urgency=low
++
++ * Moved to frozen (resurected from orphaned)
++ * Updated to standards 2.4.1.0
++
++ -- Damjan Marion <dmarion at debian.org> Tue, 15 Apr 1998 23:56:11 +0200
++
++sniffit (0.3.5-1) unstable; urgency=low
++
++ * New maintainer
++ * New upstream release
++ * Updated to standards 2.4.0.0
++
++ -- Damjan Marion <dmarion at debian.org> Tue, 7 Apr 1998 22:57:01 +0200
++
++sniffit (0.3.3-1) unstable; urgency=low
++
++ * Initial Release.
++
++ -- Patrick J. Edwards <edwards at cambridgenet.sk.ca> Mon, 17 Mar 1997 17:46:24 -0600
+--- sniffit.0.3.7.beta.orig/debian/sniffit.examples
++++ sniffit.0.3.7.beta/debian/sniffit.examples
+@@ -0,0 +1,3 @@
++sample_config_file
++dns_plugin.plug
++dummy_plugin.plug
+--- sniffit.0.3.7.beta.orig/debian/watch
++++ sniffit.0.3.7.beta/debian/watch
+@@ -0,0 +1,2 @@
++version=3
++http://reptile.rug.ac.be /~coder/sniffit/files/ sniffit.(.*)\.tar\.gz debian uupdate
More information about the arch-commits
mailing list