diff options
author | Laurent Ghigonis <laurent@p1sec.com> | 2013-06-05 15:23:45 +0200 |
---|---|---|
committer | Laurent Ghigonis <laurent@p1sec.com> | 2013-06-05 15:23:45 +0200 |
commit | c2df624fae9cd08c662f5f611044094f35bb8f63 (patch) | |
tree | 1e1f7b7fb6b86fc73cb6da21e6eabd3c5151069e /gg_sniff | |
parent | Merge branch 'master' into traceroute (diff) | |
parent | gg_map: fix dependencies description (diff) | |
download | glouglou-c2df624fae9cd08c662f5f611044094f35bb8f63.tar.xz glouglou-c2df624fae9cd08c662f5f611044094f35bb8f63.zip |
Merge branch 'master' into traceroute
Diffstat (limited to 'gg_sniff')
-rw-r--r-- | gg_sniff/README.txt | 22 | ||||
-rw-r--r-- | gg_sniff/gg_sniff.c | 14 | ||||
-rw-r--r-- | gg_sniff/gg_sniff.h | 2 | ||||
-rw-r--r-- | gg_sniff/pcap.c | 24 |
4 files changed, 40 insertions, 22 deletions
diff --git a/gg_sniff/README.txt b/gg_sniff/README.txt index 2a43d02..fddbb3f 100644 --- a/gg_sniff/README.txt +++ b/gg_sniff/README.txt @@ -1,7 +1,5 @@ gg_sniff - glouglou probe client for network activity -WARNING: Work in progress, don't expect this to work ! - Requirements ============ @@ -13,14 +11,28 @@ Requirements Installation ============ -git clone git@meg:glouglou -cd gg_sniff make && sudo make install Usage ===== -gg_sniff -i eth0 +sudo gg_sniff + +sudo gg_sniff -i eth0 + +sudo gg_sniff -i eth0 10.137.2.9 + +sudo gg_sniff -v -f "not port 4430 and not port 4431 and net 10.137.2.0/24" 10.137.2.9 + +(10.137.2.9 is where glougloud is) + +Notes on capture +================ + +By default gg_sniff captures on any interfaces (works on Linux only). +By default the capture filter is "not port 4430 and not port 4431 and not port 53". +You can change it via -f, but dont forget to keep filtering out port 4430 and +port 4431 because those are the ports used by glouglou itself ! Notes on architecture and security ================================== diff --git a/gg_sniff/gg_sniff.c b/gg_sniff/gg_sniff.c index cd2d2c5..8ee6de1 100644 --- a/gg_sniff/gg_sniff.c +++ b/gg_sniff/gg_sniff.c @@ -39,7 +39,7 @@ usage(void) { extern char *__progname; - fprintf(stderr, "usage: %s [-hv] [-i interface] [ip [port]]\n", __progname); + fprintf(stderr, "usage: %s [-hv] [-f filter] [-i interface] [ip [port]]\n", __progname); exit(1); } @@ -60,6 +60,7 @@ main(int argc, char **argv) struct event *ev_sigint, *ev_sigterm, *ev_sigchld, *ev_sighup; char ggserv_ip[30] = "127.0.0.1"; char *iface = NULL; + char *filter = NULL; int ggserv_port = GLOUGLOU_PROBE_DEFAULT_PORT; int pcap_init = 0; int loglevel = 0; @@ -70,11 +71,14 @@ main(int argc, char **argv) if (geteuid() != 0) errx(1, "must be root"); - while ((op = getopt(argc, argv, "ahi:v")) != -1) { + while ((op = getopt(argc, argv, "af:hi:v")) != -1) { switch (op) { case 'a': active = 1; break; + case 'f': + filter = strndup(optarg, 256); + break; case 'h': usage(); /* NOTREACHED */ @@ -90,8 +94,8 @@ main(int argc, char **argv) } } switch (argc - optind) { - case 2: ggserv_port = atoi(argv[3]); - case 1: strncpy(ggserv_ip, argv[2], sizeof(ggserv_ip)); + case 2: ggserv_port = atoi(argv[optind+1]); + case 1: strncpy(ggserv_ip, argv[optind], sizeof(ggserv_ip)); case 0: break; default: @@ -110,7 +114,7 @@ main(int argc, char **argv) ggcli = gg_client_connect(_ev_base, ggserv_ip, ggserv_port, NULL, NULL, NULL); if (!ggcli) goto quit; - pcap_init = ggsniff_pcap_init(_ev_base, ggcli, net, iface, active); + pcap_init = ggsniff_pcap_init(_ev_base, ggcli, net, iface, active, filter); if (!pcap_init) goto quit; diff --git a/gg_sniff/gg_sniff.h b/gg_sniff/gg_sniff.h index f848c88..5cbd1fd 100644 --- a/gg_sniff/gg_sniff.h +++ b/gg_sniff/gg_sniff.h @@ -1,5 +1,5 @@ /* pcap.c */ int ggsniff_pcap_init(struct event_base *, struct gg_client *, - struct ggnet *, char *, int); + struct ggnet *, char *, int, char *); void ggsniff_pcap_shutdown(void); diff --git a/gg_sniff/pcap.c b/gg_sniff/pcap.c index fc5b978..7456e67 100644 --- a/gg_sniff/pcap.c +++ b/gg_sniff/pcap.c @@ -99,7 +99,7 @@ static struct _cap_t _cap; int ggsniff_pcap_init(struct event_base *ev_base, struct gg_client *ggcli, - struct ggnet *net, char *iface, int active) + struct ggnet *net, char *iface, int active, char *filter) { char errbuf[PCAP_ERRBUF_SIZE]; struct bpf_program bprog; @@ -115,9 +115,11 @@ ggsniff_pcap_init(struct event_base *ev_base, struct gg_client *ggcli, err(1, "capture: pcap_open_live failed on interface %s\n" "with snaplen %d : %s", iface, PCAP_SNAPLEN, errbuf); - if (pcap_compile(pcap, &bprog, PCAP_FILTER, 0, 0) < 0) + if (!filter) + filter = strndup(PCAP_FILTER, 256); + if (pcap_compile(pcap, &bprog, filter, 0, 0) < 0) err(1, "capture: pcap_compile failed with filter %s : %s", - PCAP_FILTER, pcap_geterr(pcap)); + filter, pcap_geterr(pcap)); if (pcap_setfilter(pcap, &bprog) < 0) err(1, "capture: pcap_setfilter failed : %s", pcap_geterr(pcap)); @@ -284,7 +286,7 @@ my_pcap_open_live(const char *dev, int slen, int promisc, int to_ms, static void cb_pcap(int fd, short why, void *data) { - gg_log_tmp("cb_pcap"); + //gg_log_tmp("cb_pcap"); pcap_dispatch(_cap.pcap, PCAP_COUNT, _cap.handler, NULL); /* reschedule */ @@ -492,7 +494,7 @@ ip_handle(struct ip *ip, const u_char *pend, u_int wirelen) * if this isn't the first frag, we're missing the * next level protocol header. */ - gg_log_tmp("user: got a fragmented ip packet !"); + gg_log_debug("user: got a fragmented ip packet !"); } pkt.ver = PACKET_VERSION; @@ -547,16 +549,16 @@ ether_handle(struct ether_header *ether, const u_char *pend, u_int wirelen) ether_type = ntohs(ether->ether_type); if (ether_type <= ETHERMTU) - gg_log_tmp("llc packet !"); + gg_log_debug("llc packet !"); else { switch (ether_type) { case ETHERTYPE_IP: - gg_log_tmp("loop family AF_LINK IP"); + gg_log_debug("loop family AF_LINK IP"); ip = (struct ip *)((u_char *)ether + sizeof(struct ether_header)); ip_handle(ip, pend, wirelen); break; default: - gg_log_tmp("loop non ip packet !"); + gg_log_debug("loop non ip packet !"); break; } } @@ -630,7 +632,7 @@ phandler_sll(u_char *user, const struct pcap_pkthdr *h, const u_char *p) ep = (struct ether_header *)((u_char *)p + SLL_HDR_LEN); ether_handle(ep, pend, len); default: - gg_log_tmp("unknown family %x !", family); + gg_log_debug("unknown family %x !", family); break; } } else { @@ -667,7 +669,7 @@ phandler_loop(u_char *user, const struct pcap_pkthdr *h, const u_char *p) family = ntohl(family); switch (family) { case AF_INET: - gg_log_tmp("loop family AF_INET"); + gg_log_debug("loop family AF_INET"); ip = (struct ip *)(p + NULL_HDRLEN); ip_handle(ip, pend, len); break; @@ -676,7 +678,7 @@ phandler_loop(u_char *user, const struct pcap_pkthdr *h, const u_char *p) ether_handle(ep, pend, len); break; default: - gg_log_tmp("unknown family %x !", family); + gg_log_debug("unknown family %x !", family); break; } } |