Squashed commit of the following:
commit 2027502c5c1364161854794529738344dddb5c50 Author: MM <gaspmat@gmail.com> Date: Thu Mar 22 18:12:07 2012 +0100 link type must be signed, because dlt_to_linktype can return -1 commit 86027ea77d36d36e39070a54eb5caf3d3490e2e9 Author: MM <gaspmat@gmail.com> Date: Wed Mar 21 16:03:58 2012 +0100 enable sniffing on any type of interface commit df6eef12147a294d7f198d057c27e87ed4ffbeb3 Author: MM <gaspmat@gmail.com> Date: Tue Mar 20 18:01:50 2012 +0100 ps support for linux meterpreter [Closes #254]unstable
parent
5d7190e8cb
commit
55bb7abc89
|
@ -599,6 +599,7 @@ DWORD request_sniffer_capture_start(Remote *remote, Packet *packet) {
|
|||
result = hErr;
|
||||
break;
|
||||
}
|
||||
j->capture_linktype = 1; // LINKTYPE_ETHERNET forced on windows
|
||||
#else
|
||||
name = get_interface_name_by_index(ifh);
|
||||
|
||||
|
@ -612,6 +613,9 @@ DWORD request_sniffer_capture_start(Remote *remote, Packet *packet) {
|
|||
result = EACCES;
|
||||
break;
|
||||
}
|
||||
j->capture_linktype = dlt_to_linktype(pcap_datalink(j->pcap)); // get the datalink associated with the capture, needed when saving pcap file
|
||||
if (-1 == j->capture_linktype)
|
||||
j->capture_linktype = 1; // force to LINKTYPE_ETHERNET in case of error
|
||||
|
||||
if(packet_filter) {
|
||||
struct bpf_program bpf;
|
||||
|
@ -1019,6 +1023,8 @@ DWORD request_sniffer_capture_dump(Remote *remote, Packet *packet) {
|
|||
|
||||
packet_add_tlv_uint(response, TLV_TYPE_SNIFFER_PACKET_COUNT, pcnt);
|
||||
packet_add_tlv_uint(response, TLV_TYPE_SNIFFER_BYTE_COUNT, rcnt);
|
||||
// add capture datalink, needed when saving capture file, use TLV_TYPE_SNIFFER_INTERFACE_ID not to create a new TLV type
|
||||
packet_add_tlv_uint(response, TLV_TYPE_SNIFFER_INTERFACE_ID, j->capture_linktype);
|
||||
|
||||
dprintf("sniffer>> finished processing packets");
|
||||
|
||||
|
|
|
@ -35,6 +35,7 @@ typedef struct capturejob
|
|||
unsigned char *dbuf;
|
||||
unsigned int dlen;
|
||||
unsigned int didx;
|
||||
int capture_linktype; //current capture link type that we want to save, ie. LINKTYPE_ETHERNET
|
||||
#ifndef _WIN32
|
||||
THREAD *thread;
|
||||
pcap_t *pcap;
|
||||
|
|
|
@ -836,8 +836,9 @@ void address_calculate_netmask(struct iface_address *address, int ifa_prefixlen)
|
|||
|
||||
if (address->family == AF_INET6) {
|
||||
// if netmask is FFFFFFFF FFFFFFFF 00000000 00000000 (/64), netmask6.a1 and netmask6.a2 == 0xffffffff, and nestmask6.a3 and .a4 == 0
|
||||
// netmask6 is set to 0 at the beginning of the function, no need to reset the values to 0 if it is needed
|
||||
// netmask6 is no longer set to 0 at the beginning of the function, need to reset the values to 0
|
||||
// XXX really ugly, but works
|
||||
memset(&address->nm.netmask6, 0, sizeof(__u128));
|
||||
if (ifa_prefixlen >= 96) {
|
||||
address->nm.netmask6.a4 = (1 << (ifa_prefixlen-96))-1;
|
||||
address->nm.netmask6.a1 = address->nm.netmask6.a2 = address->nm.netmask6.a3 = 0xffffffff;
|
||||
|
|
|
@ -96,6 +96,7 @@ class Sniffer < Extension
|
|||
{
|
||||
:packets => response.get_tlv_value(TLV_TYPE_SNIFFER_PACKET_COUNT),
|
||||
:bytes => response.get_tlv_value(TLV_TYPE_SNIFFER_BYTE_COUNT),
|
||||
:linktype => response.get_tlv_value(TLV_TYPE_SNIFFER_INTERFACE_ID),
|
||||
}
|
||||
end
|
||||
|
||||
|
|
|
@ -132,7 +132,7 @@ class Console::CommandDispatcher::Sniffer
|
|||
bytes_all = res[:bytes] || 0
|
||||
bytes_got = 0
|
||||
bytes_pct = 0
|
||||
|
||||
linktype = res[:linktype]
|
||||
while (bytes_all > 0)
|
||||
res = client.sniffer.capture_dump_read(intf,1024*512)
|
||||
|
||||
|
@ -156,7 +156,7 @@ class Console::CommandDispatcher::Sniffer
|
|||
fd = ::File.new(path_cap, 'ab+')
|
||||
else
|
||||
fd = ::File.new(path_cap, 'wb+')
|
||||
fd.write([0xa1b2c3d4, 2, 4, 0, 0, 65536, 1].pack('NnnNNNN'))
|
||||
fd.write([0xa1b2c3d4, 2, 4, 0, 0, 65536, linktype].pack('NnnNNNN'))
|
||||
end
|
||||
|
||||
pkts = {}
|
||||
|
|
Loading…
Reference in New Issue