diff --git a/external/source/meterpreter/source/extensions/sniffer/sniffer.c b/external/source/meterpreter/source/extensions/sniffer/sniffer.c index 8b27fe53d2..a5b8652f2f 100644 --- a/external/source/meterpreter/source/extensions/sniffer/sniffer.c +++ b/external/source/meterpreter/source/extensions/sniffer/sniffer.c @@ -599,6 +599,7 @@ DWORD request_sniffer_capture_start(Remote *remote, Packet *packet) { result = hErr; break; } + j->capture_linktype = 1; // LINKTYPE_ETHERNET forced on windows #else name = get_interface_name_by_index(ifh); @@ -612,6 +613,9 @@ DWORD request_sniffer_capture_start(Remote *remote, Packet *packet) { result = EACCES; break; } + j->capture_linktype = dlt_to_linktype(pcap_datalink(j->pcap)); // get the datalink associated with the capture, needed when saving pcap file + if (-1 == j->capture_linktype) + j->capture_linktype = 1; // force to LINKTYPE_ETHERNET in case of error if(packet_filter) { struct bpf_program bpf; @@ -1019,6 +1023,8 @@ DWORD request_sniffer_capture_dump(Remote *remote, Packet *packet) { packet_add_tlv_uint(response, TLV_TYPE_SNIFFER_PACKET_COUNT, pcnt); packet_add_tlv_uint(response, TLV_TYPE_SNIFFER_BYTE_COUNT, rcnt); + // add capture datalink, needed when saving capture file, use TLV_TYPE_SNIFFER_INTERFACE_ID not to create a new TLV type + packet_add_tlv_uint(response, TLV_TYPE_SNIFFER_INTERFACE_ID, j->capture_linktype); dprintf("sniffer>> finished processing packets"); diff --git a/external/source/meterpreter/source/extensions/sniffer/sniffer.h b/external/source/meterpreter/source/extensions/sniffer/sniffer.h index 7c5a38c633..79d4da60d8 100644 --- a/external/source/meterpreter/source/extensions/sniffer/sniffer.h +++ b/external/source/meterpreter/source/extensions/sniffer/sniffer.h @@ -35,6 +35,7 @@ typedef struct capturejob unsigned char *dbuf; unsigned int dlen; unsigned int didx; + int capture_linktype; //current capture link type that we want to save, ie. LINKTYPE_ETHERNET #ifndef _WIN32 THREAD *thread; pcap_t *pcap; diff --git a/external/source/meterpreter/source/server/linux/netlink.c b/external/source/meterpreter/source/server/linux/netlink.c index 809b104f45..117316b31c 100644 --- a/external/source/meterpreter/source/server/linux/netlink.c +++ b/external/source/meterpreter/source/server/linux/netlink.c @@ -836,8 +836,9 @@ void address_calculate_netmask(struct iface_address *address, int ifa_prefixlen) if (address->family == AF_INET6) { // if netmask is FFFFFFFF FFFFFFFF 00000000 00000000 (/64), netmask6.a1 and netmask6.a2 == 0xffffffff, and nestmask6.a3 and .a4 == 0 - // netmask6 is set to 0 at the beginning of the function, no need to reset the values to 0 if it is needed + // netmask6 is no longer set to 0 at the beginning of the function, need to reset the values to 0 // XXX really ugly, but works + memset(&address->nm.netmask6, 0, sizeof(__u128)); if (ifa_prefixlen >= 96) { address->nm.netmask6.a4 = (1 << (ifa_prefixlen-96))-1; address->nm.netmask6.a1 = address->nm.netmask6.a2 = address->nm.netmask6.a3 = 0xffffffff; diff --git a/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb b/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb index 8f243833c2..e336041c4b 100644 --- a/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +++ b/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb @@ -96,6 +96,7 @@ class Sniffer < Extension { :packets => response.get_tlv_value(TLV_TYPE_SNIFFER_PACKET_COUNT), :bytes => response.get_tlv_value(TLV_TYPE_SNIFFER_BYTE_COUNT), + :linktype => response.get_tlv_value(TLV_TYPE_SNIFFER_INTERFACE_ID), } end diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb index 75f09ac918..56a34aec31 100644 --- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb @@ -132,7 +132,7 @@ class Console::CommandDispatcher::Sniffer bytes_all = res[:bytes] || 0 bytes_got = 0 bytes_pct = 0 - + linktype = res[:linktype] while (bytes_all > 0) res = client.sniffer.capture_dump_read(intf,1024*512) @@ -156,7 +156,7 @@ class Console::CommandDispatcher::Sniffer fd = ::File.new(path_cap, 'ab+') else fd = ::File.new(path_cap, 'wb+') - fd.write([0xa1b2c3d4, 2, 4, 0, 0, 65536, 1].pack('NnnNNNN')) + fd.write([0xa1b2c3d4, 2, 4, 0, 0, 65536, linktype].pack('NnnNNNN')) end pkts = {}