# -sam k (commport5@lucidx.com)

use pdump::Sniff;

sub omnivore {
 my ($alla, $call, $nite, $headers) = ($offset_all, $_[2], 0);
 $packet_all->bset($call, $alla);
 ($vers,$ihl,$tos,$tot,$id,$frg,$ttl,$pro,$chc,$saddr,$daddr,$sport,$dport,$seq,$aseq,$dof,$res1,$res2,$urg,$ack,$psh,$rst,$syn,$fin,$win,$chk,$data) =
 $packet_all->get({ip=>['version','ihl','tos','tot_len','id','frag_off','ttl','protocol','check','saddr','daddr'],tcp=>[
 'source','dest','seq','ack_seq','doff','res1','res2','urg','ack','psh','rst','syn','fin','window','check','data']});
 my $msg = $data;
 $seq =~ s/^-//;
 if ($ngrp and $ngrr) {
  if ($ngrx) {
   if ($ngrc) {
    if ($msg !~ /$ngrr/i) {
     &omnishow($msg);
    }
   }
   else {
    if ($msg !~ /$ngrr/) {
     &omnishow($msg);
    }
   }
  }
  else {
   if ($ngrc) {
    if ($msg =~ /$ngrr/i) {
     &omnishow($msg);
    }
   }
   else {
    if ($msg =~ /$ngrr/) {
     &omnishow($msg);
    }
   }
  }
 }
 else {
  &omnishow($msg);
 }
}

sub omnishow {
 my $msg = shift;
 if ($msg =~ /Message-ID/i) {
  $top++;
  my ($email) = $msg =~ /From: [^<]+ <([^>]+)>/;
  my ($day, $date, $month, $year, $time) = $msg =~ /Date: ([^,]+), (\d+) ([^\s]+) (\d+) ([^\s]+) \+/;
  $msg =~ s/\.\s*$//;
  my $message  = "From $email $day $month $date $time $year\n";
  $message .= "Sender: $email\n";
  $message .= $msg;
  print $message;
  if ($amt and $top == $amt) {
   die "\r$amt packets recieved by filter\n";
  }
 }
}

1;