# -sam k (commport5@lucidx.com) use POSIX qw(strftime); use Socket; use pdump::Sniff; sub check_udp { my ($nite,$headers,$df,$trgt,@nda,@ndb,$totl,@ints,$vers,$ihl,$tos,$tot,$id,$frg,$ttl,$pro,$chc,$saddr,$daddr,$sport,$dport,$seq,$aseq,$dof,$res1,$res2,$urg,$ack,$psh,$rst,$syn,$fin,$win,$chk,$data,$len,$mtu,$iid,$type,$code,$gateway,$unu,@tmrp) = (0); my ($call,$packet_all,$alla,$cll,$nite,$time,$untm,$protocol,$pro,$proto,$amt) = @_; my (%ipa) = ip_decode($call); my ($vers,$ihl,$tos,$tot,$id,$frg,$ttl,$chc,$saddr,$daddr,$opts,$rest) = ($ipa{ver},$ipa{hlen},$ipa{tos},$ipa{len},$ipa{id},$ipa{foffset},$ipa{ttl},$ipa{cksum},$ipa{src_ip},$ipa{dest_ip},$ipa{options},$ipa{data}); my (%udpa) = udp_decode($rest); my ($sport,$dport,$len,$chk,$data) = ($upda{src_port},$upda{dest_port},$udpa{len},$udpa{cksum},$udpa{data}); $udpp++; $flags = $ipa{flags}; $siaddr = inet_aton($ipa{src_ip}); $diaddr = inet_aton($ipa{dest_ip}); $ipa{src_host} = (gethostbyaddr($siaddr, AF_INET))[0]; $ipa{dest_host} = (gethostbyaddr($diaddr, AF_INET))[0]; if (!$ipa{dest_host}) { $ipa{src_host} = $ipa{src_ip}; } if (!$ipa{dest_host}) { $ipa{dest_host} = $ipa{dest_ip}; } if ($dmth) { if ($nons) { $sname = $ipa{src_ip}; $dname = $ipa{dest_ip}; } else { $sname = $ipa{src_host}; $dname = $ipa{dest_host}; $stest = $ipa{src_ip}; $dtest = $ipa{dest_ip}; } } else { if ($nons) { $sname = $ipa{src_ip}; $dname = $ipa{dest_ip}; $stest = $sname; $dtest = $dname; } else { $sname = $ipa{src_host}; $dname = $ipa{dest_host}; $stest = $ipa{src_ip}; $dtest = $ipa{dest_ip}; } } unless ($nosv) { @sserv = &port2serv($sport, $proto); @dserv = &port2serv($dport, $proto); } if ($sserv[0]) { $stype = $sserv[0]; } else { $stype = $sport; } if ($dserv[0]) { $dtype = $dserv[0]; } else { $dtype = $dport; } if ($pgnr) { unless ($pnrc) { if ($sport =~ /$prgx/ or $dport =~ /$prgx/ or $stype =~ /$prgx/ or $dtype =~ /$prgx/) { $nite++; } } else { if ($sport =~ /$prgx/i or $dport =~ /$prgx/i or $stype =~ /$prgx/i or $dtype =~ /$prgx/i) { $nite++; } } } if ($ignr) { unless ($gnrc) { if ($sname =~ /$regx/ or $dname =~ /$regx/ or $stest =~ /$regx/ or $dtest =~ /$regx/) { $nite++; } } else { if ($sname =~ /$regx/i or $dname =~ /$regx/i or $stest =~ /$regx/i or $dtest =~ /$regx/i) { $nite++; } } } if ($nofl and !$fl) { $dname =~ s/^([^\.]+)\..*?$/$1/; $sname =~ s/^([^\.]+)\..*?$/$1/; } unless ($nite) { if ($ngrp) { if ($data) { unless ($ngrx) { if ($ngrc) { if ($ngra) { unless ($ansi) { print "\nU $stest:$sport -> $dtest:$dport\n$data..\n"; } else { print "\nU $stest:$sport -> $dtest:$dport\n$data..\n"; } } else { if ($data =~ /$ngrr/i) { unless ($ansi) { print "\nU $stest:$sport -> $dtest:$dport\n$data..\n"; } else { print "\nU $stest:$sport -> $dtest:$dport\n$data..\n"; } } else { print "#"; } } } else { if ($ngra) { unless ($ansi) { print "\nU $stest:$sport -> $dtest:$dport\n$data..\n"; } else { print "\nU $stest:$sport -> $dtest:$dport\n$data..\n"; } } else { if ($data =~ /$ngrr/) { unless ($ansi) { print "\nU $stest:$sport -> $dtest:$dport\n$data..\n"; } else { print "\nU $stest:$sport -> $dtest:$dport\n$data..\n"; } } else { print "#"; } } } } else { if ($ngrc) { if ($ngra) { unless ($ansi) { print "\nU $stest:$sport -> $dtest:$dport\n$data..\n"; } else { print "\nU $stest:$sport -> $dtest:$dport\n$data..\n"; } } else { if ($data !~ /$ngrr/i) { unless ($ansi) { print "\nU $stest:$sport -> $dtest:$dport\n$data..\n"; } else { print "\nU $stest:$sport -> $dtest:$dport\n$data..\n"; } } else { print "#"; } } } else { if ($ngra) { unless ($ansi) { print "\nU $stest:$sport -> $dtest:$dport\n$data..\n"; } else { print "\nU $stest:$sport -> $dtest:$dport\n$data..\n"; } } else { if ($data !~ /$ngrr/) { unless ($ansi) { print "\nU $stest:$sport -> $dtest:$dport\n$data..\n"; } else { print "\nU $stest:$sport -> $dtest:$dport\n$data..\n"; } } else { print "#"; } } } } } } elsif ($strn) { $tm = strftime "%H:%M:%S", localtime; $tm .= ".$time"; $str = $strg; %string = ( "saddr", $stest, "daddr", $dtest, "source", $sname, "dest", $dname, "shost", $sname, "dhost", $dname, "sserv", $stype, "dserv", $dtype, "version", $vers, "ihl", $ihl, "tos", $tos, "totlen", $tot, "id", $id, "fragoff", $frg, "ttl", $ttl, "protocol", $pro, "proto", $prt, "check1", $chc, "rawsaddr", $saddr, "rawdaddr", $daddr, "sport", $sport, "dport", $dport, "sequence", $seq, "seq", $seq, "ackseq", $aseq, "doff", $dof, "res1", $res1, "res2", $res2, "urg", $urg, "ack", $ack, "psh", $psh, "rst", $rst, "syn", $syn, "fin", $fin, "winsize", $win, "check2", $chk, "data", $data, "time", $tm, "headers", $headers, ); $string{"seq"} =~ s/^-//; $string{"sequence"} =~ s/^-//; $string{"ackseq"} =~ s/^-//; $strg =~ s/\\t/\t/g; $strg =~ s/\\n/\n/g; $strg =~ s/\$([A-Za-z0-9]+)/$string{$1}/g; unless ($str =~ /^[\s\\]*\$data[\s\\]*$/ and $data =~ /^\s*$/) { print "$strg\n"; } } else { if ($tstm != 1 and $tstm != 2) { print strftime "%H:%M:%S", localtime; print ".$time "; } if ($tstm == 2) { print "$untm.$time "; } print "$sname.$stype > $dname.$dtype: length $len check $chk ($proto"; if ($verb) { print " ttl $ttl, id $id"; } print ")"; if ($hex and !$hexa) { if ($data) { print "\n"; ($ndata = $data) =~ s/(.{1})/sprintf("%x", unpack("C", $1))/eg; $ndata =~ s/(\w{32})/\t\t\t $1\n/g; if (($tmpr) = $ndata =~ /\n(\w+)$/) { $ndata =~ s/\n$r$/\n\t\t\t $r\n/; } $ndata =~ s/(\w{4})/$1 /g; print $ndata; } } print "\n"; } if ($amt and $top == $amt) { die "$amt packets recieved by filter\n"; } } } 1;