2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 * Support for splitting captures into multiple files with a maximum
25 * Seth Webster <swebster@sst.ll.mit.edu>
29 static const char copyright[] =
30 "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\
31 The Regents of the University of California. All rights reserved.\n";
32 static const char rcsid[] =
33 "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.173 2001/12/22 22:12:23 guy Exp $ (LBL)";
39 * tcpdump - monitor tcp/ip traffic on an ethernet.
41 * First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory.
42 * Mercilessly hacked and occasionally improved since then via the
43 * combined efforts of Van, Steve McCanne and Craig Leres of LBL.
50 #include <sys/types.h>
53 #include <netinet/in.h>
64 #include "interface.h"
65 #include "addrtoname.h"
67 #include "setsignal.h"
68 #include "gmt2local.h"
70 int aflag; /* translate network and broadcast addresses */
71 int dflag; /* print filter code */
72 int eflag; /* print ethernet header */
73 int fflag; /* don't translate "foreign" IP address */
74 int nflag; /* leave addresses as numbers */
75 int Nflag; /* remove domains from printed host names */
76 int Oflag = 1; /* run filter code optimizer */
77 int pflag; /* don't go promiscuous */
78 int qflag; /* quick (shorter) output */
79 int Rflag = 1; /* print sequence # field in AH/ESP*/
80 int sflag = 0; /* use the libsmi to translate OIDs */
81 int Sflag; /* print raw TCP sequence numbers */
82 int tflag = 1; /* print packet arrival time */
83 int uflag = 0; /* Print undecoded NFS handles */
84 int vflag; /* verbose */
85 int xflag; /* print packet in hex */
86 int Xflag; /* print packet in ascii as well as hex */
87 off_t Cflag = 0; /* rotate dump files after this many bytes */
89 char *espsecret = NULL; /* ESP secret key */
98 int32_t thiszone; /* seconds offset from gmt to local time */
101 static RETSIGTYPE cleanup(int);
102 static void usage(void) __attribute__((noreturn));
104 static void dump_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *);
107 RETSIGTYPE requestinfo(int);
110 /* Length of saved portion of packet. */
111 int snaplen = DEFAULT_SNAPLEN;
118 static struct printer printers[] = {
119 { arcnet_if_print, DLT_ARCNET },
120 { ether_if_print, DLT_EN10MB },
121 { token_if_print, DLT_IEEE802 },
123 { lane_if_print, DLT_LANE8023 },
126 { cip_if_print, DLT_CIP },
129 { cip_if_print, DLT_ATM_CLIP },
131 { sl_if_print, DLT_SLIP },
132 { sl_bsdos_if_print, DLT_SLIP_BSDOS },
133 { ppp_if_print, DLT_PPP },
134 { ppp_bsdos_if_print, DLT_PPP_BSDOS },
135 { fddi_if_print, DLT_FDDI },
136 { null_if_print, DLT_NULL },
138 { null_if_print, DLT_LOOP },
140 { raw_if_print, DLT_RAW },
141 { atm_if_print, DLT_ATM_RFC1483 },
143 { chdlc_if_print, DLT_C_HDLC },
146 { chdlc_if_print, DLT_HDLC },
148 #ifdef DLT_PPP_SERIAL
149 { ppp_hdlc_if_print, DLT_PPP_SERIAL },
152 { pppoe_if_print, DLT_PPP_ETHER },
155 { sll_if_print, DLT_LINUX_SLL },
157 #ifdef DLT_IEEE802_11
158 { ieee802_11_if_print, DLT_IEEE802_11},
161 { ltalk_if_print, DLT_LTALK },
167 lookup_printer(int type)
171 for (p = printers; p->f; ++p)
175 error("unknown data link type %d", type);
192 main(int argc, char **argv)
194 register int cnt, op, i;
195 bpf_u_int32 localnet, netmask;
196 register char *cp, *infile, *cmdbuf, *device, *RFileName, *WFileName;
197 pcap_handler printer;
198 struct bpf_program fcode;
199 RETSIGTYPE (*oldhandler)(int);
200 struct dump_info dumpinfo;
201 u_char *pcap_userdata;
202 char ebuf[PCAP_ERRBUF_SIZE];
209 if ((cp = strrchr(argv[0], '/')) != NULL)
210 program_name = cp + 1;
212 program_name = argv[0];
214 if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0)
223 (op = getopt(argc, argv, "ac:C:deE:fF:i:lm:nNOpqr:Rs:StT:uvw:xXY")) != -1)
233 error("invalid packet count %s", optarg);
237 Cflag = atoi(optarg) * 1000000;
239 error("invalid file size %s", optarg);
251 #ifndef HAVE_LIBCRYPTO
252 warning("crypto code not compiled in");
270 #ifdef HAVE_SETLINEBUF
273 setvbuf(stdout, NULL, _IOLBF, 0);
287 if (smiLoadModule(optarg) == 0) {
288 error("could not load MIB module %s", optarg);
292 (void)fprintf(stderr, "%s: ignoring option `-m %s' ",
293 program_name, optarg);
294 (void)fprintf(stderr, "(no libsmi support)\n");
320 snaplen = strtol(optarg, &end, 0);
321 if (optarg == end || *end != '\0'
322 || snaplen < 0 || snaplen > 65535)
323 error("invalid snaplen %s", optarg);
324 else if (snaplen == 0)
338 if (strcasecmp(optarg, "vat") == 0)
340 else if (strcasecmp(optarg, "wb") == 0)
342 else if (strcasecmp(optarg, "rpc") == 0)
344 else if (strcasecmp(optarg, "rtp") == 0)
346 else if (strcasecmp(optarg, "rtcp") == 0)
347 packettype = PT_RTCP;
348 else if (strcasecmp(optarg, "snmp") == 0)
349 packettype = PT_SNMP;
350 else if (strcasecmp(optarg, "cnfp") == 0)
351 packettype = PT_CNFP;
353 error("unknown packet type `%s'", optarg);
380 /* Undocumented flag */
392 error("-a and -n options are incompatible");
395 thiszone = gmt2local(0);
397 if (RFileName != NULL) {
399 * We don't need network access, so set it back to the user id.
400 * Also, this prevents the user from reading anyone's
405 pd = pcap_open_offline(RFileName, ebuf);
411 error("-f and -r options are incompatible");
413 if (device == NULL) {
414 device = pcap_lookupdev(ebuf);
419 pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf);
424 i = pcap_snapshot(pd);
426 warning("snaplen raised from %d to %d", snaplen, i);
429 if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) {
435 * Let user own process after socket has been opened.
440 cmdbuf = read_infile(infile);
442 cmdbuf = copy_argv(&argv[optind]);
444 if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
445 error("%s", pcap_geterr(pd));
447 bpf_dump(&fcode, dflag);
450 init_addrtoname(localnet, netmask);
452 (void)setsignal(SIGTERM, cleanup);
453 (void)setsignal(SIGINT, cleanup);
454 /* Cooperate with nohup(1) */
455 if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL)
456 (void)setsignal(SIGHUP, oldhandler);
458 if (pcap_setfilter(pd, &fcode) < 0)
459 error("%s", pcap_geterr(pd));
461 pcap_dumper_t *p = pcap_dump_open(pd, WFileName);
463 error("%s", pcap_geterr(pd));
465 printer = dump_and_trunc;
466 dumpinfo.WFileName = WFileName;
469 pcap_userdata = (u_char *)&dumpinfo;
472 pcap_userdata = (u_char *)p;
475 printer = lookup_printer(pcap_datalink(pd));
478 (void)setsignal(SIGINFO, requestinfo);
481 if (RFileName == NULL) {
482 (void)fprintf(stderr, "%s: listening on %s\n",
483 program_name, device);
484 (void)fflush(stderr);
486 if (pcap_loop(pd, cnt, printer, pcap_userdata) < 0) {
487 (void)fprintf(stderr, "%s: pcap_loop: %s\n",
488 program_name, pcap_geterr(pd));
491 if (RFileName == NULL)
497 /* make a clean exit on interrupts */
502 /* Can't print the summary if reading from a savefile */
503 if (pd != NULL && pcap_file(pd) == NULL) {
504 (void)fflush(stdout);
512 info(register int verbose)
514 struct pcap_stat stat;
516 if (pcap_stats(pd, &stat) < 0) {
517 (void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd));
521 fprintf(stderr, "%s: ", program_name);
522 (void)fprintf(stderr, "%d packets received by filter", stat.ps_recv);
527 (void)fprintf(stderr, "%d packets dropped by kernel\n", stat.ps_drop);
536 for (i = 0, j = strlen(s) - 1; i < j; i++, j--) {
545 swebitoa(unsigned int n, char *s)
551 s[i++] = n % 10 + '0';
552 } while ((n /= 10) > 0);
559 dump_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
561 struct dump_info *info;
565 info = (struct dump_info *)user;
568 * XXX - this won't prevent capture files from getting
569 * larger than Cflag - the last packet written to the
570 * file could put it over Cflag.
572 if (ftell((FILE *)info->p) > Cflag) {
573 name = (char *) malloc(strlen(info->WFileName) + 4);
575 error("dump_and_trunc: malloc");
576 strcpy(name, info->WFileName);
577 swebitoa(cnt, name + strlen(info->WFileName));
579 pcap_dump_close(info->p);
580 info->p = pcap_dump_open(info->pd, name);
583 error("%s", pcap_geterr(pd));
586 pcap_dump((u_char *)info->p, h, sp);
589 /* Like default_print() but data need not be aligned */
591 default_print_unaligned(register const u_char *cp, register u_int length)
594 register int nshorts;
597 ascii_print(cp, length);
600 nshorts = (u_int) length / sizeof(u_short);
602 while (--nshorts >= 0) {
604 (void)printf("\n\t\t\t");
606 (void)printf(" %02x%02x", s, *cp++);
610 (void)printf("\n\t\t\t");
611 (void)printf(" %02x", *cp);
616 * By default, print the packet out in hex.
619 default_print(register const u_char *bp, register u_int length)
621 default_print_unaligned(bp, length);
625 RETSIGTYPE requestinfo(int signo)
637 extern char version[];
638 extern char pcap_version[];
640 (void)fprintf(stderr, "%s version %s\n", program_name, version);
641 (void)fprintf(stderr, "libpcap version %s\n", pcap_version);
642 (void)fprintf(stderr,
643 "Usage: %s [-adeflnNOpqRStuvxX] [ -c count ] [ -C file_size ]\n", program_name);
644 (void)fprintf(stderr,
645 "\t\t[ -F file ] [ -i interface ] [ -r file ] [ -s snaplen ]\n");
646 (void)fprintf(stderr,
647 "\t\t[ -T type ] [ -w file ] [ -E algo:secret ] [ expression ]\n");
projects / FreeBSD / FreeBSD.git / blob