2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
23 static const char copyright[] =
24 "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997\n\
25 The Regents of the University of California. All rights reserved.\n";
26 static const char rcsid[] =
27 "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.158 2000/12/21 10:43:24 guy Exp $ (LBL)";
33 * tcpdump - monitor tcp/ip traffic on an ethernet.
35 * First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory.
36 * Mercilessly hacked and occasionally improved since then via the
37 * combined efforts of Van, Steve McCanne and Craig Leres of LBL.
44 #include <sys/types.h>
47 #include <netinet/in.h>
58 #include "interface.h"
59 #include "addrtoname.h"
61 #include "setsignal.h"
62 #include "gmt2local.h"
64 int aflag; /* translate network and broadcast addresses */
65 int dflag; /* print filter code */
66 int eflag; /* print ethernet header */
67 int fflag; /* don't translate "foreign" IP address */
68 int nflag; /* leave addresses as numbers */
69 int Nflag; /* remove domains from printed host names */
70 int Oflag = 1; /* run filter code optimizer */
71 int pflag; /* don't go promiscuous */
72 int qflag; /* quick (shorter) output */
73 int Rflag = 1; /* print sequence # field in AH/ESP*/
74 int sflag = 0; /* use the libsmi to translate OIDs */
75 int Sflag; /* print raw TCP sequence numbers */
76 int tflag = 1; /* print packet arrival time */
77 int uflag = 0; /* Print undecoded NFS handles */
78 int vflag; /* verbose */
79 int xflag; /* print packet in hex */
80 int Xflag; /* print packet in ascii as well as hex */
82 char *espsecret = NULL; /* ESP secret key */
89 int32_t thiszone; /* seconds offset from gmt to local time */
92 static RETSIGTYPE cleanup(int);
93 static void usage(void) __attribute__((noreturn));
95 /* Length of saved portion of packet. */
96 int snaplen = DEFAULT_SNAPLEN;
103 static struct printer printers[] = {
104 { ether_if_print, DLT_EN10MB },
105 { token_if_print, DLT_IEEE802 },
107 { lane_if_print, DLT_LANE8023 },
110 { cip_if_print, DLT_CIP },
113 { cip_if_print, DLT_ATM_CLIP },
115 { sl_if_print, DLT_SLIP },
116 { sl_bsdos_if_print, DLT_SLIP_BSDOS },
117 { ppp_if_print, DLT_PPP },
118 { ppp_bsdos_if_print, DLT_PPP_BSDOS },
119 { fddi_if_print, DLT_FDDI },
120 { null_if_print, DLT_NULL },
122 { null_if_print, DLT_LOOP },
124 { raw_if_print, DLT_RAW },
125 { atm_if_print, DLT_ATM_RFC1483 },
127 { chdlc_if_print, DLT_C_HDLC },
129 #ifdef DLT_PPP_SERIAL
130 { ppp_hdlc_if_print, DLT_PPP_SERIAL },
133 { sll_if_print, DLT_LINUX_SLL },
139 lookup_printer(int type)
143 for (p = printers; p->f; ++p)
147 error("unknown data link type %d", type);
158 main(int argc, char **argv)
160 register int cnt, op, i;
161 bpf_u_int32 localnet, netmask;
162 register char *cp, *infile, *cmdbuf, *device, *RFileName, *WFileName;
163 pcap_handler printer;
164 struct bpf_program fcode;
165 RETSIGTYPE (*oldhandler)(int);
166 u_char *pcap_userdata;
167 char ebuf[PCAP_ERRBUF_SIZE];
174 if ((cp = strrchr(argv[0], '/')) != NULL)
175 program_name = cp + 1;
177 program_name = argv[0];
179 if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0)
188 (op = getopt(argc, argv, "ac:deE:fF:i:lm:nNOpqr:Rs:StT:uvw:xXY")) != -1)
198 error("invalid packet count %s", optarg);
210 #ifndef HAVE_LIBCRYPTO
211 warning("crypto code not compiled in");
229 #ifdef HAVE_SETLINEBUF
232 setvbuf(stdout, NULL, _IOLBF, 0);
246 if (smiLoadModule(optarg) == 0) {
247 error("could not load MIB module %s", optarg);
251 (void)fprintf(stderr, "%s: ignoring option `-m %s' ",
252 program_name, optarg);
253 (void)fprintf(stderr, "(no libsmi support)\n");
279 snaplen = strtol(optarg, &end, 0);
280 if (optarg == end || *end != '\0'
281 || snaplen < 0 || snaplen > 65535)
282 error("invalid snaplen %s", optarg);
283 else if (snaplen == 0)
297 if (strcasecmp(optarg, "vat") == 0)
299 else if (strcasecmp(optarg, "wb") == 0)
301 else if (strcasecmp(optarg, "rpc") == 0)
303 else if (strcasecmp(optarg, "rtp") == 0)
305 else if (strcasecmp(optarg, "rtcp") == 0)
306 packettype = PT_RTCP;
307 else if (strcasecmp(optarg, "snmp") == 0)
308 packettype = PT_SNMP;
309 else if (strcasecmp(optarg, "cnfp") == 0)
310 packettype = PT_CNFP;
312 error("unknown packet type `%s'", optarg);
339 /* Undocumented flag */
351 error("-a and -n options are incompatible");
354 thiszone = gmt2local(0);
356 if (RFileName != NULL) {
358 * We don't need network access, so set it back to the user id.
359 * Also, this prevents the user from reading anyone's
364 pd = pcap_open_offline(RFileName, ebuf);
370 error("-f and -r options are incompatible");
372 if (device == NULL) {
373 device = pcap_lookupdev(ebuf);
377 pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf);
380 i = pcap_snapshot(pd);
382 warning("snaplen raised from %d to %d", snaplen, i);
385 if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) {
391 * Let user own process after socket has been opened.
396 cmdbuf = read_infile(infile);
398 cmdbuf = copy_argv(&argv[optind]);
400 if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
401 error("%s", pcap_geterr(pd));
403 bpf_dump(&fcode, dflag);
406 init_addrtoname(localnet, netmask);
408 (void)setsignal(SIGTERM, cleanup);
409 (void)setsignal(SIGINT, cleanup);
410 /* Cooperate with nohup(1) */
411 if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL)
412 (void)setsignal(SIGHUP, oldhandler);
414 if (pcap_setfilter(pd, &fcode) < 0)
415 error("%s", pcap_geterr(pd));
417 pcap_dumper_t *p = pcap_dump_open(pd, WFileName);
419 error("%s", pcap_geterr(pd));
421 pcap_userdata = (u_char *)p;
423 printer = lookup_printer(pcap_datalink(pd));
426 if (RFileName == NULL) {
427 (void)fprintf(stderr, "%s: listening on %s\n",
428 program_name, device);
429 (void)fflush(stderr);
431 if (pcap_loop(pd, cnt, printer, pcap_userdata) < 0) {
432 (void)fprintf(stderr, "%s: pcap_loop: %s\n",
433 program_name, pcap_geterr(pd));
440 /* make a clean exit on interrupts */
444 struct pcap_stat stat;
446 /* Can't print the summary if reading from a savefile */
447 if (pd != NULL && pcap_file(pd) == NULL) {
448 (void)fflush(stdout);
450 if (pcap_stats(pd, &stat) < 0)
451 (void)fprintf(stderr, "pcap_stats: %s\n",
454 (void)fprintf(stderr, "%d packets received by filter\n",
456 (void)fprintf(stderr, "%d packets dropped by kernel\n",
463 /* Like default_print() but data need not be aligned */
465 default_print_unaligned(register const u_char *cp, register u_int length)
468 register int nshorts;
471 ascii_print(cp, length);
474 nshorts = (u_int) length / sizeof(u_short);
476 while (--nshorts >= 0) {
478 (void)printf("\n\t\t\t");
480 (void)printf(" %02x%02x", s, *cp++);
484 (void)printf("\n\t\t\t");
485 (void)printf(" %02x", *cp);
490 * By default, print the packet out in hex.
493 default_print(register const u_char *bp, register u_int length)
495 default_print_unaligned(bp, length);
501 extern char version[];
502 extern char pcap_version[];
504 (void)fprintf(stderr, "%s version %s\n", program_name, version);
505 (void)fprintf(stderr, "libpcap version %s\n", pcap_version);
506 (void)fprintf(stderr,
507 "Usage: %s [-adeflnNOpqStuvxX] [-c count] [ -F file ]\n", program_name);
508 (void)fprintf(stderr,
509 "\t\t[ -i interface ] [ -r file ] [ -s snaplen ]\n");
510 (void)fprintf(stderr,
511 "\t\t[ -T type ] [ -w file ] [ expression ]\n");