commit 14e9867e75f77ac0959763beb03576e8b4c3742e
parent 8d6f550348401164fe5c5558e45e8d5bf1cd0f88
Author: Jordan Ritter <jpr5@darkridge.com>
Date: Fri, 14 Jun 2002 23:10:06 +0000
added -S (set limitlen)
Diffstat:
4 files changed, 27 insertions(+), 6 deletions(-)
diff --git a/CHANGES b/CHANGES
@@ -1,3 +1,6 @@
+cvs-current
+ o added -S (set limitlen)
+
v1.40.1
o MacOS X support
o ISDN (SLL) support
diff --git a/README b/README
@@ -1,7 +1,7 @@
Program: ngrep
Author: Jordan Ritter <jpr5@darkridge.com>
-Version: 1.40.1 (12.31.2001)
+Version: 1.40.1-cvs (6.14.2002)
Goal:
@@ -25,7 +25,8 @@ Description:
Usage:
ngrep <-hXViwqpevxlDtT> <-IO pcap_dump> <-n num> <-d dev> <-A num>
- <-s snaplen> <match expression> <bpf filter>
+ <-s snaplen> <-S limitlen> <match expression>
+ <bpf filter>
-h is help/usage
-X is interpret match expression as hexadecimal
@@ -42,6 +43,7 @@ Usage:
-t is print timestamp every time a packet is matched
-T is print delta timestamp every time a packet is matched
-s is set the bpf caplen
+ -S is set the limitlen on matched packets
-O is dump matched packets in pcap format to pcap_dump
-I is read packet stream from pcap format file pcap_dump
-n is look at only num packets
diff --git a/ngrep.8 b/ngrep.8
@@ -24,6 +24,8 @@ ngrep \- network grep
.I num
.B > < -s
.I snaplen
+.B > < -S
+.I limitlen
.B > <
.I match expression
.B > <
@@ -97,6 +99,11 @@ between packet matches.
.IP "-s snaplen"
Set the bpf caplen to snaplen (default 65536).
+.IP "-S limitlen"
+Set the upper limit on the size of packets that ngrep will look at.
+Useful for looking at only the first N bytes of packets without
+changing the BPF snaplen.
+
.IP "-I pcap_dump"
Input file pcap_dump into ngrep. Works with any pcap-compatible dump
file format. This option is useful for searching for a wide range of
diff --git a/ngrep.c b/ngrep.c
@@ -65,7 +65,7 @@
static char rcsver[] = "$Revision$";
-int snaplen = 65535, promisc = 1, to = 1000;
+int snaplen = 65535, limitlen = 65535, promisc = 1, to = 1000;
int show_empty = 0, show_hex = 0, quiet = 0;
int match_after = 0, keep_matching = 0;
int invert_match = 0, bin_match = 0;
@@ -117,14 +117,17 @@ int main(int argc, char **argv) {
signal(SIGPIPE, clean_exit);
signal(SIGWINCH, update_windowsize);
- while ((c = getopt(argc, argv, "hXViwqpevxlDtTs:n:d:A:I:O:")) != EOF) {
+ while ((c = getopt(argc, argv, "hXViwqpevxlDtTs:n:d:A:I:O:S:")) != EOF) {
switch (c) {
- case 'I':
- read_file = optarg;
+ case 'S':
+ limitlen = atoi(optarg);
break;
case 'O':
dump_file = optarg;
break;
+ case 'I':
+ read_file = optarg;
+ break;
case 'A':
match_after = atoi(optarg) + 1;
break;
@@ -446,6 +449,8 @@ void process(u_char *data1, struct pcap_pkthdr* h, u_char *p) {
len -= ip_hl + tcphdr_offset;
else len = h->caplen - link_offset - ip_hl - tcphdr_offset;
+ if (len > limitlen) len = limitlen;
+
if (((len || show_empty) && (((int)(*match_func)(data, len)) != invert_match))
|| keep_matching) {
@@ -500,6 +505,8 @@ void process(u_char *data1, struct pcap_pkthdr* h, u_char *p) {
len -= ip_hl + udphdr_offset;
else len = h->caplen - link_offset - ip_hl - udphdr_offset;
+ if (len > limitlen) len = limitlen;
+
if (((len || show_empty) && (((int)(*match_func)(data, len)) != invert_match))
|| keep_matching) {
@@ -552,6 +559,8 @@ void process(u_char *data1, struct pcap_pkthdr* h, u_char *p) {
len -= ip_hl + icmphdr_offset;
else len = h->caplen - link_offset - ip_hl - icmphdr_offset;
+ if (len > limitlen) len = limitlen;
+
if (((len || show_empty) && (((int)(*match_func)(data, len)) != invert_match))
|| keep_matching) {