/**
* Init the network monitoring
* @param device Device
* @param dump PCAP file
* @param pcap PCAP filter
*/
void net_init(char *device, char *dump, char *pcap)
{
static struct nids_chksum_ctl ctl;
nids_params.n_tcp_streams = 4096; /* Streams to track for re-assembly */
nids_params.n_hosts = 1024; /* Hosts to track for defrag */
nids_params.scan_num_hosts = 0; /* Disable portscan detection */
nids_params.device = device;
nids_params.filename = dump;
nids_params.pcap_filter = pcap;
if (!nids_init())
fatal("Initialization of libnids failed");
/* Register callbacks */
nids_register_udp((void *) net_udp);
nids_register_tcp((void *) net_tcp);
/* Disable checksum control */
ctl.netaddr = 0;
ctl.mask = 0;
ctl.action = NIDS_DONT_CHKSUM;
nids_register_chksum_ctl(&ctl, 1);
}
void sessions_nids_init(pcap_t *p)
{
nids_params.pcap_desc = p;
nids_params.tcp_workarounds = 1;
if (!nids_init()) {
fprintf(stderr, "nids_init: %s\n", nids_errbuf);
exit(-1);
}
nids_register_ip(ip_callback);
nids_register_udp(udp_callback);
nids_register_tcp(tcp_callback);
}
int
main(int argc, char *argv[])
{
int c;
while ((c = getopt(argc, argv, "i:nvh?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
case 'n':
Opt_dns = 0;
break;
case 'v':
Opt_invert = 1;
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc > 0 && strlen(argv[0])) {
if ((pregex = (regex_t *) malloc(sizeof(*pregex))) == NULL)
err(1, "malloc");
if (regcomp(pregex, argv[0], REG_EXTENDED|REG_NOSUB) != 0)
errx(1, "invalid regular expression");
}
if (argc > 1) {
nids_params.pcap_filter = copy_argv(argv + 1);
}
else nids_params.pcap_filter = DEFAULT_PCAP_FILTER;
nids_params.scan_num_hosts = 0;
nids_params.syslog = null_syslog;
if (!nids_init())
errx(1, "%s", nids_errbuf);
nids_register_tcp(sniff_http_client);
warnx("listening on %s [%s]", nids_params.device,
nids_params.pcap_filter);
nids_run();
/* NOTREACHED */
exit(0);
}
int
main ()
{
// here we can alter libnids params, for instance:
// nids_params.n_hosts=256;
nids_params.filename = "C:\\Temp\\2\\100050--65.55.209.215.53123-147.237.72.235.80.pcap";
//nids_params.filename = "C:\\Temp\\http.pcap";
if (!nids_init ())
{
fprintf(stderr,"%s\n",nids_errbuf);
exit(1);
}
nids_register_tcp (tcp_callback);
nids_run ();
return 0;
}
int main(int argc, char **argv)
{
if(argc>1) {
nids_params.pcap_filter=argv[1];
fprintf(stderr, "Set filter to \"%s\"\n", nids_params.pcap_filter);
}
/*
nids_params.syslog = logger;
*/
nids_params.scan_num_hosts=0;
nids_params.scan_num_ports=0;
nids_init();
nids_register_tcp(got_packet);
nids_run();
return(0);
}
/**
* Main entry point for this program.
*
* @param argc
* @param argv
*/
int main(int argc, char *argv[]) {
// Check parameters
if ((argc < 2)||(argc > 4)) {
print_usage();
return 1;
}
// Configure libnids
if (argc > 2) {
if (strcmp(argv[1], "-r") != 0) {
print_usage();
return 1;
}
nids_params.filename = argv[2];
if (argc == 4) {
nids_params.pcap_filter = argv[3];
}
} else {
nids_params.pcap_filter = argv[1];
}
// Initialize libnids
if (!nids_init()) {
fprintf(stderr, "libnids initialization failed: %s\n", nids_errbuf);
return 1;
}
// Create LibHTP configuration
cfg = htp_config_create();
htp_config_set_server_personality(cfg, HTP_SERVER_APACHE_2_2);
htp_config_register_response(cfg, callback_response);
htp_config_register_log(cfg, callback_log);
// Run libnids
nids_register_tcp(tcp_callback);
nids_run();
// Destroy LibHTP configuration
htp_config_destroy(cfg);
return 0;
}
int
main ()
{
logfd = open ("./logfile", O_WRONLY | O_CREAT | O_TRUNC, 0600);
if (logfd < 0)
{
perror ("opening ./logfile:");
exit (1);
}
if (!nids_init ())
{
fprintf (stderr, "%s\n", nids_errbuf);
exit (1);
}
nids_register_tcp (sniff_callback);
nids_run ();
return 0;
}
int
main(int argc, char *argv[])
{
int c;
char *services, *savefile, *triggers;
services = savefile = triggers = NULL;
while ((c = getopt(argc, argv, "cdf:i:mnr:s:t:w:h?V")) != -1) {
switch (c) {
case 'c':
Opt_client = 1;
break;
case 'd':
Opt_debug++;
break;
case 'f':
services = optarg;
break;
case 'i':
nids_params.device = optarg;
break;
case 'm':
Opt_magic = 1;
break;
case 'n':
Opt_dns = 0;
break;
case 'r':
Opt_read = 1;
savefile = optarg;
break;
case 's':
if ((Opt_snaplen = atoi(optarg)) == 0)
usage();
break;
case 't':
triggers = optarg;
break;
case 'w':
Opt_write = 1;
savefile = optarg;
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (Opt_read && Opt_write)
usage();
if (!record_init(savefile))
err(1, "record_init");
signal(SIGHUP, sig_hup);
signal(SIGINT, sig_die);
signal(SIGTERM, sig_die);
if (Opt_read) {
record_dump();
record_close();
exit(0);
}
if (argc != 0)
nids_params.pcap_filter = copy_argv(argv);
nids_params.scan_num_hosts = 0;
nids_params.syslog = null_syslog;
if (!nids_init()) {
record_close();
errx(1, "nids_init: %s", nids_errbuf);
}
if (Opt_magic) {
trigger_init_magic(DSNIFF_LIBDIR DSNIFF_MAGIC);
}
if (triggers) {
trigger_init_list(triggers);
}
if (services == NULL) {
services = DSNIFF_LIBDIR DSNIFF_SERVICES;
}
trigger_init_services(services);
nids_register_ip(trigger_ip);
nids_register_ip(trigger_udp);
if (Opt_client) {
nids_register_ip(trigger_tcp_raw);
signal(SIGALRM, trigger_tcp_raw_timeout);
alarm(TRIGGER_TCP_RAW_TIMEOUT);
}
else nids_register_tcp(trigger_tcp);
if (nids_params.pcap_filter != NULL) {
warnx("listening on %s [%s]", nids_params.device,
nids_params.pcap_filter);
}
else warnx("listening on %s", nids_params.device);
nids_run();
/* NOTREACHED */
exit(0);
}
static int cook_init(mapidflib_function_instance_t *instance, MAPI_UNUSED int fd)
{
struct cooking_data *data;
if (nids_not_inited) {
pcap_t *desc;
struct nids_chksum_ctl *nochksumchk;
desc = malloc(sizeof(pcap_t));
desc->fd = 1;
desc->linktype = instance->hwinfo->link_type;
desc->bufsize = instance->hwinfo->cap_length;
nids_params.pcap_desc = desc;
nids_params.tcp_workarounds = 1;
/* disable checksum checking for all packets */
nochksumchk = malloc(sizeof(struct nids_chksum_ctl));
nochksumchk->netaddr = 0;
nochksumchk->mask = 0;
nochksumchk->action = NIDS_DONT_CHKSUM;
nids_register_chksum_ctl(nochksumchk, 1);
if (!nids_init()) {
DEBUG_CMD(Debug_Message("NIDS Error: %s", nids_errbuf));
return -1;
}
nids_register_tcp(mapi_tcp_callback);
nids_not_inited = 0;
}
data = (struct cooking_data *)(instance->internal_data);
/* //check if uncook is applied
functs = flist_get(instance->hwinfo->gflist->fflist, fd);
for (fid=1; (funct=flist_get(functs, fid)); fid++) {
if (!strcmp(funct->instance->def->name, "UNCOOK"))
data->keep_headers = 1;
}
*/
//printf("Cooking : %s keeping headers %d \n", (data->keep_headers)?"":"NOT", fd);
if (data->threshold <= 0) {
data->threshold = 32000; //default value 32K
}
if (data->threshold < 1600)
instance->hwinfo->cap_length = 1600;
else
instance->hwinfo->cap_length = data->threshold + 100;//+100 for headers
data->ret_client_data = malloc(sizeof(char) * data->threshold);
data->ret_server_data = malloc(sizeof(char) * data->threshold);
data->client_ready = 0;
data->server_ready = 0;
//data->ni = nids_mapi_init(&desc, instance->hwinfo->link_type);
//data->ni = nids_create();
return 0;
}
void cap_http::register_tcp()
{
nids_register_tcp((void*)(::http_protocol_callback));
}
int
main(int argc, char *argv[])
{
extern char *optarg;
extern int optind;
int c;
while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
case 'p':
nids_params.filename = optarg;
break;
case 'v':
Opt_invert = 1;
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc > 0 && strlen(argv[0])) {
if ((pregex = (regex_t *) malloc(sizeof(*pregex))) == NULL)
err(1, "malloc");
if (regcomp(pregex, argv[0], REG_EXTENDED|REG_NOSUB) != 0)
errx(1, "invalid regular expression");
}
if (argc > 1)
nids_params.pcap_filter = copy_argv(argv + 1);
nids_params.scan_num_hosts = 0;
nids_params.syslog = null_syslog;
fh_map_init();
if (!nids_init())
errx(1, "nids_init: %s", nids_errbuf);
nids_register_ip(decode_udp_nfs);
nids_register_tcp(decode_tcp_nfs);
if (nids_params.pcap_filter != NULL) {
if (nids_params.filename == NULL) {
warnx("listening on %s [%s]", nids_params.device,
nids_params.pcap_filter);
}
else {
warnx("using %s [%s]", nids_params.filename,
nids_params.pcap_filter);
}
}
else {
if (nids_params.filename == NULL) {
warnx("listening on %s", nids_params.device);
}
else {
warnx("using %s", nids_params.filename);
}
}
nids_run();
/* NOTREACHED */
exit(0);
}
