search

jpr5 / ngrep

ngrep is like GNU grep applied to the network layer. It's a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of interface types, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
https://github.com/jpr5/ngrep
Other
889 stars 99 forks source link

compiling with --enable-tcpkill completes, but feature doesn't appear to work #4

Closed asmosaq closed 9 years ago

asmosaq commented 9 years ago

Compiling on a fedora14 x64 machine with the --enable-tcpkill option completes and spits out a fresh binary. The option isn't quite enabled, however.. e.g.:

at first, it looks like it might be working:

[root@host] # ./ngrep -K | head -2 ./ngrep: option requires an argument -- 'K' usage: ngrep <-hNXViwqpe...blablabla

but running it with normal syntax does't:

[root@host] # ./ngrep -K 5 host 10.2.3.4 and port 22 usage: ngrep <-hNXViwqpevxl...blablabla

Not a huge concern, but it would be really fun to get this to work! Cheers!

compilation specifics:

[root@host] # ./configure --enable-tcpkill ... CONFIG: tcpkill feature enabled ... configure: creating ./config.status config.status: creating Makefile config.status: creating config.h

[root@host] # make make -C regex-0.12 regex.o make[1]: Entering directory /root/ngrep-master/regex-0.12' gcc -g -DSTDC_HEADERS=1 -DHAVE_STRING_H=1 -DHAVE_ALLOCA_H=1 -DHAVE_ALLOCA=1 -I. -I. -c regex.c make[1]: Leaving directory/root/ngrep-master/regex-0.12' gcc -DHAVE_CONFIG_H -DLINUX -D_BSD_SOURCE -DBSD_SOURCE -DFAVOR_BSD -DHAVE_NET_ETHERNET_H -D_BSD_SOURCE=1 -DFAVOR_BSD=1 -Iregex-0.12 -I/usr/local/include/pcap -g -O2 -g -c ngrep.c gcc -DHAVE_CONFIG_H -DLINUX -D_BSD_SOURCE -DBSD_SOURCE -DFAVOR_BSD -DHAVE_NET_ETHERNET_H -D_BSD_SOURCE=1 -DFAVOR_BSD=1 -Iregex-0.12 -I/usr/local/include/pcap -g -O2 -g -c tcpkill.c gcc -s -o ngrep ngrep.o tcpkill.o regex-0.12/regex.o -lpcap -lnet

jpr5 commented 9 years ago

Can you attach the output of your ./configure invocation?

asmosaq commented 9 years ago

You betcha!

[root@host] # make clean make -C regex-0.12 clean make[1]: Entering directory /root/ngrep-master/regex-0.12' for d in doc test; do (cd $d; make -w CPPFLAGS='' CFLAGS='-g' CC='gcc' DEFS='-DSTDC_HEADERS=1 -DHAVE_STRING_H=1 -DHAVE_ALLOCA_H=1 -DHAVE_ALLOCA=1 ' LDFLAGS='' LOADLIBES='' clean); done make[2]: Entering directory/root/ngrep-master/regex-0.12/doc' rm -f regex.?? .dvi .log .toc make[2]: Leaving directory /root/ngrep-master/regex-0.12/doc' make[2]: Entering directory/root/ngrep-master/regex-0.12/test' rm -f .o regex cppregex iregex fileregex regexcpp.c syntax make[2]: Leaving directory /root/ngrep-master/regex-0.12/test' rm -f *.o make[1]: Leaving directory/root/ngrep-master/regex-0.12' rm -f *~ ngrep.o tcpkill.o regex-0.12/regex.o ngrep ngrep.static [root@host] # ./configure --enable-tcpkill

Configuring System ...

checking build system type... x86_64-unknown-linux-gnu checking host system type... x86_64-unknown-linux-gnu checking target system type... x86_64-unknown-linux-gnu checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking how to run the C preprocessor... gcc -E checking for grep that handles long lines and -e... /bin/grep checking for egrep... /bin/grep -E checking for ANSI C header files... yes checking for prefix by checking for tcpdump... /usr/sbin/tcpdump

Configuring GNU Regular Expression library ...

loading cache ./config.cache checking host system type... x86_64-unknown-linux-gnu checking target system type... x86_64-unknown-linux-gnu checking build system type... x86_64-unknown-linux-gnu checking for gcc... (cached) gcc checking whether the C compiler (gcc ) works... yes checking whether the C compiler (gcc ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking for a BSD compatible install... (cached) /usr/bin/install -c checking how to run the C preprocessor... (cached) gcc -E checking for AIX... no checking for getmntent in -lseq... (cached) no checking for POSIXized ISC... no checking for minix/config.h... (cached) no checking for ANSI C header files... (cached) yes checking for string.h... (cached) yes checking for working alloca.h... (cached) yes checking for alloca... (cached) yes checking for working const... (cached) yes checking for prefix by checking for gcc... (cached) /usr/lib64/ccache/gcc creating ./config.status creating Makefile creating doc/Makefile creating test/Makefile

Configuring Network Grep ...

checking for a complete set of pcap headers... found /usr/local/include/pcap checking for pcap_open_live in -lpcap... yes checking for BPF include path... pcap/bpf.h checking for DLT_LINUX_SLL in pcap/bpf.h... yes checking for DLT_LOOP in pcap/bpf.h... yes checking for DLT_IEEE802_11 in pcap/bpf.h... yes checking for DLT_IEEE802_11_RADIO in pcap/bpf.h... yes checking for DLT_RAW in pcap/bpf.h... yes checking for DLT_PFLOG in pcap/bpf.h... yes

CONFIG: IPV6 support disabled CONFIG: privilege dropping enabled (using nobody) CONFIG: using GNU regex library CONFIG: tcpkill feature enabled

configure: creating ./config.status config.status: creating Makefile config.status: creating config.h config.status: config.h is unchanged

jpr5 commented 9 years ago

Thanks! Just committed a fix on master. Check it out and let me know.

Requires libnet-config be in your path (per usual).

asmosaq commented 9 years ago

will do! standby!

asmosaq commented 9 years ago

Like a charm. Thank you!

jpr5 commented 9 years ago

You're welcome! Closing ticket.