main.c

Nast是一个基于Libnet 和Libpcap的sniffer包和LAN分析器。它可以在通常模式或混合模式下检查通过网络接口的数据包

/*
    nast

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

*/

#include "include/nast.h"
#include <sys/utsname.h>

#ifdef HAVE_GETOPT
# include <getopt.h>
#else
# include "missing/getopt.h"
#endif

void usage(char *name);

int main(int argc,char **argv)
{
   char *dev, *filter, *buffer, *ldname;
   char errbuf[PCAP_ERRBUF_SIZE];
   extern char *optarg;
   int option, option_index;
   u_long anip;
   libnet_t *L;
   struct utsname buf;
   static u_short ports[] =
     {
	21, 22, 23, 25, 43, 53, 79, 80, 110, 119, 143, 220, 513, 514
     };
   struct FLAGSTRUCT
     {
	u_short promisc;
	u_short l;
	u_short data;
	u_short hex;
	u_short f;
	u_short ps;
	u_short gw;
	u_short rt;
	u_short lk;
	u_short pr;
	u_short st;
	u_short mp;
	u_short banner;
	u_short maplan;
	u_short c_arp;
	u_short ld;
	u_short bytecount;
	u_short ncurses;
     }
   flags;
   static struct option long_options[] =
     {
	  { "help",       0, NULL, 'H'},
	  { "promisc",    0, NULL, 'p'},
	  { "ascii-data", 0, NULL, 'd'},
	  { "filter",     1, NULL, 'f'},
	  { "interface",  1, NULL, 'i'},
	  { "ascii-hex-data", 0, NULL, 'x'},
	  { "log-file",   1, NULL, 'l'},
	  { "check-promisc",  1, NULL, 'P'},
	  { "host-list",  0, NULL, 'm'},
	  { "tcp-stream", 0, NULL, 's'},
	  { "find-gateway",   0, NULL, 'g'},
	  { "reset-connection", 0, NULL, 'r'},
	  { "port-scanner",   0, NULL, 'S'},
	  { "multi-port-scanner", 0, NULL, 'M'},
	  { "find-link",  0, NULL, 'L'},
	  { "daemon-banner",  0, NULL, 'b'},
	  { "check-arp-poisoning", 0, NULL, 'c'},
	  { "ncurses",    0, NULL, 'G'},
	  { "daemon",     0, NULL, 'B'},
	  { "version",    0, NULL, 'V'},
	  { "ld",         1, NULL, '\0'},
	  { "byte-counting", 1, NULL, 'C'},
	  { 0, 0, 0, 0}
     };

   printf ("\n%sNAST \"NETWORK ANALYZER SNIFFER TOOL\"%s\n\n", BOLD, NORMAL);

   if (getuid() || getgid())
     {
        fprintf(stderr, "\nYou must be root, Sorry\n\n");
        return -1;
     }

   /* create L */
   L = libnet_init (LIBNET_LINK, NULL, errbuf);
   /* try to find a suitable device */
   dev = libnet_getdevice(L);

   option_index = 0;
   anip = 0;
   memset (&flags, 0, sizeof (struct FLAGSTRUCT));
   flags.promisc=1; /* set promisc for defaults */
   logname = filter = buffer = ldname = NULL;

   /* get global time */
   tm = time(NULL);
   strftime(timed,60,"%T",localtime(&tm));

   while ((option=getopt_long(argc, argv, "mi:hHpdxl:f:C:P:sgrSLbMcGBV0", long_options, &option_index)) !=EOF)
     switch(option)
       {
        case 'h':
	case 'H':
	  usage(argv[0]);
	  break;
        case 'i':
	  (dev=optarg);
	  break;
	case 'l': /* log to file */
	  flags.l=1;
	  (logname = optarg);
	  break;
        case 'p':
	  flags.promisc=0;
	  break;
        case 'd':
	  flags.data=1;
	  break;
        case 'x':
	  flags.hex=1;
	  break;
	case 'f':
	  flags.f=1;
	  (filter = optarg);
	  break;
	case 'P':
	  flags.ps=1;
	  if (dev!=NULL) /* we have other interface that is not lo */
	    if (strcmp (optarg, "all")) /* != all */
	      {
		 anip = libnet_name2addr4(L, optarg, LIBNET_RESOLVE);
		 if (anip==-1)
		   {
		      fprintf (stderr, "Error: cannot resolve %s\n\n", optarg);
		      libnet_destroy(L);
		      return -1;
		   }
	      }
	      /* if optarg=all -> anip = 0 */
	  break;
	case 's':
	  flags.st=1;
	  break;
	case 'g':
	  flags.gw=1;
	  break;
	case 'r':
	  flags.rt=1;
	  break;
	case 'S':
	  flags.pr = 1;
	  break;
	case 'L':
	  flags.lk=1;
	  break;
	case 'b':
	  flags.banner=1;
	  break;
	case 'M':
	  flags.mp=1;
	  break;
	case 'm':
	  flags.maplan=1;
	  break;
	case 'c':
	  flags.c_arp=1;
	  break;
	case 'B':
	  demonize=1;
	  break;
	case 'C':
	  flags.bytecount=1;
	  (filter = optarg);
	  break;
	case 'G':
#ifdef HAVE_LIBNCURSES
	  flags.ncurses=1;
#else
	  printf ("You haven't compiled with ncurses menu support!\n");
	  printf ("If you want it you *must* install libncurses and recompile nast\n");
	  printf ("\nYou can download it from official web site: http://www.gnu.org/software/ncurses/ncurses.html\n");
	  printf ("or install your distribution binary RPM (remember to install also the -devel package)\n\n");
	  return -1;
#endif
	  break;
	case 'V':
	  printf ("\n%s", BOLD);
	  printf ("Nast \"Network Analyzer Sniffer Tool\" (c) Embyte & Snifth\n");
	  printf ("\nVersion %s", PACKAGE_VERSION);
	  if (uname(&buf)!=-1)
	    {
	       printf (", running on %s %s (%s)", buf.sysname, buf.release, buf.machine);
	    }
	  printf ("%s\n\n", NORMAL);
	  exit(0);

	/* only long options */
	case '\0':
	  if (!strcmp(long_options[option_index].name,"ld"))
	    (ldname = optarg);
	  break;
	default:
	  usage(argv[0]);
	  break;
       }
   /* END OF ARGS SWITCH */

   if (dev==NULL)
     {
	fprintf(stderr, "Cannot find a suitable network interface!\n");
	fprintf(stderr, "Check you connection (ifconfig can help you?)\n\n");
	libnet_destroy(L);
	return -1;
     }

   /* destroy libnet_t *L */
   libnet_destroy(L);

   /* signal handlers */
   signal(SIGKILL, sigexit);
   signal(SIGQUIT, sigexit);
   signal(SIGTERM, sigexit);
   signal(SIGINT, sigexit);

   /* Do we want a log? */
   if (flags.l == 0)
     log = stdout;

   /* RUN PLUGIN ONLY HERE! */
#ifdef HAVE_LIBNCURSES
   if (flags.ncurses) return build_menu();
#endif
   if (flags.banner) return mport (dev, ports, flags.l);
   if (flags.maplan)
     {
	if (map_lan(dev, 1, NULL)==NULL) return 0;
	else return -1;
     }
   if (flags.c_arp) return car (dev,flags.l);
   if (flags.gw) return fgw (dev);
   if (flags.lk) return flink (dev);
   if (flags.rt) return runcplx ('r', dev, flags.l);
   if (flags.st) return runcplx ('s', dev, flags.l);
   if (flags.mp) return runcplx ('M', dev ,flags.l);
   if (flags.pr) return runcplx ('S', dev, flags.l);
   if (flags.ps) return psearch (dev, anip, flags.l);
   if (flags.bytecount) return run_bc (dev, filter);
   /* END OF PLUG_INS */

   /* SNIFF HERE */
   return run_sniffer (flags.promisc, flags.data, flags.hex, flags.f, flags.l, filter, dev, ldname);
}

void usage(char *name)
{
   printf("%s", BOLD);

   printf("Usage: nast [options]\n\n");

   printf("Sniffer options:\n");
   printf("  -i, --interface                    Interface\n");
   printf("                                      if not specified will be autodetected\n");
   printf("  -p, --promisc                      Disable promiscous mode\n");
   printf("  -d, --ascii-data                   Print ascii data\n");
   printf("  -x, --ascii-hex-data               Print ascii-hex data\n");
   printf("  -f, --filter <\"filter\">            Apply filter\n");
   printf("      --ld <filename>                Log sniffed data to <filename> (only payload)\n");
   printf("                                      use -l to log all packets too, useful with -B\n");

   printf("\n");
   printf("Analyzer options:\n");
   printf("  -P, --check-promisc <ip>           Check for NIC promisc node,\n");
   printf("                                      use -P all to query all network NIC\n");
   printf("  -m, --host-list                    Build hosts list of the LAN\n");
   printf("  -s, --tcp-stream                   Follow TCP Stream\n");
   printf("  -g, --find-gateway                 Try to find a valid gateway\n");
   printf("  -r, --reset-connection             Reset a connection (use with caution)\n");
   printf("  -S, --port-scanner                 Syn style port scanner\n");
   printf("  -M, --multi-port-scanner           Port scanner all LAN's host (SYN style)\n");
   printf("  -L, --find-link                    Try to resolve if there's a hub or a switch in LAN\n");
   printf("  -b, --daemon-banner                Catch daemon banner for the hosts in LAN\n");
   printf("  -c, --check-arp-poisoning          Verify if someone is making arp-poisoning\n");
   printf("                                      comparing arp responses\n");
   printf("  -C, --byte-counting <\"filter\">     Apply traffic counting to \"filter\"\n");
   printf("                                      use -C any to disable filter\n");

   printf("\n");
   printf("Graphical options:\n");
   printf("  -G, --ncurses                      Ncurses menu:\n");
   printf("                                      this option is available only if you\n");
   printf("                                      have compiled nast with ncurses support,\n");
   printf("                                      this is the default if I found libncurses\n");
   printf("                                      installed in your *unix-box\n");

   printf("\n");
   printf("Other options:\n");
   printf("  -l, --log-file <filename>          Log reports to file (work with many features)\n");
   printf("  -B, --daemon                       Run in background like demon:\n");
   printf("                                      usefull for sniffer/stream/arp_control logging\n");
   printf("  -V, --version                      Show version information\n");
   printf("  -h, --help                         Print this help\n");

   printf("%s\n", NORMAL);

   exit(0);
}