cd ethereal-0.99.0 ./configure --disable-ethereal --disable-capinfos --disable-editcap --disable-dumpcap --disable-mergecap --disable-text2pcap --disable-idl2eth --disable-randpkt --disable-dftest --disable-ipv6 --disable-threads --without-plugins # création de tous les Makefile ... Verifier que vous ayez : Use pcap library : yes Use zlib library : yes Use pcre library : yes cp Makefile Makefile.ori remove : tap-afpstat tap-ansi_astat tap-bootpstat tap-dcerpcstat tap-funnel tap-gsm_astat tap-h225* tap-mgcpstat tap-rpc* tap-sctp* tap-sip* tap-smb* tap-wsp* cp Makefile Makefile.azwalaro cd ethereal-0.99.0/wiretap cp Makefile Makefile.ori chercher et ne laisser que les formats suivants : am__objects_1 = buffer.lo \ file_access.lo file_wrappers.lo \ libpcap.lo wtap.lo cp Makefile Makefile.azwalaro cp file_access.c file_access.c.ori chercher et ne laisser que les formats suivants : static int (*const open_routines[])(wtap *, int *, char **) = { libpcap_open, ... } dump_open_table[WTAP_NUM_FILE_TYPES] = { /* WTAP_FILE_UNKNOWN */ { NULL, NULL, FALSE, NULL, NULL }, /* WTAP_FILE_WTAP */ { "Wiretap (Ethereal)", NULL, FALSE, NULL, NULL }, /* WTAP_FILE_PCAP */ { "libpcap (tcpdump, Ethereal, etc.)", "libpcap", TRUE, libpcap_dump_can_write_encap, libpcap_dump_open }, }; cp file_access.c file_access.c.azwalaro cp libpcap.c libpcap.c.ori commenter les lignes suivates : // if (wth->file_encap == WTAP_ENCAP_ATM_PDUS) { // if (wth->file_type == WTAP_FILE_PCAP_NOKIA) { ... // atm_guess_traffic_type(buffer_start_ptr(wth->frame_buffer), // wth->phdr.caplen, &wth->pseudo_header); // } else { ... // if (wth->pseudo_header.atm.type == TRAF_LANE) { // atm_guess_lane_type(buffer_start_ptr(wth->frame_buffer), // wth->phdr.caplen, &wth->pseudo_header); // } // } // } ... // if (wth->file_encap == WTAP_ENCAP_ATM_PDUS) { // if (wth->file_type == WTAP_FILE_PCAP_NOKIA) { ... // atm_guess_traffic_type(pd, length, pseudo_header); // } else { ... // if (pseudo_header->atm.type == TRAF_LANE) // atm_guess_lane_type(pd, length, pseudo_header); // } // } ... // if (pseudo_header->atm.type == TRAF_LANE) // atm_guess_lane_type(pd, whdr->caplen, pseudo_header); cp libpcap.c libpcap.c.azwalaro ### cp wtap.c wtap.c.ori ###-> Modif wtap.c ### cp wtap.c wtap.c.azwalaro make cd ethereal-0.99.0/epan/dissectors cp Makefile Makefile.ori chercher et ne laisser que dissecteurs suivants : am__objects_1 = am__objects_2 = \ packet-arp.lo \ packet-data.lo \ packet-eth.lo \ packet-ethertype.lo \ packet-frame.lo \ packet-http.lo \ packet-ieee8023.lo packet-ieee802a.lo \ packet-ip.lo \ packet-llc.lo \ packet-media.lo \ packet-multipart.lo \ packet-null.lo \ packet-raw.lo \ packet-sll.lo \ packet-tcp.lo \ packet-text-media.lo ... DISSECTOR_SRC = \ packet-arp.c \ packet-data.c \ packet-eth.c \ packet-ethertype.c \ packet-frame.c \ packet-http.c \ packet-ieee8023.c \ packet-ieee802a.c \ packet-ip.c \ packet-llc.c \ packet-media.c \ packet-multipart.c \ packet-null.c \ packet-raw.c \ packet-sll.c \ packet-tcp.c \ packet-text-media.c cp Makefile Makefile.azwalaro cp register.c register.c.ori chercher et ne laisser que dissecteurs suivants : void register_all_protocols(void) { {extern void proto_register_arp (void); proto_register_arp ();} {extern void proto_register_data (void); proto_register_data ();} {extern void proto_register_eth (void); proto_register_eth ();} {extern void proto_register_ethertype (void); proto_register_ethertype ();} {extern void proto_register_frame (void); proto_register_frame ();} {extern void proto_register_http (void); proto_register_http ();} {extern void proto_register_ieee802a (void); proto_register_ieee802a ();} {extern void proto_register_ip (void); proto_register_ip ();} {extern void proto_register_llc (void); proto_register_llc ();} {extern void proto_register_media (void); proto_register_media ();} {extern void proto_register_message_http (void); proto_register_message_http ();} {extern void proto_register_multipart (void); proto_register_multipart ();} {extern void proto_register_null (void); proto_register_null ();} {extern void proto_register_raw (void); proto_register_raw ();} {extern void proto_register_sll (void); proto_register_sll ();} {extern void proto_register_tcp (void); proto_register_tcp ();} {extern void proto_register_text_lines (void); proto_register_text_lines ();} } void register_all_protocol_handoffs(void) { {extern void proto_reg_handoff_arp (void); proto_reg_handoff_arp ();} {extern void proto_reg_handoff_eth (void); proto_reg_handoff_eth ();} {extern void proto_reg_handoff_ethertype (void); proto_reg_handoff_ethertype ();} {extern void proto_reg_handoff_frame (void); proto_reg_handoff_frame ();} {extern void proto_reg_handoff_http (void); proto_reg_handoff_http ();} {extern void proto_reg_handoff_ieee802_3 (void); proto_reg_handoff_ieee802_3 ();} {extern void proto_reg_handoff_ieee802a (void); proto_reg_handoff_ieee802a (); } {extern void proto_reg_handoff_ip (void); proto_reg_handoff_ip ();} {extern void proto_reg_handoff_llc (void); proto_reg_handoff_llc ();} {extern void proto_reg_handoff_message_http (void); proto_reg_handoff_message_http ();} {extern void proto_reg_handoff_multipart (void); proto_reg_handoff_multipart ();} {extern void proto_reg_handoff_null (void); proto_reg_handoff_null ();} {extern void proto_reg_handoff_raw (void); proto_reg_handoff_raw ();} {extern void proto_reg_handoff_sll (void); proto_reg_handoff_sll ();} {extern void proto_reg_handoff_tcp (void); proto_reg_handoff_tcp ();} {extern void proto_reg_handoff_text_lines (void); proto_reg_handoff_text_lines ();} } cp register.c register.c.azwalaro cp packet-ethertype.c packet-ethertype.c.ori 142c142 > /* case ETHERTYPE_IPv6: 154c154 > break; */ cp packet-ethertype.c packet-ethertype.c.azwalaro cp packet-llc.c packet-llc.c.ori 298c298 > /* case SAP_NETWARE1: 310c310 > break; */ 344c344 > // capture_ethertype(etype, pd, offset+5, len, ld); 348c348 > // capture_ethertype(etype, pd, offset+5, len, ld); 860c860 > //bpdu_handle = find_dissector("bpdu"); 863,864c863,864 > //fddi_handle = find_dissector("fddi"); > //tr_handle = find_dissector("tr"); 868c868 > //dissector_add("wtap_encap", WTAP_ENCAP_ATM_RFC1483, llc_handle); 870c870 > //dissector_add("ppp.protocol", PPP_LLC, llc_handle); 872,876c872,876 > //dissector_add("udp.port", UDP_PORT_LLC1, llc_handle); > //dissector_add("udp.port", UDP_PORT_LLC2, llc_handle); > //dissector_add("udp.port", UDP_PORT_LLC3, llc_handle); > //dissector_add("udp.port", UDP_PORT_LLC4, llc_handle); > //dissector_add("udp.port", UDP_PORT_LLC5, llc_handle); 878c878 > //dissector_add("fc.ftype", FC_FTYPE_IP, llc_handle); 884c884 > //dissector_add("arcnet.protocol_id", ARCNET_PROTO_BACNET, llc_handle); cp packet-llc.c packet-llc.c.azwalaro cp packet-null.c packet-null.c.ori 490c490 > // ppp_hdlc_handle = find_dissector("ppp_hdlc"); cp packet-null.c packet-null.c.azwalaro cp packet-eth.c packet-eth.c.ori 111c111 > // capture_isl(pd, offset, len, ld); 162c162 > /* case ETHERNET_802_3: 164c164 > break; */ 231c231 > // dissect_isl(tvb, pinfo, parent_tree, fcs_len); 539,541c539,541 > //dissector_add("ethertype", ETHERTYPE_ETHBRIDGE, eth_withoutfcs_handle); > //dissector_add("chdlctype", ETHERTYPE_ETHBRIDGE, eth_withoutfcs_handle); > //dissector_add("gre.proto", ETHERTYPE_ETHBRIDGE, eth_withoutfcs_handle); cp packet-eth.c packet-eth.c.azwalaro cp packet-sll.c packet-sll.c.ori 115c115 > // case LINUX_SLL_P_802_3: 120,121c120,121 > // capture_ipx(ld); > // break; 229c229 > //call_dissector(ipx_handle, next_tvb, pinfo, tree); 302c302 > //ipx_handle = find_dissector("ipx"); cp packet-sll.c packet-sll.c.azwalaro cp packet-raw.c packet-raw.c.ori 60,62c60,62 > // if (BYTES_ARE_IN_FRAME(0,len,2) && pd[0] == 0xff && pd[1] == 0x03) { > // capture_ppp_hdlc(pd, 0, len, ld); > // } 65,67c65,67 > // else if (BYTES_ARE_IN_FRAME(0,len,8) && pd[6] == 0xff && pd[7] == 0x03) { > // capture_ppp_hdlc(pd, 6, len, ld); > // } 69,71c69,71 > // else if (BYTES_ARE_IN_FRAME(0,len,3) && pd[1] == 0xff && pd[2] == 0x03) { > // capture_ppp_hdlc(pd, 1, len, ld); > // } 74c74,75 > // else if (BYTES_ARE_IN_FRAME(0,len,10) && memcmp(pd, zeroes, 10) == 0) { > if (BYTES_ARE_IN_FRAME(0,len,10) && memcmp(pd, zeroes, 10) == 0) { 89,90c90,91 > //#if 0 > // case 0x60: 92,94c93,95 > // capture_ipv6(pd, 0, len, ld); > // break; > //#endif 199c200 > // ipv6_handle = find_dissector("ipv6"); 201c202 > // ppp_hdlc_handle = find_dissector("ppp_hdlc"); cp packet-raw.c packet-raw.c.azwalaro cp packet-arp.c packet-arp.c.ori 1014,1017c1014,1017 > //dissector_add("ethertype", ETHERTYPE_REVARP, arp_handle); > //dissector_add("arcnet.protocol_id", ARCNET_PROTO_ARP_1051, arp_handle); > //dissector_add("arcnet.protocol_id", ARCNET_PROTO_ARP_1201, arp_handle); > //dissector_add("arcnet.protocol_id", ARCNET_PROTO_RARP_1201, arp_handle); cp packet-arp.c packet-arp.c.azwalaro cp packet-http.c packet-http.c.ori 2136,2140c2136,2140 > //dissector_add("tcp.port", TCP_PORT_PROXY_HTTP, http_handle); > //dissector_add("tcp.port", TCP_ALT_PORT_HTTP, http_handle); > //dissector_add("tcp.port", TCP_RADAN_HTTP, http_handle); > //dissector_add("tcp.port", TCP_PORT_PROXY_ADMIN_HTTP, http_handle); > //dissector_add("tcp.port", TCP_PORT_HKP, http_handle); 2146,2148c2146,2148 > //dissector_add("tcp.port", TCP_PORT_SSDP, http_handle); > //http_udp_handle = create_dissector_handle(dissect_http_udp, proto_http); > //dissector_add("udp.port", UDP_PORT_SSDP, http_udp_handle); 2150,2151c2150,2151 > //ntlmssp_handle = find_dissector("ntlmssp"); > //gssapi_handle = find_dissector("gssapi"); cp packet-http.c packet-http.c.azwalaro cp packet-ip.c packet-ip.c.ori 2069c2069 > { "Protocol", "ip.proto1", FT_UINT8, BASE_HEX, NULL, 0x0, 2171,2184c2171,2184 > //dissector_add("ppp.protocol", PPP_IP, ip_handle); > //dissector_add("ppp.protocol", ETHERTYPE_IP, ip_handle); > //dissector_add("gre.proto", ETHERTYPE_IP, ip_handle); > //dissector_add("gre.proto", GRE_WCCP, ip_handle); > //dissector_add("llc.dsap", SAP_IP, ip_handle); > //dissector_add("ip.proto", IP_PROTO_IPIP, ip_handle); > //dissector_add("null.type", BSD_AF_INET, ip_handle); > //dissector_add("chdlctype", ETHERTYPE_IP, ip_handle); > //dissector_add("osinl.excl", NLPID_IP, ip_handle); > //dissector_add("fr.ietf", NLPID_IP, ip_handle); > //dissector_add("x.25.spi", NLPID_IP, ip_handle); > //dissector_add("arcnet.protocol_id", ARCNET_PROTO_IP_1051, ip_handle); > //dissector_add("arcnet.protocol_id", ARCNET_PROTO_IP_1201, ip_handle); > //dissector_add_handle("udp.port", ip_handle); cp packet-ip.c packet-ip.c.azwalaro cp packet-ieee8023.c packet-ieee8023.c.ori 112c112 > // ipx_handle = find_dissector("ipx"); cp packet-ieee8023.c packet-ieee8023.c.azwalaro make cd ethereal-0.99.0/epan cp Makefile Makefile.ori 116c116 < asn1.lo atalk-utils.lo base64.lo bitswap.lo charsets.lo \ > base64.lo bitswap.lo charsets.lo \ 122c122 < ipproto.lo ipv4.lo nstime.lo oid_resolv.lo osi-utils.lo \ > ipproto.lo ipv4.lo nstime.lo osi-utils.lo \ 124c124 < radius_dict.lo range.lo reassemble.lo req_resp_hdrs.lo sha1.lo \ > range.lo reassemble.lo req_resp_hdrs.lo sha1.lo \ 396,397d395 < asn1.c \ < atalk-utils.c \ 428d425 < oid_resolv.c \ 435d431 < radius_dict.c \ 467,468d462 < asn1.h \ < atalk-utils.h \ 514d507 < oid_resolv.h \ 578d570 < radius_dict.l \ 593,594c585 < dtd_preparse.c \ < radius_dict.c > dtd_preparse.c 726,727d716 < include ./$(DEPDIR)/asn1.Plo < include ./$(DEPDIR)/atalk-utils.Plo 762d750 < include ./$(DEPDIR)/oid_resolv.Plo 769d756 < include ./$(DEPDIR)/radius_dict.Plo 1095,1097d1081 < radius_dict.c: radius_dict.l < $(LEX) $^ cp Makefile Makefile.azwalaro cp to_str.c to_str.c.ori 786,813c786,813 > // case AT_IPv6: > // inet_ntop(AF_INET6, addr->data, buf, INET6_ADDRSTRLEN); > // break; > // case AT_IPX: > // g_snprintf(buf, buf_len, "%02x%02x%02x%02x.%02x%02x%02x%02x%02x%02x", addr->data[0], addr->data[1], addr->data[2], addr->data[3], addr->data[4], addr->data[5], addr->data[6], addr->data[7], addr->data[8], addr->data[9]); > // break; > // case AT_SNA: > // sna_fid_to_str_buf(addr, buf, buf_len); > // break; > // case AT_ATALK: > // memcpy(&ddp_addr, addr->data, sizeof ddp_addr); > // atalk_addr_to_str_buf(&ddp_addr, buf, buf_len); > // break; > // case AT_VINES: > // vines_addr_to_str_buf(addr->data, buf, buf_len); > // break; > // case AT_OSI: > // print_nsap_net_buf(addr->data, addr->len, buf, buf_len); > // break; > // case AT_ARCNET: > // g_snprintf(buf, buf_len, "0x%02X", addr->data[0]); > // break; > // case AT_FC: > // g_snprintf(buf, buf_len, "%02x.%02x.%02x", addr->data[0], addr->data[1], addr->data[2]); > // break; > // case AT_SS7PC: > // mtp3_addr_to_str_buf(addr->data, buf, buf_len); > // break; cp to_str.c to_str.c.azwalaro cp epan.c epan.c.ori 24c24 > //#include "oid_resolv.h" 65c65 > // oid_resolv_init(); 82c82 > // oid_resolv_cleanup(); cp epan.c epan.c.azwalaro cp proto.c proto.c.ori 3844c3844 > /* case FT_OID: 3858c3858 > break; */ cp proto.c proto.c.azwalaro cd ethereal-0.99.0 cp tethereal-tap-register.c tethereal-tap-register.c.ori enlever les dissecteurs suivants : afpstat ansi_astat gtkdhcpstat dcerpcstat gtkfunnel gsm_astat h225* mgcpstat rpc* sctp* sip* smb* wsp* cp tethereal-tap-register.c tethereal-tap-register.c.azwalaro cp tethereal.c tethereal.c.ori 736c738 > // initialize_funnel_ops(); 1490c1502 > // funnel_dump_all_text_windows(); cp tethereal.c tethereal.c.azwalaro cp tap-iousers.c tap-iousers.c.ori 600c600 > /* } else if(!strncmp(optarg,"conv,fc",7)){ 617c617 > packet_func=iousers_fddi_packet; */ 636c636 > /* } else if(!strncmp(optarg,"conv,tr",7)){ 653c653 > packet_func=iousers_ipx_packet; */ 663c663 > /* } else if(!strncmp(optarg,"conv,sctp",9)) { 671c671 > packet_func=iousers_sctp_packet; */ 676,677c676,677 > /* fprintf(stderr," \"fc\"\n"); > fprintf(stderr," \"fddi\"\n"); */ 679,680c679,680 > /* fprintf(stderr," \"ipx\"\n"); > fprintf(stderr," \"sctp\"\n"); */ 682c682 > /* fprintf(stderr," \"tr\"\n"); */ cp tap-iousers.c tap-iousers.c.azwalaro cp capture_info.c capture_info.c.ori a enlever : 58d57 < #include 271,280d269 < case WTAP_ENCAP_FDDI: < case WTAP_ENCAP_FDDI_BITSWAPPED: < capture_fddi(pd, caplen, counts); < break; < case WTAP_ENCAP_PRISM_HEADER: < capture_prism(pd, 0, caplen, counts); < break; < case WTAP_ENCAP_TOKEN_RING: < capture_tr(pd, 0, caplen, counts); < break; 284,286d272 < case WTAP_ENCAP_PPP: < capture_ppp_hdlc(pd, 0, caplen, counts); < break; 293,330d278 < case WTAP_ENCAP_LINUX_ATM_CLIP: < capture_clip(pd, caplen, counts); < break; < case WTAP_ENCAP_IEEE_802_11: < case WTAP_ENCAP_IEEE_802_11_WITH_RADIO: < capture_ieee80211(pd, 0, caplen, counts); < break; < case WTAP_ENCAP_IEEE_802_11_WLAN_RADIOTAP: < capture_radiotap(pd, 0, caplen, counts); < break; < case WTAP_ENCAP_CHDLC: < capture_chdlc(pd, 0, caplen, counts); < break; < case WTAP_ENCAP_LOCALTALK: < capture_llap(counts); < break; < case WTAP_ENCAP_ATM_PDUS: < capture_atm(pseudo_header, pd, caplen, counts); < break; < case WTAP_ENCAP_IP_OVER_FC: < capture_ipfc(pd, caplen, counts); < break; < case WTAP_ENCAP_ARCNET: < capture_arcnet(pd, caplen, counts, FALSE, TRUE); < break; < case WTAP_ENCAP_ARCNET_LINUX: < capture_arcnet(pd, caplen, counts, TRUE, FALSE); < break; < case WTAP_ENCAP_APPLE_IP_OVER_IEEE1394: < capture_ap1394(pd, 0, caplen, counts); < break; < case WTAP_ENCAP_FRELAY: < case WTAP_ENCAP_FRELAY_WITH_PHDR: < capture_fr(pd, 0, caplen, counts); < break; < case WTAP_ENCAP_ENC: < capture_enc(pd, caplen, counts); < break; cp capture_info.c capture_info.c.azwalaro make tethereal check if tethereal start : export LD_LIBRARY_PATH=/usr/src/ethereal/ethereal-0.99.0/epan/.libs:/usr/src/ethereal/ethereal-0.99.0/wiretap/.libs /usr/src/ethereal/ethereal-0.99.0/tethereal -ta -nr ~/azwalaro/test2httpuriandcontent.pcap -d tcp.port==80,http -R 'ip.src==0.0.0.0/0 and tcp.port==80 and http.request.uri contains "\x3D\x25"'