icmpinfo-1.11/004075500000000000002000000000000602036347300130345ustar00rootbin00000000000000icmpinfo-1.11/print.c000064400000000000003000000146410602035570500144040ustar00rootsys00000000000000/* * Show ICMP packets incoming (and detect bombs) * modified from ping * (c) 1994/1995 - Laurent Demailly - * as is, no warranty,... see LICENSE for copying,... */ /* note : the original bsd code was *very* buggy !!! it should be ok, now */ #include "defs.h" #ifndef ANSI_OFFSETOF #ifndef offsetof # define offsetof(t,m) (int)((&((t *)0L)->m)) #endif #endif char to_hex(a) int a; { return ((char)(a <= 9 ? a + '0' : (a -10) + 'A')); } int pr_pack(buf, cc, from) char *buf; /* ptr to start of IP header */ int cc; /* total size of received packet */ struct sockaddr_in *from; /* address of sender */ { int iphdrlen,doipdecoding=1; struct ip *ip; /* ptr to IP header */ register struct icmp *icp; /* ptr to ICMP header */ struct tcphdr *tp; /* ptr to TCP header */ time_t t; char *pr_type(),*pr_subtype(),*strtime; struct hostent *hostent=NULL; struct servent *servent=NULL; static char prbuf[1024]; /* provide enough room for even the longest hosts*/ /* * We have to look at the IP header, to get its length. * We also verify that what follows the IP header contains at * least an ICMP header (8 bytes minimum). */ ip = (struct ip *) buf; iphdrlen = ip->ip_hl << 2; /* convert # 16-bit words to #bytes */ if (cc < iphdrlen + ICMP_MINLEN) { sprintf(prbuf,"packet too short (%d bytes) from %s", cc, inet_ntoa(from->sin_addr)); if (syslogdoutput) { syslog(LOG_WARNING,"%s",prbuf); } else { puts(prbuf); fflush(stdout); } return -1; } cc -= iphdrlen; icp = (struct icmp *)(buf + iphdrlen); switch (icp->icmp_type) { case ICMP_ECHO : case ICMP_ECHOREPLY : doipdecoding=0; if (verbose<2) break; case ICMP_SOURCEQUENCH : case ICMP_TIMXCEED : case ICMP_REDIRECT : if (!verbose) break; default : if (!nonamequery) { hostent=gethostbyaddr((char*)&(from->sin_addr.s_addr), sizeof (struct in_addr), AF_INET); } if (!syslogdoutput) { t=time((time_t *)NULL); strtime=ctime(&t); strtime+=4; /* skip day name */ strtime[15]=0; /* keep MMM DD HH:MM:SS */ printf("%s ",strtime); } sprintf(prbuf,hostent?"ICMP_%s%s < %s [%s]":"ICMP_%s%s < %s", pr_type(icp->icmp_type), icp->icmp_type==ICMP_UNREACH?pr_subtype(icp->icmp_code):"", inet_ntoa(from->sin_addr), hostent?hostent->h_name:NULL ); if ( doipdecoding && ( cc >= offsetof(struct icmp,icmp_ip.ip_src)+sizeof(icp->icmp_ip.ip_dst) ) ) { if (showsrcip) { /* icp->icmp_ip.ip_src.s_addr == local host, show it only if requested (might be usefull for host with several interfaces */ if (!nonamequery) { hostent=gethostbyaddr((char*)&(icp->icmp_ip.ip_src.s_addr), sizeof (struct in_addr), AF_INET); } sprintf(prbuf+strlen(prbuf),hostent?" - %s [%s]":" - %s", inet_ntoa(icp->icmp_ip.ip_src), hostent?hostent->h_name:NULL); } if (cc>=offsetof(struct icmp,icmp_ip.ip_dst)+sizeof(icp->icmp_ip.ip_dst)) { if (!nonamequery) { hostent=gethostbyaddr((char*)&(icp->icmp_ip.ip_dst.s_addr), sizeof (struct in_addr), AF_INET); } sprintf(prbuf+strlen(prbuf),hostent?" > %s [%s]":" > %s", inet_ntoa(icp->icmp_ip.ip_dst), hostent?hostent->h_name:NULL); tp = (struct tcphdr *)((char *)&(icp->icmp_dun)+sizeof(struct ip)) ; if (cc>=offsetof(struct icmp,icmp_dun)+sizeof(struct ip)+offsetof(struct tcphdr,th_seq)+sizeof(tp->th_seq)) { if (noportquery) { sprintf(prbuf+strlen(prbuf)," sp=%d dp=%d seq=0x%8.8x", ntohs(tp->th_sport),ntohs(tp->th_dport), ntohl(tp->th_seq)); } else { if ((servent=getservbyport(ntohs(tp->th_sport),NULL))) sprintf(prbuf+strlen(prbuf)," sp=%d [%s]", ntohs(tp->th_sport),servent->s_name); else sprintf(prbuf+strlen(prbuf)," sp=%d",tp->th_sport); if ((servent=getservbyport(ntohs(tp->th_dport),NULL))) sprintf(prbuf+strlen(prbuf)," dp=%d [%s] seq=0x%8.8x", ntohs(tp->th_dport),servent->s_name, ntohl(tp->th_seq)); else sprintf(prbuf+strlen(prbuf)," dp=%d seq=0x%8.8x", ntohs(tp->th_dport),ntohl(tp->th_seq)); } } } } sprintf(prbuf+strlen(prbuf)," sz=%d(+%d)",cc,iphdrlen); if (syslogdoutput) { syslog(LOG_NOTICE,"%s",prbuf); } else { puts(prbuf); fflush(stdout); if (verbose>2) { /* hexa dump adapted from a file dump by dl (me!) */ /* certainly not the smartest around, but it works !*/ static char h[] = " "; static char a[] = " "; int i,j,b,n, flagNEof; unsigned char *pbuf=(unsigned char *)buf; n = 0; flagNEof = 1; while (flagNEof) { i = j = 0; while (i < 16 && (flagNEof = cc--)) { b= (int)(*(pbuf++)); h[j++] = to_hex(b >> 4); h[j++] = to_hex(b & 0x0F); j += i % 2 + ((i == 7) << 1); a[i++] = (b > 31 && b < 127) ? b : '.'; } if (i==0) break; while (i < 16) { h[j++] = ' '; h[j++] = ' '; j += i % 2 + ((i == 7) << 1); a[i++] = ' '; } printf("%04X : %s %s\n", n, h, a); n += 16; } } } } return 0; } /* * Convert an ICMP "type" field to a printable string. * This is called for ICMP packets that are received that are not * ICMP_ECHOREPLY packets. */ char * pr_type(t) register int t; { static char *ttab[] = { "Echo_Reply", "1", "2", "Dest_Unreachable", "Source_Quench", "Redirect", "6", "7", "Echo", "RouterAdvert", "Router_Solicit", "Time_Exceeded", "Parameter_Problem", "Timestamp", "Timestamp_Reply", "Info_Request", "Info_Reply", "Mask_Request", "Mask_Reply" }; if (t < 0 || t > 18) { static char buf[80]; sprintf(buf,"OUT_OF_RANGE(%d)",t); return(buf); } return(ttab[t]); } /* * Convert an ICMP UNREACH sub-"type" field to a printable string. */ char * pr_subtype(t) register int t; { static char *ttab[] = { "Net", "Host", "Protocol", "Port", "Frag", "Source", "DestNet", "DestHost", "Isolated", "AuthNet", "AuthHost", "NetSvc", "HostSvc", "Filtered", "PrecdViolation", "PrecdCut" }; static char buf[80]; if (t < 0 || t > 15) { sprintf(buf,"[OUT_OF_RANGE(%d)]",t); } else { sprintf(buf,"[%s]",ttab[t]); } return(buf); } rt an ICMP UNREACH sub-"type" field to a printable string. */ char * pr_subtype(t) register iicmpinfo-1.11/icmpinfo.c000064400000000000003000000101360602036340200150400ustar00rootsys00000000000000/* * icmpinfo * It is a tool to look at the icmp you receive * Its source comes from a modified BSD ping source by Laurent Demailly * * (c) 1995 by Laurent Demailly - * it comes AS IS - no warranty, etc... * see LICENSE * * see the README for usage infos...etc... * */ /* * Copyright (c) 1987 Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms are permitted * provided that the above copyright notice and this paragraph are * duplicated in all such forms and that any documentation, * advertising materials, and other materials related to such * distribution and use acknowledge that the software was developed * by the University of California, Berkeley. The name of the * University may not be used to endorse or promote products derived * from this software without specific prior written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #ifndef lint char copyright[] = "@(#) Copyright (c) 1987 Regents of the University of California.\n\ All rights reserved.\n augmented 94/8-95 by dl\n"; #endif /* not lint */ #ifndef lint static char sccsid[] = "@(#)ping.c 4.10 (Berkeley) 10/10/88 - $Author: icmpinfo-1.11 - Laurent Demailly - 8/1995 $"; #endif /* not lint */ #define DCLARE /* def : */ #include "defs.h" /* * P I N G . C * * Using the InterNet Control Message Protocol (ICMP) "ECHO" facility, * measure round-trip-delays and packet loss across network paths. * * Author - * Mike Muuss * U. S. Army Ballistic Research Laboratory * December, 1983 * Modified at Uc Berkeley * * Original ping status - * Public Domain. Distribution Unlimited. * see LICENSE for icmpinfo distribution and modifications conditions. * * Bugs - * More statistics could always be gathered. * This program has to run SUID to ROOT to access the ICMP socket. */ char usage[] = "Usage: icmpinfo [-v[v[v]]] [-s] [-n] [-p] [-l]\n -v : more and more info\n -s : show local interface address\n -n : no name query (dot ip only)\n -p : no port -> service name query\n -l : fork + syslog output\nv1.11 - 8/1995 - dl"; char *pname; int main(argc, argv) int argc; char **argv; { int sockoptions, on; struct protoent *proto; on = 1; pname = argv[0]; argc--; argv++; sockoptions=nonamequery=noportquery=syslogdoutput=showsrcip=0; while (argc > 0 && *argv[0] == '-') { while (*++argv[0]) switch (*argv[0]) { case 'd': sockoptions |= SO_DEBUG; break; case 'r': sockoptions |= SO_DONTROUTE; break; case 'v': verbose++; break; case 'n': nonamequery++; break; case 'p': noportquery++; break; case 'l': syslogdoutput++; break; case 's': showsrcip++; break; case 'h': default : err_quit(usage); } argc--, argv++; } if (argc!=0) err_quit(usage); if ( (proto = getprotobyname("icmp")) == NULL) err_quit("unknown protocol: icmp"); if ( (sockfd = socket(AF_INET, SOCK_RAW, proto->p_proto)) < 0) err_sys("can't create raw socket (root and/or bit s needed)"); if (sockoptions & SO_DEBUG) if (setsockopt(sockfd, SOL_SOCKET, SO_DEBUG, &on, sizeof(on)) < 0) err_sys("setsockopt SO_DEBUG error"); if (sockoptions & SO_DONTROUTE) if (setsockopt(sockfd, SOL_SOCKET, SO_DONTROUTE, &on, sizeof(on)) < 0) err_sys("setsockopt SO_DONTROUTE error"); if (syslogdoutput) { if (getuid()!=0) err_quit("You need root id to use the syslog/daemon -l option"); if (fork()) {exit(0);} /* Can't check openlog & syslog retcodes 'cause lot of unixes have void openlog(); and void syslog(); !! */ openlog("icmpinfo",0,LOG_DAEMON); syslog(LOG_NOTICE,"started, PID=%d.",getpid()); setsid(); close(0); close(1); close(2); } else { printf("icmpinfo: Icmp monitoring in progress...\n"); } recv_ping(); /* and start the receive */ /* NOTREACHED */ return(0); } )!=0) err_quit("You need root id to use the syslog/daemon -l option"); if (fork()) {exit(0);} /* Can't check openlog & syslog retcodes 'cause lot of unixes have void openlog(); and void syslog(); !! */ openlog("icmpinfo",0,LOG_DAEMON); syslog(LOG_NOTICE,"started, PID=%d.",getpid()); setsid(); close(0); close(1); close(2); } else { printf("icmpinfo: Icmp monitoring in icmpinfo-1.11/README000064400000000000003000000104130602036344700137570ustar00rootsys00000000000000Vers 1.11.4 - 28 August 95 ICMPINFO: icmpinfo is a tool for looking at the icmp messages received on the running host. The source code is written by Laurent Demailly, and comes from an heavily modified BSD ping source; it comes AS IS - no warranty, etc... see LICENSE need to be chmod 4555 , chown root, or run as root [like ping] USAGE: icmpinfo o Gives info about weird packets only [mainly icmp_unreachable]. icmpinfo -v o Gives info about all icmp packets [that includes your own traceroutes...] except pings (icmp_echo_reply). icmpinfo -vv o To see pings too. icmpinfo -vvv o Will add an ascci/hexa dump of the packet. icmpinfo -n o Avoids name queries (faster, lighter). icmpinfo -p o Avoids port number to service name queries (faster, lighter). icmpinfo -s o Also decode the ip_src field which is the address of the interface receiving the packet. This option is not usefull for hosts with a single network interface. icmpinfo -l o Run like a daemon (forks) and output to SYSLOG. (It now checks that you are root for that) The output format is as follows (output can be shorter for some icmp messages (like for echo/echo_reply (pings)) and the field names intend to be fully meaningful for icmp unreachables packets mainly (default behaviour)) : MMM DD HH:MM:SS ICMP_type[sub-type] < sender_ip [sender_name] > unreach_ip [unreach_name] sp=source_port [src_port_name] dp=dest_port [dest_port_name] seq=sequence sz=packet_size or if you use -s option : MMM DD HH:MM:SS ICMP_type[sub-type] < sender_ip [sender_name] - my_ip [my_name] > unreach_ip [unreach_name] sp=source_port [src_port_name] dp=dest_port [dest_port_name] seq=sequence sz=packet_size (Real output will be on one line, it has been show cut here.) Sample bomb output : date&time ICMP_Dest_Unreachable[Port/Source/...] < bomber > bombed ... service bombed ... Note that to be a bomb 'bomber' must not be one of the router between you and 'bombed' [in that case, it is just a normal net break,...] double check with traceroute,...etc... before complaining ! Also note that port number/service can be easily faked by bombing programs. I'll suggest that you leave icmpinfo running all time (with -l, or -lnp for minimal resource consumption (also see NOTE below)) and recording its output for further reference. It is a very light process using only few kbytes of memory and almost no cpu. It is free software, see the LICENSE file. [plus Berkeley (c) where applicable] The latest version should always be avaliable via anonymous ftp on hplyot.obspm.fr:/net/icmpinfo-*.tar.gz It is now mirrored on ftp.sunet.se:/pub/network/monitoring/icmpinfo/icmpinfo-*.tar.gz ftp.leo.org:/pub/comp/networking/net-tools/icmpinfo/icmpinfo-*.tar.gz and also (maybe less uptodate) on : ftp.funet.fi:/pub/unix/networking/icmpinfo-*.tar.gz If you have W3 access, have a look at http://hplyot.obspm.fr/~dl/icmpinfo.html INSTALLATION ------------ o If you plan to use syslog(3) facility (-l) and don't want the default daemon.notice output, edit icmpinfo.c and change ligne 128. o Have a look at the makefile, make, and maybe look at defs.h if you have compile errors/includes missing (some linux boxes might need a symlink). o Copy icmpinfo to your favorite bin path, chown root icmpinfo, chmod 4555 icmpinfo. Copy icmpinfo.man to your MANPATH/man1/icmpinfo.1 IMPORTANT NOTE : *If* you machine is running a named (is a name server) you MUST USE -n when leaving icmpinfo unattended, to avoid some possible looping, when icmpinfo tries to resolve an ip in an unreachable domain. [this problem of domain generated icmps has been worked upon... but I found no satisfary solutions, suggestions welcome, maybe a solution for v1.12 !] If you have any problems and/or suggestion, drop me a mail... Enjoy ! dl - Laurent Demailly - finger for PGP key Credits - Thanx to Vesa for help in debugging buggy bsd code! To Dave for providing the original man page! And to ScottM for making my english readable! Note 1 - icmpinfo distribution now includes PGP signed md5 CHECKSUMS Note 2 - read the file CHANGES to get information about new features. ion for v1.12 !] If you have any problems and/or suggestion, drop me a mail... Enjoy ! dl - Laurent Demailly - finger for PGP key Credits - Thanx to Vesa for help in debugging buicmpinfo-1.11/defs.h000064400000000000003000000031150557112275000141720ustar00rootsys00000000000000/* * Includes, defines and global variables used between functions. */ #include #include extern int errno; #include #include #include #include /* On Linux you might also need to symlink /usr/include/netinet/in_system.h to /usr/src/linux/include/linux/in_system.h */ #include #include #include /* maybe change this when linux will include a complete include tree : */ #ifdef linux #include "linux_ip_icmp.h" #else #include #endif #include #include #include #include /* * Beware that the outgoing packet starts with the ICMP header and * does not include the IP header (the kernel prepends that for us). * But, the received packet includes the IP header. */ #define MAXPACKET 4096 /* max packet size */ #ifndef DCLARE #define DCLARE extern #endif DCLARE int verbose; /* enables additional error messages */ DCLARE u_char recvpack[MAXPACKET]; /* the received packet */ DCLARE int sockfd; /* socket file descriptor */ char *inet_ntoa(); /* BSD library routine */ DCLARE int nonamequery; /* flag for query/noquery of ip -> name */ DCLARE int showsrcip; /* flag for showing or not src ip */ DCLARE int syslogdoutput; /* flag for stdoutput / syslogd output */ DCLARE int noportquery; /* flag for query/noquery of port -> serv name */ /* on some hosts (linux) netinet/ip_icmp.h is missing/empty : */ #ifndef ICMP_MINLEN int bug=You_need_an_non_empty_netinet_ip_icmp_h; #endif /* socket file descriptor */ char *inet_ntoa(); /* BSD library routine */ DCLARE int nonamequery; /* flag for query/noquery of ip -> name */ DCLARE int showsrcip; /* flag for showing or not src ip */ DCLARE int syslogdoutput; /* flag for stdoutput / syslogd output */ DCLARE int noportquery; /* flag for query/noquery of port -> serv name */ /* on some hosts (linux) netinet/ip_icmp.h is missing/empty : */icmpinfo-1.11/DOC000064400000000000003000000000000602036344700164571icmpinfo-1.11/READMEustar00rootsys00000000000000icmpinfo-1.11/icmpinfo.man000064400000000000003000000031710602036002100153640ustar00rootsys00000000000000.TH ICMPINFO 1 "V1.11 - 28 August 1995" "dl's free utilities" .SH NAME icmpinfo \- interpret ICMP messages .SH SYNOPSIS .B icmpinfo [\-v[v[v]]] [\-n] [\-p] [\-s] [\-l] .SH DESCRIPTION .BR Icmpinfo is a tool for looking at the ICMP messages received on the running host. It can be used to detect and record 'bombs' as well as various network problems. The output format is as follows (all on one line): MMM DD HH:MM:SS ICMP_type[sub-type] .br < sender_ip [sender_name] > unreach_ip [unreach_name] .br sp=source_port dp=dest_port seq=sequence sz=packet_size In normal operation, .B icmpinfo will only report on "weird" packets, mainly icmp_unreachable. .SH OPTIONS .TP .I "\-v" Give information about all icmp packets, excepts pings. .TP .I "\-vv" Give about pings too (i.e. icmp_echo_reply). .TP .I "\-vvv" Include an ascii/hex dump of each packet .TP .I "\-n" Avoid name queries - just give IP addresses. (use this option when running unattended on name server hosts (to avoid possible looping)) .TP .I "\-p" Avoid port number to service name decoding. .TP .I "\-s" Show the interface ip that received the packet. Usefull only if your host has several network interfaces. In this case an '- my_ip [my_name]' is added between the sender and unreach ip and name fields. .TP .I "\-l" Forks and use the syslog(3) facility to record events (recomended use). (root only option). .SH WARNINGS The packet decoding is planned for ICMP Unreachable outputs and might not be significant for all other Icmp types. Output can be shorter when implied by the packet size or the icmp type. .SH AUTHOR Laurent Demailly . Free software. f your host has several network interfaces. In this case an '- my_ip [my_name]' is added between the sender and unreach ip and name fields. .TP .I "\-l" Forks and use the syslog(3) facility to record events (recomended use). (root only option). .SH WARNINGS The packet decoding is planned for ICMP Unreachable outputs and might not be significant for all other Icmp types. Output can be shoicmpinfo-1.11/NocTools.Infos000064400000000000003000000026100601461422600156340ustar00rootsys00000000000000 NAME icmpinfo KEYWORDS alarm, analyser, security; IP ; ; UNIX ; Free ABSTRACT IcmpInfo monitors incoming ICMP packets. It can be used to detect and record 'bombs' as well as various network problems. MECHANISM IcmpInfo simply listens to the Icmp protocol socket and decodes incoming packets with some filtering & verbosity tuning. It can be run as a permanent daemon, with outputs to syslog. CAVEATS None. BUGS None known. LIMITATIONS Must be run as super-user or be setuid root to access Icmp port. The packet decoding is only fully meaningfull for Icmp Unreachable packets. HARDWARE REQUIRED No restrictions. SOFTWARE REQUIRED Any Unix or related OS with a C compiler and BSD Socket library. AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL The source code is written by Laurent Demailly, and came from a modified BSD ping source; it is supplied AS IS - no warranty, etc... Suggestions, bugs, comments, etc. can be sent to the author via e-mail : IcmpInfo sources are available freely via anonymous FTP from hplyot.obspm.fr:/net/icmpinfo-*.tar.gz and also on ftp.funet.fi:/pub/unix/networking/icmpinfo-*.tar.gz If you have WWW access have a look at http://hplyot.obspm.fr/~dl/icmpinfo.html CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY Laurent Demailly DATE OF MOST RECENT UPDATE TO THIS CATALOG ENTRY 950817 o warranty, etc... Suggestions, bugs, comments, etc. can be sent to the author via e-mail : Icmicmpinfo-1.11/recvping.c000064400000000000003000000010500551324064400150540ustar00rootsys00000000000000/* * Infinite loop to receive every ICMP packet received on the socket. * For every packet that's received, we just call pr_pack() to look * at it and print it. */ #include "defs.h" int recv_ping() { register int n; int fromlen; struct sockaddr_in from; for ( ; ; ) { fromlen = sizeof(from); if ( (n = recvfrom(sockfd, recvpack, sizeof(recvpack), 0, (struct sockaddr *) &from, &fromlen)) < 0) { if (errno == EINTR) continue; /* normal */ err_ret("recvfrom error"); continue; } pr_pack(recvpack, n, &from); } } P packet received on the socket. * For every packet that's received, we just call pr_pack() to look * at it and print it. */ #include "defs.h" int recv_ping() { register int n; int fromlen; struct sockaddr_in from; for ( ; ; ) { fromlen = sizeof(from); if ( (n = recvfrom(sockfd, recvpack, sizeof(recvpack), 0, (struct sockaddr *) &from, &fromlen)) < 0) { if (errno == EINTR) continue; /* normal */ err_ret("recvfrom error"); continue; icmpinfo-1.11/Makefile000064400000000000003000000015050601461664600145460ustar00rootsys00000000000000# # Minimal makefile for 'icmpinfo' # a tool to look at the icmp you receive # modified from BSD ping by Laurent Demailly # # # see man page & README (Installation section at least) VERS = 1.11 # You may need to add libraries here : # like for Solaris, uncomment next line : #LDLIBS= -lsocket -lnsl # To override default compiler flags : #CFLAGS=-O2 -s # To change default compiler #CC=gcc RM = rm -f LDFLAGS= $(CFLAGS) OBJECTS= recvping.o print.o err.o icmpinfo.o TARGET = icmpinfo $(TARGET): $(OBJECTS) $(CC) $(LDFLAGS) -o $@ $(OBJECTS) $(LDLIBS) tgz: clean rm -f CHECKSUMS.asc md5sum * > ../CHECKSUMS mv ../CHECKSUMS . pgp -asw CHECKSUMS chmod 444 CHECKSUMS.asc cd .. ; tar cvf icmpinfo-$(VERS).tar icmpinfo-$(VERS) ; gzip icmpinfo-$(VERS).tar clean: $(RM) $(OBJECTS) $(TARGET) core *~ nsl # To override default compiler flags : #CFLAGS=-O2 -s # To change default compiler #CC=gcc RM = rm -f LDFLAGS= $(CFLAGS) OBJECTS= recvping.o print.o err.o icmpinfo.o TARGET = icmicmpinfo-1.11/CHANGES000064400000000000003000000033510602035553300140720ustar00rootsys00000000000000IcmpInfo - Version history - by dl =================================== 1.11.2- Added new copyright statement and the Artistic LICENSE file. 1.11.1- Fixed icmpinfo url in documentation, added new mirror in Readme Added new icmp unreach subtypes Improved icmp out of range (new ones) display 1.10- Applied Arnt Gulbrandsen fix for fixing conversion from net order to host order for little-endian machines (thanks!). Added warning about domain loops in README. 1.9 - Added a new port number->service name decoding, and option -p to disable this decoding. Changed print.c to remove [-no name-] and get a nicer and shorter output when there is no name for ip or it is not aksed for (-n). removed openlog&syslog check, 'cause some unixes don't have a retcode for these functions :/. Improved the doc & manpage. fixed typo source quence -> quench. fixed typo sp= twice. 1.8 - better syslog error proofing. now prevents ip decoding for icmps echo (pings) where it meant nothing (change visible only with -vv). added a test so -l option is usable by root only. added -s (for hosts with more than one interface). updated documentation. 1.7 - added support .h for linux - fixed .man 1.6 - rewrote long & buggy error.c into simple err.c - added new icmps compiles on netbsd, ... 1.5 - added fflush - added syslog -l option 1.4 - fixed a bug in the dump (unsigned/signed char problem) - added hdrlen 1.3 - included a good hex/ascii dump for -vvv - various improvments (main) 1.2 - works good, added -n (no name query) , 3 levels of -v - Makefile 1.1 - minimal version, dumps core on sun's because of bugs in bsd source! 1.0 - first hack in ping source to get some icmp info nux - fixed .man 1.6 - rewrote long & buggy error.c into simple err.c - added new icmps compiles on netbsd, ... 1.5 - added fflush - added syslog -l option 1.4 - fixed a bug in the dump (unsigned/signed char problem) - added hdrlen 1.3 - included a good hex/ascii dump for icmpinfo-1.11/err.c000064400000000000003000000004670555600642000140410ustar00rootsys00000000000000#include extern char *pname; int err_quit(str) char *str; { fprintf(stderr,"%s: %s\n",pname,str); exit(1); } int err_sys(str) char *str; { perror(pname); fprintf(stderr,"\t%s\n",str); exit(2); } int err_ret(str) char *str; { fprintf(stderr,"%s: %s\n",pname,str); return 0; } new icmps compiles on netbsd, ... 1.5 - added fflush - added syslog -l option 1.4 - fixed a bug in the dump (unsigned/signed char problem) - added hdrlen 1.3 - included a good hex/ascii dump for icmpinfo-1.11/linux_ip_icmp.h000064400000000000003000000073170556414527500161310ustar00rootsys00000000000000/* stolen from tcpdump */ #ifndef _netinet_ip_icmp_h #define _netinet_ip_icmp_h struct icmp { u_char icmp_type; /* type of message, see below */ u_char icmp_code; /* type sub code */ u_short icmp_cksum; /* ones complement cksum of struct */ union { u_char ih_pptr; /* ICMP_PARAMPROB */ struct in_addr ih_gwaddr; /* ICMP_REDIRECT */ struct ih_idseq { n_short icd_id; n_short icd_seq; } ih_idseq; int ih_void; } icmp_hun; #define icmp_pptr icmp_hun.ih_pptr #define icmp_gwaddr icmp_hun.ih_gwaddr #define icmp_id icmp_hun.ih_idseq.icd_id #define icmp_seq icmp_hun.ih_idseq.icd_seq #define icmp_void icmp_hun.ih_void struct ip { u_char ip_hl:4, /* header length */ ip_v:4; /* version */ u_char ip_tos; /* type of service */ short ip_len; /* total length */ u_short ip_id; /* identification */ short ip_off; /* fragment offset field */ #define IP_DF 0x4000 /* dont fragment flag */ #define IP_MF 0x2000 /* more fragments flag */ u_char ip_ttl; /* time to live */ u_char ip_p; /* protocol */ u_short ip_sum; /* checksum */ struct in_addr ip_src,ip_dst; /* source and dest address */ }; union { struct id_ts { n_time its_otime; n_time its_rtime; n_time its_ttime; } id_ts; struct id_ip { struct ip idi_ip; /* options and then 64 bits of data */ } id_ip; u_long id_mask; char id_data[1]; } icmp_dun; #define icmp_otime icmp_dun.id_ts.its_otime #define icmp_rtime icmp_dun.id_ts.its_rtime #define icmp_ttime icmp_dun.id_ts.its_ttime #define icmp_ip icmp_dun.id_ip.idi_ip #define icmp_mask icmp_dun.id_mask #define icmp_data icmp_dun.id_data }; #define ICMP_MINLEN 8 /* abs minimum */ #define ICMP_TSLEN (8 + 3 * sizeof (n_time)) /* timestamp */ #define ICMP_MASKLEN 12 /* address mask */ #define ICMP_ADVLENMIN (8 + sizeof (struct ip) + 8) /* min */ #define ICMP_ADVLEN(p) (8 + ((p)->icmp_ip.ip_hl << 2) + 8) /* N.B.: must separately check that ip_hl >= 5 */ #define ICMP_ECHOREPLY 0 /* echo reply */ #define ICMP_UNREACH 3 /* dest unreachable, codes: */ #define ICMP_UNREACH_NET 0 /* bad net */ #define ICMP_UNREACH_HOST 1 /* bad host */ #define ICMP_UNREACH_PROTOCOL 2 /* bad protocol */ #define ICMP_UNREACH_PORT 3 /* bad port */ #define ICMP_UNREACH_NEEDFRAG 4 /* IP_DF caused drop */ #define ICMP_UNREACH_SRCFAIL 5 /* src route failed */ #define ICMP_SOURCEQUENCH 4 /* packet lost, slow down */ #define ICMP_REDIRECT 5 /* shorter route, codes: */ #define ICMP_REDIRECT_NET 0 /* for network */ #define ICMP_REDIRECT_HOST 1 /* for host */ #define ICMP_REDIRECT_TOSNET 2 /* for tos and net */ #define ICMP_REDIRECT_TOSHOST 3 /* for tos and host */ #define ICMP_ECHO 8 /* echo service */ #define ICMP_TIMXCEED 11 /* time exceeded, code: */ #define ICMP_TIMXCEED_INTRANS 0 /* ttl==0 in transit */ #define ICMP_TIMXCEED_REASS 1 /* ttl==0 in reass */ #define ICMP_PARAMPROB 12 /* ip header bad */ #define ICMP_TSTAMP 13 /* timestamp request */ #define ICMP_TSTAMPREPLY 14 /* timestamp reply */ #define ICMP_IREQ 15 /* information request */ #define ICMP_IREQREPLY 16 /* information reply */ #define ICMP_MASKREQ 17 /* address mask request */ #define ICMP_MASKREPLY 18 /* address mask reply */ #define ICMP_MAXTYPE 18 #define ICMP_INFOTYPE(type) \ ((type) == ICMP_ECHOREPLY || (type) == ICMP_ECHO || \ (type) == ICMP_TSTAMP || (type) == ICMP_TSTAMPREPLY || \ (type) == ICMP_IREQ || (type) == ICMP_IREQREPLY || \ (type) == ICMP_MASKREQ || (type) == ICMP_MASKREPLY) #endif /*!_netinet_ip_icmp_h*/ ine ICMP_IREQ 15 /* information request */ #define ICMP_IREQREPLY 16 /* information reply */ #define ICMP_MASKREQ 17 /* address mask request */ #define ICMP_MASKREPLY 18 /* address mask reply */ #define ICMP_MAXTYPE 18 #define ICMP_INFOTYPE(type) \ ((type) == ICMP_ECHOREPLY || (type) == ICMP_icmpinfo-1.11/TODO000064400000000000003000000000550601461226200135630ustar00rootsys00000000000000 + Better DNS handling + Flexible filtering ICMP_TSTAMPREPLY || \ (type) == ICMP_IREQ || (type) == ICMP_IREQREPLY || \ (type) == ICMP_MASKREQ || (type) == ICMP_MASKREPLY) #endif /*!_netinet_ip_icmp_h*/ ine ICMP_IREQ 15 /* information request */ #define ICMP_IREQREPLY 16 /* information reply */ #define ICMP_MASKREQ 17 /* address mask request */ #define ICMP_MASKREPLY 18 /* address mask reply */ #define ICMP_MAXTYPE 18 #define ICMP_INFOTYPE(type) \ ((type) == ICMP_ECHOREPLY || (type) == ICMP_icmpinfo-1.11/LICENSE000064400000000000003000000111220602035775400141060ustar00rootsys00000000000000 The "Artistic License" Preamble The intent of this document is to state the conditions under which a Package may be copied, such that the Copyright Holder maintains some semblance of artistic control over the development of the package, while giving the users of the package the right to use and distribute the Package in a more-or-less customary fashion, plus the right to make reasonable modifications. Definitions: "Package" refers to the collection of files distributed by the Copyright Holder, and derivatives of that collection of files created through textual modification. "Standard Version" refers to such a Package if it has not been modified, or has been modified in accordance with the wishes of the Copyright Holder. "Copyright Holder" is whoever is named in the copyright or copyrights for the package. "You" is you, if you're thinking about copying or distributing this Package. "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will not be required to justify it to the Copyright Holder, but only to the computing community at large as a market that must bear the fee.) "Freely Available" means that no fee is charged for the item itself, though there may be fees involved in handling the item. It also means that recipients of the item may redistribute it under the same conditions they received it. 1. You may make and give away verbatim copies of the source form of the Standard Version of this Package without restriction, provided that you duplicate all of the original copyright notices and associated disclaimers. 2. You may apply bug fixes, portability fixes and other modifications derived from the Public Domain or from the Copyright Holder. A Package modified in such a way shall still be considered the Standard Version. 3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following: a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as ftp.uu.net, or by allowing the Copyright Holder to include your modifications in the Standard Version of the Package. (Sending your modifications to the Copyright Holder is always welcome) b) use the modified Package only within your corporation or organization. c) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided, and provide a separate manual page for each non-standard executable that clearly documents how it differs from the Standard Version. d) make other distribution arrangements with the Copyright Holder. 4. You may distribute the programs of this Package in object code or executable form, provided that you do at least ONE of the following: a) distribute a Standard Version of the executables and library files, together with instructions (in the manual page or equivalent) on where to get the Standard Version. b) accompany the distribution with the machine-readable source of the Package with your modifications. c) accompany any non-standard executables with their corresponding Standard Version executables, giving the non-standard executables non-standard names, and clearly documenting the differences in manual pages (or equivalent), together with instructions on where to get the Standard Version. d) make other distribution arrangements with the Copyright Holder. 5. You may charge a reasonable copying fee for any distribution of this Package. You may charge any fee you choose for support of this Package. You may not charge a fee for this Package itself. However, you may distribute this Package in aggregate with other (possibly commercial) programs as part of a larger (possibly commercial) software distribution provided that you do not advertise this Package as a product of your own. 6. The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission. 7. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End -- License borrowed and adapted from Larry Wall's (perl) Laurent Demailly - dl@hplyot.obspm.fr t advertise this Package as a product of your own. 6. The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission. 7. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End -- License boricmpinfo-1.11/CHECKSUMS.asc000044400000000000003000000016420602036347300151150ustar00rootsys00000000000000-----BEGIN PGP SIGNED MESSAGE----- a3165361a3cc1fc3e6f296d8dffa4223 CHANGES 46f16347d23fb8e4e83e32091f96f01c DOC 94d54bd1ed950204f7eefdf5e96b7927 LICENSE 0c6df7ab6e68f0795bea421d78ba9705 Makefile 363a19768ad2078bb8503ac68aa52927 NocTools.Infos 46f16347d23fb8e4e83e32091f96f01c README a9e62573554b76ae1d391fd256aa2ea1 TODO 35818645583a454aea5ce01cf17d0d17 defs.h 81ff36ba35e521264517587e938a1f72 err.c d390cf01b23babe71bf118ab9ba26614 icmpinfo.c 4ce5151270622529e2a1be5569dfa17e icmpinfo.man 53c676ca41ad28bec65b4d30e56044e2 linux_ip_icmp.h 4f6228946af22d0513ce6906557ed36a print.c f5996038e9e91ab22b7fa77d2cc2299f recvping.c -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAgUBMEHnL3k52/beodHxAQG7ogP/Z6U8i+ggovcx5BdF/2d7hWMDoON+X9tM YwgKmbjyzNLk4767cs+19bdbkN9YdmSWqRVI0zVCW9IrTClU8XmUh264OTPTowT3 AyqQmGhcfyj+hF+wL0SVRXvvWLEuZi31XyfR+XcGbGNbFOxLN4aOFTWWIEg6o9aZ WWQHgjy0WGY= =e3B6 -----END PGP SIGNATURE----- 1b23babe71bf118ab9ba26614 icmpinfo.c 4ce5151270622529e2a1be5569dfa17e icmpinfo.man 53c676ca4 #define ICMP_TIMXCEED_REASS 1 /* ttl==0 in reass */ #define ICMP_PARAMPROB 12 /* ip header bad */ #define ICMP_TSTAMP 13 /* timestamp request */ #define ICMP_TSTAMPREPLY 14 /* timestamp reply */ #define ICMP_IREQ 15 /* information request */ #define ICMP_IREQREPLY 16 /* information reply */ #define ICMP_MASKREQ 17 /* address mask request */ #define ICMP_MASKREPLY 18 /* address mask reply */ #define ICMP_MAXTYPE 18 #define ICMP_INFOTYPE(type) \ ((type) == ICMP_ECHOREPLY || (type) == ICMP_ECHO || \ (type) == ICMP_TSTAMP || (type) == ICMP_TSTAMPREPLY || \ (type) == ICMP_IREQ || (type) == ICMP_IREQREPLY || \ (type) == ICMP_MASKREQ || (type) == ICMP_MASKREPLY) #endif /*!_netinet_ip_icmp_h*/ ine ICMP_IREQ 15 /* information request */ #define ICMP_IREQREPLY 16 /* information reply */ #define ICMP_MASKREQ 17 /* address mask request */ #define ICMP_MASKREPLY 18 /* address mask reply */ #define ICMP_MAXTYPE 18 #define ICMP_INFOTYPE(type) \ ((type) == ICMP_ECHOREPLY || (type) == ICMP_icmpinfo-1.11/TODO000064400000000000003000000000550601461226200135630ustar00rootsys00000000000000 + Better DNS handling + Flexible filtering ICMP_TSTAMPREPLY || \ (type) == ICMP_IREQ || (type) == ICMP_IREQREPLY || \ (type) == ICMP_MASKREQ || (type) == ICMP_MASKREPLY) #endif /*!_netinet_ip_icmp_h*/ ine ICMP_IREQ 15 /* information request */ #define ICMP_IREQREPLY 16 /* information reply */ #define ICMP_MASKREQ 17 /* address mask request */ #define ICMP_MASKREPLY 18 /* address mask reply */ #define ICMP_MAXTYPE 18 #define ICMP_INFOTYPE(type) \ ((type) == ICMP_ECHOREPLY || (type) == ICMP_icmpinfo-1.11/LICENSE000064400000000000003000000111220602035775400141060ustar00rootsys00000000000000 The "Artistic License" Preamble The intent of this document is to state the conditions under which a Package may be copied, such that the Copyright Holder maintains some semblance of artistic control over the development of the package, while giving the users of the package the right to use and distribute the Package in a more-or-less customary fashion, plus the right to make reasonable modifications. Definitions: "Package" refers to the collection of files distributed by the Copyright Holder, and derivatives of that collection of files created through textual modification. "Standard Version" refers to such a Package if it has not been modified, or has been modified in accordance with the wishes of the Copyright Holder. "Copyright Holder" is whoever is named in the copyright or copyrights for the package. "You" is you, if you're thinking about copying or distributing this Package. "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will not be required to justify it to the Copyright Holder, but only to the computing community at large as a market that must bear the fee.) "Freely Available" means that no fee is charged for the item itself, though there may be fees involved in handling the item. It also means that recipients of the item may redistribute it under the same conditions they received it. 1. You may make and give away verbatim copies of the source form of the Standard Version of this Package without restriction, provided that you duplicate all of the original copyright notices and associated disclaimers. 2. You may apply bug fixes, portability fixes and other modifications derived from the Public Domain or from the Copyright Holder. A Package modified in such a way shall still be considered the Standard Version. 3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following: a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as ftp.uu.net, or by allowing the Copyright Holder to include your modifications in the Standard Version of the Package. (Sending your modifications to the Copyright Holder is always welcome) b