Initial spec file for Fedora and Red Hat Enterprise Linux

.cvsignore

@@ -0,0 +1 @@
+dsniff-2.4b1.tar.gz

dsniff-2.4-amd64_fix.patch

@@ -0,0 +1,219 @@
+Patch by Steve Kemp <skx@debian.org> for dsniff >= 2.4b1, which fixes the
+compiling under AMD64 respectively x86_64. For further information, please
+have a look to Debian bug ID #254002.
+
+--- dsniff-2.4b1/configure		2005-06-23 03:30:37.000000000 +0000
++++ dsniff-2.4b1/configure.amd64_fix	2005-06-23 04:15:59.000000000 +0000
+@@ -2667,15 +2667,62 @@
+   echo "$ac_t""no" 1>&6
+ fi
+ 
++echo $ac_n "checking for __dn_expand in -lresolv""... $ac_c" 1>&6
++echo "configure:2672: checking for __dn_expand in -lresolv" >&5
++ac_lib_var=`echo resolv'_'__dn_expand | sed 'y%./+-%__p_%'`
++if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
++  echo $ac_n "(cached) $ac_c" 1>&6
++else
++  ac_save_LIBS="$LIBS"
++LIBS="-lresolv  $LIBS"
++cat > conftest.$ac_ext <<EOF
++#line 2680 "configure"
++#include "confdefs.h"
++/* Override any gcc2 internal prototype to avoid an error.  */
++/* We use char because int might match the return type of a gcc2
++    builtin and then its argument prototype would still apply.  */
++char __dn_expand();
++
++int main() {
++__dn_expand()
++; return 0; }
++EOF
++if { (eval echo configure:2691: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++  rm -rf conftest*
++  eval "ac_cv_lib_$ac_lib_var=yes"
++else
++  echo "configure: failed program was:" >&5
++  cat conftest.$ac_ext >&5
++  rm -rf conftest*
++  eval "ac_cv_lib_$ac_lib_var=no"
++fi
++rm -f conftest*
++LIBS="$ac_save_LIBS"
++
++fi
++if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
++  echo "$ac_t""yes" 1>&6
++    ac_tr_lib=HAVE_LIB`echo resolv | sed -e 's/[^a-zA-Z0-9_]/_/g' \
++    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
++  cat >> confdefs.h <<EOF
++#define $ac_tr_lib 1
++EOF
++
++  LIBS="-lresolv $LIBS"
++
++else
++  echo "$ac_t""no" 1>&6
++fi
++
+ for ac_func in dirname strlcpy strlcat strsep
+ do
+ echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+-echo "configure:2674: checking for $ac_func" >&5
++echo "configure:2721: checking for $ac_func" >&5
+ if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+   echo $ac_n "(cached) $ac_c" 1>&6
+ else
+   cat > conftest.$ac_ext <<EOF
+-#line 2679 "configure"
++#line 2726 "configure"
+ #include "confdefs.h"
+ /* System header to define __stub macros and hopefully few prototypes,
+     which can conflict with char $ac_func(); below.  */
+@@ -2698,7 +2745,7 @@
+ 
+ ; return 0; }
+ EOF
+-if { (eval echo configure:2702: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:2749: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+   rm -rf conftest*
+   eval "ac_cv_func_$ac_func=yes"
+ else
+@@ -2728,12 +2775,12 @@
+ for ac_func in MD5Update
+ do
+ echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+-echo "configure:2732: checking for $ac_func" >&5
++echo "configure:2779: checking for $ac_func" >&5
+ if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+   echo $ac_n "(cached) $ac_c" 1>&6
+ else
+   cat > conftest.$ac_ext <<EOF
+-#line 2737 "configure"
++#line 2784 "configure"
+ #include "confdefs.h"
+ /* System header to define __stub macros and hopefully few prototypes,
+     which can conflict with char $ac_func(); below.  */
+@@ -2756,7 +2803,7 @@
+ 
+ ; return 0; }
+ EOF
+-if { (eval echo configure:2760: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:2807: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+   rm -rf conftest*
+   eval "ac_cv_func_$ac_func=yes"
+ else
+@@ -2788,12 +2835,12 @@
+ for ac_func in warnx
+ do
+ echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+-echo "configure:2792: checking for $ac_func" >&5
++echo "configure:2839: checking for $ac_func" >&5
+ if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+   echo $ac_n "(cached) $ac_c" 1>&6
+ else
+   cat > conftest.$ac_ext <<EOF
+-#line 2797 "configure"
++#line 2844 "configure"
+ #include "confdefs.h"
+ /* System header to define __stub macros and hopefully few prototypes,
+     which can conflict with char $ac_func(); below.  */
+@@ -2816,7 +2863,7 @@
+ 
+ ; return 0; }
+ EOF
+-if { (eval echo configure:2820: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:2867: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+   rm -rf conftest*
+   eval "ac_cv_func_$ac_func=yes"
+ else
+@@ -2848,12 +2895,12 @@
+ for ac_func in ether_ntoa
+ do
+ echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+-echo "configure:2852: checking for $ac_func" >&5
++echo "configure:2899: checking for $ac_func" >&5
+ if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+   echo $ac_n "(cached) $ac_c" 1>&6
+ else
+   cat > conftest.$ac_ext <<EOF
+-#line 2857 "configure"
++#line 2904 "configure"
+ #include "confdefs.h"
+ /* System header to define __stub macros and hopefully few prototypes,
+     which can conflict with char $ac_func(); below.  */
+@@ -2876,7 +2923,7 @@
+ 
+ ; return 0; }
+ EOF
+-if { (eval echo configure:2880: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:2927: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+   rm -rf conftest*
+   eval "ac_cv_func_$ac_func=yes"
+ else
+@@ -2912,7 +2959,7 @@
+ fi
+ 
+ echo $ac_n "checking for Berkeley DB with 1.85 compatibility""... $ac_c" 1>&6
+-echo "configure:2916: checking for Berkeley DB with 1.85 compatibility" >&5
++echo "configure:2963: checking for Berkeley DB with 1.85 compatibility" >&5
+ # Check whether --with-db or --without-db was given.
+ if test "${with_db+set}" = set; then
+   withval="$with_db"
+@@ -3015,7 +3062,7 @@
+ 
+ 
+ echo $ac_n "checking for libpcap""... $ac_c" 1>&6
+-echo "configure:3019: checking for libpcap" >&5
++echo "configure:3066: checking for libpcap" >&5
+ # Check whether --with-libpcap or --without-libpcap was given.
+ if test "${with_libpcap+set}" = set; then
+   withval="$with_libpcap"
+@@ -3063,7 +3110,7 @@
+ 
+ 
+ echo $ac_n "checking for libnet""... $ac_c" 1>&6
+-echo "configure:3067: checking for libnet" >&5
++echo "configure:3114: checking for libnet" >&5
+ # Check whether --with-libnet or --without-libnet was given.
+ if test "${with_libnet+set}" = set; then
+   withval="$with_libnet"
+@@ -3110,7 +3157,7 @@
+ 
+ 
+ echo $ac_n "checking for libnids""... $ac_c" 1>&6
+-echo "configure:3114: checking for libnids" >&5
++echo "configure:3161: checking for libnids" >&5
+ # Check whether --with-libnids or --without-libnids was given.
+ if test "${with_libnids+set}" = set; then
+   withval="$with_libnids"
+@@ -3152,9 +3199,9 @@
+ save_cppflags="$CPPFLAGS"
+ CPPFLAGS="$NIDSINC"
+ echo $ac_n "checking whether libnids version is good""... $ac_c" 1>&6
+-echo "configure:3156: checking whether libnids version is good" >&5
++echo "configure:3203: checking whether libnids version is good" >&5
+ cat > conftest.$ac_ext <<EOF
+-#line 3158 "configure"
++#line 3205 "configure"
+ #include "confdefs.h"
+ #include <nids.h>
+ EOF
+@@ -3173,7 +3220,7 @@
+ 
+ 
+ echo $ac_n "checking for OpenSSL""... $ac_c" 1>&6
+-echo "configure:3177: checking for OpenSSL" >&5
++echo "configure:3224: checking for OpenSSL" >&5
+ # Check whether --with-openssl or --without-openssl was given.
+ if test "${with_openssl+set}" = set; then
+   withval="$with_openssl"
+--- dsniff-2.4b1/configure.in		2005-06-23 03:30:37.000000000 +0000
++++ dsniff-2.4b1/configure.in.amd64_fix	2005-06-23 04:16:01.000000000 +0000
+@@ -57,6 +57,7 @@
+ AC_CHECK_LIB(nsl, gethostbyname)
+ dnl XXX - feh, everything except OpenBSD sux.
+ AC_CHECK_LIB(resolv, dn_expand)
++AC_CHECK_LIB(resolv, __dn_expand)
+ AC_REPLACE_FUNCS(dirname strlcpy strlcat strsep)
+ needmd5=no
+ AC_CHECK_FUNCS(MD5Update, , [needmd5=yes])

dsniff-2.4-arpa_inet_header.patch

@@ -0,0 +1,63 @@
+Patch by Luciano Bello <luciano@linux.org.ar> for dsniff >= 2.4b1, which
+adds the missing includes of arpa/inet.
+
+--- dsniff-2.4b1/decode_aim.c		2007-06-17 16:22:39.000000000 -0300
++++ dsniff-2.4b1/decode_aim.c.inet	2007-06-17 16:26:46.000000000 -0300
+@@ -14,6 +14,7 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
++#include <arpa/inet.h>
+ 
+ #include "hex.h"
+ #include "buf.h"
+--- dsniff-2.4b1/decode_mmxp.c		2007-06-17 16:22:39.000000000 -0300
++++ dsniff-2.4b1/decode_mmxp.c.inet	2007-06-17 16:26:46.000000000 -0300
+@@ -21,6 +21,7 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
++#include <arpa/inet.h>
+ 
+ #include "buf.h"
+ #include "decode.h"
+--- dsniff-2.4b1/decode_pptp.c		2007-06-17 16:22:39.000000000 -0300
++++ dsniff-2.4b1/decode_pptp.c.inet	2007-06-17 16:26:46.000000000 -0300
+@@ -16,6 +16,7 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
++#include <arpa/inet.h>
+ 
+ #include "buf.h"
+ #include "decode.h"
+--- dsniff-2.4b1/decode_tds.c		2007-06-17 16:26:46.000000000 -0300
++++ dsniff-2.4b1/decode_tds.c.inet	2007-06-17 16:26:46.000000000 -0300
+@@ -19,6 +19,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <strlcat.h>
++#include <arpa/inet.h>
+ 
+ #include "decode.h"
+ 
+--- dsniff-2.4b1/decode_vrrp.c		2007-06-17 16:22:39.000000000 -0300
++++ dsniff-2.4b1/decode_vrrp.c.inet	2007-06-17 16:26:46.000000000 -0300
+@@ -15,6 +15,7 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
++#include <arpa/inet.h>
+ 
+ #include "buf.h"
+ #include "decode.h"
+--- dsniff-2.4b1/ssh.c			2007-06-17 16:26:46.000000000 -0300
++++ dsniff-2.4b1/ssh.c.inet		2007-06-17 16:26:46.000000000 -0300
+@@ -23,6 +23,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <arpa/inet.h>
+ #include <unistd.h>
+ 
+ #include "hex.h"

dsniff-2.4-checksum.patch

@@ -0,0 +1,27 @@
+Patch by iotr Engelking <inkerman42@gmail.com> for dsniff >= 2.4b1, which
+disables the filtering packets with incorrect checksum. And for any further
+information, please have a look to Debian bug ID #372536.
+
+--- dsniff-2.4b1/urlsnarf.c		2006-09-21 01:50:01.000000000 +0200
++++ dsniff-2.4b1/urlsnarf.c.checksum	2006-09-21 01:51:13.000000000 +0200
+@@ -200,6 +200,7 @@
+ 	extern char *optarg;
+ 	extern int optind;
+ 	int c;
++	struct nids_chksum_ctl chksum_ctl;
+ 	
+ 	while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) {
+ 		switch (c) {
+@@ -260,6 +261,12 @@
+                 }
+         }
+ 
++        chksum_ctl.netaddr = 0;
++        chksum_ctl.mask = 0;
++        chksum_ctl.action = NIDS_DONT_CHKSUM;
++
++        nids_register_chksum_ctl(&chksum_ctl, 1);
++
+ 	nids_run();
+ 	
+ 	/* NOTREACHED */

dsniff-2.4-checksum_libnids.patch

@@ -0,0 +1,96 @@
+Patch by Gleb Paharenko <gpaharenko@gmail.com> for dsniff >= 2.4b1, which
+adds checksum for libnids. For further information, please have a look to
+Debian bug ID #420129.
+
+--- dsniff-2.4b1/dsniff.c		2007-08-11 01:37:33.000000000 -0300
++++ dsniff-2.4b1/dsniff.c.checksum	2007-08-11 01:38:55.000000000 -0300
+@@ -70,6 +70,80 @@
+ {
+ }
+ 
++
++static int get_all_ifaces(struct ifreq **, int *);
++static unsigned int get_addr_from_ifreq(struct ifreq *);
++
++int all_local_ipaddrs_chksum_disable()
++{
++	struct ifreq *ifaces;
++	int ifaces_count;
++	int i, ind = 0;
++	struct nids_chksum_ctl *ctlp;
++	unsigned int tmp;
++
++	if (!get_all_ifaces(&ifaces, &ifaces_count))
++		return -1;
++	ctlp =
++	    (struct nids_chksum_ctl *) malloc(ifaces_count *
++					      sizeof(struct
++						     nids_chksum_ctl));
++	if (!ctlp)
++		return -1;
++	for (i = 0; i < ifaces_count; i++) {
++		tmp = get_addr_from_ifreq(ifaces + i);
++		if (tmp) {
++			ctlp[ind].netaddr = tmp;
++			ctlp[ind].mask = inet_addr("255.255.255.255");
++			ctlp[ind].action = NIDS_DONT_CHKSUM;
++			ind++;
++		}
++	}
++	free(ifaces);
++	nids_register_chksum_ctl(ctlp, ind);
++}
++
++/* helper functions for Example 2 */
++unsigned int get_addr_from_ifreq(struct ifreq *iface)
++{
++	if (iface->ifr_addr.sa_family == AF_INET)
++		return ((struct sockaddr_in *) &(iface->ifr_addr))->
++		    sin_addr.s_addr;
++	return 0;
++}
++
++static int get_all_ifaces(struct ifreq **ifaces, int *count)
++{
++	int ifaces_size = 8 * sizeof(struct ifreq);
++	struct ifconf param;
++	int sock;
++	unsigned int i;
++
++	*ifaces = malloc(ifaces_size);
++	sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
++	if (sock <= 0)
++		return 0;
++	for (;;) {
++		param.ifc_len = ifaces_size;
++		param.ifc_req = *ifaces;
++		if (ioctl(sock, SIOCGIFCONF, &param))
++			goto err;
++		if (param.ifc_len < ifaces_size)
++			break;
++		free(*ifaces);
++		ifaces_size *= 2;
++		ifaces = malloc(ifaces_size);
++	}
++	*count = param.ifc_len / sizeof(struct ifreq);
++	close(sock);
++	return 1;
++      err:
++	close(sock);
++	return 0;
++}
++
++
++
+ int
+ main(int argc, char *argv[])
+ {
+@@ -189,6 +263,8 @@
+ 			warnx("using %s", nids_params.filename);
+ 		}
+ 	}
++
++	all_local_ipaddrs_chksum_disable();
+ 	
+ 	nids_run();
+ 	

dsniff-2.4-fedora_dirs.patch

@@ -0,0 +1,60 @@
+Patch by Steve Kemp <skx@debian.org> for dsniff >= 2.4b1, which changes
+various paths for the Fedora directory structure.
+
+--- dsniff-2.4b1/Makefile.in		2005-06-23 03:30:37.000000000 +0000
++++ dsniff-2.4b1/Makefile.in.fedora	2005-06-23 04:17:14.000000000 +0000
+@@ -11,7 +11,7 @@
+ install_prefix  =
+ prefix          = @prefix@
+ exec_prefix	= @exec_prefix@
+-libdir		= @libdir@
++libdir		= @sysconfdir@/dsniff
+ sbindir         = @sbindir@
+ mandir		= @mandir@
+ 
+@@ -37,8 +37,7 @@
+ X11INC	= @X_CFLAGS@
+ X11LIB	= @X_LIBS@ @X_PRE_LIBS@ -lXmu -lX11 @X_EXTRA_LIBS@
+ 
+-INCS	= -I. $(NIDSINC) $(PCAPINC) $(LNETINC) $(DBINC) $(SSLINC) $(X11INC) \
+-	  -I$(srcdir)/missing
++INCS	= -I. $(X11INC) -I$(srcdir)/missing 
+ LIBS	= @LIBS@ -L$(srcdir) -lmissing
+ 
+ INSTALL	= @INSTALL@
+--- dsniff-2.4b1/dnsspoof.8		2005-06-23 03:30:37.000000000 +0000
++++ dsniff-2.4b1/dnsspoof.8.fedora	2005-06-23 04:17:37.000000000 +0000
+@@ -31,7 +31,7 @@
+ address queries on the LAN with an answer of the local machine's IP
+ address.
+ .SH FILES
+-.IP \fI/usr/local/lib/dnsspoof.hosts\fR
++.IP \fI/etc/dsniff/dnsspoof.hosts\fR
+ Sample hosts file.
+ .SH "SEE ALSO"
+ dsniff(8), hosts(5)
+--- dsniff-2.4b1/dsniff.8		2005-06-23 04:17:06.000000000 +0000
++++ dsniff-2.4b1/dsniff.8.fedora	2005-06-23 04:18:21.000000000 +0000
+@@ -68,9 +68,9 @@
+ On a hangup signal \fBdsniff\fR will dump its current trigger table to
+ \fIdsniff.services\fR.
+ .SH FILES
+-.IP \fI/usr/local/lib/dsniff.services\fR
++.IP \fI/etc/dsniff/dsniff.services\fR
+ Default trigger table
+-.IP \fI/usr/local/lib/dsniff.magic\fR
++.IP \fI/etc/dsniff/dsniff.magic\fR
+ Network protocol magic
+ .SH "SEE ALSO"
+ arpspoof(8), libnids(3), services(5), magic(5)
+--- dsniff-2.4b1/pathnames.h		2005-06-23 03:30:37.000000000 +0000
++++ dsniff-2.4b1/pathnames.h.fedora	2005-06-23 04:17:25.000000000 +0000
+@@ -12,7 +12,7 @@
+ #define PATHNAMES_H
+ 
+ #ifndef DSNIFF_LIBDIR
+-#define DSNIFF_LIBDIR		"/usr/local/lib/"
++#define DSNIFF_LIBDIR		"/etc/dsniff/"
+ #endif
+ 
+ #define DSNIFF_SERVICES		"dsniff.services"

dsniff-2.4-glib2.patch

@@ -0,0 +1,14 @@
+Patch by Robert Scheck <robert@fedoraproject.org> for dsniff >= 2.4b1, that
+adds some missing linkages to glib2.
+
+--- dsniff-2.4b1/Makefile.in		2007-11-24 13:56:47.000000000 +0100
++++ dsniff-2.4b1/Makefile.in.glib2	2007-11-24 15:40:55.000000000 +0100
+@@ -26,7 +26,7 @@
+ LNETLIB = @LNETLIB@
+ 
+ NIDSINC	= @NIDSINC@
+-NIDSLIB	= @NIDSLIB@
++NIDSLIB	= @NIDSLIB@ -lglib-2.0 -lgthread-2.0 -lpthread
+ 
+ DBINC	= @DBINC@
+ DBLIB	= @DBLIB@

dsniff-2.4-libnet_11.patch

@@ -0,0 +1,904 @@
+Patch for dsniff >= 2.4b1, which adds support for libnet >= 1.1 having a
+completely rewritten API.
+
+--- dsniff-2.4b1/arpspoof.c		2006-06-09 13:35:29.000000000 +0300
++++ dsniff-2.4b1/arpspoof.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
+@@ -27,7 +27,7 @@
+ 
+ extern char *ether_ntoa(struct ether_addr *);
+ 
+-static struct libnet_link_int *llif;
++static libnet_t *l;
+ static struct ether_addr spoof_mac, target_mac;
+ static in_addr_t spoof_ip, target_ip;
+ static char *intf;
+@@ -41,47 +41,49 @@
+ }
+ 
+ static int
+-arp_send(struct libnet_link_int *llif, char *dev,
+-	 int op, u_char *sha, in_addr_t spa, u_char *tha, in_addr_t tpa)
++arp_send(libnet_t *l, int op, u_int8_t *sha,
++	 in_addr_t spa, u_int8_t *tha, in_addr_t tpa)
+ {
+-	char ebuf[128];
+-	u_char pkt[60];
+-	
++	int retval;
++
+ 	if (sha == NULL &&
+-	    (sha = (u_char *)libnet_get_hwaddr(llif, dev, ebuf)) == NULL) {
++	    (sha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
+ 		return (-1);
+ 	}
+ 	if (spa == 0) {
+-		if ((spa = libnet_get_ipaddr(llif, dev, ebuf)) == 0)
++		if ((spa = libnet_get_ipaddr4(l)) == -1)
+ 			return (-1);
+-		spa = htonl(spa); /* XXX */
+ 	}
+ 	if (tha == NULL)
+ 		tha = "\xff\xff\xff\xff\xff\xff";
+ 	
+-	libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, pkt);
++	libnet_autobuild_arp(op, sha, (u_int8_t *)&spa,
++			     tha, (u_int8_t *)&tpa, l);
++	libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, l, 0);
+ 	
+-	libnet_build_arp(ARPHRD_ETHER, ETHERTYPE_IP, ETHER_ADDR_LEN, 4,
+-			 op, sha, (u_char *)&spa, tha, (u_char *)&tpa,
+-			 NULL, 0, pkt + ETH_H);
+-
+ 	fprintf(stderr, "%s ",
+ 		ether_ntoa((struct ether_addr *)sha));
+ 
+ 	if (op == ARPOP_REQUEST) {
+ 		fprintf(stderr, "%s 0806 42: arp who-has %s tell %s\n",
+ 			ether_ntoa((struct ether_addr *)tha),
+-			libnet_host_lookup(tpa, 0),
+-			libnet_host_lookup(spa, 0));
++			libnet_addr2name4(tpa, LIBNET_DONT_RESOLVE),
++			libnet_addr2name4(spa, LIBNET_DONT_RESOLVE));
+ 	}
+ 	else {
+ 		fprintf(stderr, "%s 0806 42: arp reply %s is-at ",
+ 			ether_ntoa((struct ether_addr *)tha),
+-			libnet_host_lookup(spa, 0));
++			libnet_addr2name4(spa, LIBNET_DONT_RESOLVE));
+ 		fprintf(stderr, "%s\n",
+ 			ether_ntoa((struct ether_addr *)sha));
+ 	}
+-	return (libnet_write_link_layer(llif, dev, pkt, sizeof(pkt)) == sizeof(pkt));
++	retval = libnet_write(l);
++	if (retval)
++		fprintf(stderr, "%s", libnet_geterror(l));
++
++	libnet_clear_packet(l);
++
++	return retval;
+ }
+ 
+ #ifdef __linux__
+@@ -119,7 +121,7 @@
+ 		/* XXX - force the kernel to arp. feh. */
+ 		arp_force(ip);
+ #else
+-		arp_send(llif, intf, ARPOP_REQUEST, NULL, 0, NULL, ip);
++		arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip);
+ #endif
+ 		sleep(1);
+ 	}
+@@ -136,9 +138,9 @@
+ 	if (arp_find(spoof_ip, &spoof_mac)) {
+ 		for (i = 0; i < 3; i++) {
+ 			/* XXX - on BSD, requires ETHERSPOOF kernel. */
+-			arp_send(llif, intf, ARPOP_REPLY,
+-				 (u_char *)&spoof_mac, spoof_ip,
+-				 (target_ip ? (u_char *)&target_mac : NULL),
++			arp_send(l, ARPOP_REPLY,
++				 (u_int8_t *)&spoof_mac, spoof_ip,
++				 (target_ip ? (u_int8_t *)&target_mac : NULL),
+ 				 target_ip);
+ 			sleep(1);
+ 		}
+@@ -151,7 +153,8 @@
+ {
+ 	extern char *optarg;
+ 	extern int optind;
+-	char ebuf[PCAP_ERRBUF_SIZE];
++	char pcap_ebuf[PCAP_ERRBUF_SIZE];
++	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
+ 	int c;
+ 	
+ 	intf = NULL;
+@@ -163,7 +166,7 @@
+ 			intf = optarg;
+ 			break;
+ 		case 't':
+-			if ((target_ip = libnet_name_resolve(optarg, 1)) == -1)
++			if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
+ 				usage();
+ 			break;
+ 		default:
+@@ -176,26 +179,26 @@
+ 	if (argc != 1)
+ 		usage();
+ 	
+-	if ((spoof_ip = libnet_name_resolve(argv[0], 1)) == -1)
++	if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
+ 		usage();
+ 	
+-	if (intf == NULL && (intf = pcap_lookupdev(ebuf)) == NULL)
+-		errx(1, "%s", ebuf);
++	if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
++		errx(1, "%s", pcap_ebuf);
+ 	
+-	if ((llif = libnet_open_link_interface(intf, ebuf)) == 0)
+-		errx(1, "%s", ebuf);
++	if ((l = libnet_init(LIBNET_LINK, intf, libnet_ebuf)) == NULL)
++		errx(1, "%s", libnet_ebuf);
+ 	
+ 	if (target_ip != 0 && !arp_find(target_ip, &target_mac))
+ 		errx(1, "couldn't arp for host %s",
+-		     libnet_host_lookup(target_ip, 0));
++		     libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE));
+ 	
+ 	signal(SIGHUP, cleanup);
+ 	signal(SIGINT, cleanup);
+ 	signal(SIGTERM, cleanup);
+ 	
+ 	for (;;) {
+-		arp_send(llif, intf, ARPOP_REPLY, NULL, spoof_ip,
+-			 (target_ip ? (u_char *)&target_mac : NULL),
++		arp_send(l, ARPOP_REPLY, NULL, spoof_ip,
++			 (target_ip ? (u_int8_t *)&target_mac : NULL),
+ 			 target_ip);
+ 		sleep(2);
+ 	}
+--- dsniff-2.4b1/dnsspoof.c		2001-03-15 10:33:03.000000000 +0200
++++ dsniff-2.4b1/dnsspoof.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
+@@ -38,7 +38,7 @@
+ 
+ pcap_t		*pcap_pd = NULL;
+ int		 pcap_off = -1;
+-int		 lnet_sock = -1;
++libnet_t	*l;
+ u_long		 lnet_ip = -1;
+ 
+ static void
+@@ -90,19 +90,18 @@
+ dns_init(char *dev, char *filename)
+ {
+ 	FILE *f;
+-	struct libnet_link_int *llif;
++	libnet_t *l;
++	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
+ 	struct dnsent *de;
+ 	char *ip, *name, buf[1024];
+ 
+-	if ((llif = libnet_open_link_interface(dev, buf)) == NULL)
+-		errx(1, "%s", buf);
++	if ((l = libnet_init(LIBNET_LINK, dev, libnet_ebuf)) == NULL)
++		errx(1, "%s", libnet_ebuf);
+ 	
+-	if ((lnet_ip = libnet_get_ipaddr(llif, dev, buf)) == -1)
+-		errx(1, "%s", buf);
++	if ((lnet_ip = libnet_get_ipaddr4(l)) == -1)
++		errx(1, "%s", libnet_geterror(l));
+ 
+-	lnet_ip = htonl(lnet_ip);
+-	
+-	libnet_close_link_interface(llif);
++	libnet_destroy(l);
+ 
+ 	SLIST_INIT(&dns_entries);
+ 	
+@@ -180,7 +179,7 @@
+ static void
+ dns_spoof(u_char *u, const struct pcap_pkthdr *pkthdr, const u_char *pkt)
+ {
+-	struct libnet_ip_hdr *ip;
++	struct libnet_ipv4_hdr *ip;
+ 	struct libnet_udp_hdr *udp;
+ 	HEADER *dns;
+ 	char name[MAXHOSTNAMELEN];
+@@ -189,7 +188,7 @@
+ 	in_addr_t dst;
+ 	u_short type, class;
+ 
+-	ip = (struct libnet_ip_hdr *)(pkt + pcap_off);
++	ip = (struct libnet_ipv4_hdr *)(pkt + pcap_off);
+ 	udp = (struct libnet_udp_hdr *)(pkt + pcap_off + (ip->ip_hl * 4));
+ 	dns = (HEADER *)(udp + 1);
+ 	p = (u_char *)(dns + 1);
+@@ -212,7 +211,7 @@
+ 	if (class != C_IN)
+ 		return;
+ 
+-	p = buf + IP_H + UDP_H + dnslen;
++	p = buf + dnslen;
+ 	
+ 	if (type == T_A) {
+ 		if ((dst = dns_lookup_a(name)) == -1)
+@@ -234,38 +233,38 @@
+ 		anslen += 12;
+ 	}
+ 	else return;
+-	
+-	libnet_build_ip(UDP_H + dnslen + anslen, 0, libnet_get_prand(PRu16),
+-			0, 64, IPPROTO_UDP, ip->ip_dst.s_addr,
+-			ip->ip_src.s_addr, NULL, 0, buf);
+-	
+-	libnet_build_udp(ntohs(udp->uh_dport), ntohs(udp->uh_sport),
+-			 NULL, dnslen + anslen, buf + IP_H);
+ 
+-	memcpy(buf + IP_H + UDP_H, (u_char *)dns, dnslen);
++	memcpy(buf, (u_char *)dns, dnslen);
+ 
+-	dns = (HEADER *)(buf + IP_H + UDP_H);
++	dns = (HEADER *)buf;
+ 	dns->qr = dns->ra = 1;
+ 	if (type == T_PTR) dns->aa = 1;
+ 	dns->ancount = htons(1);
+ 
+ 	dnslen += anslen;
++
++	libnet_clear_packet(l);
++	libnet_build_udp(ntohs(udp->uh_dport), ntohs(udp->uh_sport),
++			 LIBNET_UDP_H + dnslen, 0,
++			 (u_int8_t *)buf, dnslen, l, 0);
++
++	libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_UDP_H + dnslen, 0,
++			  libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_UDP, 0,
++			  ip->ip_dst.s_addr, ip->ip_src.s_addr, NULL, 0, l, 0);
+ 	
+-	libnet_do_checksum(buf, IPPROTO_UDP, UDP_H + dnslen);
+-	
+-	if (libnet_write_ip(lnet_sock, buf, IP_H + UDP_H + dnslen) < 0)
++	if (libnet_write(l) < 0)
+ 		warn("write");
+ 
+ 	fprintf(stderr, "%s.%d > %s.%d:  %d+ %s? %s\n",
+-	      libnet_host_lookup(ip->ip_src.s_addr, 0), ntohs(udp->uh_sport),
+-	      libnet_host_lookup(ip->ip_dst.s_addr, 0), ntohs(udp->uh_dport),
++	      libnet_addr2name4(ip->ip_src.s_addr, 0), ntohs(udp->uh_sport),
++	      libnet_addr2name4(ip->ip_dst.s_addr, 0), ntohs(udp->uh_dport),
+ 	      ntohs(dns->id), type == T_A ? "A" : "PTR", name);
+ }
+ 
+ static void
+ cleanup(int sig)
+ {
+-	libnet_close_raw_sock(lnet_sock);
++	libnet_destroy(l);
+ 	pcap_close(pcap_pd);
+ 	exit(0);
+ }
+@@ -276,6 +275,7 @@
+ 	extern char *optarg;
+ 	extern int optind;
+ 	char *p, *dev, *hosts, buf[1024];
++	char ebuf[LIBNET_ERRBUF_SIZE];
+ 	int i;
+ 
+ 	dev = hosts = NULL;
+@@ -306,7 +306,7 @@
+ 		strlcpy(buf, p, sizeof(buf));
+ 	}
+ 	else snprintf(buf, sizeof(buf), "udp dst port 53 and not src %s",
+-		      libnet_host_lookup(lnet_ip, 0));
++		      libnet_addr2name4(lnet_ip, LIBNET_DONT_RESOLVE));
+ 	
+ 	if ((pcap_pd = pcap_init(dev, buf, 128)) == NULL)
+ 		errx(1, "couldn't initialize sniffing");
+@@ -314,10 +314,10 @@
+ 	if ((pcap_off = pcap_dloff(pcap_pd)) < 0)
+ 		errx(1, "couldn't determine link layer offset");
+ 	
+-	if ((lnet_sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1)
++	if ((l = libnet_init(LIBNET_RAW4, dev, ebuf)) == NULL)
+ 		errx(1, "couldn't initialize sending");
+ 	
+-	libnet_seed_prand();
++	libnet_seed_prand(l);
+ 	
+ 	signal(SIGHUP, cleanup);
+ 	signal(SIGINT, cleanup);
+--- dsniff-2.4b1/filesnarf.c		2006-06-09 13:35:29.000000000 +0300
++++ dsniff-2.4b1/filesnarf.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
+@@ -134,8 +134,8 @@
+ 	int fd;
+ 
+ 	warnx("%s.%d > %s.%d: %s (%d@%d)",
+-	      libnet_host_lookup(addr->daddr, 0), addr->dest,
+-	      libnet_host_lookup(addr->saddr, 0), addr->source,
++	      libnet_addr2name4(addr->daddr, LIBNET_DONT_RESOLVE), addr->dest,
++	      libnet_addr2name4(addr->saddr, LIBNET_DONT_RESOLVE), addr->source,
+ 	      ma->filename, len, ma->offset);
+ 	
+ 	if ((fd = open(ma->filename, O_WRONLY|O_CREAT, 0644)) >= 0) {
+@@ -353,7 +353,7 @@
+ }
+ 
+ static void
+-decode_udp_nfs(struct libnet_ip_hdr *ip)
++decode_udp_nfs(struct libnet_ipv4_hdr *ip)
+ {
+ 	static struct tuple4 addr;
+ 	struct libnet_udp_hdr *udp;
+--- dsniff-2.4b1/macof.c		2001-03-15 10:33:04.000000000 +0200
++++ dsniff-2.4b1/macof.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
+@@ -48,8 +48,8 @@
+ static void
+ gen_mac(u_char *mac)
+ {
+-	*((in_addr_t *)mac) = libnet_get_prand(PRu32);
+-	*((u_short *)(mac + 4)) = libnet_get_prand(PRu16);
++	*((in_addr_t *)mac) = libnet_get_prand(LIBNET_PRu32);
++	*((u_short *)(mac + 4)) = libnet_get_prand(LIBNET_PRu16);
+ }
+ 
+ int
+@@ -59,22 +59,23 @@
+ 	extern int optind;
+ 	int c, i;
+ 	struct libnet_link_int *llif;
+-	char ebuf[PCAP_ERRBUF_SIZE];
++	char pcap_ebuf[PCAP_ERRBUF_SIZE];
++	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
+ 	u_char sha[ETHER_ADDR_LEN], tha[ETHER_ADDR_LEN];
+ 	in_addr_t src, dst;
+ 	u_short sport, dport;
+ 	u_int32_t seq;
+-	u_char pkt[ETH_H + IP_H + TCP_H];
++	libnet_t *l;
+ 	
+ 	while ((c = getopt(argc, argv, "vs:d:e:x:y:i:n:h?V")) != -1) {
+ 		switch (c) {
+ 		case 'v':
+ 			break;
+ 		case 's':
+-			Src = libnet_name_resolve(optarg, 0);
++			Src = libnet_name2addr4(l, optarg, 0);
+ 			break;
+ 		case 'd':
+-			Dst = libnet_name_resolve(optarg, 0);
++			Dst = libnet_name2addr4(l, optarg, 0);
+ 			break;
+ 		case 'e':
+ 			Tha = (u_char *)ether_aton(optarg);
+@@ -101,13 +102,13 @@
+ 	if (argc != 0)
+ 		usage();
+ 	
+-	if (!Intf && (Intf = pcap_lookupdev(ebuf)) == NULL)
+-		errx(1, "%s", ebuf);
++	if (!Intf && (Intf = pcap_lookupdev(pcap_ebuf)) == NULL)
++		errx(1, "%s", pcap_ebuf);
+ 	
+-	if ((llif = libnet_open_link_interface(Intf, ebuf)) == 0)
+-		errx(1, "%s", ebuf);
++	if ((l = libnet_init(LIBNET_LINK, Intf, libnet_ebuf)) == NULL)
++		errx(1, "%s", libnet_ebuf);
+ 	
+-	libnet_seed_prand();
++	libnet_seed_prand(l);
+ 	
+ 	for (i = 0; i != Repeat; i++) {
+ 		
+@@ -117,39 +118,39 @@
+ 		else memcpy(tha, Tha, sizeof(tha));
+ 		
+ 		if (Src != 0) src = Src;
+-		else src = libnet_get_prand(PRu32);
++		else src = libnet_get_prand(LIBNET_PRu32);
+ 		
+ 		if (Dst != 0) dst = Dst;
+-		else dst = libnet_get_prand(PRu32);
++		else dst = libnet_get_prand(LIBNET_PRu32);
+ 		
+ 		if (Sport != 0) sport = Sport;
+-		else sport = libnet_get_prand(PRu16);
++		else sport = libnet_get_prand(LIBNET_PRu16);
+ 		
+ 		if (Dport != 0) dport = Dport;
+-		else dport = libnet_get_prand(PRu16);
++		else dport = libnet_get_prand(LIBNET_PRu16);
+ 
+-		seq = libnet_get_prand(PRu32);
+-		
+-		libnet_build_ethernet(tha, sha, ETHERTYPE_IP, NULL, 0, pkt);
+-		
+-		libnet_build_ip(TCP_H, 0, libnet_get_prand(PRu16), 0, 64,
+-				IPPROTO_TCP, src, dst, NULL, 0, pkt + ETH_H);
++		seq = libnet_get_prand(LIBNET_PRu32);
+ 		
+ 		libnet_build_tcp(sport, dport, seq, 0, TH_SYN, 512,
+-				 0, NULL, 0, pkt + ETH_H + IP_H);
++				 0, 0, LIBNET_TCP_H, NULL, 0, l, 0);
+ 		
+-		libnet_do_checksum(pkt + ETH_H, IPPROTO_IP, IP_H);
+-		libnet_do_checksum(pkt + ETH_H, IPPROTO_TCP, TCP_H);
++		libnet_build_ipv4(LIBNET_TCP_H, 0,
++				  libnet_get_prand(LIBNET_PRu16), 0, 64,
++				  IPPROTO_TCP, 0, src, dst, NULL, 0, l, 0);
+ 		
+-		if (libnet_write_link_layer(llif, Intf, pkt, sizeof(pkt)) < 0)
++		libnet_build_ethernet(tha, sha, ETHERTYPE_IP, NULL, 0, l, 0);
++		
++		if (libnet_write(l) < 0)
+ 			errx(1, "write");
+ 
++		libnet_clear_packet(l);
++
+ 		fprintf(stderr, "%s ",
+ 			ether_ntoa((struct ether_addr *)sha));
+ 		fprintf(stderr, "%s %s.%d > %s.%d: S %u:%u(0) win 512\n",
+ 			ether_ntoa((struct ether_addr *)tha),
+-			libnet_host_lookup(Src, 0), sport,
+-			libnet_host_lookup(Dst, 0), dport, seq, seq);
++			libnet_addr2name4(Src, 0), sport,
++			libnet_addr2name4(Dst, 0), dport, seq, seq);
+ 	}
+ 	exit(0);
+ }
+--- dsniff-2.4b1/record.c		2001-03-15 10:33:04.000000000 +0200
++++ dsniff-2.4b1/record.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
+@@ -65,8 +65,8 @@
+ 	tm = localtime(&rec->time);
+ 	strftime(tstr, sizeof(tstr), "%x %X", tm);
+ 	
+-	srcp = libnet_host_lookup(rec->src, Opt_dns);
+-	dstp = libnet_host_lookup(rec->dst, Opt_dns);
++	srcp = libnet_addr2name4(rec->src, Opt_dns);
++	dstp = libnet_addr2name4(rec->dst, Opt_dns);
+ 
+ 	if ((pr = getprotobynumber(rec->proto)) == NULL)
+ 		protop = "unknown";
+--- dsniff-2.4b1/sshmitm.c		2001-03-15 10:33:04.000000000 +0200
++++ dsniff-2.4b1/sshmitm.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
+@@ -389,7 +389,7 @@
+ 	if (argc < 1)
+ 		usage();
+ 	
+-	if ((ip = libnet_name_resolve(argv[0], 1)) == -1)
++	if ((ip = libnet_name2addr4(NULL, argv[0], LIBNET_RESOLVE)) == -1)
+ 		usage();
+ 
+ 	if (argc == 2 && (rport = atoi(argv[1])) == 0)
+--- dsniff-2.4b1/tcpkill.c		2001-03-17 10:10:43.000000000 +0200
++++ dsniff-2.4b1/tcpkill.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
+@@ -39,17 +39,18 @@
+ static void
+ tcp_kill_cb(u_char *user, const struct pcap_pkthdr *pcap, const u_char *pkt)
+ {
+-	struct libnet_ip_hdr *ip;
++	struct libnet_ipv4_hdr *ip;
+ 	struct libnet_tcp_hdr *tcp;
+-	u_char ctext[64], buf[IP_H + TCP_H];
++	u_char ctext[64];
+ 	u_int32_t seq, win;
+-	int i, *sock, len;
++	int i, len;
++	libnet_t *l;
+ 
+-	sock = (int *)user;
++	l = (libnet_t *)user;
+ 	pkt += pcap_off;
+ 	len = pcap->caplen - pcap_off;
+ 
+-	ip = (struct libnet_ip_hdr *)pkt;
++	ip = (struct libnet_ipv4_hdr *)pkt;
+ 	if (ip->ip_p != IPPROTO_TCP)
+ 		return;
+ 	
+@@ -57,34 +58,31 @@
+ 	if (tcp->th_flags & (TH_SYN|TH_FIN|TH_RST))
+ 		return;
+ 
+-	libnet_build_ip(TCP_H, 0, 0, 0, 64, IPPROTO_TCP,
+-			ip->ip_dst.s_addr, ip->ip_src.s_addr,
+-			NULL, 0, buf);
+-
+-	libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport),
+-			 0, 0, TH_RST, 0, 0, NULL, 0, buf + IP_H);
+-	
+ 	seq = ntohl(tcp->th_ack);
+ 	win = ntohs(tcp->th_win);
+ 	
+ 	snprintf(ctext, sizeof(ctext), "%s:%d > %s:%d:",
+-		 libnet_host_lookup(ip->ip_src.s_addr, 0),
++		 libnet_addr2name4(ip->ip_src.s_addr, LIBNET_DONT_RESOLVE),
+ 		 ntohs(tcp->th_sport),
+-		 libnet_host_lookup(ip->ip_dst.s_addr, 0),
++		 libnet_addr2name4(ip->ip_dst.s_addr, LIBNET_DONT_RESOLVE),
+ 		 ntohs(tcp->th_dport));
+ 	
+-	ip = (struct libnet_ip_hdr *)buf;
+-	tcp = (struct libnet_tcp_hdr *)(ip + 1);
+-	
+ 	for (i = 0; i < Opt_severity; i++) {
+-		ip->ip_id = libnet_get_prand(PRu16);
+ 		seq += (i * win);
+-		tcp->th_seq = htonl(seq);
+ 		
+-		libnet_do_checksum(buf, IPPROTO_TCP, TCP_H);
++		libnet_clear_packet(l);
+ 		
+-		if (libnet_write_ip(*sock, buf, sizeof(buf)) < 0)
+-			warn("write_ip");
++		libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport),
++				 seq, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H, 
++				 NULL, 0, l, 0);
++		
++		libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0,
++				  libnet_get_prand(LIBNET_PRu16), 0, 64,
++				  IPPROTO_TCP, 0, ip->ip_dst.s_addr,
++				  ip->ip_src.s_addr, NULL, 0, l, 0);
++		
++		if (libnet_write(l) < 0)
++			warn("write");
+ 		
+ 		fprintf(stderr, "%s R %lu:%lu(0) win 0\n", ctext, seq, seq);
+ 	}
+@@ -95,8 +93,10 @@
+ {
+ 	extern char *optarg;
+ 	extern int optind;
+-	int c, sock;
++	int c;
+ 	char *p, *intf, *filter, ebuf[PCAP_ERRBUF_SIZE];
++	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
++	libnet_t *l;
+ 	pcap_t *pd;
+ 	
+ 	intf = NULL;
+@@ -136,14 +136,14 @@
+ 	if ((pcap_off = pcap_dloff(pd)) < 0)
+ 		errx(1, "couldn't determine link layer offset");
+ 	
+-	if ((sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1)
++	if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL)
+ 		errx(1, "couldn't initialize sending");
+ 	
+-	libnet_seed_prand();
++	libnet_seed_prand(l);
+ 	
+ 	warnx("listening on %s [%s]", intf, filter);
+ 	
+-	pcap_loop(pd, -1, tcp_kill_cb, (u_char *)&sock);
++	pcap_loop(pd, -1, tcp_kill_cb, (u_char *)l);
+   
+ 	/* NOTREACHED */
+ 	
+--- dsniff-2.4b1/tcpnice.c		2001-03-17 09:41:51.000000000 +0200
++++ dsniff-2.4b1/tcpnice.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
+@@ -41,107 +41,106 @@
+ }
+ 
+ static void
+-send_tcp_window_advertisement(int sock, struct libnet_ip_hdr *ip,
++send_tcp_window_advertisement(libnet_t *l, struct libnet_ipv4_hdr *ip,
+ 			     struct libnet_tcp_hdr *tcp)
+ {
+ 	int len;
+ 	
+ 	ip->ip_hl = 5;
+-	ip->ip_len = htons(IP_H + TCP_H);
+-	ip->ip_id = libnet_get_prand(PRu16);
+-	memcpy(buf, (u_char *)ip, IP_H);
++	ip->ip_len = htons(LIBNET_IPV4_H + LIBNET_TCP_H);
++	ip->ip_id = libnet_get_prand(LIBNET_PRu16);
++	memcpy(buf, (u_char *)ip, LIBNET_IPV4_H);
+ 	
+ 	tcp->th_off = 5;
+ 	tcp->th_win = htons(MIN_WIN);
+-	memcpy(buf + IP_H, (u_char *)tcp, TCP_H);
++	memcpy(buf + LIBNET_IPV4_H, (u_char *)tcp, LIBNET_TCP_H);
+ 	
+-	libnet_do_checksum(buf, IPPROTO_TCP, TCP_H);
++	libnet_do_checksum(l, buf, IPPROTO_TCP, LIBNET_TCP_H);
+ 	
+-	len = IP_H + TCP_H;
++	len = LIBNET_IPV4_H + LIBNET_TCP_H;
+ 	
+-	if (libnet_write_ip(sock, buf, len) != len)
++	if (libnet_write_raw_ipv4(l, buf, len) != len)
+ 		warn("write");
+ 	
+ 	fprintf(stderr, "%s:%d > %s:%d: . ack %lu win %d\n",
+-		libnet_host_lookup(ip->ip_src.s_addr, 0), ntohs(tcp->th_sport),
+-		libnet_host_lookup(ip->ip_dst.s_addr, 0), ntohs(tcp->th_dport),
++		libnet_addr2name4(ip->ip_src.s_addr, 0), ntohs(tcp->th_sport),
++		libnet_addr2name4(ip->ip_dst.s_addr, 0), ntohs(tcp->th_dport),
+ 		ntohl(tcp->th_ack), 1);
+ }
+ 
+ static void
+-send_icmp_source_quench(int sock, struct libnet_ip_hdr *ip)
++send_icmp_source_quench(libnet_t *l, struct libnet_ipv4_hdr *ip)
+ {
+-	struct libnet_icmp_hdr *icmp;
++	struct libnet_icmpv4_hdr *icmp;
+ 	int len;
+ 	
+ 	len = (ip->ip_hl * 4) + 8;
+ 
+-	libnet_build_ip(ICMP_ECHO_H + len, 0, libnet_get_prand(PRu16),
+-			0, 64, IPPROTO_ICMP, ip->ip_dst.s_addr,
+-			ip->ip_src.s_addr, NULL, 0, buf);
+-	
+-	icmp = (struct libnet_icmp_hdr *)(buf + IP_H);
++	icmp = (struct libnet_icmpv4_hdr *)(buf + LIBNET_IPV4_H);
+ 	icmp->icmp_type = ICMP_SOURCEQUENCH;
+ 	icmp->icmp_code = 0;
+-	memcpy((u_char *)icmp + ICMP_ECHO_H, (u_char *)ip, len);
++	memcpy((u_char *)icmp + LIBNET_ICMPV4_ECHO_H, (u_char *)ip, len);
+ 	
+-	libnet_do_checksum(buf, IPPROTO_ICMP, ICMP_ECHO_H + len);
++	len += LIBNET_ICMPV4_ECHO_H;
+ 	
+-	len += (IP_H + ICMP_ECHO_H);
++	libnet_build_ipv4(LIBNET_IPV4_H + len, 0,
++			  libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_ICMP,
++			  0, ip->ip_dst.s_addr, ip->ip_src.s_addr,
++			  (u_int8_t *) icmp, len, l, 0);
+ 	
+-	if (libnet_write_ip(sock, buf, len) != len)
++	if (libnet_write(l) != len)
+ 		warn("write");
+ 	
+ 	fprintf(stderr, "%s > %s: icmp: source quench\n",
+-		libnet_host_lookup(ip->ip_dst.s_addr, 0),
+-		libnet_host_lookup(ip->ip_src.s_addr, 0));
++		libnet_addr2name4(ip->ip_dst.s_addr, 0),
++		libnet_addr2name4(ip->ip_src.s_addr, 0));
+ }
+ 
+ static void
+-send_icmp_frag_needed(int sock, struct libnet_ip_hdr *ip)
++send_icmp_frag_needed(libnet_t *l, struct libnet_ipv4_hdr *ip)
+ {
+-	struct libnet_icmp_hdr *icmp;
++	struct libnet_icmpv4_hdr *icmp;
+ 	int len;
+ 
+ 	len = (ip->ip_hl * 4) + 8;
+ 	
+-	libnet_build_ip(ICMP_MASK_H + len, 4, libnet_get_prand(PRu16),
+-			0, 64, IPPROTO_ICMP, ip->ip_dst.s_addr,
+-			ip->ip_src.s_addr, NULL, 0, buf);
+-
+-	icmp = (struct libnet_icmp_hdr *)(buf + IP_H);
++	icmp = (struct libnet_icmpv4_hdr *)(buf + LIBNET_IPV4_H);
+ 	icmp->icmp_type = ICMP_UNREACH;
+ 	icmp->icmp_code = ICMP_UNREACH_NEEDFRAG;
+ 	icmp->hun.frag.pad = 0;
+ 	icmp->hun.frag.mtu = htons(MIN_MTU);
+-	memcpy((u_char *)icmp + ICMP_MASK_H, (u_char *)ip, len);
++	memcpy((u_char *)icmp + LIBNET_ICMPV4_MASK_H, (u_char *)ip, len);
+ 
+-	libnet_do_checksum(buf, IPPROTO_ICMP, ICMP_MASK_H + len);
+-	
+-	len += (IP_H + ICMP_MASK_H);
++	len += LIBNET_ICMPV4_MASK_H;
++
++	libnet_build_ipv4(LIBNET_IPV4_H + len, 4,
++			  libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_ICMP,
++			  0, ip->ip_dst.s_addr, ip->ip_src.s_addr,
++			  (u_int8_t *) icmp, len, l, 0);
+ 	
+-	if (libnet_write_ip(sock, buf, len) != len)
++	if (libnet_write(l) != len)
+ 		warn("write");
+ 	
+ 	fprintf(stderr, "%s > %s: icmp: ",
+-		libnet_host_lookup(ip->ip_dst.s_addr, 0),
+-		libnet_host_lookup(ip->ip_src.s_addr, 0));
++		libnet_addr2name4(ip->ip_dst.s_addr, 0),
++		libnet_addr2name4(ip->ip_src.s_addr, 0));
+ 	fprintf(stderr, "%s unreachable - need to frag (mtu %d)\n",
+-		libnet_host_lookup(ip->ip_src.s_addr, 0), MIN_MTU);
++		libnet_addr2name4(ip->ip_src.s_addr, 0), MIN_MTU);
+ }
+ 
+ static void
+ tcp_nice_cb(u_char *user, const struct pcap_pkthdr *pcap, const u_char *pkt)
+ {
+-	struct libnet_ip_hdr *ip;
++	struct libnet_ipv4_hdr *ip;
+ 	struct libnet_tcp_hdr *tcp;
+-	int *sock, len;
++	int len;
++	libnet_t *l;
+ 
+-	sock = (int *)user;
++	l = (libnet_t *)user;
+ 	pkt += pcap_off;
+ 	len = pcap->caplen - pcap_off;
+ 
+-	ip = (struct libnet_ip_hdr *)pkt;
++	ip = (struct libnet_ipv4_hdr *)pkt;
+ 	if (ip->ip_p != IPPROTO_TCP)
+ 		return;
+ 	
+@@ -151,11 +150,11 @@
+ 	
+ 	if (ntohs(ip->ip_len) > (ip->ip_hl << 2) + (tcp->th_off << 2)) {
+ 		if (Opt_icmp)
+-			send_icmp_source_quench(*sock, ip);
++			send_icmp_source_quench(l, ip);
+ 		if (Opt_win)
+-			send_tcp_window_advertisement(*sock, ip, tcp);
++			send_tcp_window_advertisement(l, ip, tcp);
+ 		if (Opt_pmtu)
+-			send_icmp_frag_needed(*sock, ip);
++			send_icmp_frag_needed(l, ip);
+ 	}
+ }
+ 
+@@ -164,8 +163,10 @@
+ {
+ 	extern char *optarg;
+ 	extern int optind;
+-	int c, sock;
++	int c;
+ 	char *intf, *filter, ebuf[PCAP_ERRBUF_SIZE];
++	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
++	libnet_t *l;
+ 	pcap_t *pd;
+ 	
+ 	intf = NULL;
+@@ -209,14 +210,14 @@
+ 	if ((pcap_off = pcap_dloff(pd)) < 0)
+ 		errx(1, "couldn't determine link layer offset");
+ 	
+-	if ((sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1)
++	if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL)
+ 		errx(1, "couldn't initialize sending");
+ 	
+-	libnet_seed_prand();
++	libnet_seed_prand(l);
+ 	
+ 	warnx("listening on %s [%s]", intf, filter);
+ 	
+-	pcap_loop(pd, -1, tcp_nice_cb, (u_char *)&sock);
++	pcap_loop(pd, -1, tcp_nice_cb, (u_char *)l);
+ 	
+ 	/* NOTREACHED */
+ 	
+--- dsniff-2.4b1/tcp_raw.c		2001-03-15 10:33:04.000000000 +0200
++++ dsniff-2.4b1/tcp_raw.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
+@@ -119,7 +119,7 @@
+ }
+ 
+ struct iovec *
+-tcp_raw_input(struct libnet_ip_hdr *ip, struct libnet_tcp_hdr *tcp, int len)
++tcp_raw_input(struct libnet_ipv4_hdr *ip, struct libnet_tcp_hdr *tcp, int len)
+ {
+ 	struct tha tha;
+ 	struct tcp_conn *conn;
+@@ -131,7 +131,7 @@
+ 
+ 	/* Verify TCP checksum. */
+ 	cksum = tcp->th_sum;
+-	libnet_do_checksum((u_char *) ip, IPPROTO_TCP, len);
++	libnet_do_checksum(NULL, (u_char *) ip, IPPROTO_TCP, len);
+ 
+ 	if (cksum != tcp->th_sum)
+ 		return (NULL);
+--- dsniff-2.4b1/tcp_raw.h		2001-03-15 10:33:06.000000000 +0200
++++ dsniff-2.4b1/tcp_raw.h.libnet_11	2006-06-09 13:35:29.000000000 +0300
+@@ -15,7 +15,7 @@
+ 				   u_short sport, u_short dport,
+ 				   u_char *buf, int len);
+ 
+-struct iovec   *tcp_raw_input(struct libnet_ip_hdr *ip,
++struct iovec   *tcp_raw_input(struct libnet_ipv4_hdr *ip,
+ 			      struct libnet_tcp_hdr *tcp, int len);
+ 
+ void		tcp_raw_timeout(int timeout, tcp_raw_callback_t callback);
+--- dsniff-2.4b1/trigger.c		2001-03-15 10:33:05.000000000 +0200
++++ dsniff-2.4b1/trigger.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
+@@ -276,7 +276,7 @@
+ }
+ 	
+ void
+-trigger_ip(struct libnet_ip_hdr *ip)
++trigger_ip(struct libnet_ipv4_hdr *ip)
+ {
+ 	struct trigger *t, tr;
+ 	u_char *buf;
+@@ -305,7 +305,7 @@
+ 
+ /* libnids needs a nids_register_udp()... */
+ void
+-trigger_udp(struct libnet_ip_hdr *ip)
++trigger_udp(struct libnet_ipv4_hdr *ip)
+ {
+ 	struct trigger *t, tr;
+ 	struct libnet_udp_hdr *udp;
+@@ -437,7 +437,7 @@
+ }
+ 
+ void
+-trigger_tcp_raw(struct libnet_ip_hdr *ip)
++trigger_tcp_raw(struct libnet_ipv4_hdr *ip)
+ {
+ 	struct trigger *t, tr;
+ 	struct libnet_tcp_hdr *tcp;
+--- dsniff-2.4b1/trigger.h		2001-03-15 10:33:06.000000000 +0200
++++ dsniff-2.4b1/trigger.h.libnet_11	2006-06-09 13:35:29.000000000 +0300
+@@ -24,10 +24,10 @@
+ int	trigger_set_tcp(int port, char *name);
+ int	trigger_set_rpc(int program, char *name);
+ 
+-void	trigger_ip(struct libnet_ip_hdr *ip);
+-void	trigger_udp(struct libnet_ip_hdr *ip);
++void	trigger_ip(struct libnet_ipv4_hdr *ip);
++void	trigger_udp(struct libnet_ipv4_hdr *ip);
+ void	trigger_tcp(struct tcp_stream *ts, void **conn_save);
+-void	trigger_tcp_raw(struct libnet_ip_hdr *ip);
++void	trigger_tcp_raw(struct libnet_ipv4_hdr *ip);
+ void	trigger_tcp_raw_timeout(int signal);
+ void	trigger_rpc(int program, int proto, int port);
+ 
+--- dsniff-2.4b1/urlsnarf.c		2006-06-09 13:35:29.000000000 +0300
++++ dsniff-2.4b1/urlsnarf.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
+@@ -145,14 +145,14 @@
+ 		if (user == NULL)
+ 			user = "-";
+ 		if (vhost == NULL)
+-			vhost = libnet_host_lookup(addr->daddr, Opt_dns);
++			vhost = libnet_addr2name4(addr->daddr, Opt_dns);
+ 		if (referer == NULL)
+ 			referer = "-";
+ 		if (agent == NULL)
+ 			agent = "-";
+ 		
+ 		printf("%s - %s [%s] \"%s http://%s%s\" - - \"%s\" \"%s\"\n",
+-		       libnet_host_lookup(addr->saddr, Opt_dns),
++		       libnet_addr2name4(addr->saddr, Opt_dns),
+ 		       user, timestamp(), req, vhost, uri, referer, agent);
+ 	}
+ 	fflush(stdout);
+--- dsniff-2.4b1/webmitm.c		2001-03-17 10:35:05.000000000 +0200
++++ dsniff-2.4b1/webmitm.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
+@@ -242,7 +242,7 @@
+ 			word = buf_tok(&msg, "/", 1);
+ 			vhost = buf_strdup(word);
+ 		}
+-		ssin.sin_addr.s_addr = libnet_name_resolve(vhost, 1);
++		ssin.sin_addr.s_addr = libnet_name2addr4(NULL, vhost, 1);
+ 		free(vhost);
+ 		
+ 		if (ssin.sin_addr.s_addr == ntohl(INADDR_LOOPBACK) ||
+@@ -510,7 +510,7 @@
+ 	argv += optind;
+ 
+ 	if (argc == 1) {
+-		if ((static_host = libnet_name_resolve(argv[0], 1)) == -1)
++		if ((static_host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
+ 			usage();
+ 	}
+ 	else if (argc != 0) usage();
+--- dsniff-2.4b1/webspy.c		2006-06-09 13:35:29.000000000 +0300
++++ dsniff-2.4b1/webspy.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
+@@ -126,7 +126,7 @@
+ 		if (auth == NULL)
+ 			auth = "";
+ 		if (vhost == NULL)
+-			vhost = libnet_host_lookup(addr->daddr, 0);
++			vhost = libnet_addr2name4(addr->daddr, 0);
+ 		
+ 		snprintf(cmd, sizeof(cmd), "openURL(http://%s%s%s%s)",
+ 			 auth, *auth ? "@" : "", vhost, uri);
+@@ -205,7 +205,7 @@
+ 	cmdtab[0] = cmd;
+ 	cmdtab[1] = NULL;
+ 	
+-	if ((host = libnet_name_resolve(argv[0], 1)) == -1)
++	if ((host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
+ 		errx(1, "unknown host");
+ 	
+ 	if ((dpy = XOpenDisplay(NULL)) == NULL)

dsniff-2.4-mailsnarf_corrupt.patch

@@ -0,0 +1,15 @@
+Patch by Steve Kemp <skx@debian.org> for dsniff >= 2.4b1, which fixes a
+bug in mailsnarf that caused not to parse every mail correctly. For further
+information, please have a look to Debian bug ID #149330.
+
+--- dsniff-2.4b1/mailsnarf.c		2005-06-23 03:30:37.000000000 +0000
++++ dsniff-2.4b1/mailsnarf.c.mailsnarf	2005-06-23 04:05:16.000000000 +0000
+@@ -178,7 +178,7 @@
+ 	if (smtp->state != SMTP_DATA) {
+ 		while ((i = buf_index(&buf, "\r\n", 2)) >= 0) {
+ 			line = buf_tok(&buf, NULL, i + 2);
+-			line->base[line->end] = '\0';
++			line->base[line->end-1] = '\0';
+ 			p = buf_ptr(line);
+ 			
+ 			if (strncasecmp(p, "RSET", 4) == 0) {

dsniff-2.4-multiple_intf.patch

@@ -0,0 +1,54 @@
+Patch by Steve Kemp <skx@debian.org> for dsniff >= 2.4b1, which adds a fix
+to work with multiple interfaces. For further information, please have a
+look to Debian bug ID #242369.
+
+--- dsniff-2.4b1/arp.c			2005-06-23 03:30:37.000000000 +0000
++++ dsniff-2.4b1/arp.c.multiple_intf	2005-06-23 04:09:05.000000000 +0000
+@@ -39,7 +39,7 @@
+ 
+ #ifdef BSD
+ int
+-arp_cache_lookup(in_addr_t ip, struct ether_addr *ether)
++arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* linf)
+ {
+ 	int mib[6];
+ 	size_t len;
+@@ -91,7 +91,7 @@
+ #endif
+ 
+ int
+-arp_cache_lookup(in_addr_t ip, struct ether_addr *ether)
++arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* lif)
+ {
+ 	int sock;
+ 	struct arpreq ar;
+@@ -99,7 +99,7 @@
+ 	
+ 	memset((char *)&ar, 0, sizeof(ar));
+ #ifdef __linux__
+-	strncpy(ar.arp_dev, "eth0", sizeof(ar.arp_dev));   /* XXX - *sigh* */
++	strncpy(ar.arp_dev, lif, strlen(lif));
+ #endif
+ 	sin = (struct sockaddr_in *)&ar.arp_pa;
+ 	sin->sin_family = AF_INET;
+--- dsniff-2.4b1/arp.h			2005-06-23 03:30:37.000000000 +0000
++++ dsniff-2.4b1/arp.h.multiple_intf	2005-06-23 04:09:07.000000000 +0000
+@@ -11,6 +11,6 @@
+ #ifndef _ARP_H_
+ #define _ARP_H_
+ 
+-int	arp_cache_lookup(in_addr_t ip, struct ether_addr *ether);
++int	arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* linf);
+ 
+ #endif /* _ARP_H_ */
+--- dsniff-2.4b1/arpspoof.c		2005-06-23 03:30:37.000000000 +0000
++++ dsniff-2.4b1/arpspoof.c.mltpl_intf	2005-06-23 04:08:41.000000000 +0000
+@@ -113,7 +113,7 @@
+ 	int i = 0;
+ 
+ 	do {
+-		if (arp_cache_lookup(ip, mac) == 0)
++		if (arp_cache_lookup(ip, mac, intf) == 0)
+ 			return (1);
+ #ifdef __linux__
+ 		/* XXX - force the kernel to arp. feh. */

dsniff-2.4-obsolete_time.patch

@@ -0,0 +1,34 @@
+Patch by Luciano Bello <luciano@linux.org.ar> for dsniff >= 2.4b1, which
+changes according to /usr/include/time.h, CLK_TCK is the "obsolete POSIX.1-
+1988 name" for CLOCKS_PER_SEC. For further information, please have a look
+to Debian bug ID #420944.
+
+--- dsniff-2.4b1/sshow.c		2007-06-22 15:48:00.000000000 -0300
++++ dsniff-2.4b1/sshow.c.obsolete_time	2007-08-10 19:03:30.000000000 -0300
+@@ -222,7 +222,7 @@
+ 	if (debug)
+ 		printf("- %s -> %s: DATA (%s bytes, %.2f seconds)\n",
+ 			s_saddr(ts), s_daddr(ts), s_range(plain_range),
+-			(float)delay / CLK_TCK);
++			(float)delay / CLOCKS_PER_SEC);
+ 	if (debug > 1)
+ 		print_data(&ts->server, cipher_size);
+ 
+@@ -270,7 +270,7 @@
+ 	if (debug)
+ 		printf("- %s <- %s: DATA (%s bytes, %.2f seconds)\n",
+ 		       s_saddr(ts), s_daddr(ts), s_range(plain_range),
+-		       (float)delay / CLK_TCK);
++		       (float)delay / CLOCKS_PER_SEC);
+ 	if (debug > 1)
+ 		print_data(&ts->client, cipher_size);
+ 	
+@@ -299,7 +299,7 @@
+ 	
+ 	if (session->state == 1 &&
+ #ifdef USE_TIMING
+-	    now - get_history(session, 2)->timestamp >= CLK_TCK &&
++	    now - get_history(session, 2)->timestamp >= CLOCKS_PER_SEC &&
+ #endif
+ 	    session->protocol == 1 &&
+ 	    (session->history.directions & 7) == 5 &&

dsniff-2.4-openssl_098.patch

@@ -0,0 +1,13 @@
+Patch by <kees@ubuntu.com> for dsniff >= 2.4b1, which includes a missing
+header file to make it building.
+
+--- dsniff-2.4b1/ssh.c			2006-10-12 13:21:57.000000000 -0700
++++ dsniff-2.4b1/ssh.c.openssl_098	2006-10-12 13:22:46.441893077 -0700
+@@ -16,6 +16,7 @@
+ #include <openssl/ssl.h>
+ #include <openssl/err.h>
+ #include <openssl/rand.h>
++#include <openssl/md5.h>
+ 
+ #include <err.h>
+ #include <errno.h>

dsniff-2.4-pcap_read_dump.patch

@@ -0,0 +1,531 @@
+Patch by Joseph Battaglia <sephail@sephail.net> and Joshua Krage
+<jkrage@guisarme.us> for dsniff >= 2.4b1, which allows the reading of
+saved PCAP capture files. For further information, please have a look
+to Debian bug ID #153462 and #298604.
+
+--- dsniff-2.4b1/dsniff.8		2005-07-11 20:41:14.000000000 +0000
++++ dsniff-2.4b1/dsniff.8.pcap_dump	2005-07-11 20:41:18.000000000 +0000
+@@ -10,7 +10,7 @@
+ .nf
+ .fi
+ \fBdsniff\fR [\fB-c\fR] [\fB-d\fR] [\fB-m\fR] [\fB-n\fR] [\fB-i
+-\fIinterface\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
++\fIinterface\fR | \fB-p \fIpcapfile\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
+ [\fB-t \fItrigger[,...]\fR]]
+ [\fB-r\fR|\fB-w\fR \fIsavefile\fR] [\fIexpression\fR]
+ .SH DESCRIPTION
+@@ -45,6 +45,9 @@
+ Do not resolve IP addresses to hostnames.
+ .IP "\fB-i \fIinterface\fR"
+ Specify the interface to listen on.
++.IP "\fB-p \fIpcapfile\fR"
++Rather than processing the contents of packets observed upon the network 
++process the given PCAP capture file.
+ .IP "\fB-s \fIsnaplen\fR"
+ Analyze at most the first \fIsnaplen\fR bytes of each TCP connection,
+ rather than the default of 1024.
+--- dsniff-2.4b1/dsniff.c		2005-07-11 20:41:14.000000000 +0000
++++ dsniff-2.4b1/dsniff.c.pcap_dump	2005-07-11 20:41:18.000000000 +0000
+@@ -46,8 +46,9 @@
+ usage(void)
+ {
+ 	fprintf(stderr, "Version: " VERSION "\n"
+-		"Usage: dsniff [-cdmn] [-i interface] [-s snaplen] [-f services]\n"
+-		"              [-t trigger[,...]] [-r|-w savefile] [expression]\n");
++		"Usage: dsniff [-cdmn] [-i interface | -p pcapfile] [-s snaplen]\n"
++		"              [-f services] [-t trigger[,...]] [-r|-w savefile]\n"
++		"              [expression]\n");
+ 	exit(1);
+ }
+ 
+@@ -79,7 +80,7 @@
+ 
+ 	services = savefile = triggers = NULL;
+ 	
+-	while ((c = getopt(argc, argv, "cdf:i:mnr:s:t:w:h?V")) != -1) {
++	while ((c = getopt(argc, argv, "cdf:i:mnp:r:s:t:w:h?V")) != -1) {
+ 		switch (c) {
+ 		case 'c':
+ 			Opt_client = 1;
+@@ -99,6 +100,9 @@
+ 		case 'n':
+ 			Opt_dns = 0;
+ 			break;
++		case 'p':
++			nids_params.filename = optarg;
++			break;
+ 		case 'r':
+ 			Opt_read = 1;
+ 			savefile = optarg;
+@@ -168,10 +172,23 @@
+ 	else nids_register_tcp(trigger_tcp);
+ 	
+ 	if (nids_params.pcap_filter != NULL) {
+-		warnx("listening on %s [%s]", nids_params.device,
+-		      nids_params.pcap_filter);
++		if (nids_params.filename == NULL) {
++			warnx("listening on %s [%s]", nids_params.device,
++		        nids_params.pcap_filter);
++		}
++		else {
++			warnx("using %s [%s]", nids_params.filename,
++		        nids_params.pcap_filter);
++		}
++	}
++	else {
++		if (nids_params.filename == NULL) {
++			warnx("listening on %s", nids_params.device);
++		}
++		else {
++			warnx("using %s", nids_params.filename);
++		}
+ 	}
+-	else warnx("listening on %s", nids_params.device);
+ 	
+ 	nids_run();
+ 	
+--- dsniff-2.4b1/filesnarf.8		2005-07-11 20:41:14.000000000 +0000
++++ dsniff-2.4b1/filesnarf.8.pcap_dump	2005-07-11 20:41:18.000000000 +0000
+@@ -9,7 +9,7 @@
+ .na
+ .nf
+ .fi
+-\fBfilesnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
++\fBfilesnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+ .SH DESCRIPTION
+ .ad
+ .fi
+@@ -18,6 +18,8 @@
+ .SH OPTIONS
+ .IP "\fB-i \fIinterface\fR"
+ Specify the interface to listen on.
++.IP "\fB-p \fIpcapfile\fR"
++Process packets from the specified PCAP capture file instead of the network.
+ .IP \fB-v\fR
+ "Versus" mode. Invert the sense of matching, to select non-matching
+ files.
+--- dsniff-2.4b1/filesnarf.c		2005-07-11 20:41:14.000000000 +0000
++++ dsniff-2.4b1/filesnarf.c.pcap_dump	2005-07-11 20:41:18.000000000 +0000
+@@ -51,7 +51,7 @@
+ usage(void)
+ {
+ 	fprintf(stderr, "Version: " VERSION "\n"
+-		"Usage: filesnarf [-i interface] [[-v] pattern [expression]]\n");
++		"Usage: filesnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
+ 	exit(1);
+ }
+ 
+@@ -464,11 +464,14 @@
+ 	extern int optind;
+ 	int c;
+ 
+-	while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
++	while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
+ 		switch (c) {
+ 		case 'i':
+ 			nids_params.device = optarg;
+ 			break;
++		case 'p':
++			nids_params.filename = optarg;
++			break;
+ 		case 'v':
+ 			Opt_invert = 1;
+ 			break;
+@@ -498,11 +501,24 @@
+ 	nids_register_ip(decode_udp_nfs);
+ 	nids_register_tcp(decode_tcp_nfs);
+ 
+-	if (nids_params.pcap_filter != NULL) {
+-		warnx("listening on %s [%s]", nids_params.device,
+-		      nids_params.pcap_filter);
+-	}
+-	else warnx("listening on %s", nids_params.device);
++        if (nids_params.pcap_filter != NULL) {
++                if (nids_params.filename == NULL) {
++                        warnx("listening on %s [%s]", nids_params.device,
++                              nids_params.pcap_filter);
++                }
++                else {
++                        warnx("using %s [%s]", nids_params.filename,
++                              nids_params.pcap_filter);
++                }
++        }
++        else {
++                if (nids_params.filename == NULL) {
++                        warnx("listening on %s", nids_params.device);
++                }
++                else {
++                        warnx("using %s", nids_params.filename);
++                }
++        }
+ 
+ 	nids_run();
+ 
+--- dsniff-2.4b1/mailsnarf.8		2005-07-11 20:41:14.000000000 +0000
++++ dsniff-2.4b1/mailsnarf.8.pcap_dump	2005-07-11 20:41:18.000000000 +0000
+@@ -9,7 +9,7 @@
+ .na
+ .nf
+ .fi
+-\fBmailsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
++\fBmailsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+ .SH DESCRIPTION
+ .ad
+ .fi
+@@ -19,6 +19,8 @@
+ .SH OPTIONS
+ .IP "\fB-i \fIinterface\fR"
+ Specify the interface to listen on.
++.IP "\fB-p \fIpcapfile\fR"
++Process packets from the specified PCAP capture file instead of the network.
+ .IP \fB-v\fR
+ "Versus" mode. Invert the sense of matching, to select non-matching
+ messages.
+--- dsniff-2.4b1/mailsnarf.c		2005-07-11 20:41:18.000000000 +0000
++++ dsniff-2.4b1/mailsnarf.c.pcap_dump	2005-07-11 20:41:18.000000000 +0000
+@@ -59,7 +59,7 @@
+ usage(void)
+ {
+ 	fprintf(stderr, "Version: " VERSION "\n"
+-		"Usage: mailsnarf [-i interface] [[-v] pattern [expression]]\n");
++		"Usage: mailsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
+ 	exit(1);
+ }
+ 
+@@ -344,11 +344,14 @@
+ 	extern int optind;
+ 	int c;
+ 	
+-	while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
++	while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
+ 		switch (c) {
+ 		case 'i':
+ 			nids_params.device = optarg;
+ 			break;
++                case 'p':
++                        nids_params.filename = optarg;
++                        break;
+ 		case 'v':
+ 			Opt_invert = 1;
+ 			break;
+@@ -378,10 +381,23 @@
+ 	nids_register_tcp(sniff_pop_session);
+ 
+ 	if (nids_params.pcap_filter != NULL) {
+-		warnx("listening on %s [%s]", nids_params.device,
+-		      nids_params.pcap_filter);
++                if (nids_params.filename == NULL) {
++		        warnx("listening on %s [%s]", nids_params.device,
++		              nids_params.pcap_filter);
++                }
++                else {
++		        warnx("using %s [%s]", nids_params.filename,
++		              nids_params.pcap_filter);
++                }
+ 	}
+-	else warnx("listening on %s", nids_params.device);
++	else {
++                if (nids_params.filename == NULL) {
++                    warnx("listening on %s", nids_params.device);
++                }
++                else {
++                    warnx("using %s", nids_params.filename);
++                }
++        }
+ 	
+ 	nids_run();
+ 	
+--- dsniff-2.4b1/msgsnarf.8		2005-07-11 20:41:14.000000000 +0000
++++ dsniff-2.4b1/msgsnarf.8.pcap_dump	2005-07-11 20:41:18.000000000 +0000
+@@ -9,7 +9,7 @@
+ .na
+ .nf
+ .fi
+-\fBmsgsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
++\fBmsgsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+ .SH DESCRIPTION
+ .ad
+ .fi
+@@ -19,6 +19,8 @@
+ .SH OPTIONS
+ .IP "\fB-i \fIinterface\fR"
+ Specify the interface to listen on.
++.IP "\fB-p \fIpcapfile\fR"
++Process packets from the specified PCAP capture file instead of the network.
+ .IP \fB-v\fR
+ "Versus" mode. Invert the sense of matching, to select non-matching
+ messages.
+--- dsniff-2.4b1/msgsnarf.c		2005-07-11 20:41:18.000000000 +0000
++++ dsniff-2.4b1/msgsnarf.c.pcap_dump	2005-07-11 20:41:18.000000000 +0000
+@@ -45,7 +45,7 @@
+ usage(void)
+ {
+ 	fprintf(stderr, "Version: " VERSION "\n"
+-		"Usage: msgsnarf [-i interface] [[-v] pattern [expression]]\n");
++		"Usage: msgsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
+ 	exit(1);
+ }
+ 
+@@ -633,11 +633,14 @@
+ 	extern int optind;
+ 	int c;
+ 	
+-	while ((c = getopt(argc, argv, "i:hv?V")) != -1) {
++	while ((c = getopt(argc, argv, "i:p:hv?V")) != -1) {
+ 		switch (c) {
+ 		case 'i':
+ 			nids_params.device = optarg;
+ 			break;
++		case 'p':
++			nids_params.filename = optarg;
++			break;
+ 		case 'v':
+ 			Opt_invert = 1;
+ 			break;
+@@ -666,11 +669,24 @@
+ 	
+ 	nids_register_tcp(sniff_msgs);
+ 
+-	if (nids_params.pcap_filter != NULL) {
+-		warnx("listening on %s [%s]", nids_params.device,
+-		      nids_params.pcap_filter);
+-	}
+-	else warnx("listening on %s", nids_params.device);
++        if (nids_params.pcap_filter != NULL) {
++                if (nids_params.filename == NULL) {
++                        warnx("listening on %s [%s]", nids_params.device,
++                              nids_params.pcap_filter);
++                }
++                else {
++                        warnx("using %s [%s]", nids_params.filename,
++                              nids_params.pcap_filter);
++                }
++        }
++        else {
++                if (nids_params.filename == NULL) {
++                    warnx("listening on %s", nids_params.device);
++                }
++                else {
++                    warnx("using %s", nids_params.filename);
++                }
++        }
+ 
+ 	nids_run();
+ 	
+--- dsniff-2.4b1/sshow.8		2005-07-11 20:41:14.000000000 +0000
++++ dsniff-2.4b1/sshow.8.pcap_dump	2005-07-11 20:41:18.000000000 +0000
+@@ -9,7 +9,7 @@
+ .na
+ .nf
+ .fi
+-\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR] [\fIexpression\fR]
++\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [\fIexpression\fR]
+ .SH DESCRIPTION
+ .ad
+ .fi
+@@ -28,6 +28,8 @@
+ Enable verbose debugging output.
+ .IP "\fB-i \fIinterface\fR"
+ Specify the interface to listen on.
++.IP "\fB-p \fIpcapfile\fR"
++Process packets from the specified PCAP capture file instead of the network.
+ .IP "\fIexpression\fR"
+ Specify a tcpdump(8) filter expression to select traffic to sniff.
+ .SH "SEE ALSO"
+--- dsniff-2.4b1/sshow.c		2005-07-11 20:41:18.000000000 +0000
++++ dsniff-2.4b1/sshow.c.pcap_dump	2005-07-11 20:41:18.000000000 +0000
+@@ -82,7 +82,7 @@
+ static void
+ usage(void)
+ {
+-	fprintf(stderr, "Usage: sshow [-d] [-i interface]\n");
++	fprintf(stderr, "Usage: sshow [-d] [-i interface | -p pcapfile]\n");
+ 	exit(1);
+ }
+ 
+@@ -616,7 +616,7 @@
+ 	extern int optind;
+ 	int c;
+ 	
+-	while ((c = getopt(argc, argv, "di:h?")) != -1) {
++	while ((c = getopt(argc, argv, "di:p:h?")) != -1) {
+ 		switch (c) {
+ 		case 'd':
+ 			debug++;
+@@ -624,6 +624,9 @@
+ 		case 'i':
+ 			nids_params.device = optarg;
+ 			break;
++		case 'p':
++			nids_params.filename = optarg;
++			break;
+ 		default:
+ 			usage();
+ 			break;
+@@ -652,11 +655,24 @@
+ 	
+ 	nids_register_tcp(process_event);
+ 
+-	if (nids_params.pcap_filter != NULL) {
+-		warnx("listening on %s [%s]", nids_params.device,
+-		      nids_params.pcap_filter);
+-	}
+-	else warnx("listening on %s", nids_params.device);
++        if (nids_params.pcap_filter != NULL) {
++                if (nids_params.filename == NULL) {
++                        warnx("listening on %s [%s]", nids_params.device,
++                              nids_params.pcap_filter);
++                }
++                else {
++                        warnx("using %s [%s]", nids_params.filename,
++                              nids_params.pcap_filter);
++                }
++        }
++        else {
++                if (nids_params.filename == NULL) {
++                    warnx("listening on %s", nids_params.device);
++                }
++                else {
++                    warnx("using %s", nids_params.filename);
++                }
++        }
+ 
+ 	nids_run();
+ 	
+--- dsniff-2.4b1/urlsnarf.8		2005-07-11 20:41:14.000000000 +0000
++++ dsniff-2.4b1/urlsnarf.8.pcap_dump	2005-07-11 20:41:18.000000000 +0000
+@@ -9,7 +9,7 @@
+ .na
+ .nf
+ .fi
+-\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR]  [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
++\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR]  [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+ .SH DESCRIPTION
+ .ad
+ .fi
+@@ -21,6 +21,9 @@
+ .IP \fB-n\fR
+ Do not resolve IP addresses to hostnames.
+ .IP "\fB-i \fIinterface\fR"
++Specify the interface to listen on.
++.IP "\fB-p \fIpcapfile\fR"
++Process packets from the specified PCAP capture file instead of the network.
+ .IP \fB-v\fR
+ "Versus" mode. Invert the sense of matching, to select non-matching
+ URLs.
+--- dsniff-2.4b1/urlsnarf.c		2005-07-11 20:41:14.000000000 +0000
++++ dsniff-2.4b1/urlsnarf.c.pcap_dump	2005-07-11 20:41:18.000000000 +0000
+@@ -41,7 +41,7 @@
+ usage(void)
+ {
+ 	fprintf(stderr, "Version: " VERSION "\n"
+-		"Usage: urlsnarf [-n] [-i interface] [[-v] pattern [expression]]\n");
++		"Usage: urlsnarf [-n] [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
+ 	exit(1);
+ }
+ 
+@@ -201,11 +201,14 @@
+ 	extern int optind;
+ 	int c;
+ 	
+-	while ((c = getopt(argc, argv, "i:nvh?V")) != -1) {
++	while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) {
+ 		switch (c) {
+ 		case 'i':
+ 			nids_params.device = optarg;
+ 			break;
++		case 'p':
++			nids_params.filename = optarg;
++			break;
+ 		case 'n':
+ 			Opt_dns = 0;
+ 			break;
+@@ -238,8 +241,24 @@
+ 	
+ 	nids_register_tcp(sniff_http_client);
+ 
+-	warnx("listening on %s [%s]", nids_params.device,
+-	      nids_params.pcap_filter);
++        if (nids_params.pcap_filter != NULL) {
++                if (nids_params.filename == NULL) {
++                        warnx("listening on %s [%s]", nids_params.device,
++                              nids_params.pcap_filter);
++                }
++                else {
++                        warnx("using %s [%s]", nids_params.filename,
++                              nids_params.pcap_filter);
++                }
++        }
++        else {
++                if (nids_params.filename == NULL) {
++                    warnx("listening on %s", nids_params.device);
++                }
++                else {
++                    warnx("using %s", nids_params.filename);
++                }
++        }
+ 
+ 	nids_run();
+ 	
+--- dsniff-2.4b1/webspy.8		2005-07-11 20:41:14.000000000 +0000
++++ dsniff-2.4b1/webspy.8.pcap_dump	2005-07-11 20:41:18.000000000 +0000
+@@ -9,7 +9,7 @@
+ .na
+ .nf
+ .fi
+-\fBwebspy\fR [\fB-i \fIinterface\fR] \fIhost\fR
++\fBwebspy\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] \fIhost\fR
+ .SH DESCRIPTION
+ .ad
+ .fi
+@@ -20,6 +20,8 @@
+ .SH OPTIONS
+ .IP "\fB-i \fIinterface\fR"
+ Specify the interface to listen on.
++.IP "\fB-p \fIpcapfile\fR"
++Process packets from the specified PCAP capture file instead of the network.
+ .IP \fIhost\fR
+ Specify the web client to spy on.
+ .SH "SEE ALSO"
+--- dsniff-2.4b1/webspy.c		2005-07-11 20:41:14.000000000 +0000
++++ dsniff-2.4b1/webspy.c.pcap_dump	2005-07-11 20:41:18.000000000 +0000
+@@ -42,7 +42,7 @@
+ usage(void)
+ {
+ 	fprintf(stderr, "Version: " VERSION "\n"
+-		"Usage: %s [-i interface] host\n", progname);
++		"Usage: %s [-i interface | -p pcapfile] host\n", progname);
+ 	exit(1);
+ }
+ 
+@@ -184,11 +184,14 @@
+ 	extern int optind;
+ 	int c;
+ 	
+-	while ((c = getopt(argc, argv, "i:h?V")) != -1) {
++	while ((c = getopt(argc, argv, "i:p:h?V")) != -1) {
+ 		switch (c) {
+ 		case 'i':
+ 			nids_params.device = optarg;
+ 			break;
++		case 'p':
++			nids_params.filename = optarg;
++			break;
+ 		default:
+ 			usage();
+ 		}
+@@ -216,7 +219,13 @@
+ 	
+ 	nids_register_tcp(sniff_http_client);
+ 
+-	warnx("listening on %s", nids_params.device);
++        if (nids_params.filename == NULL) {
++                warnx("listening on %s", nids_params.device);
++        }
++        else {
++                warnx("using %s", nids_params.filename);
++        }
++
+ 
+ 	nids_run();
+ 	

dsniff-2.4-pop_with_version.patch

@@ -0,0 +1,28 @@
+Patch by Luciano Bello <luciano@linux.org.ar> for dsniff >= 2.4b1, which
+allows to distinguish between different POP versions.
+
+--- dsniff-2.4b1/decode.c		2007-08-11 18:43:41.000000000 -0300
++++ dsniff-2.4b1/decode.c.pop_version	2007-08-11 19:01:08.000000000 -0300
+@@ -63,7 +63,8 @@
+ 	{ "http",	decode_http },
+ 	{ "ospf",	decode_ospf },
+ 	{ "poppass",	decode_poppass },
+-	{ "pop",	decode_pop },
++	{ "pop2",	decode_pop },
++	{ "pop3",	decode_pop },
+ 	{ "nntp",	decode_nntp },
+ 	{ "smb",	decode_smb },
+ 	{ "imap",	decode_imap },
+--- dsniff-2.4b1/dsniff.services	2007-08-11 18:43:41.000000000 -0300
++++ dsniff-2.4b1/dsniff.services.pop	2007-08-11 19:00:21.000000000 -0300
+@@ -10,8 +10,8 @@
+ ospf		89/ip
+ http		98/tcp
+ poppass		106/tcp
+-pop		109/tcp
+-pop		110/tcp
++pop2		109/tcp
++pop3		110/tcp
+ portmap		111/tcp
+ portmap		-111/tcp
+ portmap		111/udp

dsniff-2.4-sshcrypto.patch

@@ -0,0 +1,14 @@
+Patch by Steve Kemp <skx@debian.org> for dsniff >= 2.4b1, which adds the
+missing OpenSSL includes for header files.
+
+--- dsniff-2.4b1/sshcrypto.c		2006-11-02 23:41:11.000000000 -0300
++++ dsniff-2.4b1/sshcrypto.c.sshcrypto	2006-11-02 23:41:55.000000000 -0300
+@@ -14,6 +14,8 @@
+ 
+ #include <sys/types.h>
+ #include <openssl/ssl.h>
++#include <openssl/blowfish.h>
++#include <openssl/des.h>
+ 
+ #include <err.h>
+ #include <stdio.h>

dsniff-2.4-string_header.patch

@@ -0,0 +1,164 @@
+Patch by Luciano Bello <luciano@linux.org.ar> for dsniff >= 2.4b1, which
+adds missing includes of the string header file.
+
+--- dsniff-2.4b1/arp.c			2007-06-17 16:22:49.000000000 -0300
++++ dsniff-2.4b1/arp.c.string_header	2007-06-17 16:22:49.000000000 -0300
+@@ -34,6 +34,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <unistd.h>
++#include <string.h>
+ 
+ #include "arp.h"
+ 
+--- dsniff-2.4b1/buf.c			2007-06-17 16:22:39.000000000 -0300
++++ dsniff-2.4b1/buf.c.string_header	2007-06-17 16:22:49.000000000 -0300
+@@ -17,6 +17,7 @@
+ #include <unistd.h>
+ #include <ctype.h>
+ #include <err.h>
++#include <string.h>
+ 
+ #include "buf.h"
+ 
+--- dsniff-2.4b1/decode_nntp.c		2007-06-17 16:22:39.000000000 -0300
++++ dsniff-2.4b1/decode_nntp.c.string	2007-06-17 16:22:49.000000000 -0300
+@@ -15,6 +15,7 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
++#include <strlcat.h>
+ 
+ #include "base64.h"
+ #include "decode.h"
+--- dsniff-2.4b1/decode_pop.c		2007-06-17 16:22:39.000000000 -0300
++++ dsniff-2.4b1/decode_pop.c.string	2007-06-17 16:22:49.000000000 -0300
+@@ -14,6 +14,7 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
++#include <strlcat.h>
+ 
+ #include "base64.h"
+ #include "options.h"
+--- dsniff-2.4b1/decode_rlogin.c	2007-06-17 16:22:39.000000000 -0300
++++ dsniff-2.4b1/decode_rlogin.c.string	2007-06-17 16:22:49.000000000 -0300
+@@ -14,6 +14,8 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
++#include <strlcpy.h>
++#include <strlcat.h>
+ 
+ #include "options.h"
+ #include "decode.h"
+--- dsniff-2.4b1/decode_smb.c		2007-06-17 16:22:39.000000000 -0300
++++ dsniff-2.4b1/decode_smb.c.string	2007-06-17 16:22:49.000000000 -0300
+@@ -15,6 +15,7 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
++#include <strlcat.h>
+ 
+ #include "decode.h"
+ 
+--- dsniff-2.4b1/decode_smtp.c		2007-06-17 16:22:39.000000000 -0300
++++ dsniff-2.4b1/decode_smtp.c.string	2007-06-17 16:22:49.000000000 -0300
+@@ -14,6 +14,7 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
++#include <strlcat.h>
+ 
+ #include "base64.h"
+ #include "options.h"
+--- dsniff-2.4b1/decode_sniffer.c	2007-06-17 16:22:39.000000000 -0300
++++ dsniff-2.4b1/decode_sniffer.c.str	2007-06-17 16:22:49.000000000 -0300
+@@ -15,6 +15,8 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
++#include <strlcat.h>
++#include <strlcpy.h>
+ 
+ #include "base64.h"
+ #include "decode.h"
+--- dsniff-2.4b1/decode_socks.c		2007-06-17 16:22:39.000000000 -0300
++++ dsniff-2.4b1/decode_socks.c.string	2007-06-17 16:22:49.000000000 -0300
+@@ -14,6 +14,7 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
++#include <strlcat.h>
+ 
+ #include "decode.h"
+ 
+--- dsniff-2.4b1/decode_tds.c		2007-06-17 16:22:39.000000000 -0300
++++ dsniff-2.4b1/decode_tds.c.string	2007-06-17 16:22:49.000000000 -0300
+@@ -18,6 +18,7 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
++#include <strlcat.h>
+ 
+ #include "decode.h"
+ 
+--- dsniff-2.4b1/decode_telnet.c	2007-06-17 16:22:39.000000000 -0300
++++ dsniff-2.4b1/decode_telnet.c.string	2007-06-17 16:22:49.000000000 -0300
+@@ -14,6 +14,7 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
++#include <strlcpy.h>
+ 
+ #include "options.h"
+ #include "decode.h"
+--- dsniff-2.4b1/decode_x11.c		2007-06-17 16:22:39.000000000 -0300
++++ dsniff-2.4b1/decode_x11.c.string	2007-06-17 16:22:49.000000000 -0300
+@@ -14,6 +14,8 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
++#include <strlcat.h>
++#include <strlcpy.h>
+ 
+ #include "decode.h"
+ 
+--- dsniff-2.4b1/dnsspoof.c		2007-06-17 16:22:49.000000000 -0300
++++ dsniff-2.4b1/dnsspoof.c.string	2007-06-17 16:22:49.000000000 -0300
+@@ -20,6 +20,7 @@
+ #include <stdlib.h>
+ #include <signal.h>
+ #include <string.h>
++#include <strlcpy.h>
+ #include <resolv.h>
+ #include <err.h>
+ #include <libnet.h>
+--- dsniff-2.4b1/magic.c		2007-06-17 16:22:39.000000000 -0300
++++ dsniff-2.4b1/magic.c.string_header	2007-06-17 16:22:49.000000000 -0300
+@@ -36,6 +36,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <strlcpy.h>
+ #include <ctype.h>
+ #include <time.h>
+ #include <err.h>
+--- dsniff-2.4b1/sshmitm.c		2007-06-17 16:22:49.000000000 -0300
++++ dsniff-2.4b1/sshmitm.c.string	2007-06-17 16:22:49.000000000 -0300
+@@ -24,6 +24,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <unistd.h>
++#include <strlcat.h>
+ 
+ #include "buf.h"
+ #include "record.h"
+--- dsniff-2.4b1/missing/strlcat.h	1969-12-31 21:00:00.000000000 -0300
++++ dsniff-2.4b1/missing/strlcat.h.str	2007-06-17 16:22:49.000000000 -0300
+@@ -0,0 +1 @@
++size_t strlcat(char *dst, const char *src, size_t siz);
+--- dsniff-2.4b1/missing/strlcpy.h	1969-12-31 21:00:00.000000000 -0300
++++ dsniff-2.4b1/missing/strlcpy.h.str	2007-06-17 16:22:49.000000000 -0300
+@@ -0,0 +1 @@
++size_t strlcpy(char *dst, const char *src, size_t siz);

dsniff-2.4-sysconf_clocks.patch

@@ -0,0 +1,20 @@
+Patch by <kees@ubuntu.com> for dsniff >= 2.4b1, which adds a clock fix.
+
+--- dsniff-2.4b1/sshow.c		2001-03-18 22:52:15.000000000 -0800
++++ dsniff-2.4b1/sshow.c.sysconf_clocks	2006-10-12 13:24:29.299111443 -0700
+@@ -216,6 +216,7 @@
+ {
+ 	clock_t delay;
+ 	int payload;
++    long CLK_TCK= sysconf(_SC_CLK_TCK);
+ 
+ 	delay = add_history(session, 0, cipher_size, plain_range);
+ 
+@@ -264,6 +265,7 @@
+ 	clock_t delay;
+ 	int skip;
+ 	range string_range;
++    long CLK_TCK= sysconf(_SC_CLK_TCK);
+ 	
+ 	delay = add_history(session, 1, cipher_size, plain_range);
+ 	

dsniff-2.4-time_h.patch

@@ -0,0 +1,24 @@
+Patch by Steve Kemp <skx@debian.org> for dsniff >= 2.4b1, which adds an
+include of <time.h> to fix a segfault on some architectures. For further
+information, please have a look to Debian bug ID #315969.
+
+--- dsniff-2.4b1/msgsnarf.c		2001-03-15 08:33:04.000000000 +0000
++++ dsniff-2.4b1/msgsnarf.c.time_h	2005-07-11 20:15:50.000000000 +0000
+@@ -23,6 +23,7 @@
+ #include <nids.h>
+ #include <pcap.h>
+ #include <pcaputil.h>
++#include <time.h>
+ 
+ #include "buf.h"
+ #include "decode.h"
+--- dsniff-2.4b1/sshow.c		2005-07-11 20:14:19.000000000 +0000
++++ dsniff-2.4b1/sshow.c.time_h		2005-07-11 20:15:26.000000000 +0000
+@@ -15,6 +15,7 @@
+ 
+ #include <sys/types.h>
+ #include <sys/times.h>
++#include <time.h>
+ 
+ #include <netinet/in_systm.h>
+ #include <netinet/in.h>

dsniff-2.4-urlsnarf_escape.patch

@@ -0,0 +1,86 @@
+Patch by Hilko Bengen <bengen@debian.org> for dsniff >= 2.4b1, which adds
+escaping for user, vhost, uri, referrer and agent strings in the log. For
+further information, please have a look to Debian bug ID #372536.
+
+--- dsniff-2.4b1/urlsnarf.c		2006-11-27 17:09:54.000000000 +0100
++++ dsniff-2.4b1/urlsnarf.c.escape	2006-11-27 17:08:41.000000000 +0100
+@@ -84,6 +84,43 @@
+ 	return (tstr);
+ }
+ 
++static char *
++escape_log_entry(char *string)
++{
++	char *out;
++	unsigned char *c, *o;
++	size_t len;
++
++	if (!string)
++		return NULL;
++
++	/* Determine needed length */
++	for (c = string, len = 0; *c; c++) {
++		if ((*c < 32) || (*c >= 128))
++			len += 4;
++		else if ((*c == '"') || (*c =='\\'))
++			len += 2;
++		else
++			len++;
++	}
++	out = malloc(len+1);
++	if (!out)
++		return NULL;
++	for (c = string, o = out; *c; c++, o++) {
++		if ((*c < 32) || (*c >= 128)) {
++			snprintf(o, 5, "\\x%02x", *c);
++			o += 3;
++		} else if ((*c == '"') || ((*c =='\\'))) {
++			*(o++) = '\\';
++			*o = *c;
++		} else {
++			*o = *c;
++		}
++	}
++	out[len]='\0';
++	return out;
++}
++
+ static int
+ process_http_request(struct tuple4 *addr, u_char *data, int len)
+ {
+@@ -142,18 +179,26 @@
+ 				buf_tok(NULL, NULL, i);
+ 			}
+ 		}
+-		if (user == NULL)
+-			user = "-";
+-		if (vhost == NULL)
+-			vhost = libnet_addr2name4(addr->daddr, Opt_dns);
+-		if (referer == NULL)
+-			referer = "-";
+-		if (agent == NULL)
+-			agent = "-";
+-		
++		user = escape_log_entry(user);
++		vhost = escape_log_entry(vhost);
++		uri = escape_log_entry(uri);
++		referer = escape_log_entry(referer);
++		agent = escape_log_entry(agent);
++
+ 		printf("%s - %s [%s] \"%s http://%s%s\" - - \"%s\" \"%s\"\n",
+ 		       libnet_addr2name4(addr->saddr, Opt_dns),
+-		       user, timestamp(), req, vhost, uri, referer, agent);
++		       (user?user:"-"),
++		       timestamp(), req, 
++		       (vhost?vhost:libnet_addr2name4(addr->daddr, Opt_dns)), 
++		       uri,
++		       (referer?referer:"-"),
++		       (agent?agent:"-"));
++
++		free(user);
++		free(vhost);
++		free(uri);
++		free(referer);
++		free(agent);
+ 	}
+ 	fflush(stdout);

dsniff-2.4-urlsnarf_zeropad.patch

@@ -0,0 +1,15 @@
+Patch by Steve Kemp <skx@debian.org> for dsniff >= 2.4b1, which fixes the
+zero-pad date. For further information, please have a look to Debian bug ID
+#298605.
+
+--- dsniff-2.4b1/urlsnarf.c		2005-06-23 03:30:37.000000000 +0000
++++ dsniff-2.4b1/urlsnarf.c.zeropad	2005-06-23 04:04:07.000000000 +0000
+@@ -68,7 +68,7 @@
+ 		 t->tm_hour - gmt.tm_hour);
+ 	tz = hours * 60 + t->tm_min - gmt.tm_min;
+ 	
+-	len = strftime(tstr, sizeof(tstr), "%e/%b/%Y:%X", t);
++	len = strftime(tstr, sizeof(tstr), "%d/%b/%Y:%X", t);
+ 	if (len < 0 || len > sizeof(tstr) - 5)
+ 		return (NULL);
+ 	

dsniff.spec

@@ -0,0 +1,85 @@
+Summary:	Tools for network auditing and penetration testing
+Name:		dsniff
+Version:	2.4
+Release:	0.1.b1%{?dist}
+License:	BSD
+Group:		Applications/Internet
+URL:		http://www.monkey.org/~dugsong/%{name}/
+Source:		http://www.monkey.org/~dugsong/%{name}/beta/%{name}-%{version}b1.tar.gz
+Patch0:		dsniff-2.4-time_h.patch
+Patch1:		dsniff-2.4-mailsnarf_corrupt.patch
+Patch2:		dsniff-2.4-pcap_read_dump.patch
+Patch3:		dsniff-2.4-multiple_intf.patch
+Patch4:		dsniff-2.4-amd64_fix.patch
+Patch5:		dsniff-2.4-urlsnarf_zeropad.patch
+Patch6:		dsniff-2.4-libnet_11.patch
+Patch7:		dsniff-2.4-checksum.patch
+Patch8:		dsniff-2.4-openssl_098.patch
+Patch9:		dsniff-2.4-sshcrypto.patch
+Patch10:	dsniff-2.4-sysconf_clocks.patch
+Patch11:	dsniff-2.4-urlsnarf_escape.patch
+Patch12:	dsniff-2.4-string_header.patch
+Patch13:	dsniff-2.4-arpa_inet_header.patch
+Patch14:	dsniff-2.4-pop_with_version.patch
+Patch15:	dsniff-2.4-obsolete_time.patch
+Patch16:	dsniff-2.4-checksum_libnids.patch
+Patch17:	dsniff-2.4-fedora_dirs.patch
+Patch18:	dsniff-2.4-glib2.patch
+BuildRequires:	libnet-devel, openssl-devel, libnids-devel
+BuildRequires:	glib2-devel, db4-devel, libcap-devel
+BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+%description
+A collection of tools for network auditing and penetration testing. Dsniff,
+filesnarf, mailsnarf, msgsnarf, urlsnarf and webspy allow to passively monitor
+a network for interesting data (passwords, e-mail, files). Arpspoof, dnsspoof
+and macof facilitate the interception of network traffic normally unavailable
+to an attacker (e.g, due to layer-2 switching). Sshmitm and webmitm implement
+active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions
+by exploiting weak bindings in ad-hoc PKI.
+
+%prep
+%setup -q
+%patch0 -p1 -b .time_h
+%patch1 -p1 -b .mailsnarf
+%patch2 -p1 -b .pcap_dump
+%patch3 -p1 -b .multiple_intf
+%patch4 -p1 -b .amd64_fix
+%patch5 -p1 -b .urlsnarf_zeropad
+%patch6 -p1 -b .libnet_11
+%patch7 -p1 -b .checksum
+%patch8 -p1 -b .openssl_098
+%patch9 -p1 -b .sshcrypto
+%patch10 -p1 -b .sysconf_clocks
+%patch11 -p1 -b .urlsnarf_escape
+%patch12 -p1 -b .string_header
+%patch13 -p1 -b .arpa_inet_header
+%patch14 -p1 -b .pop_with_version
+%patch15 -p1 -b .obsolete_time
+%patch16 -p1 -b .checksum_libnids
+%patch17 -p1 -b .fedora_dirs
+%patch18 -p1 -b .glib2
+
+%build
+%configure
+make %{?_smp_mflags}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make install_prefix=$RPM_BUILD_ROOT install
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(-,root,root)
+%doc CHANGES LICENSE README TODO
+%dir %{_sysconfdir}/%{name}
+%config(noreplace) %{_sysconfdir}/%{name}/*
+%{_sbindir}/*
+%{_mandir}/man8/*.8*
+
+%changelog
+* Thu Nov 29 2007 Robert Scheck <robert@fedoraproject.org> 2.4-0.1.b1
+- Upgrade to 2.4b1 and added many patches from Debian
+- Initial spec file for Fedora and Red Hat Enterprise Linux

sources

@@ -0,0 +1 @@
+2f761fa3475682a7512b0b43568ee7d6  dsniff-2.4b1.tar.gz