Linux sniffer ported to OpenBSD...

[Tyler Allison <allison_(_at_)_mail_(_dot_)_arc_(_dot_)_nasa_(_dot_)_gov>]

Some of you may or may not care ;)

But anyway..if you are interested in testing a new password sniffer
on either Linux or OpenBSD (I'm looking for feedback) go to:

http://www.electricrian.com/~tyler/misc/

I basicly grabbed all the sniffers I could find and took the best parts
of each and made a super sniffer.

I'm attaching the top comment section of the program below..since I'm 
not much of a C programmer any comments/criticism/flames/improvement 
ideas/etc will be happily accepted. (might want to send them directly instead
of the list)

-Tyler

/****************************************************************************
 *
 *      Sniff All v2.0 for Linux/*BSD
 *
 * Coded and glued together by Tyler Allison (tyler_(_at_)_electricrain_(_dot_)_com)
 *
 * This program sniffs packets for FTP, telnet, POP3, POP2, IMAP2, rlogin in
 * the standard fashion, dumping info to a log file.  It also has the ability
 * to sniff HTTP traffic and decode Basic Authentication username and password
 * pairs. It uses a linked-list (probably should use a hash instead) to keep
 * track of all traffic it sees. This improves the "sniffing" ability of the
 * sniffer so it doesn't get locked into one connection, and misses some
 * other traffic.
 *
 * Supports libpcap (*BSD and Linux) or raw interface sniffing (Linux only).
 * Tested on the following platforms:
 *                 OpenBSD 2.4
 *                 Linux 2.2.X /w LSF libpcap
 *                 Linux 2.2.X 
 *
 * This program is for non-criminal use ONLY and should not be used unless you
 * have the authorization to do so. Don't blame me if you get busted!
 *
 *
 * This uses code or ideas from the following sniffers:
 * linsniff .03.9beta by Mike Edulla (medulla_(_at_)_infosoc_(_dot_)_com)
 * websniff 1.0       by BeastMaster V http://www.rootshell.com
 * linsniff .666      by humble of rhino9
 * pcs                by halflife
 *
 * - Interface initialization code taken from Touch of Death (TOD V.1) by
 *   Brecht Claerhout
 * - Argv hiding taken from nmap v2.03 by 
 *   Fyodor (fyodor_(_at_)_dhp_(_dot_)_com, www.insecure.org/nmap)
 *
 * Compile:
 *  gcc -o sniffall sniffall.c <-- no DNS resolution
 *  gcc -o sniffall -DHOST_LOOKUP sniffall.c <-- yes DNS resolution
 *  gcc -o sniffall -D__PCAP__ sniffall.c -lpcap <-- libpcap support for *BSD
 *  gcc -o sniffall -D__LINUX__ sniffall.c     <-- no libpcap for linux
 *      (obviously you can mix and match the defines as needed)
 * 
 * NOTE: Errors when compiling about ntohl/htonl conflicting types are due to
 * problems in the header files in linux. Find the conflicts and fix them.
 *
 * Changelog:
 *  diff between v2 and v1:
 *     - added libpcap support
 *     - ported to OpenBSD
 *     - added -i option to override INTERFACE
 *     - added argv hiding (This does not work on OpenBSD..well it does work
 *                          but it wont do you any good..being that it's
 *                          a secure OS the original argv is displayed in
 *                          'ps' as well.)
 *
 * Todo list:
 *     - add FDDI support
 *     - use hash instead of linked list
 *
 ****************************************************************************/
,---------------------------------------------------------------------,
| Tyler Allison, CISSP    |M/S 233-7 (650)604-3602|MIB- Protecting the| 
|System Security Analyst  |Ames Research Center   |earth from the scum|
|allison_(_at_)_mail_(_dot_)_arc_(_dot_)_nasa_(_dot_)_gov|Moffett Field, CA 94035|of the universe.   |
|  PGP Fingerprint: FB 4C 6E 4B 13 12 B1 17 68 7A A0 8C 43 30 00 01   |
`---------------------------------------------------------------------'