0) ? get_host_boolean($value, $host) : ""; if (is_ipaddr($host)) { return "{$andor}host {$not}" . $host; } elseif (is_subnet($host)) { return "{$andor}net {$not}" . $host; } elseif (is_macaddr($host, false)) { return "{$andor}ether host {$not}" . $host; } elseif (is_macaddr($host, true)) { /* Try to match a partial MAC address. tcpdump only allows * matching 1, 2, or 4 byte chunks so enforce that limit */ $searchmac = "0x"; $partcount = 0; /* is_macaddr will fail a partial match that has empty sections * but sections may only have one digit (leading 0) so add a * left 0 pad. */ foreach (explode(':', $host) as $mp) { $searchmac .= str_pad($mp, 2, "0", STR_PAD_LEFT); $partcount++; } if (!in_array($partcount, array(1, 2, 4))) { return ""; } $eq = has_not($value) ? "!=" : "=="; // ether[0:2] == 0x0090 or ether[6:2] == 0x0090 return "{$andor} ( ether[0:{$partcount}] {$eq} {$searchmac} or ether[6:{$partcount}] {$eq} {$searchmac} )"; } else { return ""; } } if ($_POST['downloadbtn'] == gettext("Download Capture")) { $nocsrf = true; } $pgtitle = array(gettext("Diagnostics"), gettext("Packet Capture")); require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); require_once("ipsec.inc"); $fp = "/root/"; $fn = "packetcapture.cap"; $snaplen = 0;//default packet length $count = 100;//default number of packets to capture $fams = array('ip', 'ip6'); $protos = array('icmp', 'icmp6', 'tcp', 'udp', 'arp', 'carp', 'esp', 'pfsync', '!icmp', '!icmp6', '!tcp', '!udp', '!arp', '!carp', '!esp', '!pfsync'); $input_errors = array(); $interfaces = get_configured_interface_with_descr(); if (ipsec_enabled()) { $interfaces['enc0'] = "IPsec"; } foreach (array('server' => gettext('OpenVPN Server'), 'client' => gettext('OpenVPN Client')) as $mode => $mode_descr) { if (is_array($config['openvpn']["openvpn-{$mode}"])) { foreach ($config['openvpn']["openvpn-{$mode}"] as $id => $setting) { if (!isset($setting['disable'])) { $interfaces['ovpn' . substr($mode, 0, 1) . $setting['vpnid']] = $mode_descr . ": ".htmlspecialchars($setting['description']); } } } } if ($_POST) { $host = $_POST['host']; $selectedif = $_POST['interface']; $promiscuous = isset($_POST['promiscuous']); $count = $_POST['count']; $snaplen = $_POST['snaplen']; $port = $_POST['port']; $detail = $_POST['detail']; $fam = $_POST['fam']; $proto = $_POST['proto']; if (!array_key_exists($selectedif, $interfaces)) { $input_errors[] = gettext("Invalid interface."); } if ($fam !== "" && $fam !== "ip" && $fam !== "ip6") { $input_errors[] = gettext("Invalid address family."); } if ($fam !== "" && $proto !== "") { if ($fam == "ip" && $proto == "icmp6") { $input_errors[] = gettext("IPv4 with ICMPv6 is not valid."); } if ($fam == "ip6" && $proto == "icmp") { $input_errors[] = gettext("IPv6 with ICMP is not valid."); } if ($fam == "ip6" && $proto =="arp") { $input_errors[] = gettext("IPv6 with ARP is not valid."); } } if ($proto !== "" && !in_array(strip_not($proto), $protos)) { $input_errors[] = gettext("Invalid protocol."); } if ($host != "") { $host_string = str_replace(array(" ", "|", ","), array("", "#|", "#+"), $host); if (strpos($host_string, '#') === false) { $hosts = array($host); } else { $hosts = explode('#', $host_string); } foreach ($hosts as $h) { $h = strip_host_logic($h); if (!is_subnet($h) && !is_ipaddr($h) && !is_macaddr($h, true)) { $input_errors[] = sprintf(gettext("A valid IP address, CIDR block, or MAC address must be specified. [%s]"), $h); } /* Check length of partial MAC */ if (!is_macaddr($h, false) && is_macaddr($h, true)) { $mac_parts = explode(':', $h); if (!in_array(count($mac_parts), array(1, 2, 4))) { $input_errors[] = gettext("Partial MAC addresses can only be matched using 1, 2, or 4 MAC segments (bytes)."); } } } } if ($port != "") { if (!is_port(strip_not($port))) { $input_errors[] = gettext("Invalid value specified for port."); } } if ($snaplen == "") { $snaplen = 0; } else { if (!is_numeric($snaplen) || $snaplen < 0) { $input_errors[] = gettext("Invalid value specified for packet length."); } } if ($count == "") { $count = 0; } else { if (!is_numeric($count) || $count < 0) { $input_errors[] = gettext("Invalid value specified for packet count."); } } if (!count($input_errors)) { $do_tcpdump = true; if ($_POST['promiscuous']) { //if promiscuous mode is checked $disablepromiscuous = ""; } else { //if promiscuous mode is unchecked $disablepromiscuous = "-p"; } if ($_POST['dnsquery']) { //if dns lookup is checked $disabledns = ""; } else { //if dns lookup is unchecked $disabledns = "-n"; } if ($_POST['startbtn'] != "") { $action = gettext("Start"); //delete previous packet capture if it exists if (file_exists($fp.$fn)) { unlink ($fp.$fn); } } elseif ($_POST['stopbtn'] != "") { $action = gettext("Stop"); $processes_running = trim(shell_exec("/bin/ps axw -O pid= | /usr/bin/grep tcpdump | /usr/bin/grep {$fn} | /usr/bin/egrep -v '(pflog|grep)'")); //explode processes into an array, (delimiter is new line) $processes_running_array = explode("\n", $processes_running); //kill each of the packetcapture processes foreach ($processes_running_array as $process) { $process_id_pos = strpos($process, ' '); $process_id = substr($process, 0, $process_id_pos); exec("kill $process_id"); } } elseif ($_POST['downloadbtn'] != "") { //download file $fs = filesize($fp.$fn); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename=$fn"); header("Content-Length: $fs"); readfile($fp.$fn); exit; } } } else { $do_tcpdump = false; } $excl = gettext("Exclude"); $protocollist = array( '' => 'Any', 'icmp' => 'ICMP', '!icmp' => $excl . ' ICMP', 'icmp6' => 'ICMPv6', '!icmp6' => $excl . ' ICMPv6', 'tcp' => 'TCP', '!tcp' => $excl . ' TCP', 'udp' => 'UDP', '!udp' => $excl . ' UDP', 'arp' => 'ARP', '!arp' => $excl . ' ARP', 'carp' => 'CARP', '!carp' => $excl . ' CARP', 'pfsync' => 'pfsync', '!pfsync' => $excl . ' pfsync', 'esp' => 'ESP', '!esp' => $excl . ' ESP' ); include("head.inc"); if ($input_errors) { print_input_errors($input_errors); } $form = new Form(false); // No button yet. We add those later depending on the required action $section = new Form_Section('Packet Capture Options'); $section->addInput(new Form_Select( 'interface', '*Interface', $selectedif, $interfaces ))->setHelp('Select the interface on which to capture traffic. '); $section->addInput(new Form_Checkbox( 'promiscuous', 'Promiscuous', 'Enable promiscuous mode', $promiscuous ))->setHelp('%1$sNon-promiscuous mode captures only traffic that is directly relevant to the host (sent by it, sent or broadcast to it, or routed through it) and ' . 'does not show packets that are ignored at network adapter level.%2$s%3$sPromiscuous mode%4$s ("sniffing") captures all data seen by the adapter, whether ' . 'or not it is valid or related to the host, but in some cases may have undesirable side effects and not all adapters support this option. Click Info for details %5$s' . 'Promiscuous mode requires more kernel processing of packets. This puts a slightly higher demand on system resources, especially ' . 'on very busy networks or low power processors. The change in packet processing may allow a hostile host to detect that an adapter is in promiscuous mode ' . 'or to \'fingerprint\' the kernel (see %6$s). Some network adapters may not support or work well in promiscuous mode (see %7$s).%8$s', '
', '
',
'',
'',
'
',
' [1]' .
' [2]',
' [3]',
'