#!/usr/bin/perl -w
#
#      PROJECT: Carnivore
# CLIENT TITLE: carnivore_client_tcpdump.pl
#  DESCRIPTION: a simple bot that inputs tcpdump and
#               outputs it to pircd, an irc server 
#               (see http://pircd.sourceforge.net)
#       AUTHOR: alex@rhizome.org
#
#  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
#  |                                            |
#  +     +------+                               +
#  |    /      /|          /------------\       |
#  +   +------+ |         /...internet...\      +
#  |   |      | |         |............+----+   |
#  +   | data |<--------->|............|user|   +
#  |   |      | |    ^    |............+----+   |
#  +   |      |/     |    |..............|      +
#  |   +------+      |    \............../      |
#  +                 |     \------------/       +
#  |                 |                          |
#  +            +---------+                     +
#  |            |CARNIVORE|                     |
#  +            +---------+                     +
#  |                                            |
#  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
#
# This program is free software; you can redistribute it and/or modify 
# it under the terms of the GNU General Public License as published by 
# the Free Software Foundation; either version 2 of the License, or (at 
# your option) any later version.
#
# This program is distributed in the hope that it will be useful, but 
# WITHOUT ANY WARRANTY; without even the implied warranty of 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU 
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License 
# along with this program; if not, write to the Free Software 
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, 
# USA.
#
# or visit http://www.gnu.org/copyleft/gpl.html
#
#####################################################################
# INIT
#####################################################################

#SOME BASIC MODS
use Socket;
use IO::File;
use Getopt::Std;

#SET TCPDUMP_CMD AS NEEDED FOR YOUR SYSTEM. GET tcpdump FROM http://www.tcpdump.org. 
#GET tcpdump2ascii FROM http://www.bogus.net/~codex.
#SET HEADERS_ONLY TO 'TRUE' FOR OUTPUTTING HEADERS ONLY, OTHERWISE FULL PACKETS.
#FULL PACKETS POSE A VERY HIGH SECURITY RISK FOR YOUR NETWORK--YOU'VE BEEN WARNED!
my $IRC_PORT     = 6667;
my $IRC_HOST     = 'localhost';
my $IRC_CHANNEL  = '#carnivore';
my $TCPDUMP_CMD  = "/usr/sbin/tcpdump -lx -s1024 | /usr/local/bin/tcpdump2ascii -l |";
my $HEADERS_ONLY = 'FALSE';

#####################################################################
# MAIN
#####################################################################

#IF 'd' FLAG WAS PASSED, PUT INTO DEAMON MODE VIA FORK AND EXIT
getopts('dh',\%opts);
if(defined($opts{'d'})) {exit if fork;}

#IF 'h' FLAG WAS PASSED, DISPLAY HELP INFO AND EXIT
if(defined($opts{'h'})) {
    print <<EOF;

    usage: carnivore_client_tcpdump.pl [ -d ] [ -h ]

           -d    run in daemon mode
           -h    display this help info

EOF
    exit;
}

#CONNECT TO IRC
socket (IRC, PF_INET, SOCK_STREAM, getprotobyname('tcp')) || die "Socket error: $!\n";
connect(IRC, sockaddr_in($IRC_PORT,inet_aton($IRC_HOST))) || die "Connect error: $!\n";

#SEND 'USER' AND 'NICK' IRC COMMANDS
$buffer = "USER tcpdump_client1 localhost localhost :tcpdump irc client\nNICK tcpdump\n";
syswrite IRC, $buffer, length($buffer);

#READ 'PING' IRC COMMAND AND REPLY WITH 'PONG' COMMAND
sysread IRC, $buffer, 200;
$buffer =~ s/PING/PONG/; #easier than regexping for the ping number =)
syswrite IRC, $buffer, length($buffer);

#JOIN AN IRC CHANNEL
$buffer = "JOIN $IRC_CHANNEL\n";
syswrite IRC, $buffer, length($buffer);

#CONNECT TO TCPDUMP
$tcpdump = IO::File->new($TCPDUMP_CMD) || die "Couldn't execute $TCPDUMP_CMD: $!\n";

#RUN LIKE A DAEMON
for(;;) {

    #GET A PACKET FROM TCPDUMP
    $/ = ""; #sets the input line separator to split in between packets
    $packet = <$tcpdump> || print "can't get tcp data: $!\n";
    @packet = parsePacket($packet);

    #PRINT PACKET HEADERS ONLY
    if($HEADERS_ONLY eq 'TRUE') {
        $buffer = "PRIVMSG #carnivore :" . $packet[0] . "\n";
        syswrite IRC, $buffer, length($buffer);

    #ELSE PRINT PACKET HEADERS AND PACKET BODY
    } else {
        my $newpacket = join('',@packet);
        $newpacket =~ s/\s+$//;
        $buffer = "PRIVMSG #carnivore :" . $newpacket . chr(0) . "\n";
        syswrite IRC, $buffer, length($buffer);
    }

    select(undef,undef,undef,.5); #sleep to avoid flooding
}

#####################################################################
# SUBS
#####################################################################

#A SIMPLE ROUTINE WHICH SKIMS OFF THE PACKET HEADER FROM THE FIRST
#LINE AND RETURNS BOTH HEADER AND BODY AS AN ARRAY
sub parsePacket {
    my $packet = shift;
    my @packet;
    my ($head,$body) = split('\n',$packet,2);
    push(@packet,$head);
    push(@packet,$body);
    return @packet;
}