"Fossies" - the Fresh Open Source Software Archive 
Member "aif-2.1.1/bin/arno-fwfilter" (16 Sep 2020, 25383 Bytes) of package /linux/privat/aif-2.1.1.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
See also the latest
Fossies "Diffs" side-by-side code changes report for "arno-fwfilter":
2.1.0_vs_2.1.1.
1 #!/bin/bash
2 #
3 # description: Firewall-log filter script (arno-fwfilter)
4 # Last update: March 20, 2015
5
6 # Usage examples (make sure arno-fwfilter is executable!):
7 # --------------------------------------------------------
8 # Static firewall log filtering : cat /var/log/messages |arno-fwfilter
9 # or
10 # Static firewall log filtering : cat /var/log/arno-iptables-firewall |arno-fwfilter
11 # Realtime firewall logging on TTY10 : tail --follow /var/log/messages |fwfilter >/dev/tty10 &
12 # Example on how to disable kernel debug logging : cat /var/log/messages |grep -v kernel |arno-fwfilter
13 # Email firewall logs to root : cat /var/log/arno-iptables-firewall |arno-fwfilter --html-output --no-colors |mail -s "Firewall Log" -a "Content-Type: text/html; charset=us-ascii" root
14
15 # ------------------------------------------------------------------------------------------
16 # -= Arno's Iptables Firewall(AIF) =-
17 # Firewall-log filter script (arno-fwfilter)
18 #
19 # (C) Copyright 2001-2015 by Arno van Amersfoort
20 # Homepage : https://rocky.eld.leidenuniv.nl/
21 # Email : a r n o v a AT r o c k y DOT e l d DOT l e i d e n u n i v DOT n l
22 # (note: you must remove all spaces and substitute the @ and the .
23 # at the proper locations!)
24 # ------------------------------------------------------------------------------------------
25 # Some of the information used to create this script was obtained from:
26 # - http://ports.tantalo.net/
27 # - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
28 # - http://www.speedguide.net/ports.php
29 # ------------------------------------------------------------------------------------------
30 # This program is free software; you can redistribute it and/or
31 # modify it under the terms of the GNU General Public License
32 # version 2 as published by the Free Software Foundation.
33
34 # This program is distributed in the hope that it will be useful,
35 # but WITHOUT ANY WARRANTY; without even the implied warranty of
36 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
37 # GNU General Public License for more details.
38
39 # You should have received a copy of the GNU General Public License
40 # along with this program; if not, write to the Free Software
41 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
42 # -------------------------------------------------------------------------------------------
43
44 # Options:
45 ##########
46
47 # Enable this option if you want to resolve IP adresses to names (requires "dig")
48 RESOLVE_NAMES=1
49
50 # Enable this option if you want to (try to) obtain the IPs geographical location (can be very slow!) (requires "curl")
51 SHOW_LOCATION=0
52
53 # Enable this option if you want to resolve both the source and target host when doing location/name lookups (slower)
54 FULL_INFO=0
55
56 # Enable this option to use ANSI colors (increases readability)
57 USE_ANSI_COLORS=1
58
59 # Enable this if you want the output to be (colored) html formatted (for emails etc.)
60 USE_HTML=0
61
62 # Enable this if you want want to put all information on a single line
63 USE_1ROW=0
64
65 # Use this variable if your awk binary is in a non-default location (use 'locate awk' or 'whereis
66 # awk' to manually locate it).
67 AWK_BIN=""
68
69 #################################################################################################
70 # Parse commandline options (taken from the getopt examples from the Debian util-linux package) #
71 #################################################################################################
72
73 # Note that we use `"$@"' to let each command-line parameter expand to a
74 # separate word. The quotes around `$@' are essential!
75 # We need CLOPTS as the `eval set --' would nuke the return value of getopt.
76 CLOPTS=`getopt -o h,r,o,l,c,s --long help,no-resolve,html-output,no-locations,no-colors,single-line -n 'arno-fwfilter' -- "$@"`
77
78 if [ $? != 0 ] ; then
79 echo "Terminating..." >&2
80 exit 1
81 fi
82
83 # Note the quotes around `$CLOPTS': they are essential!
84 eval set -- "$CLOPTS"
85
86 while true; do
87 case "$1" in
88 -r|--no-resolve) RESOLVE_NAMES=0; shift;;
89 -o|--html-output) USE_HTML=1; shift;;
90 -l|--no-locations) SHOW_LOCATION=0; shift;;
91 -c|--no-colors) USE_ANSI_COLORS=0; shift;;
92 -s|--single-line) USE_1ROW=1; shift;;
93 -h|--help)
94 echo "Options:"
95 echo "-h, --help - Print this help"
96 echo "-r, --no-resolve - Disable resolving of IPs to names"
97 echo "-o, --html-output - Use basic HTML to format the output"
98 echo "-l, --no-locations - Disable obtaining the IPs geographical location"
99 echo "-c, --no-colors - Disable the use of (ANSI) colors in the output"
100 echo "-s, --single-line - Put all information about an event in a single line"
101 exit 0 # nothing left to do
102 ;;
103 --) shift ; break ;;
104 *) echo "Internal error!"; exit 1;;
105 esac
106 done
107
108 if [ -z "$AWK_BIN" ]; then
109 if [ -x '/bin/gawk' ]; then
110 AWK_BIN='/bin/gawk'
111 else
112 if [ -x '/usr/bin/gawk' ]; then
113 AWK_BIN='/usr/bin/gawk'
114 else
115 if [ -x '/bin/awk' ]; then
116 AWK_BIN='/bin/awk'
117 else
118 if [ -x '/usr/bin/awk' ]; then
119 AWK_BIN='/usr/bin/awk'
120 fi
121 fi
122 fi
123 fi
124 fi
125
126 if [ -z "$AWK_BIN" ]; then
127 echo "ERROR: Could not locate the AWK binary (is it installed?)."
128 echo "You may want to configure it yourself inside this script."
129 else
130 # Test what awk version is used (gawk, mawk etc...)
131 test=`$AWK_BIN -W version 2>/dev/null |grep -i mawk`
132 if [ -n "$test" ]; then
133 # AWK_BIN=$(echo "$AWK_BIN -W interactive")
134 echo "The configured AWK binary is MAWK, which does not work with the script. Please use GAWK instead"
135 exit 1
136 fi
137
138 if [ "$USE_HTML" = "1" ]; then
139 echo '<html><head><title>Firewall Log</title>'
140 echo '<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head>'
141 echo '<body>'
142 fi
143
144 $AWK_BIN '
145
146 # This is the function which performs the portname lookups
147 ##########################################################
148 function portname_lookup(port_str)
149 {
150 port=strtonum(port_str)
151
152 if (port==0) return("Invalid Port(0)")
153 if (port==1) return("SGI Irix TCPMUX(1)")
154 if (port==7) return("Echo-Server(7)")
155 if (port==9) return("Discard-Server(9)")
156 if (port==11) return("Unix Sysstat(11)")
157 if (port==13) return("Daytime-Server(13)")
158 if (port==19) return("Chargen(19)")
159 if (port==20) return("FTP-Data(20)")
160 if (port==21) return("FTP(21)")
161 if (port==22) return("SSH(22)")
162 if (port==23) return("Telnet(23)")
163 if (port==25) return("SMTP(25)")
164 if (port==37) return("Time(37)")
165 if (port==43) return("Who-IS(43)")
166 if (port==53) return("DNS(53)")
167 if (port==59) return("Ident(59)")
168 if (port==67) return("BootP Server(67)")
169 if (port==68) return("BootP Client(68)")
170 if (port==69) return("TFTP(69)")
171 if (port==79) return("Finger(79)")
172 if (port==80) return("HTTP(80)")
173 if (port==88) return("KRB5(88)")
174 if (port==98) return("LinuxConf(98)")
175 if (port==109) return("POP2(109)")
176 if (port==110) return("POP3(110)")
177 if (port==111) return("SunRPC/RPCbind(111)")
178 if (port==113) return("IDENT(113)")
179 if (port==119) return("NNTP News(119)")
180 if (port==123) return("NTP(123)")
181 if (port==135) return("MS RPC(135)")
182 if (port==137) return("SMB Name(137)")
183 if (port==138) return("SMB Data(138)")
184 if (port==139) return("SMB Session(139)")
185 if (port==143) return("IMAP(143)")
186 if (port==161) return("SNMP(161)")
187 if (port==177) return("XDMCP(177)")
188 if (port==389) return("LDAP(389)")
189 if (port==427) return("SLP(427)")
190 if (port==443) return("HTTPS(443)")
191 if (port==445) return("MSFT DS(445)")
192 if (port==464) return("KPASSWD(464)")
193 if (port==465) return("SMTP-SSL(465)")
194 if (port==500) return("Appleshare(500)")
195 if (port==513) return("Rwho(513)")
196 if (port==515) return("Printer(515)")
197 if (port==520) return("Route(520)")
198 if (port==524) return("NCP(524)")
199 if (port==525) return("TimeServer(525)")
200 if (port==535) return("CORBA IIOP(535)")
201 if (port==554) return("RealServer(554)")
202 if (port==555) return("phAse zero(555)")
203 if (port==587) return("SMTP-msa(587)")
204 if (port==600) return("PC Server Backdoor(600)")
205 if (port==635) return("Linux Mountd bug(635)")
206 if (port==636) return("LDAPs(636)")
207 if (port==691) return("MS-Exchange(691)")
208 if (port==873) return("Rsync(873)")
209 if (port==990) return("FTPs(990)")
210 if (port==993) return("IMAPs(993)")
211 if (port==995) return("POP3s(995)")
212 if (port==1025) return("NFS(1025)")
213 if (port==1026) return("Windows-Message-Service(1026)")
214 if (port==1027) return("Windows-Message-Service(1027)")
215 if (port==1080) return("SOCKS(1080)")
216 if (port==1114) return("SQL(1114)")
217 if (port==1214) return("KaZaa(1214)")
218 if (port==1243) return("Sub-7(1243)")
219 if (port==1394) return("Network Log Client(1394)")
220 if (port==1433) return("MS-SQL(1433)")
221 if (port==1434) return("MS-SQL monitor(1434)")
222 if (port==1524) return("Trin 00(1524)")
223 if (port==1662) return("Netview-aix-2(1662)")
224 if (port==1723) return("PPtP(1723)")
225 if (port==1883) return("IBM MQSeries SCADA(1883)")
226 if (port==1900) return("UPnP(1900)")
227 if (port==1999) return("Backdoor-G or Sub-7 2.x(1999)")
228 if (port==2002) return("Cisco Secure ACS WebServer(2002)")
229 if (port==2049) return("NFS(2049)")
230 if (port==2243) return("Magicom Protocol(2243)")
231 if (port==2343) return("Nati logos(2343)")
232 if (port==2772) return("Sub-7 ScreenCapture(2772)")
233 if (port==2773) return("Sub-7 KeyLogger(2773)")
234 if (port==3127) return("MyDoom Backdoor(3127)")
235 if (port==3128) return("Squid(3128)")
236 if (port==3129) return("Masters Paradise(3129)")
237 if (port==3268) return("globalcat-LDAP(3268)")
238 if (port==3449) return("HotU Chat(3449)")
239 if (port==3544) return("Teredo IPv6-IPv4 Tunnel(3544)")
240 if (port==4500) return("MS IPsec NAT-T(4500)")
241 if (port==4662) return("eDonkey(4662)")
242 if (port==5000) return("UPnP(5000)")
243 if (port==5060) return("SIP(5060)")
244 if (port==5061) return("SIP over TLS(5061)")
245 if (port==5222) return("Jabber/xmpp-client(5222)")
246 if (port==5223) return("Jabber-SSL(5223)")
247 if (port==5228) return("Android Market(5228)")
248 if (port==5500) return("VNC(5500)")
249 if (port==5554) return("Sasser-backdoor(5554)")
250 if (port==5623) return("pcAnywhere(5623)")
251 if (port==5800) return("VNC-data(5800)")
252 if (port==5900) return("VNC-HTTP(5900)")
253 if (port==5938) return("Teamviewer(5938)")
254 if (port==6346) return("GNUtella(6346)")
255 if (port==6670) return("Deep Throat(6670)")
256 if (port==6711) return("Sub-7(6711)")
257 if (port==6712) return("Sub-7(6712)")
258 if (port==6713) return("Sub-7(6713)")
259 if (port==6776) return("Backdoor-G or Sub-7(6776)")
260 if (port==6969) return("GateCrasher(6969)")
261 if (port==6970) return("RealAudio(6970)")
262 if (port==7215) return("Sub-7 Matrix Chat(7215)")
263 if (port==7777) return("Unreal or Klingon Honor Guard(7777)")
264 if (port==7778) return("Unreal Tournament(7778)")
265 if (port==8000) return("Seafile-seahub(8000)")
266 if (port==8030) return("iTunes Radio Streams(8030)")
267 if (port==8080) return("HTTP Alternate(8080)")
268 if (port==8082) return("Seafile-fileserver(8082)")
269 if (port==9100) return("JetDirect(9100)")
270 if (port==9418) return("Git(9418)")
271 if (port==10000) return("Webadmin(10000)")
272 if (port==10001) return("Seafile-ccnet(10001)")
273 if (port==10008) return("Cheeseworm(10008)")
274 if (port==12001) return("Seafile-service(12001)")
275 if (port==12345) return("Netbus(12345)")
276 if (port==12346) return("Netbus(12346)")
277 if (port==13223) return("PowWow(13223)")
278 if (port>=16384 && port<=16472) return(sprintf("Real-Time Transport Protocol(RTP) (%i)",port))
279 if (port==16660) return("Stacheldraht(16660)")
280 if (port==16959) return("Sub-7(16959)")
281 if (port==17027) return("Conducent(17027)")
282 if (port==20034) return("Netbus 2 Pro(20034)")
283 if (port==20002) return("Acidkor(20002)")
284 if (port==21544) return("Girlfriend(21544)")
285 if (port==22450) return("Sin(22450)")
286 if (port==23456) return("EvilFTP(23456)")
287 if (port==26000) return("Quake(26000)")
288 if (port==26900) return("Hexen 2(26900)")
289 if (port==26950) return("Hexen World(26950)")
290 if (port==27015) return("Half-life Or Team Fortress Classic(27015)")
291 if (port==27374) return("Backdoor-G or Sub-7(27374)")
292 if (port==27444) return("Trin 00(27444)")
293 if (port==27500) return("Quake World(27500)")
294 if (port==27665) return("Trin 00(27665)")
295 if (port>=27910 && port<=27961) return(sprintf("Quake(%i)", port))
296 if (port>=28000 && port<=28008) return(sprintf("Starsiege Tribes(%i)", port))
297 if (port==28910) return("Heretic 2(28910)")
298 if (port==30100) return("NetSphere(30100)")
299 if (port==31335) return("Trin 00(31335)")
300 if (port==31337) return("Back Orifice(31337)")
301 if (port==31338) return("Back Orifice(31338)")
302 if (port==31789) return("Hack'a'Tack(31789)")
303 if (port==31337) return("Back Orifice(31337)")
304 if (port>=32770 && port<=32900) return(sprintf("SUN-RPC Portmapper(%i)",port))
305 if (port==33270) return("Trinity v3(33270)")
306 if (port>=33434 && port<=33600) return(sprintf("Traceroute?(%i)",port))
307 if (port==41508) return("Inoculan(41508)")
308 if (port==50505) return("Sockets de Troi(50505)")
309 if (port==54283) return("Sub-7 Spy port(54283)")
310 if (port==54320) return("Back Orifice 2K(54320)")
311 if (port==54321) return("Back Orifice 2K(54321)")
312 if (port==60001) return("Stacheldraht(60001)")
313 if (port==65000) return("Stacheldraht(65000)")
314
315 # If nothing else matches just return the port number
316 return(port_str)
317 }
318
319 # This is the function which performs the ICMP lookups
320 ######################################################
321 function ICMP_lookup(type, code)
322 {
323 if (type==0 && code==0) return ("Echo reply")
324 if (type==3 && code==0) return ("Network unreachable")
325 if (type==3 && code==1) return ("Host unreachable")
326 if (type==3 && code==2) return ("Protocol unreachable")
327 if (type==3 && code==3) return ("Port unreachable")
328 if (type==3 && code==4) return ("Fragmentation needed but no frag. bit set")
329 if (type==3 && code==5) return ("Source routing failed")
330 if (type==3 && code==6) return ("Destination network unknown")
331 if (type==3 && code==7) return ("Destination host unknown")
332 if (type==3 && code==8) return ("Source host isolated")
333 if (type==3 && code==9) return ("Destination network administratively prohibited")
334 if (type==3 && code==10) return ("Destination host administratively prohibited")
335 if (type==3 && code==11) return ("Network unreachable for TOS")
336 if (type==3 && code==12) return ("Host unreachable for TOS")
337 if (type==3 && code==13) return ("Communication administratively prohibited by filtering")
338 if (type==3 && code==14) return ("Host precedence violation")
339 if (type==3 && code==15) return ("Precedence cutoff in effect")
340 if (type==4 && code==0) return ("Source quench")
341 if (type==5 && code==0) return ("Redirect for network")
342 if (type==5 && code==1) return ("Redirect for host")
343 if (type==5 && code==2) return ("Redirect for TOS and network")
344 if (type==5 && code==3) return ("Redirect for TOS and host")
345 if (type==8 && code==0) return ("Echo request")
346 if (type==9 && code==0) return ("Router advertisement")
347 if (type==9 && code==16) return ("Does not route common traffic")
348 if (type==10 && code==0) return ("Route solicitation")
349 if (type==11 && code==0) return ("TTL equals 0 during transit")
350 if (type==11 && code==1) return ("TTL equals 0 during reassembly")
351 if (type==12 && code==0) return ("IP header bad (catchall error)")
352 if (type==12 && code==1) return ("Required options missing")
353 if (type==12 && code==2) return ("Bad Length")
354 if (type==13 && code==0) return ("Timestamp request")
355 if (type==14 && code==0) return ("Timestamp reply (obsolete)")
356 if (type==15 && code==0) return ("Information request")
357 if (type==16 && code==0) return ("Information reply")
358 if (type==17 && code==0) return ("Address mask request")
359 if (type==18 && code==0) return ("Address mask reply")
360 if (type==30 && code==0) return ("Outbound Packet succesfully forwarded")
361 if (type==30 && code==1) return ("No route for Outbound Packet; packet discarded")
362 if (type==40 && code==0) return ("Bad SPI")
363 if (type==40 && code==1) return ("Authentication Failed")
364 if (type==40 && code==2) return ("Decompression Failed")
365 if (type==40 && code==3) return ("Decryption Failed")
366 if (type==40 && code==4) return ("Need Authentication")
367 if (type==40 && code==5) return ("Need Authorization")
368
369 # If nothing else matches just return unknown
370 return("Unknown ICMP type/code")
371 }
372
373
374 # Main program
375 ##############
376 {
377 if (match($0, "IN=") != 0 || match($0, "firewall") != 0 || match($0, "Firewall") != 0 || match($0, "kernel") != 0)
378 {
379 if (match($0, "IN=") == 0)
380 {
381 printf("%s", $0)
382 }
383 else
384 {
385 # Check whether it is an incoming or outgoing packet
386 if (match($0, "IN= ") != 0) INPUT=0; else INPUT=1
387 if (match($0, "OUT= ") != 0) OUTPUT=0; else OUTPUT=1
388
389 for (i = 1; i <= NF; i++)
390 # First show message, SRC etc.
391 {
392 if (substr($i,1,4) == "SRC=") SRC_HOST=substr($i, 5, length($i) - 4)
393 if (substr($i,1,4) == "DST=") DST_HOST=substr($i, 5, length($i) - 4)
394
395 if (substr($i,1,4) != "MAC=" && substr($i,1,4) != "SRC=" && substr($i,1,4) != "DST=" && $i != "IN=" && $i != "OUT=" )
396 {
397 if ($(i+1) != "kernel:" && $i != "kernel:" && $i != "[kernel]" )
398 {
399 if (i==1)
400 printf("%s", $i)
401 else
402 if (i==2 && length($2)==1)
403 # We always want 2 digits for the date-day:
404 printf(" 0%s", $i)
405 else
406 printf(" %s", $i)
407 }
408 }
409
410 if (substr($i,1,4) == "SRC=")
411 {
412 if (USE_ANSI_COLORS==1) printf("\033[0m\033[1;36m")
413 if (USE_HTML==1) printf("<font color=turquoise>")
414
415 printf(" %s", $i)
416
417 if (USE_ANSI_COLORS==1) printf("\033[0m")
418 if (USE_HTML==1) printf("</font>")
419
420 }
421
422 if (substr($i,1,4) == "DST=")
423 {
424 # Show destination
425 ##################
426 if (USE_ANSI_COLORS==1) printf("\033[0m\033[1;35m")
427 if (USE_HTML==1) printf("<font color=dark purple>")
428
429 printf(" %s", $i)
430
431 if (USE_ANSI_COLORS==1) printf("\033[0m")
432 if (USE_HTML==1) printf("</font>")
433
434 if (INPUT==1 || FULL_INFO==1)
435 {
436 if (RESOLVE_NAMES==1 || SHOW_LOCATION==1)
437 if (USE_1ROW==0)
438 {
439 if (USE_HTML==1) printf("<br>\n "); else printf("\n ")
440 }
441
442 if (USE_ANSI_COLORS==1) printf("\033[0m\033[1;36m")
443 if (USE_HTML==1) printf("<font color=turquoise>")
444
445 if (RESOLVE_NAMES==1)
446 {
447 # If multiple names exist for one IP then only use the first (head -n1)
448 syscall=sprintf("printf \" $(dig +short +time=1 +tries=1 -x %s 2>/dev/null |head -n1 |grep -v \";;.*\" |sed s,.$,\" \",)\" 2>/dev/null", SRC_HOST)
449 system(syscall)
450 }
451
452 if (SHOW_LOCATION==1)
453 {
454 syscall=sprintf("curl -L --silent --connect-timeout 1 http://api.hostip.info/get_html.php?ip=%s 2>/dev/null |grep -e \"Country:\" -e \"City:\" |while read line; do printf \" $line\"; done", SRC_HOST)
455 system(syscall)
456 }
457 }
458
459 if (OUTPUT==1 || FULL_INFO==1)
460 {
461 if (RESOLVE_NAMES==1 || SHOW_LOCATION==1)
462 if (USE_1ROW==0)
463 {
464 if (USE_HTML==1) printf("<br>\n "); else printf("\n ")
465 }
466
467 if (USE_ANSI_COLORS==1) printf("\033[0m\033[1;35m")
468 if (USE_HTML==1) printf("<font color=dark purple>")
469
470 if (RESOLVE_NAMES==1)
471 {
472 # If multiple names exist for one IP then only use the first (head -n1)
473 syscall=sprintf("printf \" $(dig +short +time=1 +tries=1 -x %s 2>/dev/null |head -n1 |grep -v \";;.*\" |sed s,.$,\" \",)\" 2>/dev/null", DST_HOST)
474 system(syscall)
475 }
476
477 if (SHOW_LOCATION==1)
478 {
479 syscall=sprintf("curl -L --silent --connect-timeout 1 http://api.hostip.info/get_html.php?ip=%s 2>/dev/null |grep -e \"Country:\" -e \"City:\" |while read line; do printf \" $line\"; done", DST_HOST)
480 system(syscall)
481 }
482 }
483
484 if (USE_ANSI_COLORS==1) printf("\033[0m")
485 if (USE_HTML==1) printf("</font>")
486
487 break
488 }
489 }
490
491 if (i==NF)
492 {
493 if (USE_HTML==1) printf("<br>")
494 printf("\n")
495 }
496 else
497 {
498 offset=i+1
499 if (USE_1ROW==0)
500 {
501 if (USE_HTML==1) printf("<br>\n "); else printf("\n ")
502 }
503 else printf(" ")
504 }
505
506 save_offset=++offset;
507 for (i = offset; i <= NF; i++) if (substr($i,1,6) == "PROTO=") break;
508
509 offset=i
510
511 # First show PROTO=
512 if ($offset == "PROTO=UDP")
513 {
514 if (USE_ANSI_COLORS==1) printf("\033[0m\033[1;33m")
515 if (USE_HTML==1) printf("<font color=yellow>")
516
517 printf(" %s", $offset)
518
519 if (USE_ANSI_COLORS==1) printf("\033[0m")
520 if (USE_HTML==1) printf("</font>")
521 }
522 else
523 if ($offset == "PROTO=TCP")
524 {
525 if (USE_ANSI_COLORS==1) printf("\033[0m\033[1;32m")
526 if (USE_HTML==1) printf("<font color=green>")
527
528 printf(" %s", $offset)
529
530 if (USE_ANSI_COLORS==1) printf("\033[0m")
531 if (USE_HTML==1) printf("</font>")
532 }
533 else
534 if ($offset == "PROTO=ICMP")
535 {
536 if (USE_ANSI_COLORS==1) printf("\033[0m\033[1;34m")
537 if (USE_HTML==1) printf("<font color=blue>")
538
539 printf(" %s", $offset)
540
541 if (USE_ANSI_COLORS==1) printf("\033[0m")
542 if (USE_HTML==1) printf("</font>")
543 }
544 else
545 {
546 printf(" %s", $offset)
547 }
548
549 if (substr($(offset+1),1,4)=="SPT=")
550 {
551 # Second show DPT=
552 if (USE_ANSI_COLORS==1) printf("\033[0m\033[1;31m")
553 if (USE_HTML==1) printf("<font color=red>")
554
555 printf(" DPT=%s", portname_lookup(substr($(offset+2), 5, length($(offset+2))-4)))
556
557 if (USE_ANSI_COLORS==1) printf("\033[0m")
558 if (USE_HTML==1) printf("</font>")
559
560 # Third show SPT=
561 printf(" SPT=%s", portname_lookup(substr($(offset+1), 5, length($(offset+1))-4)))
562 }
563
564 if ($(offset)=="PROTO=ICMP")
565 {
566 # Resolve type/code
567 if (USE_ANSI_COLORS==1) printf("\033[0m\033[1;31m")
568 if (USE_HTML==1) printf("<font color=red>")
569
570 type=strtonum(substr($(offset+1), 6, length($(offset+1))-5))
571 code=strtonum(substr($(offset+2), 6, length($(offset+2))-5))
572 printf(" TYPE/CODE=%s(%i,%i)", ICMP_lookup(type, code), type, code)
573
574 if (USE_ANSI_COLORS==1) printf("\033[0m")
575 if (USE_HTML==1) printf("</font>")
576 }
577
578 ICMP_INFO=0
579 for (i = save_offset; i <= NF; i++)
580 # Show all other info
581 {
582 if (substr($i,1,1) == "[") ICMP_INFO=1
583 if (ICMP_INFO==1)
584 {
585 if (substr($i,1,5) != "PREC=" && substr($i,1,4) != "TOS=" && substr($i,1,3) != "ID=" \
586 && i != 4 && i != 5 && substr($i,1,2) != "DF" \
587 && $i != "RES=0x00" && $i != "URGP=0")
588 printf(" %s", $i)
589 }
590 else
591 {
592 if (substr($i,1,6) != "PROTO=" && substr($i,1,5) != "PREC=" && substr($i,1,4) != "TOS=" && substr($i,1,3) != "ID=" \
593 && substr($i,1,4) != "LEN=" && i != 4 && i != 5 && substr($i,1,2) != "DF" && substr($i,1,4) != "SPT=" && substr($i,1,4) != "DPT=" \
594 && $i != "RES=0x00" && $i != "URGP=0" && substr($i,1,7) != "WINDOW=" && substr($i,1,5) != "TYPE=" && substr($i,1,5) != "CODE=")
595 printf(" %s", $i)
596 }
597 }
598 }
599 if (USE_HTML==1) printf("<br>")
600 printf("\n")
601 }
602 }
603 ' RESOLVE_NAMES=$RESOLVE_NAMES SHOW_LOCATION=$SHOW_LOCATION USE_ANSI_COLORS=$USE_ANSI_COLORS USE_1ROW=$USE_1ROW USE_HTML=$USE_HTML
604
605 if [ "$USE_HTML" = "1" ]; then
606 echo "</body></html>"
607 fi
608 fi