The FTP Password Dissector
The
FTP
dissector’s goal is to analyze FTP traffic on the
network to obtain and display FTP usernames and passwords.
The dissector, ec_ftp.c, is located in the
src/dissectors directory of the Ettercap source
tree. The first few lines of the code use the
include directive to include required header files
for writing dissectors:
#include <ec.h> #include <ec_decode.h> #include <ec_dissect.h> #include <ec_session.h>
Prototypes for defined functions are declared next. We will discuss these functions in the next few paragraphs.
FUNC_DECODER(dissector_ftp); void ftp_init(void);
The ftp_init( )
function adds an entry into
appropriate Ettercap data structures by invoking the
dissect_add( )
function:
void _ _init ftp_init(void)
{
dissect_add("ftp", APP_LAYER_TCP, 21, dissector_ftp);
}Note that the _ _init macro is defined in
ec.h as:
#define _ _init _ _attribute_ _ ((constructor))
The _ _attribute_ _((constructor)) directive
causes all functions to be invoked before main( ).
Therefore, the ftp_init( ) function is
automatically invoked when the ettercap executable
is run. The dissect_add( ) function should be
called by every dissector because it is used to add an entry into
dissect_list, a structure used by Ettercap to
manage enabled dissectors. The function prototype for
dissect_add( ) is:
void dissect_add(char *name, u_int8 level, u_int32 port, FUNC_DECODER_PTR(decoder))
Parameters accepted by dissect_add( ) are
described in Table 2-2.
Table 2-2. Parameters for dissect_add( ...
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
