/*
   Watches trace file with smtp packets. Searches for packets with MAIL FROM command.
   Adds found email address to the list of variables.
   After watch, displays the filled list of variables.
   
   Run as:
      anettest -d eth0 -f this_file.fws
*/

trace "../traces/smtp_client.pcap"

var(i,num,1)
var(nf,num,0)
var(v1,num,1)
var(v2,num,1)

// watches trace

cyc 24 {		// number of packets examined (must be less than total number of packets in trace file)

   getpac i    // loads packet from file

   pos = td
   goto('MAIL F')    // searches "mail from"
   if gotores = 1 {
      .sss ''
      goto('<')
      pass 1
      setpos(sss, curpos)
      v1 = curpos
      goto('>')
      v2 = curpos
      v2 -= v1
      setsize(sss, v2)
      if v2 != 0 {

         //print 'packet$i$\t\t$sss$\n'
         var('email$nf$',td,'$sss$')     // creates new variable in list
         nf += 1
      }
   }
   i += 1
}

// displays the list

i = nf
i = 0
var(v10, td, '')

cyc inf {

   if i >= nf {

      break
   }
   else {

      v10 = 'email$i$'
      print '$v10$\n'
   }

   i += 1
}