1 diff -urN ettercap-0.5.4.orig/ettercap.8 ettercap-0.5.4/ettercap.8
2 --- ettercap-0.5.4.orig/ettercap.8 Thu Jan 1 01:00:00 1970
3 +++ ettercap-0.5.4/ettercap.8 Thu Sep 6 17:14:33 2001
5 +.\" ettercap -- a ncurses-based sniffer/interceptor utility for switched LAN
7 +.\" Copyright (C) 2001 ALoR <alor@users.sourceforge.net>, NaGA <crwm@freemail.it>
9 +.\" This program is free software; you can redistribute it and/or modify
10 +.\" it under the terms of the GNU General Public License as published by
11 +.\" the Free Software Foundation; either version 2 of the License, or
12 +.\" (at your option) any later version.
14 +.\" This program is distributed in the hope that it will be useful,
15 +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
16 +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 +.\" GNU General Public License for more details.
19 +.\" You should have received a copy of the GNU General Public License
20 +.\" along with this program; if not, write to the Free Software
21 +.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 +.TH ETTERCAP "8" "20010906" "ettercap 0.5.4"
28 +.B ettercap 0.5.4 \- A multipurpose sniffer over switched LANs
32 +[\fIOPTIONS\fR] [\fIHOST:PORT\fR] [\fIHOST:PORT\fR] [\fIMAC\fR] [\fIMAC\fR]
35 +Ettercap was born as a sniffer for switched LAN (and obviously even "hubbed" one),
36 +but during the development process it has gained more and more feature that have
37 +changed it to a powerful and flexible tool for man-in-the-middle attacks.
38 +It supports active and passive dissection of many protocols (even ciphered ones)
39 +and includes many feature for network and host analysis (such as OS fingerprint).
41 +It has five sniffing methods:
43 ++ IPBASED, the packets are filtered matching IP:PORT source and IP:PORT dest
45 ++ MACBASED, packets filtered matching the source and dest MAC address. (useful
46 +to sniff connections through gateway)
48 ++ ARPBASED, uses arp poisoning to sniff in switched LAN between two hosts
49 +(full-duplex m-i-t-m).
51 ++ SMARTARP, uses arp poisoning to sniff in switched LAN from a victim host to all other
52 +hosts knowing the entire list of the hosts (full-duplex m-i-t-m).
54 ++ PUBLICARP, uses arp poison to sniff in switched LAN from a victim host to all other
57 +With this method the ARP replies are sent in broadcast, but if ettercap has the complete
58 +host list (on start up it has scanned the LAN) SMARTARP method is automatically selected,
59 +and the arp replies are sent to all the hosts but the victim, avoiding conflicting MAC
60 +addresses as reported by win2K.
62 +The most relevant ettercap features are:
64 +.B Characters injection in an established connection :
65 +you can inject character to server (emulating commands) or to client (emulating replies)
66 +maintaining the connection alive !!
69 +you can sniff User and Pass, and even the data of an SSH1 connection. ettercap is the
70 +first software capable to sniff an SSH connection in FULL-DUPLEX
73 +you can sniff http SSL secured data... and even if the connection is made through a PROXY
75 +.B Plug-ins support :
76 +You can create your own plugin using the ettercap's API.
78 +.B Password collector for :
79 +TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP,
80 +SOCKS 5, IMAP 4, VNC (other protocols coming soon...)
82 +.B Packet filtering/dropping:
83 +You can set up a filter chain that search for a particular string (even hex) in the TCP
84 +or UDP payload and replace it with yours or drop the entire packet.
87 +you can fingerprint the OS of the victim host and even its network adapter (it uses the
88 +nmap (c) Fyodor database)
90 +.B Kill a connection:
91 +from the connections list you can kill all the connections you want
94 +You can create and sent packet forged on the fly. The factory let you to forge from Ethernet
95 +header to application level.
99 +Options that make sense together can generally be combined. ettercap will warn the user
100 +about unsupported option combinations.
104 +\fB\-a\fR, \fB\-\-arpsniff\fR
107 +This is THE sniffing method for switched LAN, and if you want to use the man-in-the-middle
108 +technique you have to use it. In conjunction with the silent mode (-z option) you must
109 +specify two IP and two MAC for ARPBASED (full-duplex) or one IP and one MAC for PUBLICARP
110 +(half-duplex). in PUBLICARP the ARP replies are sent in broadcast, but if ettercap has
111 +the complete host list (on start up it has scanned the LAN) SMARTARP method is automatically
112 +selected, and the arp replies are sent to all the hosts but the victim, and an hash table
113 +is created to re-route back the packet form victim to client obtaining in this way a full-duplex
114 +man in the middle attack.
116 +Filters that have as action a replacement or a drop, can be used only with ARPBASED
117 +sniffing because it is necessary to re-adjust the sequence number in full-duplex in order
118 +to maintain the connection alive.
120 +\fB\-s\fR, \fB\-\-sniff\fR
123 +This is the good old style sniffing method. It rocks on "hubbed" LAN, but useless on switched
124 +ones. You can choose the target specifying only source, only dest, with or without port, or
125 +nothing (to sniff all connections). A special ip "ANY" means from or to every host.
127 +\fB\-m\fR, \fB\-\-macsniff\fR
128 +MAC BASED sniffing (you must select two host for this)
130 +Very useful to sniff TCP traffic with remote hosts. On hubbed LANs if you want to sniff a
131 +connection through a gateway is useless to specify the victim's ip and the gateway's ip,
132 +because the packet are for an external host, not for the gateway. So you can use this method.
133 +Simply specify the victim's MAC and the gateway's MAC and you will see all the connections
134 +from and to the Internet.
140 +\fB\-N\fR, \fB\-\-simple\fR
141 +NON interactive mode (without ncurses)
143 +This method is useful if you want to launch ettercap from a script or if you already
144 +know some informations of your target or if you want to launch ettercap in background
145 +collecting data or password for you (in combination with the --quiet option).
147 +Some features are not available in this method, obviously the ones which requires
148 +interaction with the user, such as characters injection. But others (for example filtering)
149 +are fully supported, so you can set up ettercap to poison two host (a victim and its gateway)
150 +and to filter all its connection on the port 80 and replace some string with others,
151 +all its traffic to the Internet will be changed as you wish.
153 +\fB\-z\fR, \fB\-\-silent\fR
154 +start in silent mode (no arp storm on start up)
156 +If you want to launch ettercap with a non invasive method (some NIDS may raise a warn
157 +if they detects too much arp request). You have to know all the requested data of the
158 +target in order to use this options. For example if you want to poison two host, you need
159 +the two IP and the two MAC addresses of the victims.
160 +If you select ipsniff or macsniff this method is automatically selected, because you don't
161 +need to know the list of the host in the LAN.
163 +To know the entire list of the hosts use "ettercap -Nl", but remember that it is a invasive
166 +\fB\-b\fR, \fB\-\-broadping\fR
167 +use a broadcast ping instead of arp storm on start up.
169 +this method is less intrusive, but even less accurate. some hosts will not respond at the
170 +broadcast ping (es. Windows) so they remain invisible to this method. Useful if you want to
171 +scan a LAN with Linux hosts. As usual you can combine this option with --list to have a
172 +list of the hosts "ettercap -Nlb"
174 +\fB\-D\fR, \fB\-\-delay <n sec>\fR
175 +the delay in seconds between the arp replies if you have selected an ARP poison sniffing
176 +method. This is useful if you want to be less aggressive in the poisoning. On many OS the
177 +default validity interval of the arp cache is more than a minute (on FreeBSD is 1200 sec).
179 +The default delay value is 30 sec.
181 +\fB\-Z\fR, \fB\-\-stormdelay <n usec>\fR
182 +the delay in micro-seconds between the arp request on arp storm at start up.
183 +This is useful if you want to be less aggressive in the scanning. Many IDS will report
184 +massive arp request, but if you send them in a slower rate, they will not report any strange
187 +The default delay value is 1500 usec.
189 +\fB\-S\fR, \fB\-\-spoof <IP>\fR
190 +If you want to elude some IDS, you can specify a spoofed IP used to scan the LAN with
191 +arp request. The source MAC can't be spoofed because a well configured switch will block
194 +\fB\-H\fR, \fB\-\-hosts <IP1[,IP2][,IP3][,...]>\fR
195 +on start up, scan only these hosts.
197 +this is useful if you want to use an ARP scanning of the LAN but only on certain IPs.
198 +so you can benefit from a ARP scan but remaining less invasive.
199 +Useful even if you want to do PUBLIC ARP but you want to poison only specific hosts.
200 +since with a list PUBLIC ARP is automatically converted to SMARTARP, only these host
201 +will be poisoned and you can leave untouched the arp caches of the other hosts.
203 +the IP list must be in dotted notation and separated by comma (without black spaces
204 +between them), you can use wildcards.
206 +eg: 192.168.0.2? --> from 20 to 29
208 + 192.168.0.1* --> host 1, from 10 to 19 and from 100 to 199
210 +\fB\-d\fR, \fB\-\-dontresolve\fR
211 +don't resolve IPs on start up. this is useful if you experience an insane "Resolving
212 +n hostnames..." message on start up. This is due to a very slow DNS in your environment.
214 +\fB\-i\fR, \fB\-\-iface <IFACE>\fR
215 +network interface to be used for all the operation. you can even specify network aliases
216 +in order to scan a subnet with different ip form your current one.
218 +\fB\-n\fR, \fB\-\-netmask <NETMASK>\fR
219 +the netmask used to scan the LAN. (in dotted notation). the default is your current
220 +ifconfig netmask. but your netmask is for example 255.255.0.0 I encourage you to specify
221 +a more restrictive one, if you managed to do an ARP scanning on start up.
223 +\fB\-e\fR, \fB\-\-etterconf <FILENAME>\fR
224 +use the config file instead of command line options
226 +etter.conf example file is packaged in the tarball, refer to it to know how to write a
227 +config file. all the instruction are written in this example. via the conf file you
228 +can disable selectively one protocol dissector or move it on one other port.
230 +command line options and config file can be mixed for much flexibility, but remember
231 +that the options in the config file override the command line, so if in etter.conf
232 +you have specified IFACE: eth0, and you launch "ettercap -i eth1 -e etter.conf"
233 +the selected iface will be eth0.
235 +NOTE: the "-e etter.conf" options has to be specified after all other options.
237 +\fB\-v\fR, \fB\-\-version\fR
238 +check for the latest ettercap version.
240 +All operation are under your control. Every step requires a user confirmation.
241 +With this option ettercap will connect to the http://ettercap.sourceforge.net:80 web
242 +side and ask for the page /latest.php. then the result are parsed and compared with
243 +your current version. If there is a newer version available, ettercap will ask you if
244 +you want to wget it. (wget must be in the path).
246 +If you want to automatically answer yes at all the question add the option -y
248 +\fB\-h\fR, \fB\-\-help\fR
249 +prints the help screen with a short summary of the available options.
254 +.B SILENT MODE OPTIONS (only combined with -N)
256 +\fB\-u\fR, \fB\-\-udp\fR
257 +sniff only UDP packets (default is TCP).
258 +This option is only useful in "simple" mode, if you start ettercap in interactive mode
259 +both TCP and UDP are sniffed.
261 +\fB\-R\fR, \fB\-\-reverse\fR
262 +sniff all the connection but the selected one. This option is useful if you are using
263 +ettercap on a remote machine and you want to sniff all the traffic but you connection from
264 +local to remote, because including it will sniff even the ettercap output and it will be
267 +\fB\-p\fR, \fB\-\-plugin <NAME>\fR
268 +run the plugin "NAME".
270 +most plugins need a destination host. simply specify it after plugin name, in fact
271 +hosts are parsed on command line as first the DEST and so the SOURCE.
273 +To have a list of the available plugins use "list" (without quotes) as plugin name.
275 +More detailed info about plugins and about how to write your own are found in the
276 +README.PLUGINS file.
278 +Currently these plugins are shipped with the official distro:
280 + arpcop -- Report suspicious ARP replies (developed by acelent)
282 + banshee -- They kill without discretion...
284 + dummy -- Dummy plugin. It does nothing ! (only a template)
286 + golem -- nice D.O.S. BE CAREFUL !!
288 + leech -- Isolate a host from the LAN
290 + lurker -- try to search for other ettercap
292 + imp -- Retrieves some Windows names
294 + ooze -- Ping a host
296 + phantom -- Sniff/Spoof DNS requests
298 + shadow -- A very simple SYN/TCP port scanner
300 + spectre -- flood a switched LAN with random MAC addresses
302 + triton -- Try to discover the LAN's gateway
304 +\fB\-l\fR, \fB\-\-list\fR
305 +lists all the hosts in the LAN, reporting each MAC address.
307 +Commonly combined options are -b (for broadcast ping) and -d (don't resolve hostname).
309 +\fB\-C\fR, \fB\-\-collect\fR
310 +collect all users and password from the hosts specified on command line.
312 +Password collector are configured in the config file (etter.conf), if you want
313 +you can disable them selectively or move them on other port. This is useful if you
314 +don't want to sniff SSH connection (the key change alert will raise suspects) but
315 +want to sniff all other supported protocols. Or even if you know that a host has the
316 +telnet service on port 4567, simply move the telnet dissector on 4567/tcp
318 +\fB\-f\fR, \fB\-\-fingerprint <HOST>\fR
319 +do OS fingerprinting on HOST.
321 +This option uses the same database and the same method used by
322 +.I nmap (c) Fyodor <fyodor@insecure.org>
323 +so I report a piece of its man page :
325 +This option activates remote host identification via TCP/IP fingerprinting. In other
326 +words, it uses a bunch of techniques to detect subtleties in the underlying operating
327 +system network stack of the computers you are scanning. It uses this information to
328 +create a 'fingerprint' which it compares with its database of known OS fingerprints
329 +(the nmap-os-fingerprints file) to decide what type of system you are scanning.
331 +the -f options even provides you the vendor of the network adapter of the scanned host.
332 +the info are stored in the mac-fingerprints database.
334 +\fB\-x\fR, \fB\-\-hexview\fR
335 +to dump data in hex mode.
337 +TIP: while sniffing you can change the visualization mode by hitting 'a' for ascii or 'x' for hex.
338 +on line help is recalled by 'h'.
340 +\fB\-L\fR, \fB\-\-logtofile\fR
341 +if used alone logs all data to specific file(s). it crates a separate file for each connection
342 +in the form "YYYYMMDD-P-IP:PORT-IP:PORT.log"
344 +if used with -C (collector) it creates a file with all the password sniffed in the session in
345 +the form "YYYYMMDD-collected-pass.log"
347 +\fB\-q\fR, \fB\-\-quiet\fR
348 +"demonize" ettercap.
350 +useful if you want to log all data in background. this options will detach
351 +ettercap from the current tty and set it as a demon collecting data to files. it must be
352 +combined with -NL (or -NLC) otherwise it has no effects. Obviously the sniffing method
353 +is required, so you have to combine it with this option.
355 +\fB\-k\fR, \fB\-\-newcert\fR
356 +create a new cert file for HTTPS man-in-the-middle.
358 +useful if you want to create a certfile with social engineered information...
360 +the new file is created in the current working directory. to permanently substitute the
361 +default cert file (etter.sll.crt) you have to overwrite /usr/share/ettercap/etter.ssl.crt
363 +\fB\-F\fR, \fB\-\-filter <FILENAME>\fR
364 +load the filters chains from FILENAME
366 +the Filtering chains file is written in pseudo XML format. You can write by hand this
367 +file or (better) use the ncurses interface to let ettercap create it (press 'F' in the
368 +connection list interface). If you are skilled in XML parsing, you can write your own
369 +program to make a filter chain file.
371 +the rules are simple:
373 +If the proto <proto> AND the source port <source> AND the dest port <dest> AND the payload <search>
374 +match the rules, after the filter as done its action <action>, it jumps in the chain
375 +to the filter id specified in the <goto> field, else it jumps to <elsegoto>.
376 +If these field are left blank the chain is interrupted. Source and dest port equal to
377 +0 (zero) means ANY port. You can use wildcards in the search string (see README for detail)
379 +NOTE: with this options filter are enabled by default, if you want to
380 +disable them on the fly, press "S" (for source) or "D" (for dest) while sniffing
382 +NOTE: on command line the hosts are parsed as "ettercap -F etter.filter DEST SOURCE", so
383 +the first host is bound to the dest chain and the second to the source chain.
385 +VERY IMPORTANT: the source chain is applied to data COMING FROM source and NOT GOING TO
386 +source. keep this in mind !! the same is for dest...
388 +\fB\-c\fR, \fB\-\-check\fR
389 +check if you were poisoned by other poisoners in the LAN
391 +\fB\-t\fR, \fB\-\-linktype\fR
392 +check if you are on a switched LAN or not... Sometimes this discovery method can fail.
393 +don't trust it at 100%
396 +.SH TARGET SPECIFICATION
397 +The targets are parsed on command line in reverse order. The first host is the DEST and the
398 +second is the SOURCE. this doesn't care if you are sniffing in ip based mode, because
399 +source and dest are ignored, but if you are filtering the connection this is crucial for
400 +the binding of the related filter chain.
402 +The reverse order is due to a more intuitive interface for plugins. because some plugins
403 +need the dest host to be specified, it is simpler to type:
404 +"ettercap -Np ooze victim" than "ettercap -Np ooze NOONE victim".
406 +The targets can be specified in dotted notation (192.168.0.1) or with their symbolic name
407 +(victim.mynet.org). Only within the -H (--hosts) option you can use wildcards.
410 +.SH INTERACTIVE MODE
411 +The interactive mode (ncurses mode) is automatically selected if ettercap is launched
412 +without the option -N . Explain what you can do with it will take pages and pages... and I'm
413 +not a good writer... so if you don't know what can you do in some circumstances, simply
414 +press 'H' and a help screen will popup. there you can find a detailed list of all available
419 +Here are some examples of using ettercap.
423 +On startup use broadcast ping to scan the LAN instead of ARP request all the
426 +.B ettercap -H "192.168.0.?,192.168.0.3?,192.168.0.2*"
428 +On startup scan only the host 192.168.0.1-9, 192.168.0.30-39, 192.168.0.2,
429 +192.168.0.20-29 and 192.168.0.200-255.
430 +if the PUBLICARP method will be selected only these host will be poisoned.
432 +.B ettercap -s 192.168.0.1 192.168.0.2
434 +Enter the interactive mode and sniff only the connections between 192.168.0.1 and 192.168.0.2
436 +.B ettercap -Nzs -F etter.filter 192.168.0.1 192.168.0.2
438 +Load filter from etter.filter and activate them on all the connection between 192.168.0.1
439 +and 192.168.0.2 . Only Log action will be supported because it is a -s (ipsniffing) method.
440 +192.168.0.1 is bound to the dest chain and 192.168.0.2 to the source one.
441 +To enable even the replacement and drop actions you have to launch "ettercap -Nza -F
442 +etter.filter IP IP MAC MAC"
444 +.B ettercap -zs -e etter.conf
446 +Use the ip based sniffing mode and load the other option from the config file (etter.conf).
447 +Note that options in the file override command line.
449 +.B ettercap -Nzs victim.my.net ANY:80
451 +Sniffs in console mode (non interactive) only the connection to and from "victim.my.net"
452 +starting or ending to all other hosts but on port 80 (www). data are dumped in ASCII
453 +mode. to dump in HEX mode add the -x option.
455 +.B ettercap -NRzs remote.host.net:23 my.local.host.com
457 +Useful to sniffs in console mode (non interactive) all the connection on a remote LAN
458 +on which you are executing ettercap. this example will prevent to show your telnet (:23)
459 +connection from "my.local.host.com" to "remote.host.net".
463 +This will provide you the entire list of hosts in the LAN. Will check if someone is
464 +poisoning you and will report its IP. Will tell you if you are on a switched LAN or not.
466 +.B ettercap -NCLzs --quiet
468 +This will detach ettercap from console and log to a file all the collected password.
469 +Only works if the LAN is hubbed, or if collected password are directed to your host.
471 +.B ettercap -NCza -D 100 192.168.0.1 192.168.0.2 55:23:A5:B4:C7:89 00:A3:56:FE:4F:6D
473 +Collect password to stdout on a switched LAN. this will poison the two host 192.168.0.1
474 +and 192.168.0.2 each other. The delay between arp replies is set to 100 sec.
476 +.B ettercap -Np triton
478 +Launch the plugin "triton" that will try to passively search for the LAN gateway.
480 +.B ettercap -Np ooze victim.mynet.org
482 +Launch the plugin "ooze" that will portscan the host "victim.mynet.org" that will be translated
486 +Linux 2.0.x 2.2.x 2.4.x
494 +Mac OS X (darwin 1.3)
498 +/usr/share/ettercap/etter.conf - the config file
500 +/usr/share/ettercap/etter.filter - the filter chains
502 +/usr/share/ettercap/etter.ssl.crt - the SSL certificate for HTTPS m-i-t-m
504 +/usr/share/ettercap/mac-fingerprints - the network adapter vendor database
506 +/usr/share/ettercap/nmap-os-fingerprints - the nmap (c) Fyodor os fingerprint
508 +/usr/doc/ettercap-0.5.4/* - the DOCUMENTATION
512 +Alberto Ornaghi (ALoR) <alor@users.sourceforge.net>
514 +Marco Valleri (NaGA) <crwm@freemail.it>
518 +http://ettercap.sourceforge.net/download/
520 +Or if you want to do an automatic check of the latest version try "ettercap -vy"
524 +Our software never has bugs.
526 +It just develops random features. ;)
530 +- It is better that you don't launch ettercap on a host that is a gateway
531 +because it needs to disable ip_forwarding, it may cause problem with routing.
533 +- You cannot use plugins on yourself. outgoing link layer packets are not
534 +captured by the same socket, so they will be ignored.
536 +- While poisoning on a switched LAN, ettercap won't sniff the traffic made
537 +by your host to others. the technical reason is: otherwise ettercap will
538 +forward your packets two time (and this is not good...) the artistic
539 +reason is: why sniffing yourself with a man-in-the-middle method ? use
540 +simple sniffing instead ! ;)
542 +- While sniffing in Public ARP mode, ettercap can "view" only one way of
543 +the connection, so some protocol dissectors can fail...
545 +- under X11 resizing the xterm can give a corrupted visualization of the
546 +interface. SIGWINCH is *partially* supported.
548 +- ettercap doesn't handle fragmented packets... only the first segment
549 +will be displayed by the sniffer. However all the fragments are correctly
552 ++ please send bug-report, patches or suggestions to <alor@users.sourceforge.net>
553 +or visit http://ettercap.sourceforge.net/forum/ and post it in the BUGS section.
555 ++ to report a bug, recompile ettercap with 'configure --enable-debug'
556 +and attach ettercap_debug.log to the mail in which U explain the problem.
557 diff -urN ettercap-0.5.4.orig/ettercap.spec ettercap-0.5.4/ettercap.spec
558 --- ettercap-0.5.4.orig/ettercap.spec Thu Jan 1 01:00:00 1970
559 +++ ettercap-0.5.4/ettercap.spec Thu Sep 6 17:14:33 2001
563 +Summary: ettercap is a ncurses-based sniffer/interceptor utility
568 +Packager: ALoR <alor@users.sourceforge.net>
569 +Source: http://ettercap.sourceforge.net/download/%{name}-%{version}.tar.gz
570 +URL: http://ettercap.sourceforge.net/
572 +Group: Networking/Utilities
574 +Buildroot: %{_tmppath}/%{name}-%{version}-root
577 +ettercap is a multipurpose sniffer/interceptor/logger for switched or "hubbed" LAN.
583 +./configure --prefix=%{prefix} --disable-debug --mandir=%{_mandir}
588 +rm -rf $RPM_BUILD_ROOT
589 +make install DESTDIR=$RPM_BUILD_ROOT
590 +make plug-ins_install DESTDIR=$RPM_BUILD_ROOT
593 +rm -rf $RPM_BUILD_ROOT
596 +%defattr(-,root,root)
598 +%doc COPYING README README.PLUGINS HISTORY CHANGELOG AUTHORS TODO THANKS KNOWN-BUGS PORTINGS
600 +%{prefix}/share/ettercap/*
601 diff -ur ettercap-0.6.2.new/configure.in ettercap-0.6.2/configure.in
602 --- ettercap-0.6.2.new/configure.in Sat Nov 17 11:54:22 2001
603 +++ ettercap-0.6.2/configure.in Sat Nov 17 12:14:02 2001
604 @@ -324,14 +324,14 @@
608 - AC_CHECK_HEADERS(ncurses.h,,ncurses_warn=1)
609 + AC_CHECK_HEADERS(ncurses/ncurses.h,,ncurses_warn=1)
610 AC_CHECK_LIB(ncurses,newpad,,ncurses_warn=1)
612 if test $ncurses_warn -ne 1; then
613 AC_DEFINE(HAVE_NCURSES,1)
616 - AC_CHECK_HEADERS(curses.h,,curses_warn=1)
617 + AC_CHECK_HEADERS(ncurses/curses.h,,curses_warn=1)
618 AC_CHECK_LIB(curses,newpad,,curses_warn=1)
619 AC_CHECK_LIB(curses,mvwgetnstr,,curses_warn=1)
624 if test "$ncurses_warn$curses_warn" -eq "00"; then
625 - AC_CHECK_HEADERS(form.h,,form_warn=1)
626 + AC_CHECK_HEADERS(ncurses/form.h,,form_warn=1)
627 AC_CHECK_LIB(form,form_win,,form_warn=1)
629 if test $form_warn -ne 1; then
630 @@ -380,12 +380,12 @@
633 no) AC_MSG_RESULT(no.)
634 - CFLAGS="-O3 -funroll-loops -fomit-frame-pointer -Wall"
635 + CFLAGS="${CFLAGS} -funroll-loops -fomit-frame-pointer -Wall"
639 AC_MSG_RESULT(no. disabled by default.)
640 - CFLAGS="-O3 -funroll-loops -fomit-frame-pointer -Wall"
641 + CFLAGS="${CFLAGS} -funroll-loops -fomit-frame-pointer -Wall"
646 echo "=================================================="
650 \ No newline at end of file