File: README

package info (click to toggle)
ipgrab 0.5-3
  • links: PTS
  • area: main
  • in suites: slink
  • size: 268 kB
  • ctags: 169
  • sloc: sh: 1,507; ansic: 1,234; makefile: 56
file content (123 lines) | stat: -rw-r--r-- 4,438 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
 

ipgrab 0.4a2 

Mike Borella
Advanced Technologies Research Center
3Com
Mount Prospect IL 60056

mike_borella@SPAMLETmw.3com.com

(remove SPAMLET to mail me)

------------------------------------------------------------------------------

COPYRIGHT

Copyright (C) 1997, 1998 Mike Borella

Redistribution and use in source and binary forms are permitted
provided that this paragraph is duplicated in all such forms and
in any documentation, advertising materials, and other materials
related to such distribution and use ackowledge that the software
was developed by Mike Borella at the Advanced Technologies Research 
Center at 3Com Corp.  The name of the Author and the Corporation may 
not be used to endorse or promote products derived from this software 
without specific prior written permission.

THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.

Some of this code has been taken from tcpdump, which was developed
by the Network Research Group at Lawrence Berkeley National Lab,
and is copyrighted by the University of California Regents.

------------------------------------------------------------------------------

DESCRIPTION

This program reads and parses packets from the link layer through the
transport layer, dumping explicit header information along the way.
It is a lot like tcpdump from LBL except that I've made an effort to
dump every relevant header field possible.  The overall structure of
the code is loosely based on tcpdump and I've lifted a few modules
from the tcpdump distribution when necessary, rather than re-inventing
the wheel.  In particular, the address conversion hashing routines are
pretty much lifted verbatim, as well as the TCP options section.

I expect that this code can be used for detailed packet level
debugging of existing or new protocols.  Also, I imagine that it could
be a useful teaching and instruction tool for TCP/IP or security
courses.  I've made an effort to make the code readable, sometimes
even at the expense of efficiency, so that one can use it to learn
about the pcap library calls and the header field data structures.

I'm not maintaining this program in a formal sense.  I'll add new
functionality and features when I feel that it is appropriate.
Suggestions are encouraged, but I may not act on them.  Bug-fixes are
always welcome.  Eventually, I'll port the program to more systems.

-------------------------------------------------------------------------------

INSTALLATION

You must have the pcap library (libpcap) version 0.3 or greater
installed.  In particular, the pcap.h and net/bpf.h files must be 
in an appropriate include directory (just grabbing a pre-compiled 
libpcap.so won't cut it).  Download pcap from http://www-nrg.ee.lbl.gov.

Run the configure script to create a Makefile, then type 'make'.  If
you need to install any other libraries or headers, configure should
tell you.

Systems tested so far: Linux, FreeBSD.

-------------------------------------------------------------------------------

OPERATION

Command line options:
	[-c cnt] 	Exit after receiving cnt packets
	[-i if] 	Listen on interface if
	[-p]		Dump packet payloads
	[-l] 		*Don't* print link-layer headers
	[-n]		*Don't* print network-layer headers
	[-t]		*Don't* print transport-layer headers
        [expression]	Filter packets based on a BPF expression (see tcpdump
			man page for details)

-------------------------------------------------------------------------------

PROTOCOLS KNOWN

Data-Link: Ethernet, Slip, Raw IP
Network: IP, ARP, RARP
Transport: TCP, UDP

-------------------------------------------------------------------------------

CHANGE LOG

--------+---------------+-------
Date	| Version	| Status
--------+---------------+-------
12/1/97	| 0.3		| First working release, Linux only.
	|		|
2/5/98  | 0.4		| FreeBSD port.
	|		| Generic IP, TCP, UDP, ARP header overlay format.
	|		| IP header checksum checking.
	|		| Option to dump packet payload
	|		| Minor adjustment to makefile to correct versioning.
	|		| 
3/7/98	| 0.5		| Command line parsing now generated by genparse.
	|		| Options to turn off link-layer, network and 
	|		| transport headers.  
--------+---------------+------------------------------------------------------

TO DO

- ICMP support.
- DNS support.
- IPX support.
- RIP support.