1$Id: README,v 1.5 2007/07/10 13:30:19 farooq-i-azam Exp $ 2 3ipgrab 4 5Mike Borella 6mike@borella.netNOPSAM 7 8------------------------------------------------------------------------------ 9 10COPYRIGHT 11 12Copyright (C) 1997-2007 Mike Borella 13 14Redistribution and use in source and binary forms are permitted 15provided that this paragraph is duplicated in all such forms and in 16any documentation, advertising materials, and other materials related 17to such distribution and use acknowledge that the software was 18developed by Mike Borella. The name of the Author may not be used to 19endorse or promote products derived from this software without 20specific prior written permission. 21 22THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 23WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 24MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 25 26Some of this code has been taken from tcpdump, which was developed by 27the Network Research Group at Lawrence Berkeley National Lab, and is 28copyrighted by the University of California Regents. 29 30------------------------------------------------------------------------------ 31 32ABOUT 33 34This README file accompanies ipgrab version 0.9.10. 35 36This new release fixes many bugs and errors, and ipgrab is now lot 37more stable. You may see ChangeLog for more details of the changes 38which were applied. Also, this release is now in synchronization with 39CVS repository. 40 41You may download a fresh copy of ipgrab from the following website: 42 43http://www.sourceforge.net/projects/ipgrab/ 44 45------------------------------------------------------------------------------- 46 47DESCRIPTION 48 49This program reads and parses packets from the link layer through the 50transport layer, dumping explicit header information along the way. 51It is a lot like tcpdump from LBL except that I've made an effort to 52dump every relevant header field possible. The overall structure of 53the code is loosely based on tcpdump and I've lifted a few modules 54from the tcpdump distribution when necessary, rather than re-inventing 55the wheel. In particular, the address conversion hashing routines are 56pretty much lifted verbatim, as well as the TCP options section. 57 58I expect that this code can be used for detailed packet level 59debugging of existing or new protocols. Also, I imagine that it could 60be a useful teaching and instruction tool for TCP/IP or security 61courses. I've made an effort to make the code readable, sometimes 62even at the expense of efficiency, so that one can use it to learn 63about the pcap library calls and the header field data structures. 64 65Would you like to see new features and protocols supported? Do you 66have a proprietary protocol that you'd like to test? Two ways to make 67it happen: (1) write a module yourself - if you send me a copy I'll 68merge it into my source and acknowledge you as author, (2) ask me to 69write it - send me email for details. 70 71------------------------------------------------------------------------------- 72 73INSTALLATION 74 75You must have the pcap library (libpcap) installed. In particular, 76the pcap.h and net/bpf.h files must be in an appropriate include 77directory (just grabbing a pre-compiled libpcap.so won't cut it). 78Download pcap from http://www.tcpdump.org 79 80Run the configure script to create a Makefile, then type 'make'. If 81you need to install any other libraries or headers, configure should 82tell you. 83 84It should compile cleanly on Linux and most other types of UNIX. It 85will also run on Windows if the WinPcap library is properly installed. 86In order to build on Windows you need Cygwin with the WinPcap 87development files installed in the /usr/local directory. 88 89Please refer to INSTALL file included with the ipgrab package for 90more detailed help on installation. 91 92------------------------------------------------------------------------------- 93 94OPERATION 95 96See man and info pages for details. 97 98------------------------------------------------------------------------------- 99 100BUGS 101 102Please report any problems or bugs to 103 104Mike Borella <mike@borella.net> 105Muhammad Farooq-i-Azam <farooq@chase.org.pk> 106 107------------------------------------------------------------------------------- 108 109THANKS 110 111Marty Roesch fixed some of the timestamping, and provided the code for 112payload output. Jorgen Pehrson provided the buffered output option. 113Stuart Stock added a lot of fixes to ISAKMP. Cullen Jennings contributed 114the MGCP parser. 115 116Lots of other people suggested things that eventually made their way 117into the code, in one form or another. 118 119------------------------------------------------------------------------------- 120 121DISCLAIMER 122 123Please use ipgrab at your own risk. There is no warranty, expressed or 124implied, associated with this product. 125 126------------------------------------------------------------------------------- 127 128 129