
A set of tools to create web pages for tcpdump output files

	<<Alpha test version for MAWI-WG internal use>>

			March 8, 1999

			WIDE Project MAWI WorkingGroup
			Kenjiro Cho <kjc@csl.sony.co.jp>

Directory:
	README:
		this file
	wide-tcpdpriv:
		a program for eliminating confidential information
		from tcpdump trace files to address privacy and security 
		concerns.
		Written by Greg Minshall of Ipsilon Networks, Inc. 

		we have modified the original tcpdpriv defaults to meet
		the WIDE Project requirement.

	fly-1.6.5:
		a program to create a GIF file on the fly
		by Martin Gleeson, <gleeson@unimelb.edu.au>
		used to create a bar chart.

		Modified to use gd-1.7.3 to output png images instead of 
		gif images.

	tcpdstat:
		a program to extract statistical information from
		tcpdump trace files.

	scripts:
		a directory contains perl scripts.
	bin:
		a directory for binary executables.
	pub:
		a directory for sample data files.

INSTALL:
	(I have tested this only on FreeBSD.)

	1. run "make" under wide-tcpdpriv, fly and tcpdstat.

	2. create a scrambled dump file and html files.

		% cd pub
		% ../scripts/batch.pl your_tcpdump_output

TIPS:
	1. tcpdump file:

		# tcpdump -w dumpfile -c 100000

	captures 100,000 packets and the size of the dump file
	is about 8MB (~3.7MB when gzipped).

	2. Scrambling IP addresses:
	
		tcpdpriv -r dumpfile -w dumpfile.scrambled

	3. Creating a One-Way Dumpfile:

	tcpdump can extract packets that has specified source or
	destination MAC address.

		% tcpdump -n -r dumpfile -c 40 -e

	will display the MAC addresses.  Then, if you want to extract
	packets from a host whose MAC address is "0:0:c:3:cb:c2":

		% tcpdump -r dumpfile -w oneway-dumpfile ether src 0:0:c:3:cb:c2

	Use "dst" keyword instead of "src" for the other direction.


	4. Graphically replay a tcpdump trace:

	ttt (tele traffic tapper) is a program which can replay a
	tcpdump output using Tcl/Tk/BLT.  To replay a tarce:

		% ttt -dumpfile dumpfile -speed 10

	ttt is in the FreeBSD ports collection and available from
	http://www.csl.sony.co.jp/person/kjc/software.html

	5. TCP Detailed Analysis

	tcptrace is a TCP connection analysis tool.  It can tell you 
	detailed information about TCP connections by sifting through 
	dump files.
	tcptrace is available from
	http://jarok.cs.ohiou.edu/software/tcptrace/tcptrace.html


Changes
2000/06/30	version 0.8
		tcpdstat: distinguish http servers from clients
		  add more protocols: napster, hotline, RTSP, realaudio
			icecast, halflife, starcraft, everquest, unreal,
			quake, cuseeme
2000/06/29	version 0.7
		add packet size distribution graph
2000/05/23	version 0.6
		tcpdstat/ip_flow.c: use hashing to show addresses
2000/04/18	version 0.5
		add address information to tcpdstat
2000/01/24	v6 support fixes to wide-tcpdpriv and tcpdstat
1999/10/18	update tcpdpriv to wide-tcpdpriv-1.0
1999/10/12	switch from gif to png
			update fly from 1.6.2 to 1.6.5
			update gd from 1.3 to 1.7.3
			s/gif/png/g to fly.c
1999/03/08	update tcpdstat to 0.2.
1998/10/22	First snapshot release
