PackPrint 0.0.2 17/02/2000
Author: Mike Ricketts <mike@earth.li>
Web: http://www.earth.li/projectpurple/progs/packprint.html
Part of Project Purple. (http://www.earth.li/projectpurple/)
- Introduction
PackPrint is a tool to print out the contents of packet files generated
using tcpdump (or similar) in a pretty way. It was written primarily for
my own use, but others might well find it useful. Future versions will be
able to capture packets directly without the need for tcpdump.
1.1 Home page
All the latest news, documentation and versions of PackPrint will be made
available from http://www.earth.li/projectpurple/ or directly from the
the author.
2. Protocols
Here is a list of protocols that PackPrint currently understands:
* Ethernet II
* ARP
* IP
* TCP
* UDP
* ICMP
Other protocols will be added in future versions, as and when I have time
to add them.
3. Usage instructions
PackPrint is incredibly easy to use - simply to packprint <filename>,
where <filename> is the name of a file generated using the -w option for
tcpdump (or some other program using libpcap).
If <filename> is -, then packprint reads from standard input, so you could
do:
$ tcpdump -s 65535 -w - | packprint -
to produce an nice output for tcpdump
NOTE: always use the -s 65535 options on tcpdump to make sure you get the
entire packet contents so that packprint can decode it
4. Installation
make ; make install should work. If it doesn't, mail me.
You can change where it installs by changing BINDIR and/or PREFIX at the
top of the Makefile.
5. Problems, Bugs, and Comments
If you have any comments, suggestions, or bug reports, please email me.
The email address I currently use is mike@earth.li
I am interested in any feedback in order to improve PackPrint.
6. License
PackPrint is distributed under the GNU Public License a copy of which is
included in this archive as LICENSE.