Mon Aug 17, 1998

Shawn Ostermann
ostermann@cs.ohiou.edu

tcptrace is a TCP connection analysis tool.  It can tell you detailed
information about TCP connections by sifting through dump files.  The
dump file formats supported are:
   Sun's snoop format
   Standard tcpdump format (you need pcap library)
   Macintosh Etherpeek format
   HP/NetMetrix protocol analysis format

To see the graphs, you'll also need Tim Shepard's xplot program,
available on mercury.lcs.mit.edu:
	ftp://mercury.lcs.mit.edu/pub/shep

I've switched to using "./configure" to set up the Makefile.  That
seems to have eased portability problems a great deal.  Just say
"./configure" and then "make" to build the program.

Most of the rest of the Docs are on the web.  Check out:
  http://jarok.cs.ohiou.edu/software/tcptrace/tcptrace.html


Supported Platforms
-------------------

The program is developed here at OU on Sparc machines running Solaris 2.5
It has also been tested at OU under
  NetBSD	used a lot
  FreeBSD	used a little
  Linux		just compiled and run through regression tests

I've also heard that it can be compiled and run under:
  HPux
	I'm also told that it can be compiled on HP systems, but I
	don't have access to one for testing.

You should just have to change the Makefile to get these compilations
to work

Running the program
-------------------

Some simple examples:

0) What are the args and what do they mean???
     tcptrace 

1) Run the program quickly over a dump file
     tcptrace dumpfile

2) Get longer output
     tcptrace -l dumpfile

3) Generate lots of pretty plot files (you need xplot to see them)
     tcptrace -G dumpfile

4) Print the segment contents as you go
     tcptrace -p dumpfile

5) Print progress info (useful for large files)
     tcptrace -t dumpfile

Of course, you can chain arguments together until you get just what
you want.  


Let me know what you think....

Shawn

==================================================

Special thanks to the following people who helped, pointed out bugs,
or ported the program to other architectures:

	 Sita Menon 
		wrote much of the early retransmission counting
		and sequencing engine
	 Brian Wilson 
		wrote the original etherpeek capture library
	 Mark Allman and Chris Hayes 
		provided valuable (sometimes incessant!) feedback
		on the tool (and drew the nice web page graphic)
	 Tim Shepard 
		for writing xplot, of course, providing
	      	a wonderful tool for understanding TCP
	 Bill Fenner (fenner@parc.xerox.com)
		pointed out a couple small bugs in version 3.2.1
		pointed out a bug in 3.2.5 that kept it from reading
			any packets on a PC (endian bug)
	 Jeff Semke (semke@psc.edu)
		sent me diffs to get it compile under
			"NetBSD 1.2 on a Pentium box."
	 Rick Jones (raj@hpisrdq.cup.hp.com)
		sent me diffs to get it to compile on HP systems
	 Keith Scott (kscott@zorba.jpl.nasa.gov)
		sent me Linux diffs
	 Nasseef Abukamail (nabukama@cs.ohiou.edu) who wrote much of
		the IPv6 code
	 Byron Collie (byron.collie@ccs.afp.gov.au) for helping make the program more
		useful to the security community 
	 Brian Utterback (Brian.Utterback@East.Sun.COM) for very helpful
		bug reports
	 Jamshid Mahdavi (mahdavi@novell.com) for poking at the Intel/Linux side of
		the code and sending bug reports
	 Mark Foster (mafoster@george.arc.nasa.gov) for writing the
		manual page

	
