Login | Register
My pages Projects Community openCollabNet

dbsniff
Project home

If you were registered and logged in, you could join this project.

Summary Sniffer like tcpdump. Much less powerful but easier to use.
Category construction
License GNU General Public License
Owner(s) the_me

dbsniff
is a set of tools I used for some scripting and network dump file analyzing for my diploma thesis. The tools are mainly written for that purpose, although I sometimes wanted one of them earlier, but never got the time to implement them. Until now :)

Contained programs are:

esniff (formerly extsniff) is my network analysis tool. It is meant as a simple replacement for tcpdump, easier to operate, but - by far! - not as powerful. Main purpose is to calculate some statistical data, and to print out this data in a tabular way to be processed by tools.

nwait and npush are two command line tools who implement the MS-DOS command.com / cmd.exe pause-functionality over the network: nwait waits until it gets "pushed" by npush.

wdate is a program which does quite the same as the date program on Unix/Linux, but on Windows - it prints user-formatted time strings on the command line. Useful for scripting. Currently only working on Windows (well, Linux is simply untested, but who would need that there, anyways??)

loss_chk and loss_srv are for measuring the loss-rate of a given communications channel. Only requirement: is has to be able to transport UDP traffic.

So it's nothing professional, and development is unregular at best, but it is not already present anywhere else as far as I know (otherwise I would not have started this :-).

Content



News (yes, it's active :-)


  • 2005.11.12: esniff: Changed behavior: The default mode is now "-p", and now it is possible to set more than one flag. It's stupid, because the output is not readable, but it's possible :) . Fixed some help output issues, too (I remember having done that). Also updated downloadable windows executables.
  • 2005.07.10: loss_chk/loss_srv: added working project files for Dev-C++ (fixed bug in winwrap.h which prevented compiling)
  • 2005.07.02: extsniff/nwait/npush: re-created working Dev-C++ project files along with a few build instructions. 
    extsniff/npush/nwait/loss_chk/loss_srv/wdate: Re-created broken MS Visual Studio projects. Compiles fine now :) Binary versions now available for download, compiled with Visual Studio (see installation section for that). Also available now are source distributions as ZIP archive, just for convenience. 
  • 2005.01.23: extsniff: fixed one bug in "print contents" mode and made an output correction.
  • 2005.01.22: extsniff: throughput mode (standard) now works beautifully.
  • 2004.11.25: extsniff:fixed some nasty bugs in the main event loop for packet capturing.
  • 2004.11.17: extsniff: fixed a bug in calculation of capture session duration and added a switch to reverse the meaning of the reference IP
  • 2004.11.05: extsniff: Massive code cleanups, massive flag changes, massive bug fixes. Just massive. Added some features (more information in print packet header mode and summary mode, file output possibility), and made some things more clear.
  • 2004.09.20: Added continous option to loss_chk and a possibility to remote-reset a test. Fixed loss percentage output in loss_srv. Already made some changes of the Linux Makefile, so both utilities compile on Linux without problems. Extdump still broken ... (no one needs it anyways)
    UPDATE 18:45h CET: uploaded the really working versions with BIG changes to the communications code. Added payload size display.
  • 2004.09.15: Added loss_chk and loss_srv, two utilities based on npush/nwait for checking loss ratio of a communication channel. Windows only for now, but should compile on Linux like a charm (note: I said "should" ... :-)
  • 2004.09.15: Added wdate, a utility to print formatted time / date strings and Unix-time on Windows (basically a primitive "date" from *nix using strftime()) and  did some header cleaning - there are wrapper headers now for Windows and Linux.
  • 2004.09.02: Hands on summary mode: added average payload size (calculation ignores packets with zero payload), fixed some internal stuff and warnings.
  • 2004.09.01: Hands on summary mode: added multiple use of -D and fixed a bug which falsely counted TCP-decoded UDP packets.
  • 2004.08.31: added nwait / npush to Linux Makefile, compiles without problems now. Done some very minor header stuff to overcome some Windows / Linux issues in network initialization.
  • 2004.08.26: added -s switch to npush/nwait - nwait will only exit if npush has same setting (though it's not set on nwait settings on npush have no effect)

Installation


The current compilation status is as follows:
  • Linux: Builds on Debian last time I tried. Not statically (as intended originally), but it builds.
  • Windows (Visual Studio .NET): Completely new Visual Studio project files, working perfectly.
  • Windows (Dev-C++): Builds, project files included (but only for esniff, npush, nwait, the others will follow). 
  • Windows and Cygwin/Mingw: Makefile included, but could be out of date and not work. Will be checked soon.
  • Any other: if it's *nix, it should do. If not, it might do. Work is needed in any case then, though ...
Of course you can always download the latest binaries for Windows, or a snapshot of the latest source (but this might not be the most current one, be warned). For any *nix like OS I do not provide binaries, so you have to check out the sources via CVS and pray and type "make". They should be in a state which allows compilation most of the time.

Known issues

  • The code is quite messy, I think.
  • The throughput modes of extsniff are probably usable. (The probably is the issue :-)
  • Statistics mode broken most probably. If not you won't get the data :-)

Last words


A remark: If you stumble on this page, and if you should find something on here useful, I would be happy if you'd drop me a mail.
My email is the-me (AT@) the-me (DOT.) de. Thanks!

Related resources (or: requirements)


  • WinPcap - the Windows port of the libPcap packet capturing library
  • Sleepycat Berkeley DB - the binary "database" used. Small and fast.
  • Dev-C++ - the compiler used on Windows. A free MinGW based IDE, quite good (and free).
  • Microsoft Visual Studio .NET - I used that to create most of the programs
  • GPF-Comics.com and UserFriendly - daily drugs.