Import upstream version 2.99+3.0.beta9

Makefile.am

@@ -1,13 +1,20 @@
+# $Id$
 AUTOMAKE_OPTIONS = foreign
 
-include $(top_srcdir)/libopts/MakeDefs.inc
-
+if NEED_LIBOPTS
 SUBDIRS = scripts lib $(LIBOPTS_DIR) src
+else
+SUBDIRS = scripts lib src
+endif
+
 DIST_SUBDIRS = scripts lib libopts src docs test
 .PHONY: manpages docs test man2html
 
-dist-hook: version manpages
 
+dist-hook: version manpages update
+
+update:
+	svn update
 
 DOCS_DIR = $(top_builddir)/docs
 
@@ -32,6 +39,9 @@ manpages: man2html
 
 TEST_DIR = $(top_builddir)/test
 
+autoopts:
+	cd src && make autoopts
+
 test:
 	echo Making test in $(TEST_DIR)
 	cd $(TEST_DIR) && make test
@@ -49,6 +59,9 @@ distclean-local:
 doxygen: version
 	doxygen doxygen.cfg
 
+ncc:
+	CC=ncc make
+
 MOSTLYCLEANFILES = tcpreplay.spec *~
 
 DISTCLEANFILES = .tm_project.cache stamp-h1 *.tar.*

Makefile.in

@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.9.5 from Makefile.am.
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -39,10 +39,9 @@ target_triplet = @target@
 DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
 	$(srcdir)/Makefile.in $(srcdir)/doxygen.cfg.in \
 	$(srcdir)/tcpreplay.spec.in $(top_srcdir)/configure \
-	$(top_srcdir)/libopts/MakeDefs.inc config/compile \
-	config/config.guess config/config.sub config/depcomp \
-	config/install-sh config/ltmain.sh config/missing \
-	config/mkinstalldirs
+	config/compile config/config.guess config/config.sub \
+	config/depcomp config/install-sh config/ltmain.sh \
+	config/missing config/mkinstalldirs
 subdir = .
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/configure.in
@@ -119,6 +118,7 @@ LATEX2HTML = @LATEX2HTML@
 LDFLAGS = @LDFLAGS@
 LIBOBJS = @LIBOBJS@
 LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@
+LIBOPTS_DIR = @LIBOPTS_DIR@
 LIBOPTS_LDADD = @LIBOPTS_LDADD@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -211,10 +211,11 @@ target_cpu = @target_cpu@
 target_os = @target_os@
 target_vendor = @target_vendor@
 td = @td@
+
+# $Id$
 AUTOMAKE_OPTIONS = foreign
-@NEED_LIBOPTS_FALSE@LIBOPTS_DIR = 
-@NEED_LIBOPTS_TRUE@LIBOPTS_DIR = libopts
-SUBDIRS = scripts lib $(LIBOPTS_DIR) src
+@NEED_LIBOPTS_FALSE@SUBDIRS = scripts lib src
+@NEED_LIBOPTS_TRUE@SUBDIRS = scripts lib $(LIBOPTS_DIR) src
 DIST_SUBDIRS = scripts lib libopts src docs test
 DOCS_DIR = $(top_builddir)/docs
 TEST_DIR = $(top_builddir)/test
@@ -227,7 +228,7 @@ all: all-recursive
 .SUFFIXES:
 am--refresh:
 	@:
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/libopts/MakeDefs.inc $(am__configure_deps)
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
 	    *$$dep*) \
@@ -408,7 +409,7 @@ distclean-tags:
 distdir: $(DISTFILES)
 	$(am__remove_distdir)
 	mkdir $(distdir)
-	$(mkdir_p) $(distdir)/. $(distdir)/config $(distdir)/libopts $(distdir)/src $(distdir)/test
+	$(mkdir_p) $(distdir)/. $(distdir)/config $(distdir)/src $(distdir)/test
 	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
 	list='$(DISTFILES)'; for file in $$list; do \
@@ -651,7 +652,10 @@ uninstall-info: uninstall-info-recursive
 
 .PHONY: manpages docs test man2html
 
-dist-hook: version manpages
+dist-hook: version manpages update
+
+update:
+	svn update
 
 man2html:
 	cd scripts && make man2html
@@ -672,6 +676,9 @@ postwebsf: manpages doxygen
 manpages: man2html
 	cd src && make manpages
 
+autoopts:
+	cd src && make autoopts
+
 test:
 	echo Making test in $(TEST_DIR)
 	cd $(TEST_DIR) && make test
@@ -688,6 +695,9 @@ distclean-local:
 
 doxygen: version
 	doxygen doxygen.cfg
+
+ncc:
+	CC=ncc make
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:

README

@@ -1 +1,44 @@
-All the documentation, licensing information, etc is now in the docs directory
+$Id: README 1476 2006-07-07 04:53:44Z aturner $
+[Please note that licensing, compiling, usage and other documentation can be 
+found in the docs subdirectory.]
+
+If you have a question or think you are experiancing a bug, it is important
+that you provide enough information for us to help you.  Failure to provide
+enough information will likely cause your email to be ignored or get an
+annoyed reply from the author.
+
+If your problem has to do with COMPILING tcpreplay:
+- Version of tcpreplay you are trying to compile
+- Platform (Red Hat Linux 9 on x86, Solaris 7 on SPARC, OS X on PPC, etc)
+- ./configure arguments
+- Contents of config.log
+- Output from 'make'
+- Any additional information you think that would be useful.
+
+If your problem has to do with RUNNING tcpreplay or one of the sub-tools:
+- Version information (output of -V)
+- Command line used (options and arguments)
+- Platform (Red Hat Linux 9 on Intel, Solaris 7 on SPARC, etc)
+- Make & model of the network card(s) and driver(s)
+- Error message (if available) and/or description of problem
+- If possible, attach the pcap file used (compressed with bzip2 or gzip
+    preferred)
+- The core dump or backtrace if available
+- Detailed description of your problem or what you are trying to accomplish
+
+Note: The author of tcpreplay primarily uses OS X; hence, if you're reporting
+an issue on another platform, it is important that you give very detailed
+information as I may not be able to reproduce your issue.
+
+You are also strongly encouraged to read the extensive documentation (man
+pages, FAQ, documents in /docs and email list archives) BEFORE posting to the
+tcpreplay-users email list:
+
+http://lists.sourceforge.net/lists/listinfo/tcpreplay-users
+
+Lastly, please don't email the author directly with your questions.  Doing so
+prevents others from potentially helping you and your question/answer from
+showing up in the list archives.
+
+Thanks,
+Aaron (tcpreplay author)

configure.in

@@ -1,5 +1,5 @@
 
-dnl $Id: configure.in 1380 2005-06-30 05:54:26Z aturner $
+dnl $Id: configure.in 1519 2006-07-18 02:51:09Z aturner $
 
 AC_INIT(tcpreplay)
 AC_CONFIG_SRCDIR(src/tcpreplay.c)
@@ -12,7 +12,7 @@ AC_PROG_LIBTOOL
 dnl Set version info here!
 MAJOR_VERSION=3
 MINOR_VERSION=0
-MICRO_VERSION=beta7
+MICRO_VERSION=beta9
 TCPREPLAY_VERSION=$MAJOR_VERSION.$MINOR_VERSION.$MICRO_VERSION
 
 dnl Release is only used for the RPM spec file
@@ -23,7 +23,7 @@ AC_DEFINE_UNQUOTED(VERSION, "$TCPREPLAY_VERSION", [What is our version?])
 AC_SUBST(TCPREPLAY_VERSION)
 AC_SUBST(TCPREPLAY_RELEASE)
 
-CFLAGS="$CFLAGS -Wall -O2 -funroll-loops" # -std=c99 -Wno-variadic-macros"
+CFLAGS="$CFLAGS -Wall -O2 -funroll-loops -std=gnu99" # -std=c99 -Wno-variadic-macros"
 
 dnl Determine OS
 AC_CANONICAL_BUILD
@@ -136,19 +136,23 @@ if test -n "$FIG2DEV" -a -n "$LYX" -a -n "$DVIPS" -a -n "$TEXI2DVI" \
 fi
 AM_CONDITIONAL(HAVE_DOCTOOLS, test $doctools = yes)
 
-
-
 dnl Enable debugging in code/compiler options
 debug=no
 AC_ARG_ENABLE(debug,
     AC_HELP_STRING([--enable-debug], [Enable debugging code and support for the -d option]),
     [ if test x$enableval = xyes; then
          debug=yes
-         CFLAGS="-ggdb -Wall -pedantic"
+         CFLAGS="-ggdb -std=gnu99 -Wall -Wextra -Wfatal-errors -Wno-variadic-macros"
+#         -Wformat-security -Wswitch-default -Wunused-paramter -Wpadded"
          AC_SUBST(debug_flag)
          AC_DEFINE([DEBUG], [], [Enable debuggin code and support for the -d option]) 
       fi])
 
+AC_ARG_ENABLE(pedantic,
+    AC_HELP_STRING([--enable-pedantic], [Enable gcc's -pedantic option]),
+    [ if test x$enableval = xyes; then
+        CFLAGS="$CFLAGS -pedantic"
+      fi ])
 
 dnl Enable Efense
 AC_ARG_ENABLE(efence,
@@ -192,21 +196,39 @@ AC_ARG_ENABLE(dynamic-link,
       fi
     ])
 
-dnl Check for inet_aton and inet_addr
+dnl Check for inet_aton and inet_pton
 AC_CHECK_FUNC(inet_aton, 
-    AC_DEFINE([INET_ATON], [], [Do we have inet_aton?]) 
+    AC_DEFINE([HAVE_INET_ATON], [], [Do we have inet_aton?]) 
     inet_aton=yes, 
     inet_aton=no)
+AC_CHECK_FUNC(inet_pton, 
+    AC_DEFINE([HAVE_INET_PTON], [], [Do we have inet_pton?]) 
+    inet_pton=yes, 
+    inet_pton=no)
+AC_CHECK_FUNC(inet_ntop, 
+    AC_DEFINE([HAVE_INET_NTOP], [], [Do we have inet_ntop?]) 
+    inet_ntop=yes, 
+    inet_ntop=no)
+
+if test "$inet_ntop" = "no" -a "$inet_pton" = "no" ; then
+	AC_MSG_ERROR([We need either inet_ntop or inet_pton])
+fi
+
+if test "$inet_aton" = "no" ; then
+    AC_MSG_ERROR([We need inet_aton])
+fi
+
 AC_CHECK_FUNC(inet_addr, 
-    AC_DEFINE([INET_ADDR], [], [Do we have inet_addr?]) 
+    AC_DEFINE([HAVE_INET_ADDR], [], [Do we have inet_addr?]) 
     inet_addr=yes, 
     inet_addr=no)
 
-if test $inet_aton = no -a $inet_addr = no ; then
-	AC_MSG_ERROR("We need either inet_aton or inet_addr")
+if test x$inet_addr = no ; then
+    AC_MSG_ERROR([We need inet_addr.  See bug 26])
 fi
 
 
+
 dnl ##################################################
 dnl Checks for libnet (shamelessly horked from dsniff)
 dnl ##################################################
@@ -746,8 +768,16 @@ AC_OUTPUT([Makefile
            docs/Makefile
            src/Makefile
            src/common/Makefile
+           src/tcpedit/Makefile
+           src/flow/Makefile
            src/defines.h
            test/Makefile
            test/config
            scripts/Makefile
            tcpreplay.spec])
+
+if test $doctools = no; then
+    AC_MSG_NOTICE([One or more tool for creating documentation is unavailable.])
+    AC_MSG_NOTICE([This is only an issue for developers, so don't worry.])
+fi
+

docs/CHANGELOG

@@ -1,4 +1,25 @@
-$Id: CHANGELOG 1400 2005-08-07 16:38:46Z aturner $
+$Id: CHANGELOG 1519 2006-07-18 02:51:09Z aturner $
+
+07/17/2006: Version 3.0.beta9
+    - Fix compile issue for users not having AutoOpts installed #54
+    - Fix compile issue for users w/ AutoOpts 5.8.4 (upgrade to 5.8.4)
+
+07/16/2006: Version 3.0.beta8
+    - Fix -M running in MBps rather then Mbps
+    - Fix tcpbridge segfault/bus error reported by Steven Z. (Gerry)
+    - Improve tcpbridge man page
+    - Massive tcprewrite fixes & cleanup #50
+    - Much improved README document
+    - Reorganize packet editing code into a standalone module (tcpedit) 
+          which has been librarized. #5
+    - Strict code cleanup #27
+    - Fix tcpprep from generating bad cache files #48
+    - Add MAC split mode for tcpprep #1
+    - Improve dbg() to list file/line #32
+    - Add tcpprep statistical reports #2
+    - Reorganize flowreplay code #46
+    - Fix conflicting speed_t for Debian #33
+    - Too many other things to document
 
 08/07/2005: Version 3.0.beta7
     - New 'make doxygen' target builds pretty source code docs in

docs/CREDIT

@@ -1,7 +1,10 @@
-$Id: CREDIT 1164 2005-02-27 00:44:16Z aturner $ 
+$Id: CREDIT 1469 2006-06-09 06:48:46Z aturner $ 
 
 tcpreplay and it's associated utilities (tcpprep, tcprewrite and flowreplay)
-were designed and written by Aaron Turner <aturner@pobox.com>.
+were designed and written by Aaron Turner.
+
+This product includes software developed by the University of California,
+Berkeley and its contributors. 
 
 The following is a list of people in no particular order who have kindly
 submitted patches or code snippets for me to use in tcpreplay.

docs/HACKING

@@ -1,4 +1,4 @@
-$Id: HACKING 1348 2005-06-13 06:22:17Z aturner $
+$Id: HACKING 1470 2006-06-09 06:50:42Z aturner $
 
                           Guide to Hacking Tcpreplay
 
@@ -13,7 +13,7 @@ If you contribute code the following will happen:
     c) You will be assigning your copyright to me
 
 If you have any questions regarding any of the three above stipulations,
-feel free to email me: aturner@pobox.com
+feel free to email the list at: tcpreplay-users@lists.sourceforge.net
 
 
 1. Introduction
@@ -32,6 +32,7 @@ The file layout is pretty simple:
 /libopts    - GNU AutoOpts code
 /src        - Main code routines
 /src/common - Common routines for all binaries
+/src/tcpedit - libtcpedit
 /docs       - Where to find documentation
 /test       - Test scripts and stuff which is used during 'make test'
 /man        - Unix man pages which get copied to $MANPATH

docs/INSTALL

@@ -1,4 +1,4 @@
-$Id: INSTALL 1389 2005-07-03 19:34:12Z aturner $
+$Id: INSTALL 1464 2006-04-13 05:27:17Z aturner $
 
 You'll need:
 

docs/LICENSE

@@ -1,5 +1,4 @@
-Copyright (c) 2001-2005 Aaron Turner <aturner@pobox.com>.
-All rights reserved.
+Copyright (c) 2001-2006 Aaron Turner.  All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
@@ -25,3 +24,7 @@ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
 IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
 OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+This product includes software developed by the University of California,
+Berkeley and its contributors. 
+

docs/Makefile.am

@@ -59,17 +59,17 @@ web/man/tcpbridge.html:
 	$(MAN2HTML) < ../src/tcpbridge.1 > web/man/tcpbridge.html
 
 manpages: web/man/tcpreplay.html web/man/tcpprep.html web/man/flowreplay.html \
-	web/man/tcprewrite.html web/man/tcpbridge.html
+	web/man/tcprewrite.html web/man/tcpbridge.html 
 
 postweb: webfiles manpages
 	rsync -e ssh --exclude '/**/.svn/' --exclude '/**~' --exclude '*~' \
-		-avz web/ aturner@tequila.synfin.net:/var/www-vhosts/tcpreplay/
-	scp CHANGELOG aturner@tequila.synfin.net:/var/www-vhosts/tcpreplay/
+		-avz web/ aturner@voigner.synfin.net:/var/www-vhosts/tcpreplay/
+	scp CHANGELOG TODO aturner@voigner.synfin.net:/var/www-vhosts/tcpreplay/
 
 postwebsf: webfiles manpages
 	-rsync -e ssh --exclude '/**/.svn/' --exclude '/**~' --exclude '*~' \
 		-avz web/ aturner@shell.sf.net:htdocs/
-	scp CHANGELOG aturner@shell.sf.net:htdocs/
+	scp CHANGELOG TODO aturner@shell.sf.net:htdocs/
 
 endif
 
@@ -78,7 +78,7 @@ EXTRA_DIST = CHANGELOG CREDIT HACKING INSTALL LICENSE TODO \
 	flowreplay.lyx flowreplay.pdf web/flowreplay/flowreplay.html web/flowreplay \
 	flowheader.fig router-mode1.fig router-mode2.fig router-mode3.fig \
 	manual.lyx manual.pdf web/manual/manual.html web/manual \
-	web/index.html web/web.css \
+	web/index.html web/web.css web/man/tcpbridge.html \
 	web/man/tcpreplay.html  web/man/tcpprep.html web/man/flowreplay.html \
 	web/man/tcprewrite.html web/tcpreplay-2-faq.html web/tcpreplay-2-faq.css
 

docs/Makefile.in

@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.9.5 from Makefile.am.
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -93,6 +93,7 @@ LATEX2HTML = @LATEX2HTML@
 LDFLAGS = @LDFLAGS@
 LIBOBJS = @LIBOBJS@
 LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@
+LIBOPTS_DIR = @LIBOPTS_DIR@
 LIBOPTS_LDADD = @LIBOPTS_LDADD@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -195,7 +196,7 @@ EXTRA_DIST = CHANGELOG CREDIT HACKING INSTALL LICENSE TODO \
 	flowreplay.lyx flowreplay.pdf web/flowreplay/flowreplay.html web/flowreplay \
 	flowheader.fig router-mode1.fig router-mode2.fig router-mode3.fig \
 	manual.lyx manual.pdf web/manual/manual.html web/manual \
-	web/index.html web/web.css \
+	web/index.html web/web.css web/man/tcpbridge.html \
 	web/man/tcpreplay.html  web/man/tcpprep.html web/man/flowreplay.html \
 	web/man/tcprewrite.html web/tcpreplay-2-faq.html web/tcpreplay-2-faq.css
 
@@ -425,17 +426,17 @@ uninstall-am: uninstall-info-am
 @HAVE_DOCTOOLS_TRUE@	$(MAN2HTML) < ../src/tcpbridge.1 > web/man/tcpbridge.html
 
 @HAVE_DOCTOOLS_TRUE@manpages: web/man/tcpreplay.html web/man/tcpprep.html web/man/flowreplay.html \
-@HAVE_DOCTOOLS_TRUE@	web/man/tcprewrite.html web/man/tcpbridge.html
+@HAVE_DOCTOOLS_TRUE@	web/man/tcprewrite.html web/man/tcpbridge.html 
 
 @HAVE_DOCTOOLS_TRUE@postweb: webfiles manpages
 @HAVE_DOCTOOLS_TRUE@	rsync -e ssh --exclude '/**/.svn/' --exclude '/**~' --exclude '*~' \
-@HAVE_DOCTOOLS_TRUE@		-avz web/ aturner@tequila.synfin.net:/var/www-vhosts/tcpreplay/
-@HAVE_DOCTOOLS_TRUE@	scp CHANGELOG aturner@tequila.synfin.net:/var/www-vhosts/tcpreplay/
+@HAVE_DOCTOOLS_TRUE@		-avz web/ aturner@voigner.synfin.net:/var/www-vhosts/tcpreplay/
+@HAVE_DOCTOOLS_TRUE@	scp CHANGELOG TODO aturner@voigner.synfin.net:/var/www-vhosts/tcpreplay/
 
 @HAVE_DOCTOOLS_TRUE@postwebsf: webfiles manpages
 @HAVE_DOCTOOLS_TRUE@	-rsync -e ssh --exclude '/**/.svn/' --exclude '/**~' --exclude '*~' \
 @HAVE_DOCTOOLS_TRUE@		-avz web/ aturner@shell.sf.net:htdocs/
-@HAVE_DOCTOOLS_TRUE@	scp CHANGELOG aturner@shell.sf.net:htdocs/
+@HAVE_DOCTOOLS_TRUE@	scp CHANGELOG TODO aturner@shell.sf.net:htdocs/
 
 clean-docs: clean
 	-rm -rf *.pdf web/manual web/FAQ web/flowreplay web/man/*

docs/TODO

@@ -10,6 +10,66 @@ Legend:
     . = Canceled
     ? = To think about
 
+GENERAL:
+
++ Improve config file format
+  + better variable names
+  + use "var: value" format
+  + have tcpreplay, tcpprep, tcprewrite sections
+  + Being solved using GNU AutoOpts
+
++ Improve autoconf detection of libraries
+
++ Re-organize source tree
+
+O tcpdump decoder should print packets syncronously w/ the main process
+
++ Better use of GNU Autotools
+
++ Improve CLI/config file parsing
+- Only tcpreplay/tcpbridge should need to run as root.
+
+- Tcpreplay should use raw sockets or BPF directly for writing rather then
+      libnet where applicable for theoretically higher performance.
+
+- Detect system version of libopts b/c we need a recent version
+
+- Generalize packet editing and printing code so it can be shipped as a 
+  seperate library and plugged into tcpreplay/tcprewrite/flowreplay/etc
+
+- See about removing libnet_init() from all binaries other then tcprewrite
+  so we don't have to run as root:
+  . libnet_addr2name4 (ignore, doesn't require libnet_t context)
+  + libnet_name2addr4
+  - libnet_get_hwaddr
+  - libnet_do_checksum
+
+TCPREPLAY:
+
+. Add support for dual-nic send on one intf, wait for packet, send next.
+  would be really useful for testing the effectiveness of how well an IPS
+  detects and blocks attacks. (TP's tomahawk does this even better then
+  described here, so why re-invent the wheel?)
+
+- Rewrite do_sleep() to handle sub sleep times by only nanosleep()'ing
+  once for multiple packets when the timestamps are close enough.  We
+  also need to time nanosleep, since different architectures have lower
+  minimum sleep times (Linux/Alpha is 1ms vs. 10ms for Linux/x86)
+
++ Tcpreplay should say which interface each packet is going out
+
+TCPBRIDGE:
+
+- Duplicate all tcprewrite functionality
+
+TCPREWRITE:
+
+- Support fragrouter like features 
+    - basic IP fragmenation
+    - TCP fudging 
+    - then more advanced stuff
+    - Can we integrate FR's code?
+
 + Look at VLAN (802.1q) packets
     - others non-vanilla types?
     + Add tags?  Remove tags?  Change tags?
@@ -48,74 +108,56 @@ Legend:
         (client/server)
   - Step through packets ala tcpreplay and provide option to edit (Y/n)
 
-+ Improve config file format
-  + better variable names
-  + use "var: value" format
-  + have tcpreplay, tcpprep, tcprewrite sections
-  + Being solved using GNU AutoOpts
-
-. Add support for dual-nic send on one intf, wait for packet, send next.
-  would be really useful for testing the effectiveness of how well an IPS
-  detects and blocks attacks. (TP's tomahawk does this even better then
-  described here, so why re-invent the wheel?)
-
-- Support fragrouter like features 
-    - basic IP fragmenation
-    - TCP fudging 
-    - then more advanced stuff
-    - Can we integrate FR's code?
-
 - Support connection tracking and generating 3way handshake for connections
   missing them.
 
-- Bump Syn/Ack numbers by a random or given value so that running 
+- Bump Syn/Ack numbers by a pseudo random or given value so that running 
   the same pcap will behave as different streams.
 
-- Improve flowreplay so it actually works
-  o Use libnids to read the pcaps
-  - Allow handoff to a socket after user specified client/server exchanges
-
-- Perhaps integrate stick/snot/fpg logic into flowreplay:
-  http://www.geschke-online.de/FLoP/fpg.8.html
-  to do full 3way handshakes
-
 - IPv6 support?  People ask for this every few months, but nobody actually
   says they "need" or "really want" it; seems more of "gee, wouldn't it be
-  nice".
+  nice".  What does that mean anyways???
 
-+ When splitting traffic via tcpprep print out each packet (tcpdump style)
-  so end users know where each packet is going
+- tcprewrite should be able to remove the two byte ethernet FCS (checksums)
+  at the end of the frame.
 
-+ Improve autoconf detection of libraries
++ Support randomization of IP addresses in ARP packets
 
-+ Re-organize source tree
+- Add support for rewriting MAC addresses in the ARP body for
+  tcprewrite/tcpbridge to allow proxy-arp like behaviour
 
-O tcpdump decoder should print packets syncronously w/ the main process
+- Add support for IP fragmenting frames which are > MTU
 
-- Rewrite do_sleep() to handle sub sleep times by only nanosleep()'ing
-  once for multiple packets when the timestamps are close enough.  We
-  also need to time nanosleep, since different architectures have lower
-  minimum sleep times (Linux/Alpha is 1ms vs. 10ms for Linux/x86)
 
-+ Tcpreplay should say which interface each packet is going out
+TCPPREP:
 
-+ Better use of GNU Autotools
++ When splitting traffic via tcpprep print out each packet (tcpdump style)
+  so end users know where each packet is going
 
-+ Improve CLI/config file parsing
+FLOWREPLAY:
 
-- Tcprewrite should be able to remove the two byte ethernet FCS (checksums)
-  at the end of the frame.
+- Improve flowreplay so it actually works
+  . Use libnids to read the pcaps.  This seems DOA at this time since
+    libnids is GPL and the author is unwilling to make it support multiple
+    threads which flowreplay probably needs to be.  The only other option is
+    a major rewrite which would break API compatibility.  Doesn't seem worth
+    it.
+  - Allow handoff to a socket after user specified client/server exchanges
 
-- See about removing libnet_init() from all binaries other then tcprewrite
-  so we don't have to run as root:
-  . libnet_addr2name4 (ignore, doesn't require libnet_t context)
-  + libnet_name2addr4
-  - libnet_get_hwaddr
-  - libnet_do_checksum
+- Perhaps integrate stick/snot/fpg logic into flowreplay:
+  http://www.geschke-online.de/FLoP/fpg.8.html
+  to do full 3way handshakes
 
-+ Support randomization of IP addresses in ARP packets
 
-- Only tcpreplay should need to run as root.
+BUGS:
+- fix RNG for randomization of IP's
+
+- Fix tcpbridge after code refactoring
+
+- Fix spec file using patch
+
+- adding a layer 2 header to RawIP pcap's results in broken pcap's
+
+- Tcpbridge between loopback (LinuxSSL and BSD loop) and another NIC 
+  (support rewriting MAC)
 
-- Tcpreplay should use raw sockets or BPF directly for writing rather then
-      libnet where applicable for higher performance.

docs/web/FAQ/FAQ.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 
-<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
+<!--Converted with LaTeX2HTML 2002-2 (1.70)
 original version by:  Nikos Drakos, CBLU, University of Leeds
 * revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
 * with significant contributions from:
@@ -14,7 +14,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <META NAME="distribution" CONTENT="global">
 
 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
-<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
+<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2">
 <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
 
 <LINK REL="STYLESHEET" HREF="FAQ.css">
@@ -53,7 +53,6 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <P ALIGN="CENTER"><STRONG>Aaron Turner</STRONG></P>
 <P ALIGN="CENTER"><I>http://tcpreplay.sourceforge.net/</I></P>
 </DIV>
-
 <BR><HR>
 <!--Table of Child-Links-->
 <A NAME="CHILD_LINKS"></A>
@@ -136,54 +135,56 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <LI><A NAME="tex2html45"
   HREF="node5.html#SECTION00054000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">4</SPAN> 100000 write attempts failed from full buffers and were repeated</A>
 <LI><A NAME="tex2html46"
-  HREF="node5.html#SECTION00055000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">5</SPAN> Invalid mac address: 00:00:00:00:00:00</A>
+  HREF="node5.html#SECTION00055000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">5</SPAN> Unable to process test.cache: cache file version missmatch</A>
 <LI><A NAME="tex2html47"
-  HREF="node5.html#SECTION00056000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">6</SPAN> Unable to process test.cache: cache file version missmatch</A>
+  HREF="node5.html#SECTION00056000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">6</SPAN> Skipping SLL loopback packet.</A>
 <LI><A NAME="tex2html48"
-  HREF="node5.html#SECTION00057000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">7</SPAN> Skipping SLL loopback packet.</A>
-<LI><A NAME="tex2html49"
-  HREF="node5.html#SECTION00058000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">8</SPAN> Packet length (8892) is greater then MTU; skipping packet.</A>
+  HREF="node5.html#SECTION00057000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">7</SPAN> Packet length (8892) is greater then MTU; skipping packet.</A>
 </UL>
 <BR>
-<LI><A NAME="tex2html50"
+<LI><A NAME="tex2html49"
   HREF="node6.html"><SPAN CLASS="arabic">5</SPAN> Common Questions from Users</A>
 <UL>
-<LI><A NAME="tex2html51"
+<LI><A NAME="tex2html50"
   HREF="node6.html#SECTION00061000000000000000"><SPAN CLASS="arabic">5</SPAN>.<SPAN CLASS="arabic">1</SPAN> Why is tcpreplay not sending all the packets?</A>
-<LI><A NAME="tex2html52"
+<LI><A NAME="tex2html51"
   HREF="node6.html#SECTION00062000000000000000"><SPAN CLASS="arabic">5</SPAN>.<SPAN CLASS="arabic">2</SPAN> Can tcpreplay read gzip/bzip2 compressed files?</A>
-<LI><A NAME="tex2html53"
+<LI><A NAME="tex2html52"
   HREF="node6.html#SECTION00063000000000000000"><SPAN CLASS="arabic">5</SPAN>.<SPAN CLASS="arabic">3</SPAN> How fast can tcpreplay send packets?</A>
+<LI><A NAME="tex2html53"
+  HREF="node6.html#SECTION00064000000000000000"><SPAN CLASS="arabic">5</SPAN>.<SPAN CLASS="arabic">4</SPAN> Is tcpreplay stateful?</A>
 </UL>
 <BR>
 <LI><A NAME="tex2html54"
-  HREF="node7.html"><SPAN CLASS="arabic">6</SPAN> Required Libraries and Tools</A>
-<UL>
+  HREF="node7.html"><SPAN CLASS="arabic">6</SPAN> Testing Methodologies</A>
 <LI><A NAME="tex2html55"
-  HREF="node7.html#SECTION00071000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">1</SPAN> Libpcap</A>
+  HREF="node8.html"><SPAN CLASS="arabic">7</SPAN> Required Libraries and Tools</A>
+<UL>
 <LI><A NAME="tex2html56"
-  HREF="node7.html#SECTION00072000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">2</SPAN> Libnet</A>
+  HREF="node8.html#SECTION00081000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">1</SPAN> Libpcap</A>
 <LI><A NAME="tex2html57"
-  HREF="node7.html#SECTION00073000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">3</SPAN> Libpcapnav</A>
+  HREF="node8.html#SECTION00082000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">2</SPAN> Libnet</A>
 <LI><A NAME="tex2html58"
-  HREF="node7.html#SECTION00074000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">4</SPAN> Tcpdump</A>
+  HREF="node8.html#SECTION00083000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">3</SPAN> Libpcapnav</A>
+<LI><A NAME="tex2html59"
+  HREF="node8.html#SECTION00084000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">4</SPAN> Tcpdump</A>
 </UL>
 <BR>
-<LI><A NAME="tex2html59"
-  HREF="node8.html"><SPAN CLASS="arabic">7</SPAN> Other pcap tools available</A>
-<UL>
 <LI><A NAME="tex2html60"
-  HREF="node8.html#SECTION00081000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">1</SPAN> Tools to capture network traffic or decode pcap files</A>
+  HREF="node9.html"><SPAN CLASS="arabic">8</SPAN> Other pcap tools available</A>
+<UL>
 <LI><A NAME="tex2html61"
-  HREF="node8.html#SECTION00082000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">2</SPAN> Tools to edit pcap files</A>
+  HREF="node9.html#SECTION00091000000000000000"><SPAN CLASS="arabic">8</SPAN>.<SPAN CLASS="arabic">1</SPAN> Tools to capture network traffic or decode pcap files</A>
 <LI><A NAME="tex2html62"
-  HREF="node8.html#SECTION00083000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">3</SPAN> Other useful tools</A>
+  HREF="node9.html#SECTION00092000000000000000"><SPAN CLASS="arabic">8</SPAN>.<SPAN CLASS="arabic">2</SPAN> Tools to edit pcap files</A>
+<LI><A NAME="tex2html63"
+  HREF="node9.html#SECTION00093000000000000000"><SPAN CLASS="arabic">8</SPAN>.<SPAN CLASS="arabic">3</SPAN> Other useful tools</A>
 </UL></UL>
 <!--End of Table of Child-Links-->
 <BR><HR>
 <ADDRESS>
 Aaron Turner
-2005-08-07
+2006-07-17
 </ADDRESS>
 </BODY>
 </HTML>

docs/web/FAQ/index.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 
-<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
+<!--Converted with LaTeX2HTML 2002-2 (1.70)
 original version by:  Nikos Drakos, CBLU, University of Leeds
 * revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
 * with significant contributions from:
@@ -14,7 +14,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <META NAME="distribution" CONTENT="global">
 
 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
-<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
+<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2">
 <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
 
 <LINK REL="STYLESHEET" HREF="FAQ.css">
@@ -53,7 +53,6 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <P ALIGN="CENTER"><STRONG>Aaron Turner</STRONG></P>
 <P ALIGN="CENTER"><I>http://tcpreplay.sourceforge.net/</I></P>
 </DIV>
-
 <BR><HR>
 <!--Table of Child-Links-->
 <A NAME="CHILD_LINKS"></A>
@@ -136,54 +135,56 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <LI><A NAME="tex2html45"
   HREF="node5.html#SECTION00054000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">4</SPAN> 100000 write attempts failed from full buffers and were repeated</A>
 <LI><A NAME="tex2html46"
-  HREF="node5.html#SECTION00055000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">5</SPAN> Invalid mac address: 00:00:00:00:00:00</A>
+  HREF="node5.html#SECTION00055000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">5</SPAN> Unable to process test.cache: cache file version missmatch</A>
 <LI><A NAME="tex2html47"
-  HREF="node5.html#SECTION00056000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">6</SPAN> Unable to process test.cache: cache file version missmatch</A>
+  HREF="node5.html#SECTION00056000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">6</SPAN> Skipping SLL loopback packet.</A>
 <LI><A NAME="tex2html48"
-  HREF="node5.html#SECTION00057000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">7</SPAN> Skipping SLL loopback packet.</A>
-<LI><A NAME="tex2html49"
-  HREF="node5.html#SECTION00058000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">8</SPAN> Packet length (8892) is greater then MTU; skipping packet.</A>
+  HREF="node5.html#SECTION00057000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">7</SPAN> Packet length (8892) is greater then MTU; skipping packet.</A>
 </UL>
 <BR>
-<LI><A NAME="tex2html50"
+<LI><A NAME="tex2html49"
   HREF="node6.html"><SPAN CLASS="arabic">5</SPAN> Common Questions from Users</A>
 <UL>
-<LI><A NAME="tex2html51"
+<LI><A NAME="tex2html50"
   HREF="node6.html#SECTION00061000000000000000"><SPAN CLASS="arabic">5</SPAN>.<SPAN CLASS="arabic">1</SPAN> Why is tcpreplay not sending all the packets?</A>
-<LI><A NAME="tex2html52"
+<LI><A NAME="tex2html51"
   HREF="node6.html#SECTION00062000000000000000"><SPAN CLASS="arabic">5</SPAN>.<SPAN CLASS="arabic">2</SPAN> Can tcpreplay read gzip/bzip2 compressed files?</A>
-<LI><A NAME="tex2html53"
+<LI><A NAME="tex2html52"
   HREF="node6.html#SECTION00063000000000000000"><SPAN CLASS="arabic">5</SPAN>.<SPAN CLASS="arabic">3</SPAN> How fast can tcpreplay send packets?</A>
+<LI><A NAME="tex2html53"
+  HREF="node6.html#SECTION00064000000000000000"><SPAN CLASS="arabic">5</SPAN>.<SPAN CLASS="arabic">4</SPAN> Is tcpreplay stateful?</A>
 </UL>
 <BR>
 <LI><A NAME="tex2html54"
-  HREF="node7.html"><SPAN CLASS="arabic">6</SPAN> Required Libraries and Tools</A>
-<UL>
+  HREF="node7.html"><SPAN CLASS="arabic">6</SPAN> Testing Methodologies</A>
 <LI><A NAME="tex2html55"
-  HREF="node7.html#SECTION00071000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">1</SPAN> Libpcap</A>
+  HREF="node8.html"><SPAN CLASS="arabic">7</SPAN> Required Libraries and Tools</A>
+<UL>
 <LI><A NAME="tex2html56"
-  HREF="node7.html#SECTION00072000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">2</SPAN> Libnet</A>
+  HREF="node8.html#SECTION00081000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">1</SPAN> Libpcap</A>
 <LI><A NAME="tex2html57"
-  HREF="node7.html#SECTION00073000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">3</SPAN> Libpcapnav</A>
+  HREF="node8.html#SECTION00082000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">2</SPAN> Libnet</A>
 <LI><A NAME="tex2html58"
-  HREF="node7.html#SECTION00074000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">4</SPAN> Tcpdump</A>
+  HREF="node8.html#SECTION00083000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">3</SPAN> Libpcapnav</A>
+<LI><A NAME="tex2html59"
+  HREF="node8.html#SECTION00084000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">4</SPAN> Tcpdump</A>
 </UL>
 <BR>
-<LI><A NAME="tex2html59"
-  HREF="node8.html"><SPAN CLASS="arabic">7</SPAN> Other pcap tools available</A>
-<UL>
 <LI><A NAME="tex2html60"
-  HREF="node8.html#SECTION00081000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">1</SPAN> Tools to capture network traffic or decode pcap files</A>
+  HREF="node9.html"><SPAN CLASS="arabic">8</SPAN> Other pcap tools available</A>
+<UL>
 <LI><A NAME="tex2html61"
-  HREF="node8.html#SECTION00082000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">2</SPAN> Tools to edit pcap files</A>
+  HREF="node9.html#SECTION00091000000000000000"><SPAN CLASS="arabic">8</SPAN>.<SPAN CLASS="arabic">1</SPAN> Tools to capture network traffic or decode pcap files</A>
 <LI><A NAME="tex2html62"
-  HREF="node8.html#SECTION00083000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">3</SPAN> Other useful tools</A>
+  HREF="node9.html#SECTION00092000000000000000"><SPAN CLASS="arabic">8</SPAN>.<SPAN CLASS="arabic">2</SPAN> Tools to edit pcap files</A>
+<LI><A NAME="tex2html63"
+  HREF="node9.html#SECTION00093000000000000000"><SPAN CLASS="arabic">8</SPAN>.<SPAN CLASS="arabic">3</SPAN> Other useful tools</A>
 </UL></UL>
 <!--End of Table of Child-Links-->
 <BR><HR>
 <ADDRESS>
 Aaron Turner
-2005-08-07
+2006-07-17
 </ADDRESS>
 </BODY>
 </HTML>

docs/web/FAQ/labels.pl

@@ -1,11 +1,11 @@
-# LaTeX2HTML 2002-2-1 (1.70)
+# LaTeX2HTML 2002-2 (1.70)
 # Associate labels original text with physical files.
 
 
 1;
 
 
-# LaTeX2HTML 2002-2-1 (1.70)
+# LaTeX2HTML 2002-2 (1.70)
 # labels from external_latex_labels array.
 
 

docs/web/FAQ/node1.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 
-<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
+<!--Converted with LaTeX2HTML 2002-2 (1.70)
 original version by:  Nikos Drakos, CBLU, University of Leeds
 * revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
 * with significant contributions from:
@@ -14,7 +14,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <META NAME="distribution" CONTENT="global">
 
 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
-<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
+<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2">
 <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
 
 <LINK REL="STYLESHEET" HREF="FAQ.css">
@@ -28,21 +28,21 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <BODY >
 
 <DIV CLASS="navigation"><!--Navigation Panel-->
-<A NAME="tex2html71"
+<A NAME="tex2html72"
   HREF="node2.html">
 <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
-<A NAME="tex2html69"
+<A NAME="tex2html70"
   HREF="FAQ.html">
 <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
-<A NAME="tex2html63"
+<A NAME="tex2html64"
   HREF="FAQ.html">
 <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>   
 <BR>
-<B> Next:</B> <A NAME="tex2html72"
+<B> Next:</B> <A NAME="tex2html73"
   HREF="node2.html">1 General Info</A>
-<B> Up:</B> <A NAME="tex2html70"
+<B> Up:</B> <A NAME="tex2html71"
   HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
-<B> Previous:</B> <A NAME="tex2html64"
+<B> Previous:</B> <A NAME="tex2html65"
   HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
 <BR>
 <BR></DIV>
@@ -55,88 +55,86 @@ Contents</A>
 <!--Table of Contents-->
 
 <UL CLASS="TofC">
-<LI><A NAME="tex2html73"
+<LI><A NAME="tex2html74"
   HREF="node2.html">1 General Info</A>
 <UL>
-<LI><A NAME="tex2html74"
-  HREF="node2.html#SECTION00021000000000000000">1.1 What is this FAQ for?</A>
 <LI><A NAME="tex2html75"
-  HREF="node2.html#SECTION00022000000000000000">1.2 What tools come with tcpreplay?</A>
+  HREF="node2.html#SECTION00021000000000000000">1.1 What is this FAQ for?</A>
 <LI><A NAME="tex2html76"
-  HREF="node2.html#SECTION00023000000000000000">1.3 What tools no longer come with Tcpreplay?</A>
+  HREF="node2.html#SECTION00022000000000000000">1.2 What tools come with tcpreplay?</A>
 <LI><A NAME="tex2html77"
-  HREF="node2.html#SECTION00024000000000000000">1.4 How can I get tcpreplay's source?</A>
+  HREF="node2.html#SECTION00023000000000000000">1.3 What tools no longer come with Tcpreplay?</A>
 <LI><A NAME="tex2html78"
-  HREF="node2.html#SECTION00025000000000000000">1.5 What requirements does tcpreplay have?</A>
+  HREF="node2.html#SECTION00024000000000000000">1.4 How can I get tcpreplay's source?</A>
 <LI><A NAME="tex2html79"
-  HREF="node2.html#SECTION00026000000000000000">1.6 Are there binaries available?</A>
+  HREF="node2.html#SECTION00025000000000000000">1.5 What requirements does tcpreplay have?</A>
 <LI><A NAME="tex2html80"
-  HREF="node2.html#SECTION00027000000000000000">1.7 Is there a Microsoft Windows port?</A>
+  HREF="node2.html#SECTION00026000000000000000">1.6 Are there binaries available?</A>
 <LI><A NAME="tex2html81"
-  HREF="node2.html#SECTION00028000000000000000">1.8 How is tcpreplay licensed?</A>
+  HREF="node2.html#SECTION00027000000000000000">1.7 Is there a Microsoft Windows port?</A>
 <LI><A NAME="tex2html82"
-  HREF="node2.html#SECTION00029000000000000000">1.9 What is tcpreplay?</A>
+  HREF="node2.html#SECTION00028000000000000000">1.8 How is tcpreplay licensed?</A>
 <LI><A NAME="tex2html83"
-  HREF="node2.html#SECTION000210000000000000000">1.10 What are some uses for tcpreplay?</A>
+  HREF="node2.html#SECTION00029000000000000000">1.9 What is tcpreplay?</A>
 <LI><A NAME="tex2html84"
-  HREF="node2.html#SECTION000211000000000000000">1.11 What are some uses for flowreplay?</A>
+  HREF="node2.html#SECTION000210000000000000000">1.10 What are some uses for tcpreplay?</A>
 <LI><A NAME="tex2html85"
+  HREF="node2.html#SECTION000211000000000000000">1.11 What are some uses for flowreplay?</A>
+<LI><A NAME="tex2html86"
   HREF="node2.html#SECTION000212000000000000000">1.12 What is the history of tcpreplay?</A>
 </UL>
 <BR>
-<LI><A NAME="tex2html86"
+<LI><A NAME="tex2html87"
   HREF="node3.html">2 Bugs, Feature Requests, and Patches</A>
 <UL>
-<LI><A NAME="tex2html87"
-  HREF="node3.html#SECTION00031000000000000000">2.1 Where can I get help, report bugs or contact the developers?</A>
 <LI><A NAME="tex2html88"
-  HREF="node3.html#SECTION00032000000000000000">2.2 What information should I provide when I report a bug?</A>
+  HREF="node3.html#SECTION00031000000000000000">2.1 Where can I get help, report bugs or contact the developers?</A>
 <LI><A NAME="tex2html89"
-  HREF="node3.html#SECTION00033000000000000000">2.3 I have a feature request, what should I do?</A>
+  HREF="node3.html#SECTION00032000000000000000">2.2 What information should I provide when I report a bug?</A>
 <LI><A NAME="tex2html90"
-  HREF="node3.html#SECTION00034000000000000000">2.4 I've written a patch for tcpreplay, how can I submit it?</A>
+  HREF="node3.html#SECTION00033000000000000000">2.3 I have a feature request, what should I do?</A>
 <LI><A NAME="tex2html91"
+  HREF="node3.html#SECTION00034000000000000000">2.4 I've written a patch for tcpreplay, how can I submit it?</A>
+<LI><A NAME="tex2html92"
   HREF="node3.html#SECTION00035000000000000000">2.5 Patch requirements</A>
 </UL>
 <BR>
-<LI><A NAME="tex2html92"
+<LI><A NAME="tex2html93"
   HREF="node4.html">3 Understanding tcpprep</A>
 <UL>
-<LI><A NAME="tex2html93"
-  HREF="node4.html#SECTION00041000000000000000">3.1 What is tcpprep?</A>
 <LI><A NAME="tex2html94"
-  HREF="node4.html#SECTION00042000000000000000">3.2 How does tcpprep work? </A>
+  HREF="node4.html#SECTION00041000000000000000">3.1 What is tcpprep?</A>
 <LI><A NAME="tex2html95"
-  HREF="node4.html#SECTION00043000000000000000">3.3 Does tcpprep modify my libpcap file?</A>
+  HREF="node4.html#SECTION00042000000000000000">3.2 How does tcpprep work? </A>
 <LI><A NAME="tex2html96"
-  HREF="node4.html#SECTION00044000000000000000">3.4 Why use tcpprep?</A>
+  HREF="node4.html#SECTION00043000000000000000">3.3 Does tcpprep modify my libpcap file?</A>
 <LI><A NAME="tex2html97"
-  HREF="node4.html#SECTION00045000000000000000">3.5 Can a cache file be used for multiple (different) libpcap files? </A>
+  HREF="node4.html#SECTION00044000000000000000">3.4 Why use tcpprep?</A>
 <LI><A NAME="tex2html98"
-  HREF="node4.html#SECTION00046000000000000000">3.6 Why would I want to use tcpreplay with two network cards? </A>
+  HREF="node4.html#SECTION00045000000000000000">3.5 Can a cache file be used for multiple (different) libpcap files? </A>
 <LI><A NAME="tex2html99"
+  HREF="node4.html#SECTION00046000000000000000">3.6 Why would I want to use tcpreplay with two network cards? </A>
+<LI><A NAME="tex2html100"
   HREF="node4.html#SECTION00047000000000000000">3.7 How big are the cache files?</A>
 </UL>
 <BR>
-<LI><A NAME="tex2html100"
+<LI><A NAME="tex2html101"
   HREF="node5.html">4 Common Error and Warning Messages</A>
 <UL>
-<LI><A NAME="tex2html101"
-  HREF="node5.html#SECTION00051000000000000000">4.1 Can't open eth0: libnet_select_device(): Can't find interface eth0</A>
 <LI><A NAME="tex2html102"
-  HREF="node5.html#SECTION00052000000000000000">4.2 Can't open lo: libnet_select_device(): Can't find interface lo</A>
+  HREF="node5.html#SECTION00051000000000000000">4.1 Can't open eth0: libnet_select_device(): Can't find interface eth0</A>
 <LI><A NAME="tex2html103"
-  HREF="node5.html#SECTION00053000000000000000">4.3 Can't open eth0: UID != 0</A>
+  HREF="node5.html#SECTION00052000000000000000">4.2 Can't open lo: libnet_select_device(): Can't find interface lo</A>
 <LI><A NAME="tex2html104"
-  HREF="node5.html#SECTION00054000000000000000">4.4 100000 write attempts failed from full buffers and were repeated</A>
+  HREF="node5.html#SECTION00053000000000000000">4.3 Can't open eth0: UID != 0</A>
 <LI><A NAME="tex2html105"
-  HREF="node5.html#SECTION00055000000000000000">4.5 Invalid mac address: 00:00:00:00:00:00</A>
+  HREF="node5.html#SECTION00054000000000000000">4.4 100000 write attempts failed from full buffers and were repeated</A>
 <LI><A NAME="tex2html106"
-  HREF="node5.html#SECTION00056000000000000000">4.6 Unable to process test.cache: cache file version missmatch</A>
+  HREF="node5.html#SECTION00055000000000000000">4.5 Unable to process test.cache: cache file version missmatch</A>
 <LI><A NAME="tex2html107"
-  HREF="node5.html#SECTION00057000000000000000">4.7 Skipping SLL loopback packet.</A>
+  HREF="node5.html#SECTION00056000000000000000">4.6 Skipping SLL loopback packet.</A>
 <LI><A NAME="tex2html108"
-  HREF="node5.html#SECTION00058000000000000000">4.8 Packet length (8892) is greater then MTU; skipping packet.</A>
+  HREF="node5.html#SECTION00057000000000000000">4.7 Packet length (8892) is greater then MTU; skipping packet.</A>
 </UL>
 <BR>
 <LI><A NAME="tex2html109"
@@ -148,30 +146,34 @@ Contents</A>
   HREF="node6.html#SECTION00062000000000000000">5.2 Can tcpreplay read gzip/bzip2 compressed files?</A>
 <LI><A NAME="tex2html112"
   HREF="node6.html#SECTION00063000000000000000">5.3 How fast can tcpreplay send packets?</A>
+<LI><A NAME="tex2html113"
+  HREF="node6.html#SECTION00064000000000000000">5.4 Is tcpreplay stateful?</A>
 </UL>
 <BR>
-<LI><A NAME="tex2html113"
-  HREF="node7.html">6 Required Libraries and Tools</A>
-<UL>
 <LI><A NAME="tex2html114"
-  HREF="node7.html#SECTION00071000000000000000">6.1 Libpcap</A>
+  HREF="node7.html">6 Testing Methodologies</A>
 <LI><A NAME="tex2html115"
-  HREF="node7.html#SECTION00072000000000000000">6.2 Libnet</A>
+  HREF="node8.html">7 Required Libraries and Tools</A>
+<UL>
 <LI><A NAME="tex2html116"
-  HREF="node7.html#SECTION00073000000000000000">6.3 Libpcapnav</A>
+  HREF="node8.html#SECTION00081000000000000000">7.1 Libpcap</A>
 <LI><A NAME="tex2html117"
-  HREF="node7.html#SECTION00074000000000000000">6.4 Tcpdump</A>
-</UL>
-<BR>
+  HREF="node8.html#SECTION00082000000000000000">7.2 Libnet</A>
 <LI><A NAME="tex2html118"
-  HREF="node8.html">7 Other pcap tools available</A>
-<UL>
+  HREF="node8.html#SECTION00083000000000000000">7.3 Libpcapnav</A>
 <LI><A NAME="tex2html119"
-  HREF="node8.html#SECTION00081000000000000000">7.1 Tools to capture network traffic or decode pcap files</A>
+  HREF="node8.html#SECTION00084000000000000000">7.4 Tcpdump</A>
+</UL>
+<BR>
 <LI><A NAME="tex2html120"
-  HREF="node8.html#SECTION00082000000000000000">7.2 Tools to edit pcap files</A>
+  HREF="node9.html">8 Other pcap tools available</A>
+<UL>
 <LI><A NAME="tex2html121"
-  HREF="node8.html#SECTION00083000000000000000">7.3 Other useful tools</A>
+  HREF="node9.html#SECTION00091000000000000000">8.1 Tools to capture network traffic or decode pcap files</A>
+<LI><A NAME="tex2html122"
+  HREF="node9.html#SECTION00092000000000000000">8.2 Tools to edit pcap files</A>
+<LI><A NAME="tex2html123"
+  HREF="node9.html#SECTION00093000000000000000">8.3 Other useful tools</A>
 </UL></UL>
 <!--End of Table of Contents-->
 
@@ -179,7 +181,7 @@ Contents</A>
 <BR><HR>
 <ADDRESS>
 Aaron Turner
-2005-08-07
+2006-07-17
 </ADDRESS>
 </BODY>
 </HTML>

docs/web/FAQ/node2.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 
-<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
+<!--Converted with LaTeX2HTML 2002-2 (1.70)
 original version by:  Nikos Drakos, CBLU, University of Leeds
 * revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
 * with significant contributions from:
@@ -14,7 +14,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <META NAME="distribution" CONTENT="global">
 
 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
-<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
+<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2">
 <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
 
 <LINK REL="STYLESHEET" HREF="FAQ.css">
@@ -28,26 +28,26 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <BODY >
 
 <DIV CLASS="navigation"><!--Navigation Panel-->
-<A NAME="tex2html132"
+<A NAME="tex2html134"
   HREF="node3.html">
 <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
-<A NAME="tex2html128"
+<A NAME="tex2html130"
   HREF="FAQ.html">
 <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
-<A NAME="tex2html122"
+<A NAME="tex2html124"
   HREF="node1.html">
 <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
-<A NAME="tex2html130"
+<A NAME="tex2html132"
   HREF="node1.html">
 <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
 <BR>
-<B> Next:</B> <A NAME="tex2html133"
+<B> Next:</B> <A NAME="tex2html135"
   HREF="node3.html">2 Bugs, Feature Requests,</A>
-<B> Up:</B> <A NAME="tex2html129"
+<B> Up:</B> <A NAME="tex2html131"
   HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
-<B> Previous:</B> <A NAME="tex2html123"
+<B> Previous:</B> <A NAME="tex2html125"
   HREF="node1.html">Contents</A>
- &nbsp; <B>  <A NAME="tex2html131"
+ &nbsp; <B>  <A NAME="tex2html133"
   HREF="node1.html">Contents</A></B> 
 <BR>
 <BR></DIV>
@@ -56,29 +56,29 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
 
 <UL CLASS="ChildLinks">
-<LI><A NAME="tex2html134"
+<LI><A NAME="tex2html136"
   HREF="node2.html#SECTION00021000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">1</SPAN> What is this FAQ for?</A>
-<LI><A NAME="tex2html135"
+<LI><A NAME="tex2html137"
   HREF="node2.html#SECTION00022000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">2</SPAN> What tools come with tcpreplay?</A>
-<LI><A NAME="tex2html136"
+<LI><A NAME="tex2html138"
   HREF="node2.html#SECTION00023000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">3</SPAN> What tools no longer come with Tcpreplay?</A>
-<LI><A NAME="tex2html137"
+<LI><A NAME="tex2html139"
   HREF="node2.html#SECTION00024000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">4</SPAN> How can I get tcpreplay's source?</A>
-<LI><A NAME="tex2html138"
+<LI><A NAME="tex2html140"
   HREF="node2.html#SECTION00025000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">5</SPAN> What requirements does tcpreplay have?</A>
-<LI><A NAME="tex2html139"
+<LI><A NAME="tex2html141"
   HREF="node2.html#SECTION00026000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">6</SPAN> Are there binaries available?</A>
-<LI><A NAME="tex2html140"
+<LI><A NAME="tex2html142"
   HREF="node2.html#SECTION00027000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">7</SPAN> Is there a Microsoft Windows port?</A>
-<LI><A NAME="tex2html141"
+<LI><A NAME="tex2html143"
   HREF="node2.html#SECTION00028000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">8</SPAN> How is tcpreplay licensed?</A>
-<LI><A NAME="tex2html142"
+<LI><A NAME="tex2html144"
   HREF="node2.html#SECTION00029000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">9</SPAN> What is tcpreplay?</A>
-<LI><A NAME="tex2html143"
+<LI><A NAME="tex2html145"
   HREF="node2.html#SECTION000210000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">10</SPAN> What are some uses for tcpreplay?</A>
-<LI><A NAME="tex2html144"
+<LI><A NAME="tex2html146"
   HREF="node2.html#SECTION000211000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">11</SPAN> What are some uses for flowreplay?</A>
-<LI><A NAME="tex2html145"
+<LI><A NAME="tex2html147"
   HREF="node2.html#SECTION000212000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">12</SPAN> What is the history of tcpreplay?</A>
 </UL>
 <!--End of Table of Child-Links-->
@@ -121,7 +121,7 @@ were captured
 <LI>tcpprep - a pcap pre-processor for tcpreplay
 </LI>
 <LI>flowreplay<A NAME="tex2html1"
-  HREF="#foot136"><SUP><SPAN CLASS="arabic">1</SPAN></SUP></A> - connects to a server(s) and replays the client side of the connection
+  HREF="#foot153"><SUP><SPAN CLASS="arabic">1</SPAN></SUP></A> - connects to a server(s) and replays the client side of the connection
 stored in a pcap file
 </LI>
 </UL>
@@ -134,7 +134,7 @@ stored in a pcap file
 
 <P>
 Recently, other people and projects have developed better versions
-of two applications that ship with tcpreplay 2.x:
+of two applications that shipped with tcpreplay 2.x:
 
 <P>
 
@@ -160,7 +160,7 @@ with Subversion to try checking out the latest code as it often has
 additional features and bugfixes not found in the tarballs.
 
 <P>
-svn checkout https://www.synfin.net:444/svn/tcpreplay/trunk tcpreplay
+svn checkout https://www.synfin.net/svn/tcpreplay/trunk tcpreplay
 
 <P>
 
@@ -172,11 +172,11 @@ svn checkout https://www.synfin.net:444/svn/tcpreplay/trunk tcpreplay
 
 <OL>
 <LI>You'll need recent versions of the libnet<A NAME="tex2html2"
-  HREF="#foot36"><SUP><SPAN CLASS="arabic">2</SPAN></SUP></A> and libpcap<A NAME="tex2html3"
-  HREF="#foot37"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A> libraries.
+  HREF="#foot38"><SUP><SPAN CLASS="arabic">2</SPAN></SUP></A> and libpcap<A NAME="tex2html3"
+  HREF="#foot39"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A> libraries.
 </LI>
 <LI>To support the packet decoding feature you'll need tcpdump<A NAME="tex2html4"
-  HREF="#foot38"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A> installed.
+  HREF="#foot40"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A> installed.
 </LI>
 <LI>You'll also need a compatible operating system. Basically, any UNIX-like
 or UNIX-based operating system should work. Linux, *BSD, Solaris,
@@ -245,7 +245,7 @@ Originally, tcpreplay was written to test network intrusion detection
 systems (NIDS), however tcpreplay has been used to test firewalls,
 routers, and other network devices. With the addition of flowreplay,
 most<A NAME="tex2html5"
-  HREF="#foot46"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A> any udp or tcp service on a server can be tested as well.
+  HREF="#foot48"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A> any udp or tcp service on a server can be tested as well.
 
 <P>
 
@@ -263,7 +263,9 @@ systems (HIDS) as well as captured exploits and security patches when
 the actual exploit code is not available. Please note that flowreplay
 is still alpha quality code which means it doesn't work very well
 (some would argue it doesn't work at all) and is currently missing
-some important features.
+some important features. Feel free to try flowreplay, but unless you're
+willing and able to contribute, don't bother complaining that it doesn't
+work.
 
 <P>
 
@@ -284,9 +286,9 @@ was (at least partially) purchased by NFR and development ceased.
 
 <P>
 Then in 2001, two people independently started work on tcpreplay:
-Matt Bing of NFR and Aaron Turner. After developing a series of patches
-(the -adt branch), Aaron attempted to send the patches in to be included
-in the main development tree.
+Matt Bing of NFR and Aaron Turner of OneSecure. After developing a
+series of patches (the -adt branch), Aaron attempted to send the patches
+in to be included in the main development tree.
 
 <P>
 After some discussion between Aaron and Matt Bing, they decided to
@@ -300,29 +302,29 @@ Today, Aaron continues active development of the code.
 <P>
 <BR><HR><H4>Footnotes</H4>
 <DL>
-<DT><A NAME="foot136">... flowreplay</A><A
+<DT><A NAME="foot153">... flowreplay</A><A
  HREF="node2.html#tex2html1"><SUP><SPAN CLASS="arabic">1</SPAN></SUP></A></DT>
 <DD>Flowreplay is still ``alpha'' quality and is not usable for most
 situations. Anyone interested in helping me develop flowreplay is
 encouraged to contact me.
 
 </DD>
-<DT><A NAME="foot36">... libnet</A><A
+<DT><A NAME="foot38">... libnet</A><A
  HREF="node2.html#tex2html2"><SUP><SPAN CLASS="arabic">2</SPAN></SUP></A></DT>
 <DD>http://www.packetfactory.net/libnet/
 
 </DD>
-<DT><A NAME="foot37">... libpcap</A><A
+<DT><A NAME="foot39">... libpcap</A><A
  HREF="node2.html#tex2html3"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A></DT>
 <DD>http://www.tcpdump.org/
 
 </DD>
-<DT><A NAME="foot38">... tcpdump</A><A
+<DT><A NAME="foot40">... tcpdump</A><A
  HREF="node2.html#tex2html4"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A></DT>
 <DD>http://www.tcpdump.org/
 
 </DD>
-<DT><A NAME="foot46">...
+<DT><A NAME="foot48">...
 most</A><A
  HREF="node2.html#tex2html5"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A></DT>
 <DD>Note the flowreplay does not support protocols such as ftp which use
@@ -332,31 +334,31 @@ multiple connections.
 </DL>
 <DIV CLASS="navigation"><HR>
 <!--Navigation Panel-->
-<A NAME="tex2html132"
+<A NAME="tex2html134"
   HREF="node3.html">
 <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
-<A NAME="tex2html128"
+<A NAME="tex2html130"
   HREF="FAQ.html">
 <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
-<A NAME="tex2html122"
+<A NAME="tex2html124"
   HREF="node1.html">
 <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
-<A NAME="tex2html130"
+<A NAME="tex2html132"
   HREF="node1.html">
 <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
 <BR>
-<B> Next:</B> <A NAME="tex2html133"
+<B> Next:</B> <A NAME="tex2html135"
   HREF="node3.html">2 Bugs, Feature Requests,</A>
-<B> Up:</B> <A NAME="tex2html129"
+<B> Up:</B> <A NAME="tex2html131"
   HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
-<B> Previous:</B> <A NAME="tex2html123"
+<B> Previous:</B> <A NAME="tex2html125"
   HREF="node1.html">Contents</A>
- &nbsp; <B>  <A NAME="tex2html131"
+ &nbsp; <B>  <A NAME="tex2html133"
   HREF="node1.html">Contents</A></B> </DIV>
 <!--End of Navigation Panel-->
 <ADDRESS>
 Aaron Turner
-2005-08-07
+2006-07-17
 </ADDRESS>
 </BODY>
 </HTML>

docs/web/FAQ/node3.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 
-<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
+<!--Converted with LaTeX2HTML 2002-2 (1.70)
 original version by:  Nikos Drakos, CBLU, University of Leeds
 * revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
 * with significant contributions from:
@@ -14,7 +14,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <META NAME="distribution" CONTENT="global">
 
 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
-<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
+<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2">
 <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
 
 <LINK REL="STYLESHEET" HREF="FAQ.css">
@@ -28,26 +28,26 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <BODY >
 
 <DIV CLASS="navigation"><!--Navigation Panel-->
-<A NAME="tex2html156"
+<A NAME="tex2html158"
   HREF="node4.html">
 <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
-<A NAME="tex2html152"
+<A NAME="tex2html154"
   HREF="FAQ.html">
 <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
-<A NAME="tex2html146"
+<A NAME="tex2html148"
   HREF="node2.html">
 <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
-<A NAME="tex2html154"
+<A NAME="tex2html156"
   HREF="node1.html">
 <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
 <BR>
-<B> Next:</B> <A NAME="tex2html157"
+<B> Next:</B> <A NAME="tex2html159"
   HREF="node4.html">3 Understanding tcpprep</A>
-<B> Up:</B> <A NAME="tex2html153"
+<B> Up:</B> <A NAME="tex2html155"
   HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
-<B> Previous:</B> <A NAME="tex2html147"
+<B> Previous:</B> <A NAME="tex2html149"
   HREF="node2.html">1 General Info</A>
- &nbsp; <B>  <A NAME="tex2html155"
+ &nbsp; <B>  <A NAME="tex2html157"
   HREF="node1.html">Contents</A></B> 
 <BR>
 <BR></DIV>
@@ -56,15 +56,15 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
 
 <UL CLASS="ChildLinks">
-<LI><A NAME="tex2html158"
+<LI><A NAME="tex2html160"
   HREF="node3.html#SECTION00031000000000000000"><SPAN CLASS="arabic">2</SPAN>.<SPAN CLASS="arabic">1</SPAN> Where can I get help, report bugs or contact the developers?</A>
-<LI><A NAME="tex2html159"
+<LI><A NAME="tex2html161"
   HREF="node3.html#SECTION00032000000000000000"><SPAN CLASS="arabic">2</SPAN>.<SPAN CLASS="arabic">2</SPAN> What information should I provide when I report a bug?</A>
-<LI><A NAME="tex2html160"
+<LI><A NAME="tex2html162"
   HREF="node3.html#SECTION00033000000000000000"><SPAN CLASS="arabic">2</SPAN>.<SPAN CLASS="arabic">3</SPAN> I have a feature request, what should I do?</A>
-<LI><A NAME="tex2html161"
+<LI><A NAME="tex2html163"
   HREF="node3.html#SECTION00034000000000000000"><SPAN CLASS="arabic">2</SPAN>.<SPAN CLASS="arabic">4</SPAN> I've written a patch for tcpreplay, how can I submit it?</A>
-<LI><A NAME="tex2html162"
+<LI><A NAME="tex2html164"
   HREF="node3.html#SECTION00035000000000000000"><SPAN CLASS="arabic">2</SPAN>.<SPAN CLASS="arabic">5</SPAN> Patch requirements</A>
 </UL>
 <!--End of Table of Child-Links-->
@@ -87,6 +87,10 @@ mailing list:
 http://lists.sourceforge.net/lists/listinfo/tcpreplay-users
 
 <P>
+Please do not email the author directly as it prevents others from
+learning from your questions.
+
+<P>
 
 <H2><A NAME="SECTION00032000000000000000">
 <SPAN CLASS="arabic">2</SPAN>.<SPAN CLASS="arabic">2</SPAN> What information should I provide when I report a bug?</A>
@@ -124,9 +128,8 @@ preferred)
 
 <P>
 Let us know! Many of the features exist today because users like you
-asked for them. To make a feature request, you can either email the
-tcpreplay-users mailing list (see above) or fill out the feature request
-form on the tcpreplay SourceForge website.
+asked for them. To make a feature request, email the tcpreplay-users
+mailing list (see above).
 
 <P>
 
@@ -168,8 +171,8 @@ Generally that means that most recent stable and development branches
 <LI>Make sure you are patching against the most recent release for that
 branch.
 </LI>
-<LI>Please submit your patch in the unified diff format so I can better
-understand what you're changing.
+<LI>Please submit your patch in the <SPAN  CLASS="textit">unified diff</SPAN> format so I can
+better understand what you're changing.
 </LI>
 <LI>Please provide any relevant personal information you'd like listed
 in the CREDITS file.
@@ -182,31 +185,31 @@ some or all of your submission to maintain a consistent coding style.
 
 <DIV CLASS="navigation"><HR>
 <!--Navigation Panel-->
-<A NAME="tex2html156"
+<A NAME="tex2html158"
   HREF="node4.html">
 <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
-<A NAME="tex2html152"
+<A NAME="tex2html154"
   HREF="FAQ.html">
 <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
-<A NAME="tex2html146"
+<A NAME="tex2html148"
   HREF="node2.html">
 <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
-<A NAME="tex2html154"
+<A NAME="tex2html156"
   HREF="node1.html">
 <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
 <BR>
-<B> Next:</B> <A NAME="tex2html157"
+<B> Next:</B> <A NAME="tex2html159"
   HREF="node4.html">3 Understanding tcpprep</A>
-<B> Up:</B> <A NAME="tex2html153"
+<B> Up:</B> <A NAME="tex2html155"
   HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
-<B> Previous:</B> <A NAME="tex2html147"
+<B> Previous:</B> <A NAME="tex2html149"
   HREF="node2.html">1 General Info</A>
- &nbsp; <B>  <A NAME="tex2html155"
+ &nbsp; <B>  <A NAME="tex2html157"
   HREF="node1.html">Contents</A></B> </DIV>
 <!--End of Navigation Panel-->
 <ADDRESS>
 Aaron Turner
-2005-08-07
+2006-07-17
 </ADDRESS>
 </BODY>
 </HTML>

docs/web/FAQ/node4.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 
-<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
+<!--Converted with LaTeX2HTML 2002-2 (1.70)
 original version by:  Nikos Drakos, CBLU, University of Leeds
 * revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
 * with significant contributions from:
@@ -14,7 +14,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <META NAME="distribution" CONTENT="global">
 
 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
-<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
+<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2">
 <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
 
 <LINK REL="STYLESHEET" HREF="FAQ.css">
@@ -28,26 +28,26 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <BODY >
 
 <DIV CLASS="navigation"><!--Navigation Panel-->
-<A NAME="tex2html173"
+<A NAME="tex2html175"
   HREF="node5.html">
 <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
-<A NAME="tex2html169"
+<A NAME="tex2html171"
   HREF="FAQ.html">
 <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
-<A NAME="tex2html163"
+<A NAME="tex2html165"
   HREF="node3.html">
 <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
-<A NAME="tex2html171"
+<A NAME="tex2html173"
   HREF="node1.html">
 <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
 <BR>
-<B> Next:</B> <A NAME="tex2html174"
+<B> Next:</B> <A NAME="tex2html176"
   HREF="node5.html">4 Common Error and</A>
-<B> Up:</B> <A NAME="tex2html170"
+<B> Up:</B> <A NAME="tex2html172"
   HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
-<B> Previous:</B> <A NAME="tex2html164"
+<B> Previous:</B> <A NAME="tex2html166"
   HREF="node3.html">2 Bugs, Feature Requests,</A>
- &nbsp; <B>  <A NAME="tex2html172"
+ &nbsp; <B>  <A NAME="tex2html174"
   HREF="node1.html">Contents</A></B> 
 <BR>
 <BR></DIV>
@@ -56,19 +56,19 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
 
 <UL CLASS="ChildLinks">
-<LI><A NAME="tex2html175"
+<LI><A NAME="tex2html177"
   HREF="node4.html#SECTION00041000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">1</SPAN> What is tcpprep?</A>
-<LI><A NAME="tex2html176"
+<LI><A NAME="tex2html178"
   HREF="node4.html#SECTION00042000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">2</SPAN> How does tcpprep work? </A>
-<LI><A NAME="tex2html177"
+<LI><A NAME="tex2html179"
   HREF="node4.html#SECTION00043000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">3</SPAN> Does tcpprep modify my libpcap file?</A>
-<LI><A NAME="tex2html178"
+<LI><A NAME="tex2html180"
   HREF="node4.html#SECTION00044000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">4</SPAN> Why use tcpprep?</A>
-<LI><A NAME="tex2html179"
+<LI><A NAME="tex2html181"
   HREF="node4.html#SECTION00045000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">5</SPAN> Can a cache file be used for multiple (different) libpcap files? </A>
-<LI><A NAME="tex2html180"
+<LI><A NAME="tex2html182"
   HREF="node4.html#SECTION00046000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">6</SPAN> Why would I want to use tcpreplay with two network cards? </A>
-<LI><A NAME="tex2html181"
+<LI><A NAME="tex2html183"
   HREF="node4.html#SECTION00047000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">7</SPAN> How big are the cache files?</A>
 </UL>
 <!--End of Table of Child-Links-->
@@ -161,7 +161,7 @@ Tcpreplay traditionally is good for putting traffic on a given network,
 often used to test a network intrusion detection system (NIDS). However,
 there are cases where putting traffic onto a subnet in this manner
 is not good enough- you have to be able to send traffic *through*
-a device such as a router, firewall, or bridge.
+a device such as a IPS, router, firewall, or bridge.
 
 <P>
 In these cases, being able to use a single source file (libpcap) for
@@ -183,31 +183,31 @@ was only 150K.
 
 <DIV CLASS="navigation"><HR>
 <!--Navigation Panel-->
-<A NAME="tex2html173"
+<A NAME="tex2html175"
   HREF="node5.html">
 <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
-<A NAME="tex2html169"
+<A NAME="tex2html171"
   HREF="FAQ.html">
 <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
-<A NAME="tex2html163"
+<A NAME="tex2html165"
   HREF="node3.html">
 <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
-<A NAME="tex2html171"
+<A NAME="tex2html173"
   HREF="node1.html">
 <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
 <BR>
-<B> Next:</B> <A NAME="tex2html174"
+<B> Next:</B> <A NAME="tex2html176"
   HREF="node5.html">4 Common Error and</A>
-<B> Up:</B> <A NAME="tex2html170"
+<B> Up:</B> <A NAME="tex2html172"
   HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
-<B> Previous:</B> <A NAME="tex2html164"
+<B> Previous:</B> <A NAME="tex2html166"
   HREF="node3.html">2 Bugs, Feature Requests,</A>
- &nbsp; <B>  <A NAME="tex2html172"
+ &nbsp; <B>  <A NAME="tex2html174"
   HREF="node1.html">Contents</A></B> </DIV>
 <!--End of Navigation Panel-->
 <ADDRESS>
 Aaron Turner
-2005-08-07
+2006-07-17
 </ADDRESS>
 </BODY>
 </HTML>

docs/web/FAQ/node5.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 
-<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
+<!--Converted with LaTeX2HTML 2002-2 (1.70)
 original version by:  Nikos Drakos, CBLU, University of Leeds
 * revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
 * with significant contributions from:
@@ -14,7 +14,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <META NAME="distribution" CONTENT="global">
 
 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
-<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
+<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2">
 <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
 
 <LINK REL="STYLESHEET" HREF="FAQ.css">
@@ -28,26 +28,26 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <BODY >
 
 <DIV CLASS="navigation"><!--Navigation Panel-->
-<A NAME="tex2html192"
+<A NAME="tex2html194"
   HREF="node6.html">
 <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
-<A NAME="tex2html188"
+<A NAME="tex2html190"
   HREF="FAQ.html">
 <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
-<A NAME="tex2html182"
+<A NAME="tex2html184"
   HREF="node4.html">
 <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
-<A NAME="tex2html190"
+<A NAME="tex2html192"
   HREF="node1.html">
 <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
 <BR>
-<B> Next:</B> <A NAME="tex2html193"
+<B> Next:</B> <A NAME="tex2html195"
   HREF="node6.html">5 Common Questions from</A>
-<B> Up:</B> <A NAME="tex2html189"
+<B> Up:</B> <A NAME="tex2html191"
   HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
-<B> Previous:</B> <A NAME="tex2html183"
+<B> Previous:</B> <A NAME="tex2html185"
   HREF="node4.html">3 Understanding tcpprep</A>
- &nbsp; <B>  <A NAME="tex2html191"
+ &nbsp; <B>  <A NAME="tex2html193"
   HREF="node1.html">Contents</A></B> 
 <BR>
 <BR></DIV>
@@ -56,22 +56,20 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
 
 <UL CLASS="ChildLinks">
-<LI><A NAME="tex2html194"
-  HREF="node5.html#SECTION00051000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">1</SPAN> Can't open eth0: libnet_select_device(): Can't find interface eth0</A>
-<LI><A NAME="tex2html195"
-  HREF="node5.html#SECTION00052000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">2</SPAN> Can't open lo: libnet_select_device(): Can't find interface lo</A>
 <LI><A NAME="tex2html196"
-  HREF="node5.html#SECTION00053000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">3</SPAN> Can't open eth0: UID != 0</A>
+  HREF="node5.html#SECTION00051000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">1</SPAN> Can't open eth0: libnet_select_device(): Can't find interface eth0</A>
 <LI><A NAME="tex2html197"
-  HREF="node5.html#SECTION00054000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">4</SPAN> 100000 write attempts failed from full buffers and were repeated</A>
+  HREF="node5.html#SECTION00052000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">2</SPAN> Can't open lo: libnet_select_device(): Can't find interface lo</A>
 <LI><A NAME="tex2html198"
-  HREF="node5.html#SECTION00055000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">5</SPAN> Invalid mac address: 00:00:00:00:00:00</A>
+  HREF="node5.html#SECTION00053000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">3</SPAN> Can't open eth0: UID != 0</A>
 <LI><A NAME="tex2html199"
-  HREF="node5.html#SECTION00056000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">6</SPAN> Unable to process test.cache: cache file version missmatch</A>
+  HREF="node5.html#SECTION00054000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">4</SPAN> 100000 write attempts failed from full buffers and were repeated</A>
 <LI><A NAME="tex2html200"
-  HREF="node5.html#SECTION00057000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">7</SPAN> Skipping SLL loopback packet.</A>
+  HREF="node5.html#SECTION00055000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">5</SPAN> Unable to process test.cache: cache file version missmatch</A>
 <LI><A NAME="tex2html201"
-  HREF="node5.html#SECTION00058000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">8</SPAN> Packet length (8892) is greater then MTU; skipping packet.</A>
+  HREF="node5.html#SECTION00056000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">6</SPAN> Skipping SLL loopback packet.</A>
+<LI><A NAME="tex2html202"
+  HREF="node5.html#SECTION00057000000000000000"><SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">7</SPAN> Packet length (8892) is greater then MTU; skipping packet.</A>
 </UL>
 <!--End of Table of Child-Links-->
 <HR>
@@ -127,20 +125,7 @@ section in this document for suggestions on solving this problem.
 <P>
 
 <H2><A NAME="SECTION00055000000000000000">
-<SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">5</SPAN> Invalid mac address: 00:00:00:00:00:00</A>
-</H2>
-
-<P>
-Currently tcpreplay reserves the MAC address of 00:00:00:00:00:00
-as reserved for internal use. Hence you can't rewrite the MAC address
-of packets to be all zeros. While we intend to fix this someday it's
-not currently high on our priority list, so let us know if we should
-re-prioritize things.
-
-<P>
-
-<H2><A NAME="SECTION00056000000000000000">
-<SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">6</SPAN> Unable to process test.cache: cache file version missmatch</A>
+<SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">5</SPAN> Unable to process test.cache: cache file version missmatch</A>
 </H2>
 
 <P>
@@ -178,8 +163,8 @@ systems.
 
 <P>
 
-<H2><A NAME="SECTION00057000000000000000">
-<SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">7</SPAN> Skipping SLL loopback packet.</A>
+<H2><A NAME="SECTION00056000000000000000">
+<SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">6</SPAN> Skipping SLL loopback packet.</A>
 </H2>
 
 <P>
@@ -191,8 +176,8 @@ allow tcpreplay to send these packets.
 
 <P>
 
-<H2><A NAME="SECTION00058000000000000000">
-<SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">8</SPAN> Packet length (8892) is greater then MTU; skipping packet.</A>
+<H2><A NAME="SECTION00057000000000000000">
+<SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">7</SPAN> Packet length (8892) is greater then MTU; skipping packet.</A>
 </H2>
 
 <P>
@@ -200,37 +185,38 @@ The packet length (in this case 8892 bytes) is greater then the maximum
 transmition unit (MTU) on the outgoing interface. Tcpreplay must skip
 the packet. Alternatively, you can specify the -T option and tcpreplay
 will truncate the packet to the MTU size, fix the checksums and send
-it.
+it. This often occurs with pcaps captured over loopback interfaces
+which have much larger MTU's then ethernet.
 
 <P>
 
 <DIV CLASS="navigation"><HR>
 <!--Navigation Panel-->
-<A NAME="tex2html192"
+<A NAME="tex2html194"
   HREF="node6.html">
 <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
-<A NAME="tex2html188"
+<A NAME="tex2html190"
   HREF="FAQ.html">
 <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
-<A NAME="tex2html182"
+<A NAME="tex2html184"
   HREF="node4.html">
 <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
-<A NAME="tex2html190"
+<A NAME="tex2html192"
   HREF="node1.html">
 <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
 <BR>
-<B> Next:</B> <A NAME="tex2html193"
+<B> Next:</B> <A NAME="tex2html195"
   HREF="node6.html">5 Common Questions from</A>
-<B> Up:</B> <A NAME="tex2html189"
+<B> Up:</B> <A NAME="tex2html191"
   HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
-<B> Previous:</B> <A NAME="tex2html183"
+<B> Previous:</B> <A NAME="tex2html185"
   HREF="node4.html">3 Understanding tcpprep</A>
- &nbsp; <B>  <A NAME="tex2html191"
+ &nbsp; <B>  <A NAME="tex2html193"
   HREF="node1.html">Contents</A></B> </DIV>
 <!--End of Navigation Panel-->
 <ADDRESS>
 Aaron Turner
-2005-08-07
+2006-07-17
 </ADDRESS>
 </BODY>
 </HTML>

docs/web/FAQ/node6.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 
-<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
+<!--Converted with LaTeX2HTML 2002-2 (1.70)
 original version by:  Nikos Drakos, CBLU, University of Leeds
 * revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
 * with significant contributions from:
@@ -14,7 +14,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <META NAME="distribution" CONTENT="global">
 
 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
-<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
+<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2">
 <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
 
 <LINK REL="STYLESHEET" HREF="FAQ.css">
@@ -28,26 +28,26 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <BODY >
 
 <DIV CLASS="navigation"><!--Navigation Panel-->
-<A NAME="tex2html212"
+<A NAME="tex2html213"
   HREF="node7.html">
 <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
-<A NAME="tex2html208"
+<A NAME="tex2html209"
   HREF="FAQ.html">
 <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
-<A NAME="tex2html202"
+<A NAME="tex2html203"
   HREF="node5.html">
 <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
-<A NAME="tex2html210"
+<A NAME="tex2html211"
   HREF="node1.html">
 <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
 <BR>
-<B> Next:</B> <A NAME="tex2html213"
-  HREF="node7.html">6 Required Libraries and</A>
-<B> Up:</B> <A NAME="tex2html209"
+<B> Next:</B> <A NAME="tex2html214"
+  HREF="node7.html">6 Testing Methodologies</A>
+<B> Up:</B> <A NAME="tex2html210"
   HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
-<B> Previous:</B> <A NAME="tex2html203"
+<B> Previous:</B> <A NAME="tex2html204"
   HREF="node5.html">4 Common Error and</A>
- &nbsp; <B>  <A NAME="tex2html211"
+ &nbsp; <B>  <A NAME="tex2html212"
   HREF="node1.html">Contents</A></B> 
 <BR>
 <BR></DIV>
@@ -56,12 +56,14 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
 
 <UL CLASS="ChildLinks">
-<LI><A NAME="tex2html214"
-  HREF="node6.html#SECTION00061000000000000000"><SPAN CLASS="arabic">5</SPAN>.<SPAN CLASS="arabic">1</SPAN> Why is tcpreplay not sending all the packets?</A>
 <LI><A NAME="tex2html215"
-  HREF="node6.html#SECTION00062000000000000000"><SPAN CLASS="arabic">5</SPAN>.<SPAN CLASS="arabic">2</SPAN> Can tcpreplay read gzip/bzip2 compressed files?</A>
+  HREF="node6.html#SECTION00061000000000000000"><SPAN CLASS="arabic">5</SPAN>.<SPAN CLASS="arabic">1</SPAN> Why is tcpreplay not sending all the packets?</A>
 <LI><A NAME="tex2html216"
+  HREF="node6.html#SECTION00062000000000000000"><SPAN CLASS="arabic">5</SPAN>.<SPAN CLASS="arabic">2</SPAN> Can tcpreplay read gzip/bzip2 compressed files?</A>
+<LI><A NAME="tex2html217"
   HREF="node6.html#SECTION00063000000000000000"><SPAN CLASS="arabic">5</SPAN>.<SPAN CLASS="arabic">3</SPAN> How fast can tcpreplay send packets?</A>
+<LI><A NAME="tex2html218"
+  HREF="node6.html#SECTION00064000000000000000"><SPAN CLASS="arabic">5</SPAN>.<SPAN CLASS="arabic">4</SPAN> Is tcpreplay stateful?</A>
 </UL>
 <!--End of Table of Child-Links-->
 <HR>
@@ -146,7 +148,7 @@ and will likely reduce the overall performance of tcpreplay.
 
 <P>
 First, if performance is important to you, then upgrading to tcpreplay
-3.x is worthwhile since it is more optimized then the 2.x series.
+3.x is worthwhile since it is more optimized then the 1.x or 2.x series.
 After that, there are a number of variables which effect performance,
 including on how you measure it (packets/sec or bytes/sec). 100Mbps
 and 120K pps are quite doable. Generally speaking here are some points
@@ -172,37 +174,60 @@ using mergecap to generate a single large file.
 <LI>Network cards and drivers, disk speed (RPM is more important then
 seek), amount of RAM and system bus speed are all important.
 </LI>
+<LI>In general servers with faster disks and bus speeds will be faster
+then desktops which will be faster then laptops.
+</LI>
 </UL>
 
 <P>
 
+<H2><A NAME="SECTION00064000000000000000">
+<SPAN CLASS="arabic">5</SPAN>.<SPAN CLASS="arabic">4</SPAN> Is tcpreplay stateful?</A>
+</H2>
+
+<P>
+No. Tcpreplay processes each packet in the order it is stored in the
+pcap file. The default is to send each packet based on the timestamp
+stored in the pcap file. If your pcap file has packets out of order,
+tcpreplay will send them out of order. In certain situations a packet
+may have an earlier timestamp then the packet before it, tcpreplay
+will then send the second packet as soon as possible.
+
+<P>
+The basic point is that if your pcap file is well formed and has the
+packets in the correct order, then tcpreplay will create a ``stateful''
+packet stream. If your pcap file has errors, then tcpreplay will repeat
+those errors. Garbage in, garbage out.
+
+<P>
+
 <DIV CLASS="navigation"><HR>
 <!--Navigation Panel-->
-<A NAME="tex2html212"
+<A NAME="tex2html213"
   HREF="node7.html">
 <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
-<A NAME="tex2html208"
+<A NAME="tex2html209"
   HREF="FAQ.html">
 <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
-<A NAME="tex2html202"
+<A NAME="tex2html203"
   HREF="node5.html">
 <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
-<A NAME="tex2html210"
+<A NAME="tex2html211"
   HREF="node1.html">
 <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
 <BR>
-<B> Next:</B> <A NAME="tex2html213"
-  HREF="node7.html">6 Required Libraries and</A>
-<B> Up:</B> <A NAME="tex2html209"
+<B> Next:</B> <A NAME="tex2html214"
+  HREF="node7.html">6 Testing Methodologies</A>
+<B> Up:</B> <A NAME="tex2html210"
   HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
-<B> Previous:</B> <A NAME="tex2html203"
+<B> Previous:</B> <A NAME="tex2html204"
   HREF="node5.html">4 Common Error and</A>
- &nbsp; <B>  <A NAME="tex2html211"
+ &nbsp; <B>  <A NAME="tex2html212"
   HREF="node1.html">Contents</A></B> </DIV>
 <!--End of Navigation Panel-->
 <ADDRESS>
 Aaron Turner
-2005-08-07
+2006-07-17
 </ADDRESS>
 </BODY>
 </HTML>

docs/web/FAQ/node7.html

@@ -1,20 +1,20 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 
-<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
+<!--Converted with LaTeX2HTML 2002-2 (1.70)
 original version by:  Nikos Drakos, CBLU, University of Leeds
 * revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
 * with significant contributions from:
   Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
 <HTML>
 <HEAD>
-<TITLE>6 Required Libraries and Tools</TITLE>
-<META NAME="description" CONTENT="6 Required Libraries and Tools">
+<TITLE>6 Testing Methodologies</TITLE>
+<META NAME="description" CONTENT="6 Testing Methodologies">
 <META NAME="keywords" CONTENT="FAQ">
 <META NAME="resource-type" CONTENT="document">
 <META NAME="distribution" CONTENT="global">
 
 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
-<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
+<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2">
 <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
 
 <LINK REL="STYLESHEET" HREF="FAQ.css">
@@ -28,150 +28,159 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <BODY >
 
 <DIV CLASS="navigation"><!--Navigation Panel-->
-<A NAME="tex2html227"
+<A NAME="tex2html229"
   HREF="node8.html">
 <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
-<A NAME="tex2html223"
+<A NAME="tex2html225"
   HREF="FAQ.html">
 <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
-<A NAME="tex2html217"
+<A NAME="tex2html219"
   HREF="node6.html">
 <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
-<A NAME="tex2html225"
+<A NAME="tex2html227"
   HREF="node1.html">
 <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
 <BR>
-<B> Next:</B> <A NAME="tex2html228"
-  HREF="node8.html">7 Other pcap tools</A>
-<B> Up:</B> <A NAME="tex2html224"
+<B> Next:</B> <A NAME="tex2html230"
+  HREF="node8.html">7 Required Libraries and</A>
+<B> Up:</B> <A NAME="tex2html226"
   HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
-<B> Previous:</B> <A NAME="tex2html218"
+<B> Previous:</B> <A NAME="tex2html220"
   HREF="node6.html">5 Common Questions from</A>
- &nbsp; <B>  <A NAME="tex2html226"
+ &nbsp; <B>  <A NAME="tex2html228"
   HREF="node1.html">Contents</A></B> 
 <BR>
 <BR></DIV>
 <!--End of Navigation Panel-->
-<!--Table of Child-Links-->
-<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
-
-<UL CLASS="ChildLinks">
-<LI><A NAME="tex2html229"
-  HREF="node7.html#SECTION00071000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">1</SPAN> Libpcap</A>
-<LI><A NAME="tex2html230"
-  HREF="node7.html#SECTION00072000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">2</SPAN> Libnet</A>
-<LI><A NAME="tex2html231"
-  HREF="node7.html#SECTION00073000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">3</SPAN> Libpcapnav</A>
-<LI><A NAME="tex2html232"
-  HREF="node7.html#SECTION00074000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">4</SPAN> Tcpdump</A>
-</UL>
-<!--End of Table of Child-Links-->
-<HR>
 
 <H1><A NAME="SECTION00070000000000000000">
-<SPAN CLASS="arabic">6</SPAN> Required Libraries and Tools</A>
+<SPAN CLASS="arabic">6</SPAN> Testing Methodologies</A>
 </H1>
 
 <P>
-
-<H2><A NAME="SECTION00071000000000000000">
-<SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">1</SPAN> Libpcap</A>
-</H2>
+A topic which comes up regularly, is how to use tcpreplay to test
+products like intrusion detection/prevention devices (IDS/IPS) and
+deep inspection firewalls. Generally, I hear people suggest three
+things:
 
 <P>
-As of tcpreplay v1.4, you'll need to have libpcap installed on your
-system. As of v2.0, you'll need at least version 0.6.0 or better,
-but I only test our code with the latest version. Libpcap can be obtained
-on the tcpdump homepage<A NAME="tex2html6"
-  HREF="#foot137"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A>. 
 
-<P>
+<OL>
+<LI>Use security scanners like Nessus
+</LI>
+<LI>Use ``real attacks'' like those generated by Metasploit
+</LI>
+<LI>Use a replay tool like tcpreplay to generate attack traffic
+</LI>
+</OL>
+First, let me say that security scanners like Nessus do a really crappy
+job of testing the effectiveness of IDS/IPS and firewalls. The simple
+reason is that security scanners don't try to exploit vulnerabilities
+because it creates problems on the network. IT managers don't like
+it when their servers start rebooting or routers crash, so scanners
+use other non-agressive techniques like banner grabbing to find potentially
+vulnerable systems. Simply put, these non-agressive techniques often
+look nothing like a real attack.
 
-<H2><A NAME="SECTION00072000000000000000">
-<SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">2</SPAN> Libnet</A>
-</H2>
+<P>
+That leaves generating ``real attacks'' and replay tools. 
 
 <P>
-Tcpreplay v1.3 is the last version to support the old libnet API (everything
-before 1.1.x). As of v1.4 you will need to use Libnet 1.1.0 or better
-which can be obtained from the Libnet homepage<A NAME="tex2html7"
-  HREF="#foot138"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A>. 
+Advantages of real attacks:
 
 <P>
 
-<H2><A NAME="SECTION00073000000000000000">
-<SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">3</SPAN> Libpcapnav</A>
-</H2>
+<UL>
+<LI>It's clear when you have a valid test case because the target system
+is compromised
+</LI>
+<LI>Exploit code and attack tools are widely available for many attacks
+</LI>
+</UL>
+Disadvantages of real attacks:
 
 <P>
-Starting with v2.0, tcpreplay can use libpcapnav to support the jump
-offset feature. If libpcapnav is not found on the system, that feature
-will be disabled. Libpcapnav can be found on the NetDude homepage<A NAME="tex2html8"
-  HREF="#foot139"><SUP><SPAN CLASS="arabic">8</SPAN></SUP></A>. 
+
+<UL>
+<LI>After the test case is run, the target system may be unstable or corrupted,
+requiring a reboot or re-install
+</LI>
+<LI>Generally requires two systems: a target (often running VMWare) and
+an attacker system
+</LI>
+<LI>Installing, configuring and managing various operating systems and
+applications to attack is a lot of work
+</LI>
+<LI>Difficult to automate test cases since there is no standardized interface
+to these tools
+</LI>
+<LI>You have to be careful about trojaned exploit code or worms which
+escape your lab
+</LI>
+</UL>
+Advantages of replay tools:
 
 <P>
 
-<H2><A NAME="SECTION00074000000000000000">
-<SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">4</SPAN> Tcpdump</A>
-</H2>
+<UL>
+<LI>Since both the victim and attacker are virtual, there is no need to
+reboot/re-install systems after each test
+</LI>
+<LI>A complete test bed requires only a single system with two NIC's
+</LI>
+<LI>Once you have a library of pcap files, there is virtually zero management
+overhead
+</LI>
+<LI>Replay tools provide a common interface to emulating any attack against
+any OS/application making automation simple
+</LI>
+<LI>Pcap files are not executable, so trojans and escaping worms aren't
+an issue
+</LI>
+</UL>
+Disadvantages of replay tools;
 
 <P>
-As of 2.0, tcpreplay uses tcpdump (the binary, not code) to decode
-packets to STDOUT in a human readable (with practice) format as it
-sends them. If you would like this feature, tcpdump must be installed
-on your system.
 
-<P>
-N<SMALL>OTE:</SMALL> The location of the tcpdump binary is hardcoded in
-tcpreplay at compile time. If tcpdump gets renamed or moved, the feature
-will become disabled.
+<UL>
+<LI>There are trust issues regarding pcap files. Are you 100% sure that
+pcap file is correct (not corrupted, doesn't have truncated packets,
+actually contains the valid exploit)
+</LI>
+<LI>There are few publicly available pcap's which contain attacks useful
+for testing so you must create your own
+</LI>
+</UL>
 
 <P>
-<BR><HR><H4>Footnotes</H4>
-<DL>
-<DT><A NAME="foot137">... homepage</A><A
- HREF="node7.html#tex2html6"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A></DT>
-<DD>http://www.tcpdump.org/
-
-</DD>
-<DT><A NAME="foot138">... homepage</A><A
- HREF="node7.html#tex2html7"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A></DT>
-<DD>http://www.packetfactory.net/Projects/Libnet/
-
-</DD>
-<DT><A NAME="foot139">... homepage</A><A
- HREF="node7.html#tex2html8"><SUP><SPAN CLASS="arabic">8</SPAN></SUP></A></DT>
-<DD>http://netdude.sourceforge.net/
-
-</DD>
-</DL>
+
 <DIV CLASS="navigation"><HR>
 <!--Navigation Panel-->
-<A NAME="tex2html227"
+<A NAME="tex2html229"
   HREF="node8.html">
 <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
-<A NAME="tex2html223"
+<A NAME="tex2html225"
   HREF="FAQ.html">
 <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
-<A NAME="tex2html217"
+<A NAME="tex2html219"
   HREF="node6.html">
 <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
-<A NAME="tex2html225"
+<A NAME="tex2html227"
   HREF="node1.html">
 <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
 <BR>
-<B> Next:</B> <A NAME="tex2html228"
-  HREF="node8.html">7 Other pcap tools</A>
-<B> Up:</B> <A NAME="tex2html224"
+<B> Next:</B> <A NAME="tex2html230"
+  HREF="node8.html">7 Required Libraries and</A>
+<B> Up:</B> <A NAME="tex2html226"
   HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
-<B> Previous:</B> <A NAME="tex2html218"
+<B> Previous:</B> <A NAME="tex2html220"
   HREF="node6.html">5 Common Questions from</A>
- &nbsp; <B>  <A NAME="tex2html226"
+ &nbsp; <B>  <A NAME="tex2html228"
   HREF="node1.html">Contents</A></B> </DIV>
 <!--End of Navigation Panel-->
 <ADDRESS>
 Aaron Turner
-2005-08-07
+2006-07-17
 </ADDRESS>
 </BODY>
 </HTML>

docs/web/FAQ/node8.html

@@ -1,46 +1,52 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 
-<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
+<!--Converted with LaTeX2HTML 2002-2 (1.70)
 original version by:  Nikos Drakos, CBLU, University of Leeds
 * revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
 * with significant contributions from:
   Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
 <HTML>
 <HEAD>
-<TITLE>7 Other pcap tools available</TITLE>
-<META NAME="description" CONTENT="7 Other pcap tools available">
+<TITLE>7 Required Libraries and Tools</TITLE>
+<META NAME="description" CONTENT="7 Required Libraries and Tools">
 <META NAME="keywords" CONTENT="FAQ">
 <META NAME="resource-type" CONTENT="document">
 <META NAME="distribution" CONTENT="global">
 
 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
-<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
+<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2">
 <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
 
 <LINK REL="STYLESHEET" HREF="FAQ.css">
 
+<LINK REL="next" HREF="node9.html">
 <LINK REL="previous" HREF="node7.html">
 <LINK REL="up" HREF="FAQ.html">
+<LINK REL="next" HREF="node9.html">
 </HEAD>
 
 <BODY >
 
 <DIV CLASS="navigation"><!--Navigation Panel-->
-<IMG WIDTH="81" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next_inactive" SRC="nx_grp_g.png"> 
+<A NAME="tex2html241"
+  HREF="node9.html">
+<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
 <A NAME="tex2html237"
   HREF="FAQ.html">
 <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
-<A NAME="tex2html235"
+<A NAME="tex2html231"
   HREF="node7.html">
 <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
 <A NAME="tex2html239"
   HREF="node1.html">
 <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
 <BR>
+<B> Next:</B> <A NAME="tex2html242"
+  HREF="node9.html">8 Other pcap tools</A>
 <B> Up:</B> <A NAME="tex2html238"
   HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
-<B> Previous:</B> <A NAME="tex2html236"
-  HREF="node7.html">6 Required Libraries and</A>
+<B> Previous:</B> <A NAME="tex2html232"
+  HREF="node7.html">6 Testing Methodologies</A>
  &nbsp; <B>  <A NAME="tex2html240"
   HREF="node1.html">Contents</A></B> 
 <BR>
@@ -50,120 +56,122 @@ original version by:  Nikos Drakos, CBLU, University of Leeds
 <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
 
 <UL CLASS="ChildLinks">
-<LI><A NAME="tex2html241"
-  HREF="node8.html#SECTION00081000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">1</SPAN> Tools to capture network traffic or decode pcap files</A>
-<LI><A NAME="tex2html242"
-  HREF="node8.html#SECTION00082000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">2</SPAN> Tools to edit pcap files</A>
 <LI><A NAME="tex2html243"
-  HREF="node8.html#SECTION00083000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">3</SPAN> Other useful tools</A>
+  HREF="node8.html#SECTION00081000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">1</SPAN> Libpcap</A>
+<LI><A NAME="tex2html244"
+  HREF="node8.html#SECTION00082000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">2</SPAN> Libnet</A>
+<LI><A NAME="tex2html245"
+  HREF="node8.html#SECTION00083000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">3</SPAN> Libpcapnav</A>
+<LI><A NAME="tex2html246"
+  HREF="node8.html#SECTION00084000000000000000"><SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">4</SPAN> Tcpdump</A>
 </UL>
 <!--End of Table of Child-Links-->
 <HR>
 
 <H1><A NAME="SECTION00080000000000000000">
-<SPAN CLASS="arabic">7</SPAN> Other pcap tools available</A>
+<SPAN CLASS="arabic">7</SPAN> Required Libraries and Tools</A>
 </H1>
 
 <P>
 
 <H2><A NAME="SECTION00081000000000000000">
-<SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">1</SPAN> Tools to capture network traffic or decode pcap files</A>
+<SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">1</SPAN> Libpcap</A>
 </H2>
 
 <P>
-
-<UL>
-<LI>tcpdump
-<BR>
-http://www.tcpdump.org/
-</LI>
-<LI>ethereal
-<BR>
-http://www.ethereal.com/
-</LI>
-<LI>ettercap
-<BR>
-http://ettercap.sourceforge.net/
-</LI>
-</UL>
+As of tcpreplay v1.4, you'll need to have libpcap installed on your
+system. As of v2.0, you'll need at least version 0.6.0 or better,
+but I only test our code with the latest version. Libpcap can be obtained
+on the tcpdump homepage<A NAME="tex2html6"
+  HREF="#foot154"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A>. 
 
 <P>
 
 <H2><A NAME="SECTION00082000000000000000">
-<SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">2</SPAN> Tools to edit pcap files</A>
+<SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">2</SPAN> Libnet</A>
 </H2>
 
 <P>
-
-<UL>
-<LI>tcpslice
-<BR>
-Splits pcap files into smaller files
-<BR>
-http://www.tcpdump.org/
-</LI>
-<LI>mergecap
-<BR>
-Merges two pcap capture files into one
-<BR>
-http://www.ethreal.com/
-</LI>
-<LI>pcapmerge
-<BR>
-Merges two or more pcap capture files into one
-<BR>
-http://tcpreplay.sourceforge.net/
-</LI>
-<LI>editcap
-<BR>
-Converts capture file formats (pcap, snoop, etc)
-<BR>
-http://www.ethreal.com/
-</LI>
-<LI>netdude
-<BR>
-GTK based pcap capture file editor. Allows editing most anything in
-the packet.
-<BR>
-http://netdude.sourceforge.net/
-</LI>
-</UL>
+Tcpreplay v1.3 is the last version to support the old libnet API (everything
+before 1.1.x). As of v1.4 you will need to use Libnet 1.1.0 or better
+which can be obtained from the Libnet homepage<A NAME="tex2html7"
+  HREF="#foot155"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A>. 
 
 <P>
 
 <H2><A NAME="SECTION00083000000000000000">
-<SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">3</SPAN> Other useful tools</A>
+<SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">3</SPAN> Libpcapnav</A>
 </H2>
 
 <P>
+Starting with v2.0, tcpreplay can use libpcapnav to support the jump
+offset feature. If libpcapnav is not found on the system, that feature
+will be disabled. Libpcapnav can be found on the NetDude homepage<A NAME="tex2html8"
+  HREF="#foot156"><SUP><SPAN CLASS="arabic">8</SPAN></SUP></A>. 
 
-<UL>
-<LI>capinfo
-<BR>
-Prints statistics and basic information about a pcap file
-<BR>
-http://tcpreplay.sourceforge.net/
-</LI>
-<LI>text2pcap
-<BR>
-Generates a pcap capture file from a hex dump
-<BR>
-http://www.ethreal.com/
-</LI>
-<LI>tcpflow
-<BR>
-Extracts and reassembles the data portion on a per-flow basis on live
-traffic or pcap capture files
-<BR>
-http://www.circlemud.org/&nbsp;jelson/software/tcpflow/
-</LI>
-</UL>
+<P>
+
+<H2><A NAME="SECTION00084000000000000000">
+<SPAN CLASS="arabic">7</SPAN>.<SPAN CLASS="arabic">4</SPAN> Tcpdump</A>
+</H2>