Geekcorp Software


[ XTcpdump ]

Front end GUI for tcpdump(1).

version 1.0.2
Sveinar Rasmussen, 6th of May 1998
Copyright (c) 1998 - University of Tromsoe, Norway.
 

      Abstract. This document describes the XTcpdump program providing an easy to use graphical user interface towards tcpdump(1). Tcpdump is a network monitoring program capable of observing all the traffic on a local network. As such, it can be used to provide raw trace data to a performance monitoring tool.

1.0 Introduction

    Tcpdump monitors the network at the packet level. Each packet is typically displayed as a combination of a line summarizing the packet contents, and then the packet contents themselves. The summary line, which includes a time stamp indicating when the packet was observed on the network, contains some of the more important information about the packet. For a UDP connection, for example, the summary information includes such things as the name of the host that sent the packet and the port from which it was sent. It also includes the name of the host and port for which the packet is destined. For a NFS connection, the summary information includes the source and destination of the packet, along with an indication of whether a read or write operation was requested. It may also include the amount of data being sent in the transfer, and the total amount of data sent for the request to which this response belongs.
     
    XTcpdump provides a intuitive graphical user interface front-end to tcpdump. This simplifies the usage and makes it easier for people to get started using tcpdump as a flexible network monitoring tool.

2.0 Usage

XTcpdump usage basically involves two windows. The main window and the option window are described below:
 
main window

The important buttons in the main window are:
 

Start! activates tcpdump to start monitoring according to your selection of options and    commands. Its output will be found in the standard output window where XTcpdump was launched from.
Stop! deactivates tcpdump if it is running.
Options... a whole set of options are presented to you once you press this button. I recommend that you push the help button found in the option window.
Save setup all your settings are stored to disk.
Clear clears the expression entry field.
 
     
Other help buttons are available as you can see from the snapshot above. These will present you with useful information on the use of this program and tcpdump(1).
 
option window

The important buttons and fields in the options window are:
 

Print link level header prints the header on each dump line
Make stdout line buffered print 'foreign' addresses numerically rather than symbolically. 
Sun's yp server? use it!
Make stdout line buffered make stdout line buffered. Useful if you want to see the 
data while capturing it.
Don't convert address to names doesn't convert addresses (i.e. host addresses, port 
numbers, etc.) to names.
Don't print domain name doesn't print domain name qualification of host names. 
'slibo.cc.uit.no' will be 'slibo', as an example.
Don't use promiscuous mode doesn't put interface into promiscuous mode. Note that the 
interface might be in promiscuous mode for some other reason.
Give me more output slightly more verbose output.
Give me even more output a lot of output.
Use Xtcpdump.log to save 
all output
saves all the output from the tcpdump program onto disk. 
Check the file Xtcpdump.log afterwards.
Exit after receiving # packets will exit tcpdump after receiving a given number of packets.
Listen on interface listen on interface. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface (excluding loopback of course :). 
Force packets selected 
specified by type
packets selected by "expression" are of this type. rpc (Remote Procedure Call), rtp (Real-Time Applications protocol), rtcp (Real-Time Applications control protocol), vat (Visual Audio Tool) and wb (distributed White Board).
Write the raw packets to 
file instead
write everything to disk instead of parsing it. Really "dumps" it all on disk consuming a lot of disk space.
Path to tcpdump program the path to the necessary tcpdump program
Default bring back factory settings.
You can also press the help buttons found in the program. A snapshot from one of them are below:
 
a help window

3.0 Implementation issues.

    The program is indeed a simple one. It uses the wish interpreter to show graphical buttons and dialogs. Most of the code is simply Tk lines of code for the GUI and text for the help dialogs.

    Edit the Tcl code if your wish interpreter is found elsewhere than /store/bin/wish. There shouldn't be any need to edit the Tcl code further to customize the program. All of this should be able to in the program's configuration window.
    XTcpdump saves its configuration to the xtcpdump.rc file.

    The launching of the required program, tcpdump (1), might be the only part of this program that is a bit difficult to understand. To avoid using extended Tcl code, the program creates a Bourne Shell script with the appropriate arguments to run the tcpdump program. The PID for the script being run is saved in a Tcl variable. When the user hits the stop button, this particular PID is killed removing its child process, tcpdump.

4.0 Conclusion.

    A graphical user interface for the network monitoring program tcpdump was requested. Using Tcl/Tk, a portable GUI solution has been suggested here. Based on Tcpdump (v3.4a3), this graphical front-end will try to make it easier for people to get started with tcpdump as a network monitoring tool.

5.0 ChangeLog

v1.0.2:
  • Small bug fix. Thanks to Hajnal Ladislas!
v1.0.1:
  • Official release after 4 internal releases over a period of 5 days. Documentation written.
6.0 Source code.
    This software is property of the University of Tromsoe. Luckily, the software has been made available for download through the GNU license. And best of all, it's for free!

    Go to the download section to start downloading.



Sveinar Rasmussen (web)