<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <TITLE>The KSnuffle Manual: Introduction</TITLE> </HEAD> <BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#AA0000"> <FONT FACE="Helvetica"> <A HREF="http://www.kde.org/"><IMG SRC="logotp3.gif" ALT="The K Desktop Environment" BORDER=0 ></A> <HR WIDTH="100%" SIZE=2 ALIGN="CENTER" NOSHADE> <DIV ALIGN=right> <A HREF="index-2.html">Next</A> Previous<A HREF="index.html#toc1">Table of Contents</A> </DIV> <BR> <H3> 1. Introduction </H3> This is release 2.2 of KSnuffle. KSnuffle is a network traffic monitor for the KDE desktop. It basically works; it does not, so far as I know, crash, but: <UL> <LI> Network packet decoding is rather restricted at present. It only really handles TCP/IP and UDP/IP, but even this is not complete and may contain errors. I have used the code in <I>tcpdump</I> as a base, but it is not very clear (at least, to me!). My book on IP protocols may be more forthcoming! </LI> <LI> Currently, a limited number of datalink layers are understood, including EtherNet, PPP and loopback; basically, these are the ones that I have access to. Others may or may not work. </LI> </UL> Please note that all ilustrations in this manual show version 2.1, however there are no changes at the GUI level from version 2.1. <H3> <A NAME="ss1.1"></A>1.1 Features </H3> Some of KSnuffle's features include: <UL> <LI>Basic filtering and packet selection via the GUI</LI> <LI>Advanced filtering and packet selection via filterprograms</LI> <LI>Multiple concurrent monitors</LI> <LI>Remote sniffing via a remote server process</LI> <LI>Protocol structure display to application level</LI> <LI>TCP data stream display</LI> <LI>Text and binary logging, plus replay of binary log files</LI> <LI>Textual display of network traffic</LI> <LI>Network load histograms and time-averaged load display</LI> <LI>Parallel display of multiple load histograms</LI> <LI>Start and stop triggers</LI> <LI>Command execution on specific events</LI> <LI>Save and restored filter and packet selection configurations</LI> <LI>Support for use by selected non-root users</LI> </UL> KSnuffle uses packet filter descriptions exactly as for <A HREF="man:tcpdump(8)">tcpdump(8)</A>. Please see the manual pages for this utility for further details. <BR><A NAME="caveat"></A> <H3> <A NAME="ss1.2"></A>1.2 Caveats </H3> Please see the <A HREF="index-7.html">caveats</A> page. <H3> <A NAME="ss1.3"></A>1.3 Changes </H3> <UL> <LI>Changes from 0.2 to 0.3 <UL> <LI>Window is resizable</LI> <LI>General configuration and filters on separate pages</LI> <LI>Remote sniffing</LI> <LI>Event Commands</LI> </UL> </LI> <LI>Changes from 0.3 to 0.4 <UL> <LI>TCP/IP information is decoded</LI> <LI>Font selection for packet display</LI> <LI>Packet display column widths saved</LI> <LI>Filter programs saved</LI> <LI>Whopping security hole fixed</LI> </UL> </LI> <LI>Changes from 0.4 to 0.5 <UL> <LI>Ksnuffle no longer forks for each sniffers</LI> <LI>Multiple sniffers share same libpcap object for same interface</LI> <LI>Dynamically loaded plugin modules</LI> </UL> </LI> <LI>Changes from 0.5 to 0.6 <UL> <LI>Packet protocol structure display</LI> <LI>TCP data stream display</LI> </UL> </LI> <LI>Changes from 0.6 to 0.7 <UL> <LI>Build with gcc 2.95 on Mandrake 7.0</LI> </UL> </LI> <LI>Changes from 0.7 to 0.8 <UL> <LI>Minor bug fixes</LI> <LI>TCP/IP monitor plugin</LI> </UL> </LI> <LI>Changes from 0.8 to 2.0 <UL> <LI>First port to Kde2/Qt2.2</LI> </UL> </LI> <LI>Changes from 2.0 to 2.1 <UL> <LI>Show MAC addresses</LI> <LI>Fix for starting/stopping sniffers on the same port</LI> </UL> </LI> <LI>Changes from 2.1 to 2.2 <UL> <LI>Setuid-root and non-root operation changes</LI> </UL> </LI> </UL> <DIV ALIGN=right> <A HREF="index-2.html">Next</A> Previous<A HREF="index.html#toc1">Table of Contents</A> </DIV> <CENTER> <HR WIDTH="100%" SIZE=3 ALIGN=CENTER NOSHADE> </CENTER> </BODY> </HTML>