
PACKHACK.TXT   Doc file for PACKHACK Version 6c  August '94

PACKHACK  is a program used to analyze packet radio activity
taking place on a specific radio channel.  It identifies and
counts packets from each station, and categorizes the packets
into frame types.  Generally, only "I" frames contain user
information.  The "RR" frames are Acks, the "UA" frames are
Acks for disconnect requests, the "D" frames are disconnect
requests, and the REJ frames are Reject, send again requests.
See a TNC-II manual for a complete discussion on frame types.

With PACKHACK you can see a list of stations on the air, and
the number and type of each packet sent by each station.
You can see which node is most active and if most of it's
activity is retries or real information.  It is interesting
to compare the ratio of I to RR frames for different stations,
and hopefully it will be useful too.

How to use PackHack:

To use PACKHACK, you first need a text file that contains
the monitored packets of the radio channel to be analyzed.

This program was developed for TNC-II Clones (specifically
the MFJ-1270/B TNC).  Set the TNC commands as follows:

   MON ON    MCOM ON    MCON ON     MALL ON    MRPT ON

It is important that the "<RR R R5>" or "<I C S7 R2>" data
be seen in each packet.  Also if MSTAMP is set ON,the date
and time of the first buffer file packet will be shown in
the PackHack report.

Set the TNC as above, open a capture buffer, and monitor
packets for some period of time (10 minutes? 3 hours?).
Then save the buffer to disk.

After saving the buffer to file, you are ready to run PACKHACK.

Enter  PACKHACK  [filename]  where filename is the name of the
file saved from capture buffer.  If the specified file can
not be found, and error message is displayed, and the program
exits.

After finding the capture buffer file, PACKHACK will say:


  Analyzing file: [filename]    Length: [size]  Bytes

  working, please wait.....

   (on a 386DX, a 100k file will take about seven seconds to
    run.  On a slow floppy drive it may take a minute or so.
    Please be patient.)


Next a screen appears that gives a choice of where to send the
report.


  PackHack Chronicle for  [filename]

  Send report to...

        1  Screen

        2  Printer

        3  File named [filename].rpt


If you are running PackHack for the first time, enter  '1', send
report to screen.

Display after entering '1':


  The PACKHACK Chronicle for file: [filename]   [size] bytes

  First Time/Date stamp:           [time and date stamp, 1st packet]

     Originating
         Station    Total   Packet Frame type:
       Call Sign  Packets   I       RR      UA      D     REJ

            etc.     etc.   etc.    etc.    etc.   etc.   etc.

    (you get a list of call signs, and the total number of frame types
     from each call sign.)


Choice  '2' sends the report to printer.  If there is a printer error,
PackHack prompts user to try again or exit.

Choice  '3' sends the report to a file in the current directory.  The
report file has the same name as the original capture buffer file,
but with the extension  '.RPT' added.  For example, if the capture
buffer file used with PackHack is named 'APR29145' then the report
file will be named 'APR29145.RPT'.

The PackHack Chronicle report format is the same for reports sent to
the screen, printer, or file.


Things that PackHack does to your computer:

PackHack makes one or two new files in the current directory.
The file named BUFFER is made every time PackHack is run, and
is used as a buffer for data crunching.  BUFFER is overwritten
every time PackHack runs, so it's OK to just pretend it doesn't
exist, or you can delete it to save disk space.

The other file named [filename].RPT is created when choice '3'
is made, 'Send report to file'.  This file only appears when
choice '3' is made.

PackHack runs best (fastest) on a fixed drive.


Special Request:

PackHack was written for use with TNC-II clones, specifically the
MFJ-1270B.  Other TNC types present the frame data in different
ways.  To make PackHack work with other types of TNC's, I need
capture buffer files from AEA, Kantronics, and other  TNC's.  I
solicit your files.  If you can supply me with capture buffer
files using Any TNC, I would happily pay the postage and disk
cost.  Please advise me via Compuserve, the packet network, or
mail, your TNC type and what files you have available.  I will
then send a disk, and stamped mailer, and make sure that you
receive the new PackHack versions.

This program was written in Borland Pascal.  If you would like
the source code, or a version that runs in protected mode, contact
me.  I hope that you find it useful.  Feedback please.

Distribution of this program is encouraged.

Bill Bradford   K7EA
c/o  Bradford
P.O. Box 701188
Salt Lake City, UT 84170-1188

Compuserve 73007,1523   Packet K7EA@WB7ULH.#SLC.USA.NOAM
      or   wbradford@delphi.com