Complete Linux

home *** CD-ROM | disk | FTP | other *** search

/ Complete Linux / Complete Linux.iso / docs / system / network / manageme / gobview_.z / gobview_ / gobview / gobbler.asc < prev next >

Wrap

Text File | 1993-09-14 | 28.5 KB | 840 lines

The Gobbler A packet capturer for the BEHOLDER v 2.1 User's Guide ------------------------------------------------------------------------------- TABLE OF CONTENTS 1. INTRODUCTION 1.1 What is the Gobbler? 1.2 Outline of this manual 2. USING THE ONLINE GOBBLER PROGRAM 2.1 Starting and ending the online Gobbler 2.2 The Packet Capturer 2.2.1 The Show-action 2.2.2 The Start-action 2.2.2.1 Setting the maximum packet dumpfile size 2.2.2.2 Setting the maximum number of packets 2.2.2.3 Setting the maximum runtime 2.2.2.4 Setting the packet dumpfile name 2.2.2.5 Setting the filters 2.2.3 The Stop-action 2.2.4 The Hide-action 2.2.5 The Reset-action 2.2.6 The Update-action 2.3 The filters 2.3.1 The filter criteria 2.3.2 Manipulating the filters 2.3.2.1 Read filter file 2.3.2.2 Write filter file 2.3.2.3 Positive/negative packet/start/stop filter 2.3.2.3.1 Adding a filter 2.3.2.3.2 Editing a filter 2.3.2.3.3 Deleting a filter 2.4 The Dumpfile Viewer 2.4.1 The Start-action 2.4.1.1 Viewing the packet dumpfile 2.4.1.2 Selecting the packet dumpfile 2.4.2 The Stop-action 2.5 The format of the packet dumpfile 2.6 The format of the filter file 3. THE DP.INI FILE 3.1 Introduction 3.2 The HDRTYPE definitions 3.3 The HDRADDR definitions 4. THE RDUNIX-UTILITY 4.1 Introduction 4.2 The rdunix output format 5. HISTORY ------------------------------------------------------------------------------- 1. INTRODUCTION 1.1 What is the Gobbler? The Gobbler is a standalone BEHOLDER application for capturing Ethernet packets and writing them to a packet dumpfile with filtering possibilities. 1.2 Outline of this manual This manual has the following outline: Chapter one is this introduction. Chapter two describes the use of the online Gobbler program: the Packet Capturer, the filters, the Dumpfile Viewer, the dumpfile format and the filter file format. Chapter three descibes the layout of the DP.INI file as far as the Gobbler is involved. Chapter four describes a simple utility for viewing the packet dumpfile under UNIX. Chapter five gives the history of the Gobbler. ------------------------------------------------------------------------------- 2. USING THE ONLINE GOBBLER PROGRAM 2.1 Starting and ending the online Gobbler The online Gobbler program can be started by typing "gobbler" at the MS-DOS prompt. C:\>gobbler To get the Apps menu you have to push <ESC>. This menu contains three entries: PktCapt FileView Quit To start the Packet Capturer you select "PktCapt", for the Dumpfile Viewer you choose "FileView" and to end the Gobbler program you select "Quit". Please note that the Gobbler requires the lines: [PKTCAPT] StartMask = 0 to be present in your BEHOLDER.INI file. 2.2 The Packet Capturer To start the Packet Capturer you choose "PktCapt" in the Apps menu. After this you get the Action menu containing six entries: Show Start Stop Hide Reset Update The result of choosing these entries will be discussed in the next paragraphs. Pressing <ESC> returns you to the Apps menu. The Packet Capturer has a status window (named Capture Status) in the upper right corner of your screen. It shows the packet dumpfile name, the current and maximum packet dumpfile size, the current and maximum runtime, the current and maximum number of captured packets, the number of the different types of filters and the total number of received and missed packets (from the Ethernet card) during this capturing. 2.2.1 The Show-action Selecting "Show" in the Action menu pops a window in the upper left half of your screen where the source address, the destination address and the protocol type of the captured packets are displayed. The addresses are displayed in the form "xx:xx:xx:xx:xx:xx", the protocol is displayed formatted "xxxx", where x is a hexadecimal digit. However, this window is updated in freetime, so if the Packet Capturer is very busy you may not see all the captured packets. See also "Hide-action" and "Update-action". 2.2.2 The Start-action Selecting "Start" in the Action menu pops the Capture menu, which allows you to set several Packet Capture parameters and also to set the filters. The Capture menu has five entries: Max. dumpfile size Max. number of packets Max. runtime Dumpfile name Filters Each of these entries is described in turn in the next paragraphs. If you push <ESC> the Capture menu disappears and the capturing starts. See also "Stop-action" and "Reset-action". 2.2.2.1 Setting the maximum packet dumpfile size Selecting "Max. dumpfile size" in the Capture menu allows you to set the maximum size (in bytes) of the packet dumpfile. The default is 10Kb. The capturing stops automatically if adding the next packet would make the packet dumpfile larger than this limit. 2.2.2.2 Setting the maximum number of packets Selecting "Max. number of packets" in the Capture menu allows you to set the maximum number of packets this capturing may catch. The default is 100 packets. The capturing stops automatically if the number of captured packets exceeds this limit. 2.2.2.3 Setting the maximum runtime Selecting "Max. runtime" in the Capture menu allows you to set the maximum runtime (in seconds) for this capturing. The default is 100 seconds. The capturing stops automatically if the runtime exceeds this limit. 2.2.2.4 Setting the packet dumpfile name Selecting "Dumfile name" in the Capture menu allows you to set the name of the packet dumpfile. The default is "PKTCAPT.DMP". 2.2.2.5 Setting the filters See "Manipulating the filters". 2.2.3 The Stop-action Selecting "Stop" in the Action menu stops the capturing and closes the packet dumpfile. The capturing stops automatically if one of the limits (maximum dumpfile size, maximum number of captured packets or maximum runtime) is exceeded, but the Stop-action allows you to stop the capturing by hand. It is not necessary to perform the Stop-action when the capturing has stopped by itself. Please note that the Stop-action does not change the values for the maximum dumpfile size, the maximum number of packets, the maximum runtime and the dumpfile name! See also "Start-action" and "Reset-action". 2.2.4 The Hide-action Selecting "Hide" in the Action menu hides the window in the upper left half of your screen where the source address, the destination address and the protocol type of the captured packets are displayed. See also "Show-action" and "Update- action". 2.2.5 The Reset-action Selecting "Reset" in the Action menu resets the maximum dumpfile size, the maximum number of packets, the maximum runtime and the dumpfile name to their default values (resp. 10Kb, 100, 100 and PKTCAPT.DMP) and resets the Capture Status window. Please note that the Reset-action does not dispose the filters (yet)!!! See also "Start-action" and "Stop-action". 2.2.6 The Update-action Selecting "Update" in the Action menu gives the Packet Capturer forced freetime, so it may update the window where the source address, the destination address and the protocol type of the captured packets are displayed (if it isn't hidden). See also "Show-action" and "Hide-action". 2.3 The filters There are six type of filters to be used with the Packet Capturer: Positive packet filters, Negative packet filters, Positive start filters, Negative start filters, Positive stop filters, Negative stop filters. Positive filters contain criteria a packet has to conform to to pass the filter, negative filters contain criteria a packet has to conform to to be rejected by the filter. A packet is accepted if het passes ONE of the positive filters and ALL the negative filters (i.e. is not rejected by one of the negative filters). So if a positive filter fi consists of criteria fi1...fik and a negative filter gi contists of criteria gi1...gik and the packets are tested on equalness to the criteria then: A(packet) = (f1 || f2 || ... || fn) && (!g1 && !g2 && ... && !gm) = P(f1, f2, ..., fn) && !N(g1, g2, ..., gm) where P(f1, f2, ..., fn) = f1 || f2 || ... || fn and N(g1, g2, ..., gm) = g1 || g2 || ... || gm where fi = (fi1 && fi2 && ... && fik) and gi = (gi1 && gi2 && ... && gik) The packet filters control which packets are let through to the Packet Capturer, while the start and stop filters trigger the starting and stopping of letting the packets through respectively. Please note that the start and stop filters do not start or stop the capturing itself. As long as no packet has passed the start filters, no packet is let through to the Packet Capturer. After a packet has passed the start filters, packets that pass the packet filters are let through to the Packet Capturer until a packet passes the stop filters. After this no packets are let through to the Packet Capturer anymore until another packet passes the start filters. 2.3.1 The filter criteria There are six criteria a packet can be checked for: 1. Destination address 2. Source address 3. Protocol type 4. Contents, consisting of a. the contents itself and b. an offset for the contents from the beginning of the packet 5. Device number 6. Packet size (interval), given by a. a lower limit for the packet length and b. an upper limit for the packet length The filters have a status window (named Filter Status) in the lower half of your screen. Of the first nine filters the type (Ty*), the number of the filter in the type list (#) and the setting for the destination address (DestAddress), the source address (SrcAddress), the protocol type (Protoco), the contents offset (Offs), the first ten bytes of the contents (Contents), the device number (D), the lower (Len>) and upper (Len<) limit for the packet size are displayed. Fields for criteria which are not set are left blank. * +P stands for positive packet filter -P stands for negative packet filter +B stands for positive start ("begin") filter -B stands for negative start ("begin") filter +E stands for positive stop ("end") filter -E stands for negative stop ("end") filter 2.3.2 Manipulating the filters Selecting "Filters" in the Capture menu pops the Filters menu, which allows you to perform various actions on the filters. The Filters menu has eight entries: Read filter file Write filter file Positive packet filters Negative packet filters Positive start filters Negative start filters Positive stop filters Negative stop filters 2.3.2.1 Read filter file To read a filter configuration from file choose "Read filter file" in the Filters menu. You are first presented with a Filter file window allowing you to select the filter file. The default filemask is "<current directory>\*.FIL", but you can either give another filemask or give the filename directly. If you supply a filemask, a Select File menu is opened and you can select a file by using the Up and Down arrow keys (or the PgUp and PgDn keys) and giving <ENTER>. If the opening of the file succeeds the filter configuration is read in. See "The format of the filter file". 2.3.2.2 Write filter file To write the current filter configuration to file choose "Write filter file" in the Filters menu. You are first presented with a Filter file window allowing you to give the name of the filter file. If the opening of the file succeeds the current filter configuration is written to this file. See "The format of the filter file". 2.3.2.3 Positive/negative packet/start/stop filter Each of these entries in the Filters menu pops a menu containing three entries: Add filter Edit filter Delete filter Each of these actions is described in the next paragraphs. 2.3.2.3.1 Adding a filter If you select "Add filter" a filter of the previously selected type is added to the type list and you automatically get the Edit filter window for editing this newly added filter. Since there is no limit on the number of filters per type (other than memory space), it is possible to create filters with filter numbers higher than 9. You can edit these filters directly after they have been created, but please note that you can't edit them anymore through "Edit filter" and you can't delete them through "Delete filter" unless you have deleted filters with a lower filter number first. See "Editing a filter" and "Deleting a filter". 2.3.2.3.2 Editing a filter If you select "Edit filter" you are asked for a filter number in the range 1 to 9. Because the program reacts on the first key you press, the largest filter number per type is limited to 9. After entering the filter number you are presented with the Edit filter window which allows you to set or alter the filter's destination address, source address, protocol type, contents and contents offset, device number, and packet size lower and upper limit. Criteria which are not set are left blank. If you set or alter the source or destination address you are provided with a Host names menu containing the hostnames from the DP.INI file (see "The DP.INI file"). If you select one of these hostnames the source or destination address is set to the corresponding Ethernet address. On top of the menu is an entry called "Self define". If you select this one, you can enter the Ethernet address yourself, formatted "xx:xx:xx:xx:xx:xx", where x is an hexadecimal digit. If for some reason the Host names menu cannot be created (memory shortage), you can always enter the source or destination adress in this way. If you set or alter the protocol type you are provided with a Protocols menu containing the protocol names from the DP.INI file (see "The DP.INI file"). If you select one of these protocol names the protocol type is set to the corresponding protocol number. On top of the menu is an entry called "Self define". If you select this one, you can enter the protocol number yourself, formatted "xxxx", where x is an hexadecimal digit. If for some reason the Protocols menu cannot be created (memory shortage), you can always enter the protocol in this way. 2.3.2.3.3 Deleting a filter If you select "Delete filter" you are asked for a filter number in the range 1 to 9. Because the program reacts on the first key you press, the largest filter number per type is limited to 9. If you delete a filter, the filter number of the next filters in the type list is decreased by one. 2.4 The Dumpfile Viewer To start the Dumpfile Viewer you choose "FileView" in the Apps menu. After this you get the Action menu containing six entries: Show Start Stop Hide Reset Update Only the Start- and Stop-action are implemented within the Dumpfile Viewer, other actions have no effect. The result of choosing these two entries will be discussed in the next paragraphs. Pressing <ESC> returns you to the Apps menu. 2.4.1 The Start-action Selecting "Start" in the Action menu pops the Fileview menu, which contains two entries: View Dumpfile These entries is described in turn in the next paragraphs. From here on the Dumpfile Viewer works exactly like the former standalone program NETVIEW, only the packet number is now also displayed at the beginning of each line of the Frame window. See also "Stop-action". 2.4.1.1 Viewing the packet dumpfile Selecting "View" in the Fileview menu starts the viewing of the packet dumpfile. If you haven't explicitly selected a packet dumpfile (see "Selecting the packet dumpfile"), the default Packet Capture dumpfile PKTCAPT.DMP is taken. "View" opens a screen sized Frame window with a list of the packets in the dumpfile, one per line. At the bottom of the Frame window the packet dumpfile name and its creation date and time are shown. Pressing <ESC> returns you to the Fileview menu. Of each packet the packet number, the timestamp since the start of the capturing (uS), the source address (Source), the destination address (Dest), the protocol type (Type), the packet length in bytes (Len) and some info (Info) are displayed. You can browse through the list using the Up and Down arrow keys and the PgUp and PgDn keys. If you select one of the packets by pressing <ENTER>, the packet's data (in hexadecimal and ASCII dump) and, if it's a TCP/IP packet, also its IP datagram header are shown. You can browse through the data using the Up and Down arrow keys and the PgUp and PgDn keys. Pressing <ESC> returns you to the Frame window. 2.4.1.2 Selecting the packet dumpfile Choosing "Dumpfile" in the Fileview menu allows you to select the packet dumpfile. The default filemask is "<current directory>\*.DMP", but you can either give another filemask or give the filename directly. If you supply a filemask, a Select File menu is opened and you can select a file by using the Up and Down arrow keys (or the PgUp and PgDn keys) and giving <ENTER>. 2.4.2 The Stop-action Selecting "Stop" in the Action menu stops the Dumpfile Viewer. You have to perform the Stop-action before you can perform the Start-action again. See also "Start-action". 2.5 The format of the packet dumpfile The format of the packet dumpfile is as follows: First 4 "records" containing some info about the dumpfile itself: 1) a dumpfile header record ("FRAME dumpfile") of 18 bytes; 2) a version number record ("v1.00") of 9 bytes; 3) a hdrinfo record of 15 bytes, containing the integer values (2 bytes) of DPHDRINFO *hdrinfo (DestOff= 00 00 =0, SrcOff= 06 00 =6, TypOff= 0c 00 =12, DatOff= 0e 00 =14, AddrLen= 06 00 =6, TypLen= 02 00=2); 4) a timestamp record of 21 bytes, formatted "mm/dd/yy hh:mm:ss", and then the packet frame records. All records start with a 1-byte tag: 0xfe = REC_HEADER for record "dumpfile header" 0xfd = REC_VERSION for record "version" 0xfc = REC_HDRINFO for record "hdrinfo" 0xfb = REC_TIMESTAMP for record "timestamp" 0xf8 = REC_FRAME for record "packet-frame", followed by two bytes indicating the total record length (in bytes): 12 00 = 18 for record "dumpfile header" 09 00 = 9 for record "version" 0f 00 = 15 for record "hdrinfo" 15 00 = 21 for record "timestamp", i.e. including the tag and the two length-bytes. The packet frame records first start (after the tag-byte and 2 length-bytes) with 18 bytes for the DPBUF-structure: 2 bytes for int Dev, 4 bytes for unsigned long ClockMs, 2 bytes for unsigned Status, 2 bytes for unsigned Size, 4 bytes for BYTE *pBuf en 4 bytes for struct _DPBUF *pNext. Next is the Ethernet packet itself. The Ethernet packet starts with a 6-bytes destination address, followed by a 6-bytes source address, a 2-bytes protocol type and then the data. Next is an example of a packet dumpfile with 1 packet frame record. 0000: fe 12 00 46 52 41 4d 45 20 64 75 6d 70 66 69 6c "...FRAME dumpfil" ^ dumpfile header record 0010: 65 00 fd 09 00 76 31 2e 30 30 00 fc 0f 00 00 00 "e....v1.00......" ^ ^ version record ^ ^ hdrinfo 0020: 06 00 0c 00 0e 00 06 00 02 00 fb 15 00 30 31 2f ".............01/" record ^ ^ timestamp 0030: 30 35 2f 39 31 20 31 35 3a 33 31 3a 33 38 00 f8 "05/91 15:31:38.." record ^ ^ 0040: 68 00 00 00 27 34 1f 00 00 00 53 00 98 1b b2 40 "h...'4....S....@" | Dev | ClockMs |Stat.|Size | pBuf | 0050: 00 00 00 00 00 00 c0 62 73 12 00 00 c0 44 34 1c ".......bs....D4." | pNext | dest. address | src. address | 0060: 08 00 45 00 00 45 6d b8 00 00 1e 11 08 4d 82 a1 "..E..Em......M.." |p.typ| data 0070: 90 ab 82 a1 90 b5 04 0c 00 a1 00 31 98 9f 30 27 "...........1..0'" data 0080: 02 01 00 04 09 6b 65 72 73 74 73 68 6f 77 a0 17 ".....kerstshow.." data 0090: 02 02 07 fb 02 01 00 02 01 00 30 0b 30 09 06 05 "..........0.0..." data 00a0: 2a 03 04 05 03 05 00 "*..... data ^| 2.6 The format of the filter file The filter should have the following layout: First two characters indicating the filter type: "+P" for a positive packet filter "-P" for a negative packet filter "+B" for a positive start ("begin") filter "-B" for a negative start ("begin") filter "+E" for a positive stop ("end") filter "-E" for a negative stop ("end") filter and then the filter's criteria. The following filter criteria are optional and can be given in any order, but all filter criteria of the same filter should be on the same line, following the filter type. Destination address: A tag "D", followed by the Ethernet address formatted "xx:xx:xx:xx:xx:xx", where x is a hexadecimal digit. Source address: A tag "S", followed by the Ethernet address formatted "xx:xx:xx:xx:xx:xx", where x is a hexadecimal digit. Protocol type: A tag "P", followed by the protocol number formatted "xxxx", where x is a hexadecimal digit. Contents: A tag "C", followed by the contents formatted "xxxx...xx", where x is a hexadecimal digit. contents Offset: A tag "O", followed by the contents offset (integer) from the beginning of the packet. device Number: A tag "N", followed by the device number (integer). packet length Lower limit: A tag "L", followed by the packet size lower limit (integer). packet length Upper limit: A tag "U", followed by the packet size upper limit (integer). Next is an example of a filter file with 1 positive packet filter with the destination address set to Ethernet address 08:00:20:09:b3:92, the source address to Ethernet address 00:00:c0:44:34:1c, the protocol type to 0800 (IP), the contents to 2bdced at offset 17, the device number to 0, and the packet size between 60 and 1500; and 1 negative start filter with the protocol type set to 8035 (RARP). +P D08:00:20:09:b3:92 S00:00:c0:44:34:1c P0800 C2bdced O17 N0 L60 U1500 -B P8035 ------------------------------------------------------------------------------- 3. THE DP.INI FILE 3.1 Introduction The DP.INI file is a file containing several definitions for BEHOLDER applications, also for the Packet Capturer and the Dumpfile Viewer. For the Packet Capturer only the HDRTYPE and the HDRADDR definitions are of interest and will be discussed in the next paragraphs. 3.2 The HDRTYPE definitions The HDRTYPE definitions contain the (key, description)-pairs for the protocol names and their corresponding protocol numbers. The HDRTYPE definition should start with the line: DEFINE HDRTYPE 2 7 HEX The "2" says the key (the protocol number) is 2 bytes long, the "7" that the description (the protocol name) may be up to 7 characters long, and the "HEX" that the key should be taken hexadecimal. After this the (key, description)- pairs for the protocols follow in the form: HDRTYPE 0xhh 0xhh ccccccc # Comment where h is an hexadecimal digit, and c a character. Following is an example for the definition of the ARP-protocol with protocol number 806. DEFINE HDRTYPE 2 7 HEX HDRTYPE 0x80 0x06 ARP # Adress resolution 3.3 The HDRADDR definitions The HDRTYPE definitions contain the (key, description)-pairs for the hostnames and their corresponding Ethernet addresses. The HDRADDR definition should start with the line: DEFINE HDRADRR 6 13 HEX The "6" says the key (the Ethernet address) is 6 bytes long, the "13" that the description (the host name) may be up to 13 characters long, and the "HEX" that the key should be taken hexadecimal. After this the (key, description)- pairs for the hostnames follow in the form: HDRADRR 0xhh 0xhh 0xhh 0xhh 0xhh 0xhh ccccccccccccc # Comment where h is an hexadecimal digit, and c a character. Following is an example for the definition of the host dutepp0 with Ethernet address 08:00:20:09:b3:92. DEFINE HDRADRR 6 13 HEX HDRADRR 0x80 0x00 0x20 0x09 0xb3 0x92 dutepp0 # My host name ------------------------------------------------------------------------------- 4. THE RDUNIX-UTILITY 4.1 Introduction With Gobbler distribution comes the source for the rdunix program, which should be compiled with gcc. The rdunix program is a simple packet dumpfile viewer to work under UNIX. The program is called with %rdunix [dumpfile name] If you leave out the dumpfile name, the file "netcapt.dmp" is read. BEWARE: This program only works if the dumpfile is EXACTLY the same as under DOS, so transfer the packet dumpfile from DOS to UNIX in BINARY mode!!!!!!! Check the file length under both DOS and UNIX to be sure. The program reads the packet frame length info from the dumpfile itself (see "The format of the packet dumpfile"), and if the packet frame becomes smaller because the LF-bytes are left out.... 4.2 The rdunix output format Following is an example of the rdunix output format. FRAME #1 Frame length = 185 Logic device # = 0 Timestamp (in us): 566:672:591 Status 0 Packet length (in bytes) = 164 Destination address: 08:00:20:09:6b:39 Source address: aa:00:04:00:6b:74 Protocol type: 0800 Data: 45 00 00 96 28 67 00 00 1e 11 4d 56 82 a1 90 99 E...(g....MV.... 82 a1 90 be 00 35 09 fa 00 82 66 6f 00 01 85 80 .....5....fo.... 00 01 00 00 00 00 00 01 03 73 75 6e 03 73 6f 65 .........sun.soe 08 63 6c 61 72 63 73 6f 6e 03 65 64 75 02 65 74 .clarcson.edu.et 07 74 75 64 65 6c 66 74 02 6e 6c 00 00 01 00 01 .tudelft.nl..... 02 65 74 07 74 75 64 65 6c 66 74 02 6e 6c 00 00 .et.tudelft.nl.. 06 00 01 00 01 42 b4 00 2d 05 64 6f 6e 61 75 c0 .....B..-.donau. 34 0e 6e 73 2d 6d 61 69 6e 74 61 69 6e 65 72 73 4.ns-maintainers c0 4d 00 00 00 37 00 00 2a 30 00 00 0e 10 00 09 .M...7..*0...... 3a 80 00 01 51 80 :...Q. FRAME #2 Frame length = 172 Logic device # = 0 Timestamp (in us): 566:679:191 Status 0 Packet length (in bytes) = 151 Destination address: 08:00:20:09:6b:39 Source address: aa:00:04:00:6b:74 Protocol type: 0800 Data: 45 00 00 89 28 68 00 00 1e 11 4d 62 82 a1 90 99 E...(h....Mb.... 82 a1 90 be 00 35 09 fb 00 75 1b 09 00 02 85 80 .....5...u...... 00 01 00 00 00 00 00 01 03 73 75 6e 03 73 6f 65 .........sun.soe 08 63 6c 61 72 63 73 6f 6e 03 65 64 75 07 74 75 .clarcson.edu.tu 64 65 6c 66 74 02 6e 6c 00 00 01 00 01 07 74 75 delft.nl......tu 64 65 6c 66 74 02 6e 6c 00 00 06 00 01 00 01 2d delft.nl.......- 91 00 26 06 64 75 74 72 75 6e c0 31 06 64 6e 73 ..&.dutrun.1.dns 6d 67 72 c0 47 00 04 94 14 00 00 70 80 00 00 38 mgr.G......p...8 40 00 09 3a 80 00 01 51 80 @..:...Q. ------------------------------------------------------------------------------- 5. HISTORY Gobbler history: Version 1.0 (10/04/91) by Tirza van Rijn: Made available for anonymous ftp on Friday, October 4th, 1991. Version 1.1 (10/08/91) by Tirza van Rijn: Fixed "printf statements in DPUINI.C" bug, which caused problems on certain screen types. Made available for anonymous ftp on Wednesday, October 9th, 1991. Version 2.0 (10/22/91) by Tirza van Rijn: Added display for total received packets and missed packets in Capture Status window of the Packet Capturer. Added packet number to Frame window of the Dumpfile Viewer. Fixed "on Reset dumpfile name not cleared" bug in the Capture Status window of the Packet Capturer. Added file interface (reading filter configuration from file and writing current filter configuration to file) to the filters. Made available for anonymous ftp on Friday, October 25th, 1991. Version 2.1 (12/16/91) by Tirza van Rijn: Fixed bug "on Stop number of received packets and runtime not reset". Improved TCP header analysis in the Dumpfile Viewer. Made available for anonymous ftp on Friday, December 20th, 1991.