Changeset 1511

Timestamp:

07/16/06 21:28:20 (2 years ago)

Author:

aturner

Message:

just commit what i've got so i can release
refs #30

Location:

trunk/docs

Files:

• FAQ.lyx (modified) (24 diffs)
• manual.lyx (modified) (67 diffs)

trunk/docs/FAQ.lyx

@@ -1 @@
-#LyX 1.3 created this file. For more info see http://www.lyx.org/
-\lyxformat 221
+#LyX 1.4.0 created this file. For more info see http://www.lyx.org/
+\lyxformat 245
+\begin_document
+\begin_header
 \textclass article
 \language english
@@ -7 +9 @@
 \graphics default
 \paperfontsize default
-\spacing single 
+\spacing single
 \papersize letterpaper
-\paperpackage a4
-\use_geometry 1
-\use_amsmath 0
-\use_natbib 0
-\use_numerical_citations 0
+\use_geometry true
+\use_amsmath 1
+\cite_engine basic
+\use_bibtopic false
 \paperorientation portrait
 \leftmargin 10mm
@@ -24 +25 @@
 \defskip medskip
 \quotes_language english
-\quotes_times 2
 \papercolumns 1
 \papersides 1
 \paperpagestyle default
-
-\layout Title
-
+\tracking_changes false
+\output_changes true
+\end_header
+
+\begin_body
+
+\begin_layout Title
 Tcpreplay 3.x FAQ
-\layout Author
-
+\end_layout
+
+\begin_layout Author
 Aaron Turner
-\newline 
+\newline
 http://tcpreplay.sourceforge.net/
-\layout Standard
-\pagebreak_top \pagebreak_bottom 
+\end_layout
+
+\begin_layout Standard
+
+\newpage
 
 \begin_inset LatexCommand \tableofcontents{}
 
-\end_inset 
-
-
-\layout Section
-
+\end_inset
+
+
+\newpage
+
+\end_layout
+
+\begin_layout Section
 General Info
-\layout Subsection
-
+\end_layout
+
+\begin_layout Subsection
 What is this FAQ for?
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 Tcpreplay is a suite of powerful tools, but with that power comes complexity.
  While I have done my best to write good man pages for tcpreplay and it's
@@ -60 +73 @@
  of use to people using tcpreplay, as well as common questions that occur
  on the Tcpreplay-Users <tcpreplay-users@lists.sourceforge.net> mailing list.
-\layout Subsection
-
+\end_layout
+
+\begin_layout Subsection
 What tools come with tcpreplay?
-\layout Itemize
-
+\end_layout
+
+\begin_layout Itemize
 tcpreplay - replay ethernet packets stored in a pcap file as they were captured
  
-\layout Itemize
-
+\end_layout
+
+\begin_layout Itemize
 tcprewrite - edit packets stored in a pcap file
-\layout Itemize
-
+\end_layout
+
+\begin_layout Itemize
 tcpprep - a pcap pre-processor for tcpreplay
-\layout Itemize
-
+\end_layout
+
+\begin_layout Itemize
 flowreplay
 \begin_inset Foot
-collapsed true
-
-\layout Standard
-
+status collapsed
+
+\begin_layout Standard
 Flowreplay is still 
 \begin_inset Quotes eld
-\end_inset 
+\end_inset
 
 alpha
 \begin_inset Quotes erd
-\end_inset 
+\end_inset
 
  quality and is not usable for most situations.
  Anyone interested in helping me develop flowreplay is encouraged to contact
  me.
-\end_inset 
+\end_layout
+
+\end_inset
 
  - connects to a server(s) and replays the client side of the connection
  stored in a pcap file
-\layout Subsection
-
+\end_layout
+
+\begin_layout Subsection
 What tools no longer come with Tcpreplay?
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 Recently, other people and projects have developed better versions of two
- applications that ship with tcpreplay 2.x:
-\layout Itemize
-
+ applications that shipped with tcpreplay 2.x:
+\end_layout
+
+\begin_layout Itemize
 pcapmerge - merges two or more pcap files into one.
  Ethereal now ships with a more powerful appliation called 'mergecap'.
-\layout Itemize
-
+\end_layout
+
+\begin_layout Itemize
 capinfo - displays basic information about a pcap file.
  Ethereal now ships with a more powerful application of the same name.
-\layout Subsection
-
+\end_layout
+
+\begin_layout Subsection
 How can I get tcpreplay's source?
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 The source code is available in tarball format on the tcpreplay homepage:
  
 \begin_inset LatexCommand \htmlurl{http://tcpreplay.sourceforge.net/}
 
-\end_inset 
+\end_inset
 
  I also encourage users familiar with Subversion to try checking out the
  latest code as it often has additional features and bugfixes not found
  in the tarballs.
-\layout Standard
-
-svn checkout https://www.synfin.net:444/svn/tcpreplay/trunk tcpreplay
-\layout Subsection
-
+\end_layout
+
+\begin_layout Standard
+svn checkout https://www.synfin.net/svn/tcpreplay/trunk tcpreplay
+\end_layout
+
+\begin_layout Subsection
 What requirements does tcpreplay have?
-\layout Enumerate
-
+\end_layout
+
+\begin_layout Enumerate
 You'll need recent versions of the libnet
 \begin_inset Foot
-collapsed true
-
-\layout Standard
-
+status collapsed
+
+\begin_layout Standard
 http://www.packetfactory.net/libnet/
-\end_inset 
+\end_layout
+
+\end_inset
 
  and libpcap
 \begin_inset Foot
-collapsed true
-
-\layout Standard
-
+status collapsed
+
+\begin_layout Standard
 http://www.tcpdump.org/
-\end_inset 
+\end_layout
+
+\end_inset
 
  libraries.
-\layout Enumerate
-
+\end_layout
+
+\begin_layout Enumerate
 To support the packet decoding feature you'll need tcpdump
 \begin_inset Foot
-collapsed true
-
-\layout Standard
-
+status collapsed
+
+\begin_layout Standard
 http://www.tcpdump.org/
-\end_inset 
+\end_layout
+
+\end_inset
 
  installed.
-\layout Enumerate
-
+\end_layout
+
+\begin_layout Enumerate
 You'll also need a compatible operating system.
  Basically, any UNIX-like or UNIX-based operating system should work.
@@ -171 +204 @@
  If you find any compatibility issues with any UNIX-like/based OS, please
  let me know.
-\layout Subsection
-
+\end_layout
+
+\begin_layout Subsection
 Are there binaries available?
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 The tcpreplay project does not maintain binaries for any platforms.
  However some operating systems such as Debian GNU/Linux (apt-get) and OS
  X (fink) have packages available.
  Try searching on Google.
-\layout Subsection
-
+\end_layout
+
+\begin_layout Subsection
 Is there a Microsoft Windows port?
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 Not really.
  We had one user port the code over for an old version of tcpreplay to Windows.
@@ -195 +232 @@
  Please understand that the Win32 port of tcpreplay comes with no support
  whatsoever, so if you run into a problem you're on your own.
-\layout Subsection
-
+\end_layout
+
+\begin_layout Subsection
 How is tcpreplay licensed?
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 Tcpreplay is licensed under a three clause BSD-style license.
  For details see the docs/LICENSE file included with the source code.
-\layout Subsection
-
+\end_layout
+
+\begin_layout Subsection
 What is tcpreplay?
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 In the simplest terms, tcpreplay is a tool to send network traffic stored
  in pcap format back onto the network; basically the exact opposite of tcpdump.
  Just to make things more confusing, tcpreplay is also a suite of tools:
  tcpreplay, tcpprep, tcprewrite and flowreplay.
-\layout Comment
-
+\end_layout
+
+\begin_layout Standard
+\begin_inset Note Comment
+status collapsed
+
+\begin_layout Standard
 What isn't tcpreplay?
-\layout Comment
-
+\end_layout
+
+\begin_layout Standard
 Tcpreplay is 
-\emph on 
+\emph on
 not
-\emph default 
+\emph default
  a tool to replay captured traffic to a server or client.
  Specifically, tcpreplay does not have the ability to rewrite IP addresses
@@ -226 +273 @@
  In other words, tcpreplay can't 
 \begin_inset Quotes eld
-\end_inset 
+\end_inset
 
 connect
 \begin_inset Quotes erd
-\end_inset 
+\end_inset
 
  to a server or be used to emulate a server and have clients connect to
  it.
  If you're looking for that, check out flowreplay.
-\layout Subsection
-
+\end_layout
+
+\end_inset
+
+
+\end_layout
+
+\begin_layout Subsection
 What are some uses for tcpreplay?
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 Originally, tcpreplay was written to test network intrusion detection systems
  (NIDS), however tcpreplay has been used to test firewalls, routers, and
@@ -245 +299 @@
  With the addition of flowreplay, most
 \begin_inset Foot
-collapsed true
-
-\layout Standard
-
+status collapsed
+
+\begin_layout Standard
 Note the flowreplay does not support protocols such as ftp which use multiple
  connections.
-\end_inset 
+\end_layout
+
+\end_inset
 
  any udp or tcp service on a server can be tested as well.
-\layout Subsection
-
+\end_layout
+
+\begin_layout Subsection
 What are some uses for flowreplay?
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 A lot of people wanted a tool like tcpreplay, but wanted to be able to replay
  traffic 
-\emph on 
+\emph on
 to
-\emph default 
+\emph default
  a server.
  Since tcpreplay was unable to do this, I developed flowreplay which replays
@@ -274 +331 @@
  doesn't work very well (some would argue it doesn't work at all) and is
  currently missing some important features.
-\layout Subsection
-
+ Feel free to try flowreplay, but unless you're willing and able to contribute,
+ don't bother complaining that it doesn't work.
+\end_layout
+
+\begin_layout Subsection
 What is the history of tcpreplay?
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 Tcpreplay has had quite a few authors over the past five or so years.
  One of the advantages of the BSD and GPL licenses is that if someone becomes
  unable or unwilling to continue development, anyone else can take over.
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 Originally, Matt Undy of Anzen Computing wrote tcpreplay.
  Matt released version 1.0.1 sometime in 1999.
  Sometime after that, Anzen Computing was (at least partially) purchased
  by NFR and development ceased.
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 Then in 2001, two people independently started work on tcpreplay: Matt Bing
- of NFR and Aaron Turner.
+ of NFR and Aaron Turner of OneSecure.
  After developing a series of patches (the -adt branch), Aaron attempted
  to send the patches in to be included in the main development tree.
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 After some discussion between Aaron and Matt Bing, they decided to continue
  development together.
  Since then, two major rewrites have occured, and more then thirty new features
  have been added, including the addition of a number of accessory tools.
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 Today, Aaron continues active development of the code.
-\layout Section
-
+\end_layout
+
+\begin_layout Section
 Bugs, Feature Requests, and Patches
-\layout Subsection
-
+\end_layout
+
+\begin_layout Subsection
 Where can I get help, report bugs or contact the developers?
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 The best place to get help or report a bug is the Tcpreplay-Users mailing
  list: 
-\newline 
+\newline
 
 \begin_inset LatexCommand \htmlurl{http://lists.sourceforge.net/lists/listinfo/tcpreplay-users}
 
-\end_inset 
-
-
-\layout Subsection
-
+\end_inset
+
+
+\end_layout
+
+\begin_layout Standard
+Please do not email the author directly as it prevents others from learning
+ from your questions.
+\end_layout
+
+\begin_layout Subsection
 What information should I provide when I report a bug?
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 One of the most frustrating things for any developer trying to help a user
  with a problem is not enough information.
  Please be sure to include 
-\emph on 
+\emph on
 at minimum
-\emph default 
+\emph default
  the following information, however any additional information you feel
  may be helpful will be appreciated.
-\layout Itemize
-
+\end_layout
+
+\begin_layout Itemize
 Version information (output of -V)
-\layout Itemize
-
+\end_layout
+
+\begin_layout Itemize
 Command line used (options and arguments)
-\layout Itemize
-
+\end_layout
+
+\begin_layout Itemize
 Platform (Red Hat Linux 9 on Intel, Solaris 7 on SPARC, etc)
-\layout Itemize
-
+\end_layout
+
+\begin_layout Itemize
 Error message (if available) and/or description of problem
-\layout Itemize
-
+\end_layout
+
+\begin_layout Itemize
 If possible, attach the pcap file used (compressed with bzip2 or gzip preferred)
-\layout Itemize
-
+\end_layout
+
+\begin_layout Itemize
 The core dump or backtrace if available
-\layout Subsection
-
+\end_layout
+
+\begin_layout Subsection
 I have a feature request, what should I do?
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 Let us know! Many of the features exist today because users like you asked
  for them.
- To make a feature request, you can either email the tcpreplay-users mailing
- list (see above) or fill out the feature request form on the tcpreplay
- SourceForge website.
-\layout Subsection
-
+ To make a feature request, email the tcpreplay-users mailing list (see
+ above).
+\end_layout
+
+\begin_layout Subsection
 I've written a patch for tcpreplay, how can I submit it?
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 I'm always willing to include new features or bug fixes submitted by users.
  You may email me directly or the tcpreplay-users mailing list.
  Please 
-\emph on 
+\emph on
 do not
-\emph default 
+\emph default
  use the Patch Tracker on the tcpreplay SourceForge web site.
  But before you start working on adding a feature or fixing a bug in tcpreplay,
@@ -378 +462 @@
  Patches against released versions are almost surely not going to apply
  cleanly if at all.
-\layout Subsection
-
+\end_layout
+
+\begin_layout Subsection
 Patch requirements
-\layout Itemize
-
+\end_layout
+
+\begin_layout Itemize
 Be aware that submitting a patch, 
-\emph on 
+\emph on
 you are assigning your copyright to me.
 
-\emph default 
+\emph default
  If this is not acceptable to you, then 
-\emph on 
+\emph on
 do not
-\emph default 
+\emph default
  send me the patch! I have people assign their copyright to me to help prevent
  licensing issues that may crop up in the future.
-\layout Itemize
-
+\end_layout
+
+\begin_layout Itemize
 Please provide a description of what your patch does!
-\layout Itemize
-
+\end_layout
+
+\begin_layout Itemize
 Comment your code! I won't use code I can't understand.
-\layout Itemize
-
+\end_layout
+
+\begin_layout Itemize
 Make sure you are patching a branch that is still being maintained.
  Generally that means that most recent stable and development branches (2.0
  and 3.0 at the time of this writing).
-\layout Itemize
-
+\end_layout
+
+\begin_layout Itemize
 Make sure you are patching against the most recent release for that branch.
-\layout Itemize
-
-Please submit your patch in the unified diff format so I can better understand
- what you're changing.
-\layout Itemize
-
+\end_layout
+
+\begin_layout Itemize
+Please submit your patch in the 
+\emph on
+unified diff 
+\emph default
+format so I can better understand what you're changing.
+\end_layout
+
+\begin_layout Itemize
 Please provide any relevant personal information you'd like listed in the
  CREDITS file.
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 Please note that while I'm always interested in patches, I may rewrite some
  or all of your submission to maintain a consistent coding style.
-\layout Section
-
+\end_layout
+
+\begin_layout Section
 Understanding tcpprep
-\layout Subsection
-
+\end_layout
+
+\begin_layout Subsection
 What is tcpprep?
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 Tcpreplay can send traffic out two network cards, however it requires the
  calculations be done in real-time.
  These calculations can be expensive and can significantly reduce the throughput
  of tcpreplay.
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 Tcpprep is a libpcap pre-processor for tcpreplay which enables using two
  network cards to send traffic without the performance hit of doing the
  calculations in real-time.
-\layout Subsection
-
+\end_layout
+
+\begin_layout Subsection
 How does tcpprep work? 
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 Tcpprep reads in a libpcap (tcpdump) formatted capture file and does some
  processing to generate a tcpreplay cache file.
@@ -447 +549 @@
  sent out of.
  
-\layout Subsection
-
+\end_layout
+
+\begin_layout Subsection
 Does tcpprep modify my libpcap file?
-\layout Standard
-
+\end_layout
+
+\begin_layout Standard
 No.