CRAWDAD tools/analyze/pcap/WScout (v. 2007-09-25)

WScout, lightweight PCAP file visualizer.WScout provides a PCAP traces visualizer that is able to work with huge traces (>10 GiB). Its goals are speed and low memory requirements. Despite its design being protocol-agnostic, it currently handles only Prism and IEEE 802.11 headers, hence its name.Lastmodified :2007-11-16Dataname :tools/analyze/pcap/WScoutFile :wscout-1.1.tar.gzReleasedate :2007-09-25Equiversion :v1.1Change :* WScout 1.1 is released! - Middle clicking when the window system's clipboard has numerical content now go to the corresponding frame (e.g. Copying "42" into the clipboard then middle clicking inside WScout goes to packet #42). As a side effect, only left clicks select packets (middle clicks used to select packets before). - Duplicating windows does not re-build file indexes anymore. This allows significant performance improvements on window duplication. - Bugfix: opening an empty trace does not result in a failed assertion. - The default filtering command becomes sh -c "tshark -q -i- < '%1' -w '%2' -R '%3'" So tshark will not complain when asked to filter big (> 2GiB) files. But of course, this implies your system must provide `sh'. Although no big deal with UNIX systems (GNU/Linux, BSD, Mac OS X) I do not know what this will give with MS Windows... - The filter dialog is no more a modal window.References :The WScout websiteWebsite :http://wscout.lip6.frKeyword :802.11 802.11 frames packet trace tcpdumpLicense :Copyright© 2007 Université Pierre et Marie Curi- Paris 6 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. See the GNU General Public License for more details.Support :1. We are not aware of any bug in WScout. That is why reporting unknown bugs to the package's maintainers (thomas.claveirole@lip6.fr) is so important! :-D 2. If you have found a bug, please Report it to the package's maintainers (thomas.claveirole@lip6.fr). 3. If you would really love having feature X implemented, then, implement it! ;-) More seriously, unless this is a ridiculously simple feature to implement, this is unlikely we will do it for you. But giving feedback to the package's maintainers (thomas.claveirole@lip6.fr) about the features you want is important. So we know if important features are missing. 3. If you want to contribute to WScout and implement some features, have a look at doc/HACKING. Again, contact the package's maintainers (thomas.claveirole@lip6.fr) so they can help you implement new features. 4. If you have any question, please email the package's maintainers (thomas.claveirole@lip6.fr).Build :1. What are WScout's requirements? WScout needs: - A standard compliant C++ compiler. WScout's developers use GCC. - GNU make. Or any other make that supports pattern rules using '%'. - The Boost C++ libraries (http://www.boost.org/). More specifically: date_time, foreach, format, conversion/lexical_cast, optional, smart_ptr, tokenizer. - Trolltech's Qt library (http://trolltech.com/products/qt/), at least version 4.3. You will also need some tools provided with this library: the Meta-Object Compiler (moc) and the Resource Compiler (rcc). On some systems (e.g. Debian GNU/Linux) they are provided in separate packages. 2. How do I install WScout? WScout's packaging follows the GNU conventions. An installation documentation is provided in the INSTALL file in the package's root directory. However, with a standard system, the following commands should do the trick: --- mkdir _build cd _build ../configure make make install make check --- On some systems, you might have to customize the configure script's invocation. E.g. --- mkdir _build cd _build ../configure CPPFLAGS=-I/usr/include/qt4 make make install make check --- 3. Why does WScout's configure check for the libpcap and GMP? Actually WScout's configure does not check that. But WScout might embed a package called trace-tools, which configure script check for libpcap and GMP. However, these are optionals, and the build should be fine despite you might be missing these packages. 4. configure complains it did not find library X? Either library X is not installed on your system, either your system is not properly configured, so the library cannot be found. You may use the CPPFLAGS and LDFLAGS variables to correct this behavior. E.g., run --- ./configure CPPFLAGS=-I/custom/path/include/qt4 LDFLAGS=-L/custom/path/lib --- As an example, on my system (Debian GNU/Linux), I invoke --- ./configure CPPFLAGS=-I/usr/include/qt4 --- 5. configure complains it found library X's headers, but is unable to link? Most probably library X is installed but its binaries are in a non-standard place. Use the LDFLAGS variable as described previously. 6. configure complains library X's headers are unusable, despite successful linking? Most probably library X is installed but its headers are in a non-standard place. Use the CPPFLAGS variable as described previously.Output :Please see sample screenshots at http://wscout.lip6.fr/overview.htmlUsage :Basically, WScout provides a multiple tabbed window to visualize PCAP traces. WScout is able to open very large files. These might take a few dozen seconds to load, but WScout will not demand much CPU and memory resources. WScout is also able to handle PCAP traces with no Prism header. You may process your traces with external programs in order to filter them. Finally, WScout also enables browsing using multiple windows.Example :Please see sample screenshots at http://wscout.lip6.fr/overview.html

WScout，一款轻量级的PCAP文件可视化工具。WScout能够处理庞大的追踪数据（>10 GiB），其设计宗旨在于速度与低内存需求。尽管其架构协议无关，目前仅支持Prism和IEEE 802.11头部信息，故得名。最后修改日期：2007-11-16，数据集名称：tools/analyze/pcap/WScout，文件：wscout-1.1.tar.gz，发布日期：2007-09-25，等效版本：v1.1，变更记录：* WScout 1.1版本发布！当窗口系统的剪贴板含有数字内容时，现在通过中间点击直接跳转到对应帧（例如，将'42'复制到剪贴板后，在WScout内部进行中间点击将跳转到数据包#42）。作为副作用，仅左键点击可选中数据包（之前使用中间点击进行数据包选择）。重复窗口创建不再重新构建文件索引，这显著提升了窗口重复创建的性能。修复了bug：打开空追踪文件不会导致断言失败。默认的过滤命令变为sh -c "tshark -q -i- < '%1' -w '%2' -R '%3'"，因此当请求过滤大型文件（>2GiB）时，tshark不会报错。但这当然意味着您的系统必须提供`sh`。虽然对于UNIX系统（GNU/Linux、BSD、Mac OS X）来说这并非大问题，但在MS Windows上可能不尽然。过滤器对话框不再是模态窗口。参考资料：WScout网站，网址：http://wscout.lip6.fr/，关键词：802.11、802.11帧、数据包追踪、tcpdump，许可：版权© 2007 Université Pierre et Marie Curi-Paris 6。本程序为免费软件；您可以根据自由软件基金会发布的GNU通用公共许可证的条款重新分发和/或修改它；许可证版本可以是2，或者（根据您的选择）任何更新的版本。本程序以希望它将被证明是有用的目的进行分发，但没有任何保证；甚至不包括适销性或特定用途适用性的暗示保证。有关详细信息，请参阅GNU通用公共许可证。支持：1. 我们并未发现WScout中的任何bug。因此，向软件包维护者（thomas.claveirole@lip6.fr）报告未知bug至关重要！:-D 2. 如果您发现了bug，请向软件包维护者（thomas.claveirole@lip6.fr）报告。3. 如果您真的希望实现功能X，那么，请自行实现它！；-) 但更为严肃的是，除非这是一个极其简单的功能，否则我们不太可能为您实现它。但向软件包维护者（thomas.claveirole@lip6.fr）提供您希望实现的功能的反馈非常重要。这样我们才能了解是否缺少重要功能。3. 如果您希望为WScout做出贡献并实现一些功能，请查阅doc/HACKING。再次，请联系软件包维护者（thomas.claveirole@lip6.fr）以获得帮助实现新功能。4. 如果您有任何疑问，请通过电子邮件联系软件包维护者（thomas.claveirole@lip6.fr）。构建：1. WScout的需求是什么？WScout需要：- 一个符合标准规范的C++编译器。WScout的开发者使用GCC。- GNU make。或任何支持使用'%'的模式规则的make。- Boost C++库（http://www.boost.org/）。具体来说：date_time、foreach、format、conversion/lexical_cast、optional、smart_ptr、tokenizer。- Trolltech的Qt库（http://trolltech.com/products/qt/），至少版本4.3。您还需要一些该库提供的工具：元对象编译器（moc）和资源编译器（rcc）。在某些系统（例如Debian GNU/Linux）中，它们包含在单独的软件包中。- 如何安装WScout？WScout的打包遵循GNU约定。安装文档包含在软件包根目录下的INSTALL文件中。但是，对于标准系统，以下命令应该可以解决问题：--- mkdir _build cd _build ../configure make make install make check --- 在某些系统上，您可能需要自定义configure脚本的调用。例如：--- mkdir _build cd _build ../configure CPPFLAGS=-I/usr/include/qt4 make make install make check ---- 为什么WScout的configure检查libpcap和GMP？实际上，WScout的configure并没有检查这一点。但WScout可能嵌入了一个名为trace-tools的包，其configure脚本检查libpcap和GMP。然而，这些是可选的，即使缺少这些包，构建过程也应该正常进行。- configure报错找不到库X？要么库X未安装到您的系统上，要么您的系统配置不当，导致库无法找到。您可以使用CPPFLAGS和LDFLAGS变量来纠正此行为。例如，运行--- ./configure CPPFLAGS=-I/custom/path/include/qt4 LDFLAGS=-L/custom/path/lib --- 作为示例，在我的系统（Debian GNU/Linux）上，我调用--- ./configure CPPFLAGS=-I/usr/include/qt4 ---- configure报错找到了库X的头部，但无法链接？很可能是库X已安装，但其二进制文件位于非标准位置。使用前面描述的LDFLAGS变量。- configure报错库X的头部不可用，尽管链接成功？很可能是库X已安装，但其头部位于非标准位置。使用前面描述的CPPFLAGS变量。- 请参阅http://wscout.lip6.fr/overview.html以查看示例截图。- 使用说明：基本上，WScout提供了一个多标签窗口来可视化PCAP追踪。WScout能够打开非常大的文件。这些文件可能需要数十秒才能加载，但WScout不会对CPU和内存资源提出过高要求。WScout还能够处理没有Prism头部的PCAP追踪。您可以使用外部程序处理您的追踪以进行过滤。最后，WScout还允许使用多个窗口进行浏览。- 示例：请参阅http://wscout.lip6.fr/overview.html的示例截图。