home *** CD-ROM | disk | FTP | other *** search
- netlog 1.2 -- January 5, 1994
-
- These directories contain a TCP and UDP traffic logging system. These
- programs are a part of the network security system used by Texas A&M
- University. It can be used for locating suspicious network traffic.
- The following programs are included:
-
- tcplogger - Log all TCP connections on a subnet
- udplogger - Log all UDP sessions on a subnet
- extract - Process log files created by tcplogger or udplogger
- netwatch - Realtime network monitor
-
- All three programs require an ANSI C compiler. Tcplogger and
- udplogger use the SunOS 4.x Network Interface Tap (nit) or
- SunOS 5.x Data Link Provider Interface (DLPI).
-
- To build the programs:
-
- 1) Edit the Makefile to select for SunOS 4.x or SunOS 5.x (Solaris)
-
- 2) just enter 'make'
-
- You will end up with binaries in the 'bin' directory.
-
- If you are using 'gcc', do not turn on optimization for tcplogger
- or udplogger. Also, if 'fix-includes' was not run, then you must
- use the '-traditional' flag. To be safe, use it anyway.
-
- The latest versions of these programs (sans netwatch) are available
- from:
-
- net.tamu.edu:/pub/security/TAMU
-
- net.tamu.edu == 128.194.177.1
-
- * * * * * *
-
- 01/05/1994 Changes
-
- Included stripped 'netwatch'. The 'telnet' and 'ftp' modules
- are removed to prevent the use of 'netwatch' as a password
- grabber.
-
- Bug fixes to improve reliability.
-
- Added '-p' switch to all network monitoring tools which causes them
- to run in non-promiscuous mode, for use in monitoring on a single
- host. Reduces load on the monitoring machine.
-
- ------------------------------------------------------------------------
-
- 10/31/1993 Changes
-
- Support for SunOS 5.x DLPI.
-
- Date/time handling in 'extract' corrected to properly handle daylight
- savings time and other little nits.
-
- Date/time output routines redone for performance.
-
- Couple of minor bug fixes.
-
- Hacked into extract, support for processing an ICMP log.
-
- Preliminary version of ICMP logger. Eats tons of disk space though.
-
- ------------------------------------------------------------------------
-
- 08/23/1993 Changes
-
- Date handling improved in extract in regards to timezone. Also
- removed references to timelocal() and used ANSI mktime() (it isn't
- documented in SunOS 4, but it is there). 'extract' will now work
- on SunOS 5 (and probably other UN*X's).
-
- 'extract' now handles hostnames that resolve to multiple IP addresses.
-
- 'extract' now treats an unresolvable hostname as a nonfatal condition.
- It handles the failure in a semi-intelligent fashion based on the
- context of the failure.
-
- Added unbuffering flag (-U) to extract. This causes it to not
- buffer input, allowing:
-
- tcplogger -b | extract -U
-
- to be useful.
-
- 'udplogger' has a new option '-t' which specifies a timeout in
- seconds. This indicates how long to "remember" sessions before
- assuming they have completed. The default is 300 seconds.
-
- ------------------------------------------------------------------------
-
- 06/18/1993 Changes
-
- Fixed bugs in extract dealing with dates (you couldn't specify the
- last day of the month).
-
- Added -n support to tcplogger and udplogger. In tcplogger, udplogger
- and extract, -n now disables port number name resolution as well.
-
- tcplogger and udplogger now use the first ethernet interface on the
- machine, instead of defaulting to "le0". Thanks to Dave Hess for
- sample code.
-
- Fixed bug in extract that prevented using both "print" and "next"
- on the same clause. It was only executing the first one... (bug,
- this was no bug... this was just silly... I only had it doing one
- command).
-
