commit b670ce82b38cc57e67f3171f7224c8caffa033b0
parent 3e31520d9de78f9f1f3364bb6296dc968ece719e
Author: Jordan Ritter <jpr5@darkridge.com>
Date: Wed, 21 May 2014 16:51:20 -0700
Documentation updates
Diffstat:
4 files changed, 77 insertions(+), 54 deletions(-)
diff --git a/doc/CHANGES.txt b/doc/CHANGES.txt
@@ -1,4 +1,27 @@
-$Id$
+v1.46
+
+ o configure.in: re-organized, in part to sync with downstream patches
+ (which were never sent upstream)
+
+ o configure.in: removed included PCRE library, now builds against system
+ version when specified (default is included GNU Regex)
+
+ o configure.in: fixed duplicate PCAP header check, which broke with the
+ release of libpcap 1.0
+
+ o configure.in: prefixed all tack-on autoconf variables from _FOO -> EXTRA_FOO
+
+ o Makefile.in: capitulated to Debian: use tar.gz instead of tar.bz2 :-(
+
+ o ngrep.c: Call setlocale to make isprint() work based on current
+ locale. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307496++
+
+ o include tcpkill functionality (-K), a long-standing downstream patch
+ under Debian
+
+ o updated to latest autoconf
+
+ o updated copyrights to 2014
v1.45
diff --git a/doc/INSTALL.txt b/doc/INSTALL.txt
@@ -1,4 +1,5 @@
-$Id$
+
+NOTE: These instructions are from the 2006 release of ngrep 1.45.
ngrep Installation Guide
------------------------
@@ -78,4 +79,4 @@ Please email me for help if you if you still have problems, however
please try to help yourself first and search Google for possible
answers before contacting me.
-Jordan Ritter <jordan@darkridge.com>
+Jordan Ritter <jpr5@darkridge.com>
diff --git a/doc/README.txt b/doc/README.txt
@@ -1,31 +1,34 @@
-$Id$
-
Program: ngrep
Author: Jordan Ritter <jpr5@darkridge.com>
-Version: 1.45 (11.18.2006)
+Version: 1.46 (5.21.2014)
Goal:
- A program that mimicks as much functionality in GNU grep as
- possible, applied at the network layer.
+ A program that mimicks as much functionality in GNU grep as possible, applied
+ at the network layer.
Description:
- ngrep strives to provide most of GNU grep's common features,
- applying them to the network layer. ngrep is a pcap-aware tool that
- will allow you to specify extended regular or hexadecimal
- expressions to match against data payloads of packets. It currently
- recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet,
- PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF
- filter logic in the same fashion as more common packet sniffing
- tools, such as tcpdump and snoop.
+ ngrep strives to provide most of GNU grep's common features, applying them to
+ the network layer. ngrep is a pcap-aware tool that will allow you to specify
+ extended regular or hexadecimal expressions to match against data payloads of
+ packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw
+ across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and
+ understands BPF filter logic in the same fashion as more common packet
+ sniffing tools, such as tcpdump and snoop.
+
+usage: ngrep <-hNXViwqpevxlDtTRM> <-IO pcap_dump> <-n num> <-d dev> <-A num>
+ <-s snaplen> <-S limitlen> <-W normal|byline|single|none> <-c cols>
+ <-P char> <-F file>
+ <match expression> <bpf filter>
-Usage: ngrep <LhNXViwqpevxlDtTRM> <-IO pcap_dump> <-n num> <-d dev> <-A num>
+usage: ngrep <-hNXViwqpevxlDtTRM> <-IO pcap_dump> <-n num> <-d dev> <-A num>
<-s snaplen> <-S limitlen> <-W normal|byline|single|none> <-c cols>
- <-P char> <-F file> <match expression> <bpf filter>
+ <-P char> <-F file>
+ <match expression> <bpf filter>
-h is help/usage
-V is version information
-q is be quiet (don't print packet reception hash marks)
@@ -65,23 +68,21 @@ On Win32:
Tips:
- o When the intention is to match all packets (i.e. blank regex), it
- is technically faster to use an empty regex (``'') than to use
- ``.*'' or ``*''.
+ o When the intention is to match all packets (i.e. blank regex), it is
+ technically faster to use an empty regex (``'') than to use ``.*'' or ``*''.
- o When sniffing interfaces that are very busy or are seeing large
- amounts of packet traffic, make sure to craft a BPF filter to
- limit what PCAP has to deliver to ngrep. The ngrep parser takes a
- certain amount of time and while negligible on a slow interface,
- it can add up very quickly on a busy one.
+ o When sniffing interfaces that are very busy or are seeing large amounts of
+ packet traffic, make sure to craft a BPF filter to limit what PCAP has to
+ deliver to ngrep. The ngrep parser takes a certain amount of time and while
+ negligible on a slow interface, it can add up very quickly on a busy one.
- o Hexadecimal expressions can be in straight numeric form,
- 'DEADBEEF', or in symbolic form, '0xDEADBEEF'. A byte is the
- smallest unit of measure you can match against.
+ o Hexadecimal expressions can be in straight numeric form, 'DEADBEEF', or in
+ symbolic form, '0xDEADBEEF'. A byte is the smallest unit of measure you can
+ match against.
- o As of v1.28, ngrep doesn't require a match expression. However,
- there are cases where ngrep can be confused and think part of your
- bpf filter is the match expression, as in:
+ o As of v1.28, ngrep doesn't require a match expression. However, there are
+ cases where ngrep can be confused and think part of your bpf filter is the
+ match expression, as in:
% ngrep not port 80
interface: eth0 (192.168.1.0/255.255.255.0)
@@ -95,22 +96,21 @@ Tips:
filter: ip and ( not port 80 )
- Please see http://ngrep.sourceforge.net/usage.html for more detailed
- examples describing ngrep usage.
+ Please see http://ngrep.sourceforge.net/usage.html for more detailed examples
+ describing ngrep usage.
Miscellany:
- Please see the ``doc/CREDITS.txt'' file for a listing of the people
- who helped make ngrep what it is today. Also, please note that
- ngrep is released under a BSD-style license, though it currently
- relies upon the GNU regex library, which is protected under the GPL.
+ Please see the ``doc/CREDITS.txt'' file for a listing of the people who helped
+ make ngrep what it is today. Also, please note that ngrep is released under a
+ BSD-style license, though it currently relies upon the GNU regex library,
+ which is protected under the GPL.
- Also, it is _highly recommended_ that you upgrade to the latest
- version of libpcap. All versions 0.5 and more recent fix really
- annoying and in some cases fatal problems with the packet capture
- library. If you happen to be using Windows, please check the
- WinPcap site to see if there are any updates.
+ Also, it is _highly recommended_ that you upgrade to the latest version of
+ libpcap. All versions 0.5 and more recent fix really annoying and in some
+ cases fatal problems with the packet capture library. If you happen to be
+ using Windows, please check the WinPcap site to see if there are any updates.
Useful sites:
@@ -126,7 +126,7 @@ Useful sites:
Known Working Platforms:
- o Linux 2.0 - 2.6
+ o Linux 2.0 - 3.14
(RH6+, SuSE, TurboLinux, Debian, Gentoo, Ubuntu, Mandrake, Slackware)/x86
RedHat/alpha
Cobalt (Qube2) Linux/MIPS
@@ -139,19 +139,20 @@ Known Working Platforms:
o IRIX
o AIX 4.3.3.0/PowerPC
o BeOS R5
- o Mac OS X 10.2, 10.2.6, 10.3x, 10.4
- o Windows 95, 98, NT, 2000, XP, 2003/x86
+ o Mac OS X 10 - 10.9.3
+
+ NOTE: To build on Win32, use the 1.45 source code. ngrep 1.46 hasn't been
+ updated for Win32 yet.
- In other words, pretty much everything.
+ 1.45 works on: Windows 95, 98, NT, 2000, XP, 2003/x86, 7
Support, Feedback, & Patches
- If you need help, have constructive feedback, or would like to
- submit a patch, please visit ngrep's project at SourceForge and use
- the online tools there. It will help the author better manage the
- various requests and patches so that nothing is lost or missed (as
- has been the case in the past, unfortunately).
+ If you need help, have constructive feedback, or would like to submit a patch,
+ please visit ngrep's project at SourceForge and use the online tools there.
+ It will help the author better manage the various requests and patches so that
+ nothing is lost or missed (as has been the case in the past, unfortunately).
ngrep Project Website:
diff --git a/doc/REGEX.txt b/doc/REGEX.txt
@@ -1,5 +1,3 @@
-$Id$
-
Date: 2/21/05
A note about PCRE vs. GNU regex: