
 Advanced Packet Sniffer

 Copyright (C) 1999 Christian Schulte (dg1nsw@saturn2.franken.de)

 I have written this little tool in order to fully understand the working
 and interacting of network-protocolls like TCP,IP,UDP,ARP,NetBios and so on.
 I hope it can be a bit useful.
 For my part i use it for diagnostic purposes on firewalls, routers and gateways.


 What it does:
   APS is reading in raw data from socket ETH_P_ALL and tries to
   interpret the MAC-header. If it is a known protocol APS
   passes the packet to the appropriate routine which then prints
   info about the protocol such as (IP) source and destination
   or (TCP) fragmentation and flags status.
   If there comes the time APS doesn't know what to do it prints
   the rest of bytes in HEX, ASCII, or both 
   ( or nothing at all, just as you want) onto the screen.



 Compiling:
    Do a "configure" then try "make".   (good luck :-)
    Please mail me if you could compile this for other hardware
    or other OSes with at least the version of the OS and version
    of APS and of course the modified files if any.

 Until now APS was tested to compile and run under:
	-Slackware 3.6  4.0  7.0
	-Redhat 5.2 6.0
	-Turbolinux 4.0.5
	-Debian-GNU-Linux 2.1
	-Corel-Linux 1.0
	-SuSE 5.1  5.3  6.0  6.1

 ON BUG REPORTS PLEASE INCLUDE:
	-FULL VERSION of APS
	-FULL VERSION of OS you are running (ie. SuSE 6.0 / 2.0.38pre10 i686)
	-WHEN did the error occur (what did you do ?)
	-WHAT was printed by APS befor the ERROR
	-in cases of a SEGFAULT perhaps the output of a "ldd -r aps"

 Todo:
   -Implementation of more protocols and protocol-details (netbios,ipx...)
   -Improving configure-script to check all deps
   -Ability to filter multiple HWs and IPs etc....
   -Bring up debug levels and perhaps log-files
   -A better packet fetching method (libpcap ?)
   -Availability on Unixes depends on packet fetching method. sorry :-<
   -Speed up these switches and printfs


 KNOWN BUGS:
   -sporadic crashing of GTK-GUI when switching desktops
     (especialy at higher update-rates)
   -aps is missing packets at very high net-load
   -you have to kill xaps from the running console because
     there is no event-handler for the close-button


 How to get it:
   To get a recent copy you should have a look at
 
   http://www.swrtec.de/swrtec/clinux
   or mail me at dg1nsw@saturn2.franken.de. 
   (i will send you the latest copy)





