tcpick: tcp stream tracker and sniffer / News: Recent posts

About: tcpick is a textmode sniffer that can track TCP streams and saves the data captured in files or displays them in the terminal. It is useful for picking files in a passive way. It can store all connections in different files, or it can display all the stream on the terminal (using colors too).

Changes: Fixed a SIGALRM bug that caused freezes, added a workaround for a kernel bug in NetBSD in the setitimer call, added the -e option that makes the program exit when a defined amount of packets have been captured, fixed header problem for OpenBSD. Some internals have been changed: sigaction now handles signals and atexit handling has been added. ... read more

This release adds EXPIRED and RESET status detection, -td option to display timestamps with the date, the flag 'u' to the '-w' option enables tcpick to write sniffed data in a unique file, the flag 'b' to the '-w' option enables tcpick to write a banner to the unique file that introduces server and client data. Added minimal UDP support and signal support with statistics. PPP, SLIP, SLIP_BSDOS, PPP_BSDOS datalink support added. Many bugfixes.... read more

Changes: An option `-Enum' to exit when `num' connections are marked as CLOSED that differs from `-Efnum' that exits when all the first `num' tracked connections are marked as CLOSED. An option `-Tfnum' to stop tracking new connections when `num' is reached. Added a balanced AVL tree to the ip lookup engine. Works successfully under OpenBSD and NetBSD. Several bugfixes.

I have rewritten most of the source code of tcpick. Now it is really a good thing.
If you want to work on tcpick, join the mailing list and let me know :^)
I have changed my coding style and the indentation (that is now
the 8-spaces style, typical of the code of the linux kernel).
You will find the code really more clear than before.
In that way I am encouraging more developer to work on tcpick to
run something like a community, with patches, feature requests and
so on.
Now tcpick is able to download entire files transmitted via ftp, and
the md5sums should be equal for every file downloaded in such
way; if not, please send a bug report.... read more

I am happy to announce that tcpick 0.1.22 sources are available for download!
Download: http://prdownloads.sourceforge.net/tcpick/tcpick-0.1.22.tar.gz?download
Changes: This version features some bugfixes, including important changes in the functions that write the dump to files. Now files are opened in "append" mode and data are written using the fwrite() function. A big change is that data captured are stored directly in files, without using heap allocating functions (i.e. malloc and calloc). This way much less memory will be used.
known-bugs:
In some sessions, i.e. HTTP keep-alive, some data are written to files "inside" a document. For example, an HTTP connection that asks an image and a document in the same time will "mix" them. The problem is most probably due to the "append" mode of the files; I should try to invent something to distinguish these files.... read more

Changes: After some code cleanups, a patch of Penelope Fudd has been applied: it allows tcpick to read raw packets from a file written with tcpdump -w instead of using a network device. By a suggestion of mainman the tracking system is now stored in memory like chain so you can track sessions as many as you want; now tcpick is min. 300% faster than before. A bug that server file and client file were switched has been fixed, and the debugging system has been improved with a `dprinf' function written by ShackaN.
Read the ChangeLog for details

I am very grateful to Lou Afonso, that spent time compiling tcpick and building the rpm package. I have tried it on my slackware with the rpm2tgz tool and it works fine :)

Yes, I have added time displaying, improved colors (by suggestion of kirash), added connection numbering (see ChangeLog for further details)!
Enjoy the new version ^^

Yes! Now tcpick 0.1.19 has colors too! You can enable them by using -C (or --colors) option.
Fixed other bugs and incompatibilities with other Unix platforms (AIX, for example).
Enjoy ;)

Ladies and gentlemen: tcpick 0.1.18
After rewritting some bad-developed functions I have fixed new bugs and added some new status detections:
FIN-WAIT-2, TIME-WAIT and CLOSED
Slackware packages are also available

0.1.17 news:
* ip.h header ported internally to the package for compatibility with
BSD systems
* patch by kirash: changes to myheader.h, lookup.c and stack.c in order to
improve compatibility on BSD systems
* added FIN-WAIT-1 status tracking

Robert Sheck said me about this problem.
tarball 0.1.16b should be online and working :)

Well, I think that tcpick now should be compatible with *BSD systems. Why don't try it and tell me how it get compiled on your *BSD distribution?

Well, now tcpick should be more compatible. I think it will run on *all* GNU/Linux systems and maybe on *BSD too (but this needs some more work).
Enjoy!

Well, now you are able to see the service names. To suppress this feature, just use `-n' option.
Makefile has been improved as Robert Scheck suggested (thank you).
Then I have done some improvement in file naming: source port has been deleted from filenames because it was quite unuseful. Result: a cleaner way of saving file, using option `-a'.
fixed name lookup: there will be only one dns query
for each host that doesn't have a name.

Well, tcpick 0.1.12 is able to lookup hostnames with a simple `-a' option.
For next versions the Makefile will be improved (thank you Robert Scheck)

problems about hexdump you have seen in version 0.1.6 should be completely resolved

now with -x and -X options you can display hexdumps, the latter with printable ascii (unprintable are displayed as dots)

With version 0.1.4 all past bugs should be fixed; enjoy!