This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: tcpflow under cygwin anybody?

From: Brian Dessent <brian at dessent dot net>
To: cygwin at cygwin dot com
Date: Wed, 30 Jul 2003 20:54:36 -0700
Subject: Re: tcpflow under cygwin anybody?
Organization: My own little world...
References: <KJEOKFJJEDMIGBEEJCHCAEOCOKAA.ralfhauser@gmx.ch>

Ralf Hauser wrote:

> I need to find out what is sent by some forms to my httpd on a per port
> basis. Under Linux,
> http://www.circlemud.org/~jelson/software/tcpflow/ does an excellent job at
> this.
> 
> Did anybody get this to work under cygwin yet?

I had not heard of it until now, but I had been using the windows port
of Ethereal for this (which works fairly well, btw) so I checked it out.

I found that it will compile and run w/o patches, but it takes a bit of
work:

1. Go to http://winpcap.polito.it and install the WinPcap driver, and
get the WinPcap developer kit.  You can make it from source if you want,
but the wpdpack_3_0.zip file includes the precompiled import libraries
that you need (libwpcap.a, libpacket.a) which I copied to /usr/lib/. 
These link against wpcap.dll and packet.dll which the actual driver
install program should have put in your windows system directory for
you.  It also installs the low level packet driver (packet.sys /
packet.vxd.)

I think you also need the public header file pcap.h and here I admit
that I already had the WinPcap stuff installed from trying to build
Ethereal, so I'm not exactly sure what I did, but I think you can just
copy pcap.h from the libpcap dir in the source archive
(wpcapsrc_3_0.zip) to /usr/include/.

At this point you should be able to compile and run most of the
"examples" in the wpdpack file, or at least "iflist".  I didn't really
try the others.

2. Okay, now this might be a cardinal sin, but I copied the following
header files from FreeBSD:

/usr/include/net/ethernet.h
/usr/include/net/if_arp.h
/usr/include/netinet/if_arp.h
/usr/include/netinet/if_ether.h

The program references "struct ether_header" (and probably others) that
are in these header files, and they aren't included with cygwin or
WinPcap, as far as I can tell.  You can tell when you've done this right
as the "./configure" script will say "checking for
netinet/if_ether.h...  yes".  Naturally I wouldn't expect to be able to
generally just lift a header file from FreeBSD and have it work but
since it looks like the only things that are really used from them are
ethernet structures and #defines, it seems to have worked.

I found them in the "src/sys/net" and "src/sys/netinet" directories in
CVS, which you can access from cvsweb.freebsd.org if you want.

3. Untar the tcpflow source, "./configure", "make", "make install". 
Smooth sailing.

I did notice a strange issue that sometimes when you ^C a running
tcpflow.exe process, it doesn't die and the CPU shoots up to 100%. 
Using "kill -9" stops it fine, though, as does killing it in task
manager.

Brian

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

References:
- tcpflow under cygwin anybody?
  - From: Ralf Hauser

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]