readme

记录IP/TCP/UDP/ICMP网络包日志

Perro - The Internet Protocols logger
-------------------------------------
Author: 
         Diego Javier Grigna <diego@grigna.com>


Q: What is Perro?

A: It's a set of three daemons that logs the IP/TCP, IP/UDP and IP/ICMP
   packets that arrives to your Linux box. It also takes cares and logs
   IP options, eluding the IP options sniffer attack.


Q: Had this program another name?

A: Yes, it was named "Protolog", but this name was registered by a company
   in the UK, called "Protolog Sound Ltd.", and they emailed me kindly about
   this fact. They told me that:

   "this may lead to confusion and legal issues over your use of 'Protolog'
    as a software product name."

   so I had to change the name of the program.


Q: What are the executable names, and what they do?

A: src/KillLoggers        It's a shell script that "killall -9"
                          all the loggers.

   src/LaunchLoggers      It's a shell script that Launch the loggers
                          with the command line parameters I use.
                          ** IMPORTANT! ** Check this file to make sure
                          it's what you want to get logged, see the file
                          TCP.flags.txt for more information.

   src/ipretperro         It's the program that interprets Perro
                          raw files and outputs a detailed report.
   src/perroicmp          It's the ICMP packet logger.
   src/perrotcp           It's the TCP packet logger.
   src/perroudp           It's the UDP packet logger.

   Check the ipretperro(8), perroicmp(8), perrotcp(8) and perroudp(8) man
   pages for more information.


Q: Where are the logs?

A: By default the logs are located at "/var/log/perro/", but you can
   change it in the Makefile. The logs file names are:

   icmp.log              ICMP human readeable log (ascii text).

   icmp.raw              perroicmp logs here sizeof( time_t) bytes, which is
                         the date when the ICMP packet arrived + the raw
                         data of the packet, (it means IP & ICMP header +
                         data). 

   tcp.log, tcp.raw      The same as above but for TCP.

   udp.log, udp.raw      The same as above but for UDP.

   These *.raw files could be interpreted by the program ipretperro(8).


Q: Where can I get Perro?

A:
   See:
        http://www.grigna.com/diego/linux/perro/
   or
        ftp://sunsite.unc.edu/pub/Linux/system/network/monitor/

--------------------------------------------------------------------------

If you have (problems|questions|bug|features to add) please
mail me to:
            diego@grigna.com