Tcpick Tcp Stream Sniffer and Connection Tracker


This is ChangeLog, produced by makeinfo version 4.7 from

18 Jan 2005 0.2.1

unchanged from 0.2.1-rc1

18 Jan 2005 0.2.1-rc1

     Michael Coulter (

   * Fixed headers include order for OpenBSD

     Gianluigi Spagnuolo (

   * Added sigaction function to handle signals in a proper way.

     Francesco Stablum (

   * Fixed -lpcap -lpcap etc. arguments to cc

   * Fixed SIGALRM freeze bug

   * Added setitimer workaround for *BSD systems (fork + sleep + kill)

   * Added -e option to exit when a certain number of packets is reached

   * Added atexit function

9 Jan 2005 0.2.0-final

     Francesco Stablum (

   * Few bugfixes with -t and -td options

30 Dec 2004 0.2.0-rc6

     Francesco Stablum (

   * expired functions are now checked every second, not every packet.
     (use setitimer and the SIGALRM signal).

     credits: SNiFf v0.3 by uLiX

   * added italian documentation (,,,

25 Dec 2004 0.2.0-rc5

     Gianluigi Spagnuolo (

   * Added signal support + statistics (packets sniffed and connection
     tracked) in a similar way to tcpdump.

   * Reorganized tcpick.c

     Francesco Stablum (

   * Added script

   * Fixed bug of `-D' option

   * Updated to automake/aclocal 1.9.3

14 Dec 2004 0.2.0-rc4

     Gianluigi Spagnuolo (

   * found bug in avail_filename (write.c): too few arguments to
     printf: fixed.

     Francesco Stablum (

   * Now '\r' and '\t' charachters are printable in 'P' and 'U' modes.

   * MacOSX "BIOCSRTIMEOUT: Invalid argument" bug should be fixed.

   * port aligment in status displayer fixed (simplified)

12 Dec 2004 0.2.0-rc3

     Francesco Stablum (

   * added date-timestamp

   * removed all typedefs. Now structures and unions should be better
     recognizable (now names of types are UPPER-CASE)

   * Added .EDITME files for those people that have troubles with the
     ./configure script

30 Nov 2004 0.2.0-rc2

     Francesco Stablum (

   * Timeout value is now set by `-X' option, because `-t' will be used
     for timestamps in the future.

   * Filenaming system is now chosen with the `-F' option.

     Artyom Khafizov:

   * `-D num' option will cause tcpick to create subdirectories, each
     for a desired number of sessions.

22 Nov 2004 0.2.0-rc1

     Artyom Khafizov:

   * Added EXPIRED status for connection tracked with a -t option to
     choose       an appropriate timeout (default is 600)

   * Fixed many memory leaks

   * Added a new way to write the stream to files, using directories

   * Added an experimental file naming system

     Buck Huppmann ( and Artyom Khafizov ( both have
     had the same good idea :^D ):

   * Added RESET status for connections tracked. (RST-flagged packets
     will delete the connection).

     Federico Castaneda (

   * Added UDP support

     Francesco Stablum (

   * Debug messages are now available only with the -DTCPICK_DEBUG
     argument given to the compiler.

   * Changed signing key! Please read public_key_message.txt and check
     the revocation certificate public_key_OLD.revoke

08/09/04 0.2.0-devel2

   * Segmentation fault bug fixed (with `u' tcpick tried to free 2 times
     the same heap address and closed 2 times the same file).  (Saumil
     Shah discovered it)

   * Bugfix: `u' flag of `-w' worked as with `b' flag either if `b'
     wasn't choosen.

07/09/04 0.2.0-devel1

   * Robert Scheck fixed tcpick manual section in a `printf'

   * Saumil Shah feature request done:

     the flag 'u' to the '-w' option enables tcpick to write sniffed
     data in a unique file, with client and server data mixed together.

     the flag 'b' to the '-w' option enables tcpick to write a banner to
     the unique file that introduces server and client data.

28/08/04 0.1.24

   * BSD support _should_ be completed

   * added "suicide" and "fault" functions

   * some code cleanup

   * fixed netinet/ip.h check bug in the configure script for FreeBSD

   * fixed hexdump bug

   * fixed reset color. Background color is now not black, but the
     terminal default

   * added the balanced tree to the lookup engine

   * applied patch by GLS to improve compatibility with openbsd 3.5 with
     gcc 2.95.3

   * Now closed connections are freed and delinked; files will be

   * Added the -E and -Ef arguments

   * Added the -Tf option

   * Fixed the segmentation bug of the `-y' option

   * added INTERNALS file (should be completed)

03/06/04 0.1.23

   * PFLOG support added by kirash aka GLS

   * patch by Sebastian Prause: "I've created a little patch to make
     tcpick work with pppoe interfaces on NetBSD (which use
     DLT_PPP_ETHER) and wanted to share it, so here it is..."

   * now the options for displaying the payload should be prefixed by -y
     I have added another set of displaying option, that are prefixed
     with -b. The -b options are useful to view data only when
     acknowledged (exactly like data written to files) and with this is
     particulary useful the raw mode (-bR) that you can use if you want
     to redirect data with a pipe to another software.

   * The newline carachter is suppressed when displaying the payload of
     the packet or an acknowledged stream in the case there are no
     banners except the case of the hexdump's.

   * Added the "-pipe" option, by a wish of loopback. See manpage for

   * Now you are able to choose to write to file only data of clients or
     servers or both, with the additional flags `C' and `S' to the
     option `-w' (omitted means "both").

   * Many, many changes, code cleanups and improvement made by whyx in
     fragments.c and lookup.c

   * With the new option `-T', it is now possible to track only
     the first  connections, the following will be discarded by
     the tracker engine. This is useful for the `-w' and `-b' options;
     for `-y' and `-h' it has no effect, because they aren't part of
     the tracker.

   * In the hexdump+ascii red dots rapresents now the unprintable

   * the lenght of the payload is now displayed in the packet banner

   * rewritten the core of verify.c and fragments.c

   * now connections with equal ip addresses and ports are stored in
     different files

   * files dumped with tcpick -w* options are now saved vith ".tcpick"

   * bugfix on datalink.c by kirash aka GLS

   * deleted alloc.c and match.c

   * used the "linux" 8-spaces indentation

   * added packet separator (by a Simone Gianni's wish)

   * added the `-p' flag to avoid to put the network interface in
     promiscuous mode (I'm not sure it works) (by a Simone Gianni's

   * Rewritten manpage. Read it! There are lots of changes in the

   * I have tested tcpick to sniff a file via ftp, and the md5sums were
     equal. The tar.gz archive I have downloaded was more than 2MB
     long. Other tests are confirming me that the newly-written code
     works in the right way.

07/03/04 0.1.22-test2

   * now output files are opened in "a" (only append) mode

   * now data are written with "fwrite()" + ferror (thanks ^^Gimli^^)

06/02/04 0.1.22-test1

   * corrected bug in datalinktoa() by sbi!

   * Davide Benini: corrected bug in calling S_calloc with only one

   * added S_malloc function

   * now data are written with the write() function

28/02/04 0.1.21

   * Added src/ directory for the sources

   * Added a `flags` struct

   * Patch by Penelope Fudd: added `-r' option to read tcpdump
     filedumps: this is a very nice feature :)

   * Improved debugging system with dprintf (thank you ShackaN!)

   * Changed name of the `stack' memory block into `tracker'

   * Increased speed of the connection tracking system by adding many
     return's instruction (instead of using some damned variables like
     `loop_finished' and `result_bool') in verify() and match().

   * Added a "chained" tracker: now it is possible to track an infinite
     number of connections (thank you mainman!)

   * Fixed bug that server file and client file were switched

30/01/04 0.1.20

   * added displaying of unprintable carachters (that are also dots in
     -P option) with red color.

   * added hexdump mode colorizer

   * with option -C2 it is now possible see different colors depending
     on the connection tracked (only status banners) (file colortrack.c)

   * added connection numbering (second field in status banner)

   * added time writing on banners and packet headers(time.c)

15/01/04 0.1.19

   * added  header support (i.e. trustix)

   * added DLT_PFLOG/DLT_NULL/DLT_RAW/DLT_IEEE802_11 header support
     (not tested!!!)

   * added datalinktooffset function (datalink.c)

   * added Push/Fin/Ack packet support

   * added support for those systems that don't have getopt_long and
     getopt.h     header (was a problem in AIX systems, thank you
     Alberto     'JCN-9000' Varesio)

   * added experimental color option (-C): it is very nice!      It
     should be helpful to read the output of tcpick.

   * added new file colors.c (read code comments to know about the
     original author)

11/01/04 0.1.18

   * fixed ridicolous bug of "resulting_bool==" in match.c

   * fixed FIN-WAIT-2 bad detection

   * added TIME-WAIT status detection

   * added CLOSED status detection

11/01/04 0.1.18-test3 (UNSTABLE - BUGGY - ONLY FOR DEVELOPERS)

   * Precedent tarball -test2 was damaged (thank you kirash (aka GLS)
     to said it to me)

08/01/04 0.1.18-test2 (UNSTABLE - BUGGY - ONLY FOR

   * added DLT_NULL support by kirash (aka GLS)

   * fixed the ridicolous bug in -test1 (a if statement without braces)

   * rewritten functions verify() and match() are now fully working

08/01/04 0.1.18-test1 (UNSTABLE - BUGGY - ONLY FOR

   * completely rewritten match() and verify() functions

   * added new files datalink.c and match.c

   * datalink managing modified to be compatible on systems that don't
     #define all datalinks

05/01/04 0.1.17

   * ip.h header ported internally to the package for compatibility with
      BSD systems

   * patch by kirash: changes to myheader.h, lookup.c and stack.c in
     order to   improve compatibility on BSD systems

   * added FIN-WAIT-1 status tracking

05/01/04 0.1.16b

   * previously source tarball was corrupted   thank you Robert Scheck

05/01/04 0.1.16

   * added protection to memory allocation and freeing   in the file
     alloc.c   The new routines are called S_calloc and S_free and
     display messages when in debug mode.

   * added file PLATFORMS, which describes platform tested   thanks
     nextime, Alt[O]s and Kaioh!

04/01/04 0.1.15b

   * fixed bug in ./configure script

04/01/04 0.1.15 (early morning)

   * "STATUS" string is now nicer :)

   * tcp.h header is now internal, to improve compatibility   with *BSD

   * added new header file "myheaders.h" that should keep track   of
     all headers used in the project

   * added definitively my public key in the package

03/01/04 0.1.14

   * reimplemented packet sniffer engine   (now it is managet by
     pcap_loop :)

   * added configure script, and other
     macro-automated files

   * fixed inet_ntoa bug (thank you kirash)

09/12/03 0.1.13

   * fixed name lookup: there will be only one dns query   for each
     host that doesn't have a name

   * removed source port in log filenames

   * added port into service translation

   * Makefile improved

   * now the tcpick manual page is in section 1!

07/12/03 0.1.12

   * improved and corrected name lookup feature

05/12/03 0.1.11-unstable

   * added host lookup cached feature (BUGGY!!)

04/12/03 0.1.10

   * added write status to file feature (-wS)

03/12/03 0.1.9

added lot of write to file features:
   * header writing, (-wH)

   * only printable charachters writing (-wP)

   * unprintable charachters transformed into hexadecimal code (-wU)

   * added other options (see manpage for details) -s -P -R -U

01/12/03 0.1.8

   * added write to file feature (-w[R])

   * added write to file in hexdump mode feature (-w[xX])

   * added new file write.c

30/11/03 0.1.7

   * fixed bad hex dump manamagment

   * some changes in the options (see OPTIONS file for details)

29/11/03 0.1.6

   * now you can display data in the packet in hexdump mode (-x) and
     you can watch at the printable ascii charachters too, using -X

28/11/03 0.1.5

   * better options managment, including long options

   * added data showing in hexadecimal

   * added -silent mode

   * done manpage prototype

27/11/03 0.1.4

   * fixed file writing: now files are opened in "w" mode

   * added fflush istruction when output files are updated

   * fixed bug: now all connection are tracked, not only the first

24/11/03 0.1.1

   * fixed bad managing of payload (now ack packets whith no data are

Powered by