Netdude - graphical tcpdump trace file displayer and editor

netdude [options] [files]

This manpage is describing Netdude version 0.3.

Netdude is the NETwork DUmp data Displayer and Editor. It is a GUI-based tool that allows you to make detailed changes to packets in tcpdump tracefiles. You can inspect and modify value of every field protocol headers of supported protocols, all other data can be modified using a hex editor. Protocol support is supplied through protocol plugins, see details below to find out how to obtain a list of the currently installed protocols. Tracefile editing can take place graphically and programmatically, as Netdude also provides a filter plugin mechanism that provides an easy facility for automating operations.

To speed up the process, Netdude also provides a facility to perform live captures on one of the currently up interfaces on the machine, assuming the user has necessary priviliges.

For each trace currently being edited, Netdude constantly communicates with a tcpdump process to update the familiar tcpdump output that corresponds to the trace. This also means that any changes made to your local version of tcpdump are reflected in Netdude.

Netdude offers the following command line options, some of which are intended to be used to report configured directories during e.g. configure scripts etc:

--debug

prints out debugging information (only available if debugging support was compiled in)

--plugindir

prints out the directory in which feature plugins are installed

--includedir

prints out the directory in which plugin authors can find Netdude's .h files

--protodir

prints out the directory in which protocol plugins are installed

--protos

prints out the names and version of all currently installed protocols in a small table

-h, --help

displays this help output

--version

prints out the version info

None known, but definitely there :) A problem right now is that Netdude cannot yet handle arbitrarily large traces, especially those that cannot fit in system memory. This is on the todo list and will change eventually. Also, there are probably bugs in the handling of the fancier protocls, that haven't been used much yet. Feedback is definitely appreciated.

Email bugs and feature requests to

<christian@whoop.org>

Copyright Christian Kreibich and various contributors, 2000, 2001, 2002

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies of the Software and its documentation and acknowledgment shall be given in the documentation and software packages that this Software was used.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.