KSniff

NOTE: I haven't updated this in a long, long time. It may not compile cleanly with current versions of KDE. I don't know if I will pick it up again, but if anyone else wants to, feel free, just let me know.

Latest snapshot: 981101 - download tar, source rpm.

Sniffit 0.3.5 with my plug-ins - downlad tar.

See everything for download.

I recently started porting KSniff to python with pyKDE, you can grab it here. It uses about 8MB memory, so I don't know if it's all that useful. :)

This is my little attempt at making a KDE program. It started out learning Qt/KDE programming. Then one day at work the network started acting funny. I hooked up with the network gurus and got to play with their packet sniffer. I was intrigued with networking internals, so I figured I'd make one for myself. It started as an exploration into the raw details of TCP/IP packets and has since become a full-fledged obsession of protocols everywhere.

Installation

The first thing you'll need is a packet sniffer. I use sniffit; it does what I need right now. The KSniff program just reads from a file, so as long as the format is correct, you can use any sort of sniffing program. The format is detailed in the README.
Obviously, you'll need Qt and KDE installed. I have Qt 1.40 and KDE 1.0 on my system. It might compile on earlier versions, but I can't guarantee anything.
I haven't yet put any configure scripts in, so take a look at the Makefile, edit as needed and compile.

Usage

Run it and poke around.
It only reads 100 packets at a time, so click on File->Read next 100 for more packets to be read in.
The beauty in this program comes in the TCL script plug-ins. Everything displayed in the top-right window is from these TCL scripts, so it's fully customizable. Included in the package is scripts for the obvious IP, TCP, and UDP protocols, as well as a preliminary script for DNS lookups. Look at the existing scripts for how to do you own scripts.
Right now the font is limited to the one you see below. It looks like changing fonts/colors/etc is too much trouble in Qt. I may change this pane to a KHTMLView window for better control of what's displayed (though I fear it would be too bloated).

Todo

More TCL scripts for different protocols (NNTP, FTP, HTTP, etc).
configure scripts. (Added 98/10/03)
More formal documentation/Help menu.
Make a logo.
Perhaps an ability to run sniffit (or any other program) and read in from a menu/toolbar.
<insert feature here>

Anything else

I'm open to a new name (though KSniff is better than what I originally had).
If anyone's willing to pitch in with some scripts for different protocols or the GUI programming, let me know.
Any comments, questions, names - feel free to email me.

Oh yeah, the obligatory screenshot with my cool orange color scheme.