Packeteer This is beta test version 0.99 To see Packeteer options, do ./packeteer -h To do most useful things you'll need to run Packeteer with super-user (root) privileges. To automatically download and install the packages Packeteer depends on, and then build Packeteer, run ./install_dependencies.sh To run Packeteer manually, without creating netfilters (iptables) rules, do ./packeteer -i eth1 -p \"dst host 10.254.251.56 and tcp port 80\" (replacing the IP address with your server IP) To run Packeteer and have netfilters (iptables) rules enabled and disabled automatically edit packeteer.sh to suit your scenario and then do ./packeteer.sh -i eth1 -p \"dst host 10.254.251.56 and tcp port 80\" Remember that if you leave netfilters (iptables) rules in place after packeteer has finished the packets will be lost and cause the services matching the rule to fail. This is because netfilters expects an NF_ACCEPT response to each packet it sends to the NFQUEUE, and once packeteer has finished that isn't being done. Sample output: $ ./packeteer.sh -s -l 500 -t 512 -i eth1 -p "dst host 10.254.251.56 and tcp dst port 80" Packeteer version 0.99 © 2007 TJ http://intuitivenipple.net Licensed on the terms of GPL version 3 Monitors network packets at pcap and netfilters stages looking for packets silently dropped by the kernel. Simulating 'lost' packets Introducing 500 milliseconds of lag Tracker table has 512 entries Monitoring interface: eth1 pcap filter: dst host 10.254.251.56 and tcp dst port 80 Monitoring a maximum of 1000 packets, using 512 tracker slots. press Ctrl-C to stop Time # IP checksums SYN ACK Seq Ack skb->len pcap: 23:22:12 1 10.254.251.1 1C08 70DC 1 0 1989451024 0 74 netf: 23:22:12 0 10.254.251.1 1C08 70DC 1 0 1989451024 0 LOST: 23:22:12 1 packets pcap: 23:22:12 2 10.254.251.1 1C0F 11F3 0 1 2006228240 2886120720 66 netf: 23:22:12 1 10.254.251.1 1C0F 11F3 0 1 2006228240 2886120720 pcap: 23:22:12 3 10.254.251.1 1A1B 5BA5 0 1 2006228240 2886120720 565 netf: 23:22:13 2 10.254.251.1 1A1B 5BA5 0 1 2006228240 2886120720 LOST: 23:22:13 2 packets Stopping after 21 packets Time # IP checksums SYN ACK Seq Ack skb->len LOST: 23:22:12 0 10.254.251.1 1C0F 11F3 0 1 2006228240 2886120720 66 Kernel IP checksum calc: 1C0F, IP header length = 20, IP total length = 52 Ethernet: 00 19 D2 1A 18 49 00 16 B6 DA 68 13 08 00 = 14 bytes IP : 45 00 00 34 13 7F 40 00 3F 06 1C 0F 0A FE FB 01 0A FE FB 38 = 20 bytes TCP : 83 5E 00 50 10 9D 94 77 10 B5 06 AC 80 10 00 B7 11 F3 00 00 00 00 06 00 00 00 11 00 00 00 58 B1 = 32 bytes Time # IP checksums SYN ACK Seq Ack skb->len LOST: 23:22:14 1 10.254.251.1 1C0B FF32 0 1 1788255504 1813230864 66 Kernel IP checksum calc: 1C0B, IP header length = 20, IP total length = 52 Ethernet: 00 19 D2 1A 18 49 00 16 B6 DA 68 13 08 00 = 14 bytes IP : 45 00 00 34 13 83 40 00 3F 06 1C 0B 0A FE FB 01 0A FE FB 38 = 20 bytes TCP : 83 5E 00 50 10 9D 96 6A 10 B5 13 6C 80 10 01 C6 FF 32 00 00 00 00 15 00 04 00 41 00 00 00 00 19 = 32 bytes Lost packets count=2 ------------------------------ * Version 0.99 2007-08-14 added hexdump of header bytes in each lost packet added timestamps to reports added -t option to allow user to set the number of tracker slots added -l option to simulate lag on the network * Version 0.9 2007-08-13-00:00 pcap and netfilters monitoring tracks and detects 'lost' packets and at the end of the run analyses each 'lost' packet various new command-line options; do ./packeteer -h to view added simulation mode with -s option to test on a good PC added verbose debugging logs with -v option (written to stderr) can be redirected to /dev/null or a file packeteer.sh configures the iptables rules and removes them after, use it just the same as ./packeteer * Version 0.3 2007-08-10-02:00 Implemented three threads: Parent, pcap, and netfilters. Only pcap is being initialised and started. The program will exit after 20 packets have been received by the callback function Packets matching the rule set by the -p option are seen by Packeteer A summary is printed for each packet seen of the form: pcap: 1 IP= 66.249.93.91 port= 80 SYN=0 ACK=1 Seq=4287232391 Ack= 502335762 ----