3.2.2 - Late 1996 added better checking for looking too far into truncated packets 3.2.3 - Thu Jan 23, 1997 added a lot more truncation checking! 3.2.4 - Tue Feb 4, 1997 changed plotter.c:HostLetter(ix) to support unlimited (26**8) different endpoints (for mallman) fixes from Bill Fenner, thanks fixed bug in va_start/va_end in DoPlot. fixed bug with temporary colors not being done correctly when using text. Caused by Changes to xplot at last version and I didn't catch it 3.2.5 - Wed Feb 5, 1997 fixed small "off by one" error introduced by the LAST fix 3.2.6 - Thu Feb 13, 1997 fixed small bug in etherpeek reading. slicelength stored as "0" when entire packet was grabbed, didn't work before, now it does. 3.2.7 - Fri Feb 14, 1997 fixes from Jeff Semke, PSC fixed bug in output.c that make it fail on some machines added FDDI support (untested by me, don't have FDDI) added Makefile flags so that it will compile on a "NetBSD 1.2 on a Pentium box" (also untested by me, I don't have one) an HP compiler picked out some places where I missed a static decl for some functions. Not fatal, but I fixed it. 3.2.8 - Tue Mar 4, 1997 added changes for Mark allow connection reuse on same pair of IP addresses and ports 4 minutes must have passed and either new segment has a SYN or old connection had seen both FINs added fix to tcptrace.c so that ^C processing is re-enabled after all packets read so that the output can be killed from the keyboard fix by Bill Fenner - Endian boo boo caused PC's not to read any packets. removed the "-m" option and made all of the array structures resizable (now supports an "infinite" number of connections) changed elapsed() routine to return double to prevent overflow of microsecond stored in a long int 3.2.9 - Wed Mar 5, 1997 changes by Rich Jones at HP to run under HPUX mostly fixed the non-ansii standard #endif FOO to be #endif /* FOO */ fixed minor printing bug, 1323 flags printed wrong fixed snoop and netm so that they worked on PC's (more byte sex problems) 3.2.10 - Thu Mar 27, 1997 Mark "pushed" segments on TSG plots top arrow is red instead of white Compute slow-start window size (should be one except for "new" tcp's) Compute estimated congestion window 3.2.11a - Mon Mar 31, 1997 Fixed bug is TS options are not 4-byte aligned Fixed tick printing (bad % value) for HUGE files (millions of packets) 3.2.12a - Thu Apr 24, 1997 Fixed bug for file with large snap length 3.2.13a - Mon Apr 28, 1997 Big fix for Rob Austein otherdir->ack being initialized incorrectly in trace.c at SYN time 3.3.0 - Mon Jul 14, 1997 Added modules support Included http module for NASA Backed out delete of libpcap, causes too many problems Now using libpcap 0.4 4.0.1 - Tue Jul 15, 1997 Ready for next public release (I hope) Verified on the platforms I have access to 4.0.2 - Wed Jul 16, 1997 Added '-W' option to turn off Mark's estimated Cwin stuff, it's not generally useful Added raw packet printing to mod_http 4.0.3 - Thu Jul 24, 1997 Fixed tcpdump.c to work with lastest libpcap (can no longer assume that header is aligned :-( ) Added plast into all packet reading routines to better check for the end of packets Added fix from Kacheong Poon for sack truncation problem 4.0.4 - Wed Aug 13, 1997 Added some very minor patches to ease FreeBSD patch. All you should need to do now is change the Makefile for FreeBSD (thanks Bill Fenner) Added hack by Mark Allman for http module Added minor changes to support Linux compilation (mostly just left the standard include files in a separate linux directory) 4.1.0 - Fri Aug 22, 1997 Added support for reading compressed files (configurable, .gz and .Z by default) Added option to save TCP stream data into files (-e) Modified mod_http.c to support HTTP1.1 streams (ick) Added help argument "-h" with several options for information including docs for long format output 4.1.1 - Fri Sep 5, 1997 Minor mfiles bug fixes mod_http now generates plot files, still experimenting fixed tcpdump to allow files with DLT_NULL headers 4.1.2 Added more module interface routines Allow modules to have per-connection data structures Fixed some compression bugs 4.1.3 Added "percent done" for compressed files, just a guess but better than N/A Passed filesize and compressed state to modules Added mod_traffic fixed bug in extract_contents (for mod_http) that caused it to fail if the first segment seen was not the first segment of the connection (oops!) Added -z flag to plot time axis from 0 rather than wallclock time big lint cleanup added support for "configure" to simplify cross-platform stuff added Mark's "data xmit time" code 4.1.4 minor LINT fix in print.c added ECHO/ECHOREPL CC/CCNEW/CCECHO to understood options added support for Etherpeek version 7 save file format fixed minor http modules bugs changed some longer fields to use "long long" if available added "pushed packets" counter added hardware duplicate detection 5.0a adding Nasseef's IPv6 support added the -y flag to turn off the (yellow) instantaneous dots in the tput plot first cut at the output filtering code (slick!) 5.0.2 added support for DLT_RAW under tcpdump (pcap) 5.0.3 bug fix for John Tysko, tcp_length & tcp_data_length were unsigned and resulting in a HUGE amount of data if the tcp header was truncated. Changed to unsigned. count/print truncated bytes/segs ALWAYS, not just when extracting data changed to use flex/bison for better portability fixed bug in etherpeek for odd-sized packets from compressed files 5.0.4 - Thu May 14, 1998 forced the "char" types for tcp_opt for ws and sack_count to be "SIGNED char", because the compiler on my PB3400/Linux makes them unsigned by default. The "-fsigned-char" could also fix it, but this seems easier. 5.0.5 - Tue Jun 23, 1998 -- Fri Aug 7, 1998 fixed mod_traffic memory allocation bug. I wonder why nobody reported this? added "pure ack" counter (for Mark) added call to print modules usage for "-hargs" added Eric's tcplib-generating module added check for ASCII input added reading of arguments from resource file, then from envariable, and then from the command line (suggestion from Jeff Semke) can read from standard input if filename is "stdin" extended "-z" option to allow you to lock either the X or the Y axis (or both) to zero (for Brian Utterback) added printing of zero-sized packets (for Brian Utterback) zero-sized packets pointed out a "bug" in the zero-based time stuff from version 4.1.3. Both graphs in a pair don't have the same "zero point", which is a little confusing. They were off by 1/2 a RTT, the difference between the SYN and the SYN/ACK. I fixed this by adding a green dot corresponding the the first SYN in the second graph. Kind of helpful in general, too. added Mallman's netbsd mkstemp change in compress.c extended the "-w" flag to make the normal case quieter lots of changes to mod_traffic, plus a few bugfixes, mostly for my use 5.0.6 - Fri Aug 14, 1998 added UDP connection support, a lot of people have been asking for it finished mod_collie 5.0.7 - Mon Aug 24, 1998 fixed bug in StringToArgv() that messed up when the arg buffer started with whitespace 5.0.8 - Wed Sep 9, 1998 changed mod_traffic to ALWAYS 'quiet' the final traffic output fixed bug report from Mark, SYN RTT's weren't being included in min RTT report. Fixed so that both SYNs and FINs are included in that calculation. 5.0.9 - Thu Sep 24, 1998 fixed bug with "only" connections not detecting reuse of ports added warnings for re-ordered packets and/or files 5.0.10 - Thu Oct 1, 1998 bug fix in snoop.c, netm.c, and epeek.c Just a check for bogus save files with invalid packet lengths to keep the program from crashing without warning fixed args in tcplib module to match the conventions in the other modules added "long duration" connection graph to traffic module bug fixes from Michele Clark - UNC thruput plot files - graph for both directions had the same title suggested making the type for the xplot sequence number axis "double" rather than "unsigned". The unsigned was from Tim Shepard's original xplot demo files. She says that double makes it work better for large sequence numbers. I'll try it and see if anybody has trouble. changed "new connection" heuristic. Then a new connection uses the same pair of ports as a previous connection, it wasn't always being detected. This was originally pointed out by Brian Utterback and later by Mark Allman. New heuristic is more in line with RFC1122 (SYN is out of the sequence space for the previous connection). 5.0.11 - Mon Oct 19, 1998 Brian Utterback found another case where I was splicing connections together. Bad unsigned match caused it... fixed (knock, knock) 5.0.12 - Mon Nov 2, 1998 Added generic, high-level line drawing functions to plotter.c Used same in mod_traffic to add an overall RTT plot Added one more minor patch to the connection splicing heuristic Lots of changes to make the RTT calculation better in cases of retransmissions and etc Added RTT graph to the traffic module Added triple-dupack counter Added triple dupack tick on TSG graphs Added dongles to ACKS on the TSG graphs to distinguish different kinds of ACKS that need to be handled differently for RTT calculation 5.0.13 - Wed Nov 4, 1998 Fixed tcpdump OUTPUT bug, created files generated "truncated-ip" warnings from real tcpdump program, I fixed it. Added cwin graph (-N) for Mark Added segsize graph (-F!) for Jeff Fedor Added elapsed time to "tick" output to make it easier to stop early Added "pure acks/second" to traffic module Added "halfopen conns" to traffic module 5.0.14 - Wed Nov 18, 1998 Changed the way that connections are stored and searched. Has a major impact in improving performance when the program's VM Size grows above the machine's physical memory. It can now continue to run well under these conditions (up to available swap space), before it just thrashed itself to a standstill.