[Tool] tools/analyze/pcap/WScout (v. 2008-07-31)

top

* WScout 2.2 is released!

- This is a small release. Its primary purpose is to update the code so it 
compiles with the latest version of WiPal (see wipal.lip6.fr). Most 
changes are not visible to the end user.

- Provide a debian/ subdirectory with proper files so one can build Debian 
packages out of a WScout tarball.

- Fix a few bugs. Especially, a segmentation fault when closing a 
window’s last tab, and some copy/paste issues.

- PHY header timestamps are now selectable. Thus it is easier to 
copy/paste them.

@MISC{tools-analyze-pcap-WScout-2008-07-31,
  author = {Thomas Claveirole and Marcelo Dias de Amorim},
  title = {{CRAWDAD} tool tools/analyze/pcap/WScout (v. 2008-07-31)}, 
  howpublished = {Downloaded from http://crawdad.cs.dartmouth.edu/tools/analyze/pcap/WScout},
  month = jul,  
  year = 2008
}
					

WScout provides a PCAP traces visualizer that is able to work with huge traces (>10 GiB). 
Its goals are speed and low memory requirements. Despite its design being protocol-agnostic, 
it currently handles only Prism and IEEE 802.11 headers, hence its name.

Copyright© 2007 Université Pierre et Marie Curie - Paris 6

This program is free software; you can redistribute it and/or modify it under 
the terms of the GNU General Public License as published by the Free 
Software Foundation; either version 2 of the License, or (at your option) 
any later version.

This program is distributed in the hope that it will be useful, but without any 
warranty; without even the implied warranty of merchantability or fitness 
for a particular purpose. See the GNU General Public License for more details.

1. We are not aware of any bug in WScout. That is why reporting unknown bugs 
to the package's maintainers (thomas.claveirole@lip6.fr) is so important! :-D

2. If you have found a bug, please Report it to the package's maintainers 
(thomas.claveirole@lip6.fr).

3. If you would really love having feature X implemented, then, implement it! ;-) 
More seriously, unless this is a ridiculously simple feature to implement, 
this is unlikely we will do it for you. But giving feedback to the package's maintainers 
(thomas.claveirole@lip6.fr) about the features you want is important. 
So we know if important features are missing.

3. If you want to contribute to WScout and implement some features, 
have a look at doc/HACKING. Again, contact the package's maintainers 
(thomas.claveirole@lip6.fr) so they can help you implement new features.

4. If you have any question, please email the package's maintainers (thomas.claveirole@lip6.fr).

1. What are WScout's requirements?

WScout needs:
- A standard compliant C++ compiler. WScout's developers use GCC.
- GNU make. Or any other make that supports pattern rules using '%'.
- The Boost C++ libraries (http://www.boost.org/). More specifically:
	date_time,
	foreach,
	format,
	conversion/lexical_cast,
	optional,
	smart_ptr,
	tokenizer.
- Trolltech's Qt library (http://trolltech.com/products/qt/), at least version 4.3.
	You will also need some tools provided with this library: 
	the Meta-Object Compiler (moc) and the Resource Compiler (rcc). 
	On some systems (e.g. Debian GNU/Linux) they are provided 
	in separate packages.

2. How do I install WScout?

WScout's packaging follows the GNU conventions. An installation 
documentation is provided in the INSTALL file in the package's root 
directory. However, with a standard system, the following commands 
should do the trick:

---
mkdir _build
cd _build
../configure
make
make install
make check
---

On some systems, you might have to customize the configure script's 
invocation. E.g.

---
mkdir _build
cd _build
../configure CPPFLAGS=-I/usr/include/qt4
make
make install
make check
---


3. Why does WScout's configure check for the libpcap and GMP?

Actually WScout's configure does not check that. But WScout might 
embed a package called trace-tools, which configure script check 
for libpcap and GMP. However, these are optionals, and the build should be 
fine despite you might be missing these packages.

4. configure complains it did not find library X?

Either library X is not installed on your system, either your system is 
not properly configured, so the library cannot be found.

You may use the CPPFLAGS and LDFLAGS variables to correct this 
behavior.

E.g., run

---
./configure CPPFLAGS=-I/custom/path/include/qt4 \
         LDFLAGS=-L/custom/path/lib
---

As an example, on my system (Debian GNU/Linux), I invoke

---
./configure CPPFLAGS=-I/usr/include/qt4
---

5. configure complains it found library X's headers, but is unable to link?

Most probably library X is installed but its binaries are in a non-standard 
place. Use the LDFLAGS variable as described previously.

6. configure complains library X's headers are unusable, despite successful 
linking?

Most probably library X is installed but its headers are in a non-standard 
place. Use the CPPFLAGS variable as described previously.

Please see sample screenshots at http://wscout.lip6.fr/overview.html

Basically, WScout provides a multiple tabbed window to visualize PCAP traces.
WScout is able to open very large files. These might take a few dozen seconds 
to load, but WScout will not demand much CPU and memory resources.
WScout is also able to handle PCAP traces with no Prism header. 
You may process your traces with external programs in order to filter them.
Finally, WScout also enables browsing using multiple windows.

Please see sample screenshots at http://wscout.lip6.fr/overview.html

[Author] Thomas Claveirole

top

[Author] Marcelo Dias de Amorim

top