========================================================================
		          PktDem, version 2.1
========================================================================

   PktDem version 2.1
   Copyright (C) 1997 by Pascal Urien,
              All Rights Reserved.

   Other informations:
   http://ourworld.compuserve.com/homepages/UrienP/pktdem.htm

   For more information or suggestions, please mail to UrienP@compuserve.com 

       Contents.
       =========

       1  - PktDem Overview.
       2  - Getting Started.
       3  - The help menu.
       4  - PktDem basic modes of operation.
       5  - Receiver modes.
       6  - Showing/Hiding broadcast packets.
       7  - Sending packets.
       8  - Ip mode.
       9  - The dump mode.
       10 - The Sort Mode.
       11 - Statistics Plot - ("g" option).
       12 - Reading statistics - ("s" option).
  

1- PktDem.exe overview
======================

   * PktDem is a program running under Dos (v3...v7),
     graphics plot are working under EGA mode (640.350,
     16 colors).
     It'is designed to produce basic informations about
     your ethernet LAN (10baseT, 100baseT, ...).
     With PktDem, let's see your LAN working !!.

   * PktDem main Fonctions.

   - Statistics Graphics Plot (load and frames count).
   - Network Traffic dump.
   - Network Traffic analysis (sorted by IP addresses and TCP/UDP port).
   - Traffic generator (ping or mac frames).
   - Ip mode (Ping - ARP).
   - Arp Table.

2 - Getting started.
====================

    Command Line:
		  pktdem.exe
	       or
		  pktdem.exe Packet_Vector

    PktDem works with packet driver. The software automatically detects
    a resident packet driver. If several drivers are installed
    it's nessary to  specify a Packet Vector (an hexadecimal number
    between 0x60 and 0x7F).

    If a packet driver is detected, the following information
    is displayed:
   
     Packet Driver Vector At 0060
     Looking for an Ethernet Adapter, number=0, type=65535  [handle= 4288]
     Version 0001, Class 1, Type 51, Number 0, Basic 130
     Mac Address: 00 80 C7 A1 60 7A
     Old receiver mode = 5,
     Receiver mode has been set to Unicast+Multicast [5]
     13508 records available for statistics
     Press Any key To Continue


3 - The help menu.
==================

    UrienP@compuserve.com
    Receiver mode is unicast+multicast
    Show Broadcast packets

    h -> print this help info 
    s -> show  statistics
    d -> dump  received packets or D dump packets in dump.txt file
    i -> set ip mode
    @ -> set my ip address
    n -> set ip destination address
    a -> send ARP to n, A->auto ARP (in file arp.txt)
    p -> send a Ping packet,or P send several ping packet
    x -> receive packet unicast or multicast
    y -> receive all packets
    z -> receive unicast only
    o -> receive nothing, stop receiver
    c -> Ip statistics, C->Configuration Parameters
    l -> List Ip statistics, L save results in the class.txt file
    t -> transmit a packet, T-> re-transmit a packet, r->send burst packet
    f -> set filter parameters for options d and D
    b -> ignore broadcast packet, B-> show broadcast packet
    g -> plot ethernet statistics load & frames count
    q -> quit


4 - PktDem basic modes of operation.
====================================

    Pktdem can work under three exclusive modes.

     Mode 1: IP mode.
     ================
     An ip address must be defined. The software processes
     icmp request (ping) and ARP. The user can send arp and ping in this
     mode.

     Mode 2: dump mode.
     ==================
     In this mode incoming frames are displayed or dumped in a file. Frames
     can be filtered according ip addresses and port number. In this mode
     PktDem is usually set to process (receive) all packets.

     Mode 3: sort mode.
     ==================
     In this mode incoming frames are sorted, the result is either displayed
     or recorded in a file. In this mode PktDem is usually set
     to process (receive) all packets.

5 - Receiver modes.
===================

     PktDem can program your ethernet card in four ways:

     - Receive nothing (receiver mode "o"). In this case all incoming packets
       are discarded.
     
     - Receive unicast MAC frames (frames whose destination address is equal
       to your MAC address (receiver mode "z").
     
     - Receive unicast or multicast frames (frames with multicast destination
       address), receiver mode "x".
     
     - Receive all frames (promiscious mode), discarding their destination
       address (receiver mode "y").

6 - Showing Hiding broadcast packets.
=====================================

     Broadcast packets are transmitted with a destination address equal
     to FF FF FF FF FF FF. The "b" option hides these packets while
     running in dump mode, the "B" option shows broadcast packets for
     this mode.

7 - Sending packets.
====================

      This function is designed for testing purposes only. 
      
      The "t" option is used to format and send one packet.
      The "T" option is used to send one formatted packet.
      The "r" option sends a packets burst.
      
      Example 1: formatting a packet.
      ===============================
      t 
      Enter Data
      MAC DA (6 bytes) example 08 00 45 07 01 78
      08 00 45 07 01 78
      MAC SA (6 bytes) normal  00 80 C7 A1 60 7A
      00 80 C7 A1 60 7A
      Protocol ID (example 20 01)
      20 01
      Number of data bytes
      4
      Please Enter 4 Bytes (in hexa) example A3
      001=>01
      002=>02
      003=>03
      004=>04
      Please check your Data
      MAC DA  08 00 45 07 01 78
      MAC SA  00 80 C7 A1 60 7A
      Data
      08  00  45  07  01  78  00  80  C7  A1  60  7A  20  01  01  02  03  04
      Send this packet (y-n)
      Packet has been sent
      Done ...

      Example 2: Sending a formatted packet.
      ======================================
      T 
      Please check your Data
      MAC DA  08 00 45 07 01 78
      MAC SA  00 80 C7 A1 60 7A
      Data
      08  00  45  07  01  78  00  80  C7  A1  60  7A  20  01  01  02  03  04
      Send this packet (y-n)
      Packet has been sent
      Done ...

      Example 3: Sending a packet burst.
      ==================================
      r
      MAC DA (6 bytes) example 08 00 45 07 01 78
      08 00 45 07 01 78
      MAC SA (6 bytes) normal  00 80 C7 A1 60 7A
      00 80 C7 A1 60 7A
      PID Min (example 20 01)
      20 01
      PID Max (example 20 01)
      20 02
      Number of burst packets to send
      2
      Data size of sent packet
      64
      Check data
      MAC DA  08 00 45 07 01 78
      MAC SA  00 80 C7 A1 60 7A
      PID Min 2001, PID Max 2002
      Number of burst packets to send 2
      Data size of burst packet 64
      Confirm (y/n)
      Press any key to cancel
      0000000001
      Done ...

     
8 - Ip mode.
============
     
     This mode is turned on by the "i" key. An IP address MUST be defined
     before entering the IP mode, this is done by the "@" key.

                          
                          +---------------------+
                          |        ICMP         |
                          +----------+----------+ 
                                     |
                          +----------+----------+  +-------+
                          |         IP          +  |  ARP  |
                          +----------+----------+  +-------+ 
                                     |
                          +----------+----------+ 
                          |     ETHERNET MAC    |
                          +---------------------+  Mini IP stack
                                                   used in IP mode.

     
     Entering the IP mode.
     =====================
     - use "@" to define your IP address.
     - use "i" to enter the IP mode.

     How to ping.
     ============
     - Define a target IP address - key "n".
     - Send an ARP packet to this node - key "a"
     - Ping the target node - key "p"
     - The "P" option allows the user to send a burst of ping packets.
       P number_of_ping_packets.

     ARP table.
     ==========
     The "A" option sends an ARP to IP addresses whose end number is
     between .1 and .254. A table showing the correspondance between
     MAC addresses and IP adresses is recorded in the arp.txt file.
     
                 129.192.51.3 <=> 02:60:8C:2E:68:9A
                 129.192.51.4 <=> 08:00:38:42:0C:2B

                     A part of the arp.txt file.

     Example.
     ========
        You must define your Ip Address first
        The key @ performs this operation
        Your IP Adress is 0:0:0:0, new value (y/n)
        Done ...
        You must define your Ip Address first
        The key @ performs this operation
        Your IP Adress is 0:0:0:0, new value (y/n)
        Enter your IP address
        129.192.51.124
        Done ...
        Ip mode has been selected...
        You must send and ARP before pinging
        The key a performs this function
        You must define an Ip destination Address first
        The key n performs this function 
        Destination Adress is 0:0:0:0, new value (y/n)
        Enter the IP destination address
        129.192.51.200
        Done ...
        Sending ARP to 129.192.51.200
        ARP response from Ip 129.192.51.200 <=> Mac 08:00:0B:3D:1C:5F
        Pinging 129.192.51.200
        Pong from 129.192.51.200
        Number of ping frames to send
        2
        Pinging 129.192.51.200
        Press any key to cancel
        0000000001
        Pong from 129.192.51.200
        Pong from 129.192.51.200
      

9- The dump mode
================
     
     Dump mode displays incoming packet or records them in a file named
     dump.txt.

        length= 886 IPseq#8376
        129.192.51.241:3383 => 129.192.51.168:6000
        TCP seq#= 525776502 ack#= 1941092786 win= 16060 PSH ACK
        08 00 5A 01 9C 61 02 60 8C 2C F0 C2 08 00 45 00 ..Z..a.`.,....E.
        03 68 20 B8 00 00 3C 06 EF D2 81 C0 33 F1 81 C0 .h....<.....3...
        33 A8 0D 37 17 70 1F 56 B6 76 73 B2 B9 B2 50 18 3..7.p.V.vs...P.
        3E BC 06 5A 00 00 00 0E 00 0D 00 01 02 A8 00 01

                           A dumped packet.

     Before entering the Dump mode you will typically set the
     "promiscious receiver" option (key "y"), and the 
     "ignore broadcast packet" option (key "b").

     Entering the Dump mode
     ======================
     - key "d" selects the display packet option.
     - key "D" sets the dump in file option (file name is dump.txt).
     
     Filtering Packets
     =================
     Dumped packets can be filtered by their IP address and multiple
     UDP/TCP port number. In order to reduce the amount of dumped bytes,
     a dump size can be specified. This is done by the "f" option.
     
       Ip filter value is 0:0:0:0, new value (y/n)
       Enter the IP Filter Address (0.0.0.0==no-filter, 255.255.255.255==All)
       =>129.192.0.1
       Number of bytes to dump 64, new value (y/n)
       new value=>128
       Number of port to dump 0
       New value (y/n)
       Number of port to scan (0 == Every Port)=>2
       port01 (decimal value)=>21
       port02 (decimal value)=>23
       Done ...

10 - The Sort Mode
==================

       The sort mode is used to record packets number and bytes load
       sorted by their IP addresses and TCP/UDP port. Typically 10,000
       records are available. This function is usefull to evaluate
       the ethernet traffic or to check the LAN security. 
       It is activated by the "c" key.
       The receiver is usually in promiscious mode before
       setting this mode.


  PktDem v2.1 (c) Pascal Urien 1997
  (10:09:58,33) 350 records FramesCt= 14149 BytesCt= 3265447
  * Type* IP Address SA * IP Address DA *Ptcol* Port*   Count  *   Bytes  *
    0800 201.192.001.061 129.192.050.150 00006 00000 0000000229 0000016678
    0800 202.192.008.002 202.192.008.255 00017 00125 0000000003 0000000321
    0806 000.000.000.000 000.000.000.000 00000 00000 0000000080 0000004800
  
                         PktDem Sorting mode.        


       Sorting Parameters. ("C" option).
       =================================

       The following parameters can be adjusted:
       
       * Packet protocol ID (PID) between 0 and a maximum value.
       * Sorting mode
             - IP packets source address.
             - IP packets destination address.
             - IP SA and DA, in order.
             - IP SA and DA, without order.
             - UDP/TCP port only
       * IP layer encapsulated protocol (between 0 and a maximum value).
       * TCP/UDP port between 0 and a maximum value.  
  
           Maximum Protocol ID to record from 0h to FFFFh
           Actual value is FFFF, new value (y/n)
           new value=>FFF0
           Recording Mode
           0->IP SA, 1->IP DA, 2->SA & DA in order,
           3->SA & DA without order 4->port
           Actual value is 3, new value (y/n)
           new value=>3
           Maximum Protocol over IP to record from 0h to FFh
           Actual value is FF, new value (y/n)
           new value=>6A
           Maximum Port to record 0...FFFFh
           Actual value is 007F, new value (y/n)
           new value=>F567
           Done ...
       
        Saving records ("L" option).
        ============================

        Records are saved in the class.txt file by the use of
        the "L" key.

  PktDem v2.1 (c) Pascal Urien 1997
  (16:46:59,36) 84 records FramesCt= 1112 BytesCt= 259588
  * Type* IP Address SA * IP Address DA *Ptcol* Port*   Count  *   Bytes  *
    0000 000.000.000.000 000.000.000.000 00000 00000 0000000048 0000004468
    0800 129.192.001.001 129.192.001.002 00017 00000 0000000001 0000000129

                       A part of the class.txt file.

        Viewing Records ("l" option).
        =============================
       
        The "l" option displayed records.


11 - Statistics Plot ("g" option)
=====================
        
        Three statistics information are plotted:
        
        * The frames (packets) count per second.
        * The cumulative frames count.
        * The network load in bytes/s

        The graphical plot is activated by the "g" key.

            While plotting, press key
            t, to modify the refresh time
            r, to modify the FrameRate scale
            l, to modify the NetLoad scale
            c, to modify the frame count rate
            ESC, to quit PktPlot

            Press Any Key to Continue...

        Four parameters can adjusted, as for example the network
        load full scale.

            NetLoad Scale [1.250e+06], change (y-n), default is no :
            ?1e6

12- Reading statistics - "s" option
===================================
        
        The "s" shows the network statistics. The field named
        "Packets lost by PC" counts the number of packets lost 
        by the pktdem software.     
           
        Packets Lost by PC 12830
        Packets Received   28663
        Packets Sent       0
        Bytes   Received   32067071
        Bytes   Sent       0
        Errors  In         0
        Errors  Out        0
        Packets Lost       0


=======================================================================
                         PktDem, version 2.1
=======================================================================



 



          
         


     
 
 



