Chaosreader

Chaosreader

A open source tool to trace TCP/UDP/... sessions and fetch application data from snoop or tcpdump logs. This is a type of "any-snarf" program, as it will fetch telnet sessions, FTP files, HTTP transfers (HTML, GIF, JPEG, ...), SMTP emails, ... from the captured data inside network traffic logs. A html index file is created that links to all the session details, including realtime replay programs for telnet, rlogin, IRC, X11 or VNC sessions; and reports such as image reports and HTTP GET/POST content reports. Chaosreader can also run in standalone mode - where it invokes tcpdump or snoop (if they are available) to create the log files and then processes them.

For a look at the command line options see the readme printed by the program (chaosreader --help2).


Screenshots


Downloads


Sites


Operating Systems

This has been tested on Solaris 9, RedHat 9 Linux and Windows 98. Perl version 5.6 is required.


Feature List


Current News

This temporary news section is here to explain what may appear in future versions.
I'm currently working on wireless protocols, reducing memory usage, and usability features.
You could help by emailing a small sample snoop/tcpdump dump of wireless (or any odd) traffic to brendan.gregg@tpg.com.au .


Troubleshooting

Just as a note, the most reliable client I've used to playback X11 has been RedHat 9 Linux; The most reliable client to playback VNC has been Solaris 9;
The most reliable playbacks in general are those on the same OS and hardware as the original.

1. X11 playbacks, although these are experimental here are some things to check,

2. X11 red/blue html report, this displays the communicated text, 3. VNC Playbacks, these are experimental (although more robust than X11 playbacks) 4. Out of Memory - Chaosreader currently uses around 7x the log file size in memory. Future versions will be far more memory efficient. 5. index.html is too long, and is mostly small connections that are not interesting.
Back to Brendan Gregg's Homepage


Last updated: 09-Apr-2014 (previous update: 02-May-2004)