Ralf Hauser wrote: > I need to find out what is sent by some forms to my httpd on a per port > basis. Under Linux, > http://www.circlemud.org/~jelson/software/tcpflow/ does an excellent job at > this. > > Did anybody get this to work under cygwin yet?
I had not heard of it until now, but I had been using the windows port of Ethereal for this (which works fairly well, btw) so I checked it out. I found that it will compile and run w/o patches, but it takes a bit of work: 1. Go to http://winpcap.polito.it and install the WinPcap driver, and get the WinPcap developer kit. You can make it from source if you want, but the wpdpack_3_0.zip file includes the precompiled import libraries that you need (libwpcap.a, libpacket.a) which I copied to /usr/lib/. These link against wpcap.dll and packet.dll which the actual driver install program should have put in your windows system directory for you. It also installs the low level packet driver (packet.sys / packet.vxd.) I think you also need the public header file pcap.h and here I admit that I already had the WinPcap stuff installed from trying to build Ethereal, so I'm not exactly sure what I did, but I think you can just copy pcap.h from the libpcap dir in the source archive (wpcapsrc_3_0.zip) to /usr/include/. At this point you should be able to compile and run most of the "examples" in the wpdpack file, or at least "iflist". I didn't really try the others. 2. Okay, now this might be a cardinal sin, but I copied the following header files from FreeBSD: /usr/include/net/ethernet.h /usr/include/net/if_arp.h /usr/include/netinet/if_arp.h /usr/include/netinet/if_ether.h The program references "struct ether_header" (and probably others) that are in these header files, and they aren't included with cygwin or WinPcap, as far as I can tell. You can tell when you've done this right as the "./configure" script will say "checking for netinet/if_ether.h... yes". Naturally I wouldn't expect to be able to generally just lift a header file from FreeBSD and have it work but since it looks like the only things that are really used from them are ethernet structures and #defines, it seems to have worked. I found them in the "src/sys/net" and "src/sys/netinet" directories in CVS, which you can access from cvsweb.freebsd.org if you want. 3. Untar the tcpflow source, "./configure", "make", "make install". Smooth sailing. I did notice a strange issue that sometimes when you ^C a running tcpflow.exe process, it doesn't die and the CPU shoots up to 100%. Using "kill -9" stops it fine, though, as does killing it in task manager. Brian -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
