Index of /bmtools/

1. OVERVIEW

    'stak' (Statistical Traffic Analysis Kit) is a set of commandline traffic
  analysis tools, designed to help a network administrator see what is hapening
  at a router at the moment. Unlike tcpdump (1), the stak set uses statistical
  and stream-oriented methods, and will rarely produce an output stream at a
  speed beyond human perception. The output is less accurate however.

    The kit consists of five different utilities, designed to perform the
  following tasks:
    * estimating overall traffic rates (stakrate),
    * determining network nodes generating the highest traffic (stakhosts)
    * monitoring the amount of traffic exchanged with particular autonomous
      systems (stakasta),
    * extracting strings from packets (stakextract),
    * determining connections and flows generating the highest traffic
      (stakstreams, experimental),

2. REQUIREMENTS

  - gcc, libc...
  - libpcap
  - 'stak' currently supports only a few common interface types (loopback,
     Token Ring, Ethernet, FDDI, PPP). In case you want stak to listen
     on an unsupported one, you'll have to specify the data link layer
     prefix on the interface manually... well... it's quite easy to
     google...

  stak was succefully compiled on following OS'es:
    * Linux (shaerrawedd 2.4.19-xfs #7 Fri Oct 4 18:18:38 CEST 2002 i686 unknown)
    * FreeBSD (venom 4.6.2-RELEASE-p10 FreeBSD 4.6.2-RELEASE-p10 #0: Tue Mar 25
             12:59:45 CET 2003     root@venom:/usr/src/sys/compile/VENOM-3  i386)
    * OpenBSD (pantera 3.3 PANTERA#0 i386)
  ... however it was tested only on Linux...

    Formerly, stak used to compile on Solaris/SunOS, but now I lack an account
  on a SunOS machine to check it.

3. INSTALLATION

  Edit Makefile, and uncomment the right setting for your system.

  If libpcap doesn't reside in a standard place on your system, add 
  -I/include/path and -L/library path/ flags to CFLAGS and LDFLAGS.

  Type 'make' and copy the utilities (stakrate and other tools - being links to
  stakrate at the moment) to a desired place. Alternatively, you could use
  the install (type: make install) target to have the binaries copied into
  /usr/local/bin.
  
  To make use of the 'stakasta' utility (the AS traffic analyzer),
  you also need a dump of the world routing information database. The
  European (RIPE) database can be downloaded and processed automatically -
  just type make data to process the database (few utilities like wget
  and access to Internet is required to perform this step). After that,
  you could optionally do a 'make install_data' to copy the files
  to /usr/local/stak - if you skip this step, you'll have to specify
  path to the data files each time you run 'stakasta'.
  
  You can also copy the manual pages (available in doc/) into a manual
  directory on your system (eg. /usr/man/man1).

4. USAGE

  Consult the manual pages, available in the doc/ subdirectory.

5. OUTPUT

  For stak: 
  
  pps = packets per second
  bps = bits per second
  Bps = bytes per second

  1 kpps is 1000 pps
  1 Mpps is 1000 kpps
  1 Gpps is 1000 Mpps
  1 kBps is 1024 bps
  1 MBps is 1024 kBps
  1 GBps is 1024 MBps
  1 kbps is 1024 bps
  1 Mbps is 1024 kbps
  1 Gbps is 1024 Mbps

6. AUTHOR

  Mateusz 'mteg' Golicz <mtg@elsat.net.pl>. Feel free to send any comments,
  patches, bugfixes, suggestions, etc. The author is not a native english
  speaker, and is aware of the fact that his english is far from perfect. Because
  of that, reports on grammar and vocabulary mistakes in this file are
  also welcome.

7. ACKNOWLEDGEMENTS

  - Matt Kimball - the author of 'mtr'
      - for the GPLd asynchronous DNS resolver code
      
  - Krzysztof Rusocki
      - for numerous suggestions and testing on FreeBSD

  - Giannis Stoilis
  - Paul Dorman
      - for a few ideas on enhancements and testing

8. LICENSE

  GNU GPL, see attached 'COPYING' file.