1. OVERVIEW 'stak' (Statistical Traffic Analysis Kit) is a set of commandline traffic analysis tools, designed to help a network administrator see what is hapening at a router at the moment. Unlike tcpdump (1), the stak set uses statistical and stream-oriented methods, and will rarely produce an output stream at a speed beyond human perception. The output is less accurate however. The kit consists of five different utilities, designed to perform the following tasks: * estimating overall traffic rates (stakrate), * determining network nodes generating the highest traffic (stakhosts) * monitoring the amount of traffic exchanged with particular autonomous systems (stakasta), * extracting strings from packets (stakextract), * determining connections and flows generating the highest traffic (stakstreams, experimental), 2. REQUIREMENTS - gcc, libc... - libpcap - 'stak' currently supports only a few common interface types (loopback, Token Ring, Ethernet, FDDI, PPP). In case you want stak to listen on an unsupported one, you'll have to specify the data link layer prefix on the interface manually... well... it's quite easy to google... stak was succefully compiled on following OS'es: * Linux (shaerrawedd 2.4.19-xfs #7 Fri Oct 4 18:18:38 CEST 2002 i686 unknown) * FreeBSD (venom 4.6.2-RELEASE-p10 FreeBSD 4.6.2-RELEASE-p10 #0: Tue Mar 25 12:59:45 CET 2003 root@venom:/usr/src/sys/compile/VENOM-3 i386) * OpenBSD (pantera 3.3 PANTERA#0 i386) ... however it was tested only on Linux... Formerly, stak used to compile on Solaris/SunOS, but now I lack an account on a SunOS machine to check it. 3. INSTALLATION Edit Makefile, and uncomment the right setting for your system. If libpcap doesn't reside in a standard place on your system, add -I/include/path and -L/library path/ flags to CFLAGS and LDFLAGS. Type 'make' and copy the utilities (stakrate and other tools - being links to stakrate at the moment) to a desired place. Alternatively, you could use the install (type: make install) target to have the binaries copied into /usr/local/bin. To make use of the 'stakasta' utility (the AS traffic analyzer), you also need a dump of the world routing information database. The European (RIPE) database can be downloaded and processed automatically - just type make data to process the database (few utilities like wget and access to Internet is required to perform this step). After that, you could optionally do a 'make install_data' to copy the files to /usr/local/stak - if you skip this step, you'll have to specify path to the data files each time you run 'stakasta'. You can also copy the manual pages (available in doc/) into a manual directory on your system (eg. /usr/man/man1). 4. USAGE Consult the manual pages, available in the doc/ subdirectory. 5. OUTPUT For stak: pps = packets per second bps = bits per second Bps = bytes per second 1 kpps is 1000 pps 1 Mpps is 1000 kpps 1 Gpps is 1000 Mpps 1 kBps is 1024 bps 1 MBps is 1024 kBps 1 GBps is 1024 MBps 1 kbps is 1024 bps 1 Mbps is 1024 kbps 1 Gbps is 1024 Mbps 6. AUTHOR Mateusz 'mteg' Golicz . Feel free to send any comments, patches, bugfixes, suggestions, etc. The author is not a native english speaker, and is aware of the fact that his english is far from perfect. Because of that, reports on grammar and vocabulary mistakes in this file are also welcome. 7. ACKNOWLEDGEMENTS - Matt Kimball - the author of 'mtr' - for the GPLd asynchronous DNS resolver code - Krzysztof Rusocki - for numerous suggestions and testing on FreeBSD - Giannis Stoilis - Paul Dorman - for a few ideas on enhancements and testing 8. LICENSE GNU GPL, see attached 'COPYING' file.