CRAWDAD tools/analyze/pcap/WScout (v. 2007-09-25)

Citation Author(s):
Thomas
Claveirole
Universite Paris-Sud 11, Laboratoire de Recherche en Informatique
Marcelo
Dias de Amorim
Université Pierre et Marie Curie Paris 6, Laboratoire d’Informatique de Paris 6
Submitted by:
CRAWDAD Team
Last updated:
Fri, 11/16/2007 - 08:00
DOI:
10.15783/C7V01S
Data Format:
License:
36 Views
Categories:
Keywords:
0
0 ratings - Please login to submit your rating.

Abstract 

WScout, lightweight PCAP file visualizer.

WScout provides a PCAP traces visualizer that is able to work with huge traces (>10 GiB). Its goals are speed and low memory requirements. Despite its design being protocol-agnostic, it currently handles only Prism and IEEE 802.11 headers, hence its name.

Lastmodified :

2007-11-16

Dataname :

tools/analyze/pcap/WScout

File :

wscout-1.1.tar.gz

Releasedate :

2007-09-25

Equiversion :

v1.1

Change :

* WScout 1.1 is released!

- Middle clicking  when the window system's  clipboard has numerical
content now go to the  corresponding frame (e.g. Copying "42" into
the clipboard  then middle clicking  inside WScout goes  to packet
#42).

As a side  effect, only left clicks select  packets (middle clicks
used to select packets before).

- Duplicating windows does not  re-build file indexes anymore.  This
allows significant performance improvements on window duplication.

- Bugfix:  opening  an empty  trace  does  not  result in  a  failed
assertion.

- The default filtering command becomes

sh -c "tshark -q -i- < '%1' -w '%2' -R '%3'"

So  tshark will not  complain when  asked to  filter big  (> 2GiB)
files.  But of course, this implies your system must provide `sh'.
Although no big deal with  UNIX systems (GNU/Linux, BSD, Mac OS X)
I do not know what this will give with MS Windows...

- The filter dialog is no more a modal window.

References :

The WScout website

Website :

http://wscout.lip6.fr

Keyword :

802.11
802.11 frames
packet trace
tcpdump

License :

Copyright© 2007 Université Pierre et Marie Curi- Paris 6

This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.

This program is distributed in the hope that it will be useful, but without any
warranty; without even the implied warranty of merchantability or fitness
for a particular purpose. See the GNU General Public License for more details.

Support :

1. We are not aware of any bug in WScout. That is why reporting unknown bugs
to the package's maintainers (thomas.claveirole@lip6.fr) is so important! :-D

2. If you have found a bug, please Report it to the package's maintainers
(thomas.claveirole@lip6.fr).

3. If you would really love having feature X implemented, then, implement it! ;-)
More seriously, unless this is a ridiculously simple feature to implement,
this is unlikely we will do it for you. But giving feedback to the package's maintainers
(thomas.claveirole@lip6.fr) about the features you want is important.
So we know if important features are missing.

3. If you want to contribute to WScout and implement some features,
have a look at doc/HACKING. Again, contact the package's maintainers
(thomas.claveirole@lip6.fr) so they can help you implement new features.

4. If you have any question, please email the package's maintainers (thomas.claveirole@lip6.fr).

Build :

1. What are WScout's requirements?

WScout needs:
- A standard compliant C++ compiler. WScout's developers use GCC.
- GNU make. Or any other make that supports pattern rules using '%'.
- The Boost C++ libraries (http://www.boost.org/). More specifically:
date_time,
foreach,
format,
conversion/lexical_cast,
optional,
smart_ptr,
tokenizer.
- Trolltech's Qt library (http://trolltech.com/products/qt/), at least version 4.3.
You will also need some tools provided with this library:
the Meta-Object Compiler (moc) and the Resource Compiler (rcc).
On some systems (e.g. Debian GNU/Linux) they are provided
in separate packages.

2. How do I install WScout?

WScout's packaging follows the GNU conventions. An installation
documentation is provided in the INSTALL file in the package's root
directory. However, with a standard system, the following commands
should do the trick:

---
mkdir _build
cd _build
../configure
make
make install
make check
---

On some systems, you might have to customize the configure script's
invocation. E.g.

---
mkdir _build
cd _build
../configure CPPFLAGS=-I/usr/include/qt4
make
make install
make check
---


3. Why does WScout's configure check for the libpcap and GMP?

Actually WScout's configure does not check that. But WScout might
embed a package called trace-tools, which configure script check
for libpcap and GMP. However, these are optionals, and the build should be
fine despite you might be missing these packages.

4. configure complains it did not find library X?

Either library X is not installed on your system, either your system is
not properly configured, so the library cannot be found.

You may use the CPPFLAGS and LDFLAGS variables to correct this
behavior.

E.g., run

---
./configure CPPFLAGS=-I/custom/path/include/qt4 LDFLAGS=-L/custom/path/lib
---

As an example, on my system (Debian GNU/Linux), I invoke

---
./configure CPPFLAGS=-I/usr/include/qt4
---

5. configure complains it found library X's headers, but is unable to link?

Most probably library X is installed but its binaries are in a non-standard
place. Use the LDFLAGS variable as described previously.

6. configure complains library X's headers are unusable, despite successful
linking?

Most probably library X is installed but its headers are in a non-standard
place. Use the CPPFLAGS variable as described previously.

Output :

Please see sample screenshots at http://wscout.lip6.fr/overview.html

Usage :

Basically, WScout provides a multiple tabbed window to visualize PCAP traces.
WScout is able to open very large files. These might take a few dozen seconds
to load, but WScout will not demand much CPU and memory resources.
WScout is also able to handle PCAP traces with no Prism header.
You may process your traces with external programs in order to filter them.
Finally, WScout also enables browsing using multiple windows.

Example :

Please see sample screenshots at http://wscout.lip6.fr/overview.html
Instructions: 
The files in this directory are a CRAWDAD toolset hosted by IEEE DataPort. 

About CRAWDAD: the Community Resource for Archiving Wireless Data At Dartmouth is a data resource for the research community interested in wireless networks and mobile computing. 

CRAWDAD was founded at Dartmouth College in 2004, led by Tristan Henderson, David Kotz, and Chris McDonald. CRAWDAD toolsets are hosted by IEEE DataPort as of November 2022. 

Note: Please use the tools in an ethical and responsible way with the aim of doing no harm to any person or entity for the benefit of society at large. Please respect the privacy of any human subjects whose wireless-network activity is captured by the tools and comply with all applicable laws, including without limitation such applicable laws pertaining to the protection of personal information, security of data, and data breaches. Please do not apply, adapt or develop algorithms for the extraction of the true identity of users and other information of a personal nature, which might constitute personally identifiable information or protected health information under any such applicable laws. Do not publish or otherwise disclose to any other person or entity any information that constitutes personally identifiable information or protected health information under any such applicable laws derived from the tools through manual or automated techniques. 

Please acknowledge the source of the tools in any publications or presentations reporting use of this tools. 
Citation:  
Thomas Claveirole, Marcelo Dias de Amorim, CRAWDAD toolset tools/analyze/pcap/WScout (v. 2007‑09‑25), https://doi.org/10.15783/C7V01S, Sep 2007.

Dataset Files

LOGIN TO ACCESS DATASET FILES
Open Access dataset files are accessible to all logged in  users. Don't have a login?  Create a free IEEE account.  IEEE Membership is not required.

Documentation

These datasets are part of Community Resource for Archiving Wireless Data (CRAWDAD). CRAWDAD began in 2004 at Dartmouth College as a place to share wireless network data with the research community. Its purpose was to enable access to data from real networks and real mobile users at a time when collecting such data was challenging and expensive. The archive has continued to grow since its inception, and starting in summer 2022 is being housed on IEEE DataPort.

Questions about CRAWDAD? See our CRAWDAD FAQ. Interested in submitting your dataset to the CRAWDAD collection? Get started, by submitting an Open Access Dataset.