Getting Started --------------- See the INSTALL file for instructions on how to build and install and start using tcptrack. Known Bugs / Gothcas -------------------- tcptrack only works on ethernet interfaces at the moment. tcptrack will only notice tcp connections that started after tcptrack has been started. A future version will be able to pick up connections that have already started. On some systems at the end of the build process (after doing make), you may see "g++: unrecognized option -pthread". This is a problem with the configure script thinking that your c++ compiler actually accepts this option. This message isn't actually a fatal error. Unless some other error occurred, you should have a working tcptrack binary built and can test it or proceed to 'make install'. I have had one report that tcptrack will fail to compile on Solaris giving a ton of errors involving stl include files while doing 'make'. I have not been able to reproduce this on any Solaris machine that I have access to. I'm not sure if there's a problem in tcptrack or elsewhere. If you encoutner this, please let me know. Notes ----- Remember to use 'gmake' (that's GNU Make) on BSD systems (and anywhere else if needed). If you get 'Need an operator' errors running make, then you aren't using GNU Make. Compilation may fail with errors about multiple declarations of bpf_validate and bpf_filter. There is a bug in libpcap versions earlier than 0.7.2 which causes this to happen when using libpcap in C++ programs. To correct it get libpcap 0.7.2 or higher from www.tcpdump.org or see the notes at the end of this README file on how to fix your version. On Redhat 7.x configure or compilation may fail with errors about net/bpf.h not existing, or configure may tell you that it cannot find pcap.h when you in fact have it. I think this is a bug with Redhat's libpcap packages. See below for instructions on how to fix it, or install libpcap >= 0.7.2 from source. Fixing Redhat pcap build/configure problems ------------------------------------------- As mentioned above in the Notes section, this may be needed if you're on Redhat 7.x and configure tells you you don't have pcap.h when in fact you do. Edit your pcap.h file (/usr/include/pcap/pcap.h on RH 7.x). Line 42 reads: #include Change it to read: #include Now try running configure again. If you get 'previous declaration' errors while running make, see the next section. Fixing C++ bug in pcap < 0.7.2 ------------------------------ This is only needed if you're experiening the build problems mentioned above in the Notes section: Edit your pcap.h. It may be in /usr/include or usr/include/pcap. Around line 169 (as of libpcap 0.6.2, YMMV) you should see the following lines: u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int); int bpf_validate(struct bpf_insn *f, int len); Comment them out: /* u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int); int bpf_validate(struct bpf_insn *f, int len); */ Now try building again. Reporting Bugs / Comments / Requests / Patches ---------------------------------------------- Send me (Steve Benson) an email at steve@rhythm.REMOVE_THIS_SPAMTRAP.cx if you have questions or find bugs or anything.