pdump - dumps, greps, monitors, creates, and modifies traffic on a network

#pdump on SUIDnet (irc.LucidX.com [along with
other servers on http://suidnet.org]) for help
and other information on pdump and other perl//packet
related questions/comments/etc..

Read the 'FUTURE' file for things that I want to have
done in the future, and also why certain things are 
currently happening to pdump such as modules to libs.

0.8      [12/26/00]

     -  Working on a set of modules called 'Packet',
        with David Hulton, to be used with pdump in
        the future for packet sniffing and creation. 
     -  Added advancements to the ICMP library.
     -  Recoded a great deal of pdump.  Now only one BPF
        is used and also only one process is used for
        all protocols.  pdump should be at least 3 times
        faster now!
     -  Recently got the domain pdump.org.
     -  Added many bug fixes to the UDP and ICMP libraries.
     -  Added more protocols such as ARP, RARP, OSPF, RIP,
        RIP-2, BOOTP, Ethernet, and IGMP.  Still have to
        implement a few directly into pdump.
     -  Added perl protocol parsing libraries, all ending
        in -decode.pl in the lib directory to easily add
        new protocols.
     -  Added a few more variables to the 'strings' hash.
        See the 'strings' section in the README for more
        information.
     -  Web page (http://pdump.org) updated, and
        finally has some content, and even tables :)
     -  Removed 
     -  Added about 500 more fingerprints for Windows,
        Linux, and *BSD.
     -  About 100 more Windows fingerprints added
        thanks to Jean-Marc V. Liotier for them.
     -  More additions to the password sniffing library
        for the web sniffing, and also rewritten for
        more efficient and quicker results.
     -  pdump untraceable to programs which find remote
        machines in promiscuous mode such as sentinal
        and antisniff.
     -  Fixed up both the hex and ASCII dumping a bit.
     -  Fixed up the password sniffing library and also
        fixed some bugs that were causing it to get an
        'Out of memory!' error on some systems.
     -  Added advancements to the `install` script.
     -  A few changes to the install script, thanks to
        _insane_ for suggesting to allow the user decide
        where pdump.pl gets installed.
     -  Changed the passive OS fingerprinting making it
        a bit faster by sniffing only necessary packets.
     -  Fixed a bug when using -e and -g together.


0.79     [11/21/00]

     -  Added more fingerprints for the -a option
        to do better estimates on remote OS detection
     -  Added hex-dumping with the -x option,
	similar to tcpdump's -x option
     -  Added ASCII/hex dumping with the -X option,
        similar to tcpdump's -X option.  A few bugs
        should be fixed in it first until it's fully
        working correctly.
     -  Added napster password sniffing.
     -  Added some more advancements to the strings
        function (-e) including using -g in
        conjunction with the option and not printing
        packets which you only want the data printed
        when all that is being printed is either
        whitespace or nothing at all [although it
        will always print a newline, so it would be
        creating unwanted new lines].
     -  The password sniffing lib is fully
        functional now.  IRC and telnet password
        sniffing has been added.  Hopefully that
        library will grow.
     -  Added the extras/ directory with a
        perl/Tk front-end to TCP packet injection
        with pdump::Sniff.
     -  Changed -x (network mapping) to -a
     -  Removed -X (non-existent option but was
        in README for some reason)
     -  Fixed a bug in the 'lowjack' library.
        This enables you to send packets with
        data into a live connection without
        disrupting it.
     -  Fixed a memory leak in pdump::Sniff.
     -  Fixed up the passwords library a bit.
     -  Fixed some bugs in the file swiping lib.
     -  Big version change...now using 2 digit
        decimal numbers since a lot of the big
        stuff which I wanted accomplished in the
        beginning is finished.  Hopefully there
        will be contributors to pdump soon and
        a mailing list will be set up shortly.


0.782-2: [10/20/00]

     -  Big bug in the Makefile.PL was found and
        patched by Conrad H..  Big thanks to him!


0.782:   [10/19/00]

     -  pdump doesn't come with libpcap anymore but
        the INSTALL file has a link to the current
        stable version.
     -  #pdump on SUIDnet [encrypted IRC network] is
        now up.  You can come on encrypted or on an
        unencrypted connection on irc.LucidX.com.
        www.suidnet.org for more information on the
        IRC servers.
     -  Hopefully code will start coming in quickly
        again.  There was a sort of code freeze for
        the past month or so.
     -  More advanced -e option with many examples in
        the README files.  Also allows \n and \t
        support.
     -  Added file swiping/snarfing support which is
        able to detect files going through FTP, SMB,
        Samba, and DCCs through IRC and is able to
        save them to the local machine.
     -  Added the -A option which is able to send
        packets into an open TCP connection without
        disrupting that connection.
     -  The -x option which does passive operating
        system fingerprinting/detection is now fully
        functional and bugless (it requires a better
        table for the detection and hopefully that
        will continuously be updated :)  This option
        does the same thing as what siphon does.


0.781:   [09/17/00]

     -  Added experimental passive operating system
        detection/fingerprinting.
     -  Added support for recognition of df (don't
        fragment) and tos, just as tcpdump does.
        It will display them just as tcpdump would.
     -  -J functional now.  -J is the clone of
        dsniff's tcpkill.  It is able to 'kill' any
        TCP connections (all, if not specified) on
        the network going out or in.
     -  Removed -Z and made a more advanced -W.
     -  -p is now active/working.
     -  Added -x for passive network mapping.
     -  This version has a new option, -e.  It allows
        the user to display the output for pdump in
        a format so it will display packets any way
        the user wants it to look like.  This is good
        if you wish to make front-ends for pdump and
        only want certain information from packets.
        Read the README for more details in the
        'STRINGS' section.
     -  Using pdump::Sniff instead of Net::RawIP now.


0.780:   [09/13/00]

     -  This version has a lot of bug fixes and is
        so far the most stable of all versions...
        such things as the 'Out of memory!' and perl
        dumping core bugs are out [not pdump's fault]!
     -  Added Escape.pl, my replacement of the module
        URI::Escape.  Also removed URI::Escape from
        this package.
     -  This should have removed the MIME::Base64
        dependancy...
     -  Updated Net::RawIP 0.09b to version 0.09c.
        (This should have fixed the 'Out of memory!'
        error on some [well, all I assume] systems :)
     -  Renamed All.pl to Filter.pl (used with the -E
        option).
     -  Fixed some bugs in the sniffing libraries.
     -  Displays TCP sequence numbers with TCP packets
     -  Fixed the missing window size bug when when
        the window size of a packet is set to 0
     -  Fixed the negative sequence numbers bug
     -  Fixed the differences in display when using
        TCP.pl compared to Filter.pl
     -  Removed some useless subroutines which just
        set variables and now getting ready for the
        pdump modules (already in development).  See
        the FUTURE file for more information.


0.779-2: [09/06/00]

     -  Vital updates were added which are required for
        some, but few, systems.
     -  Include TCP sequence numbers when displaying
        TCP packets just as tcpdump would do.
     -  Modified -g option to not display empty packets
        and to remove the two spaces displayed in the
        beginning of all packets when using the option.


0.779:   [09/01/00]

     -  Added Color.pl, my replacement of the module
        Term::ANSIColor.  Also removed Term::ANSIColor
        from this package.
     -  Fixed a bug in the Passwords library which was
        screwing up the AIM decryption when using -W.
     -  Added the -l option to allow you to specify the
        pdump directory where the library (lib/)
        directory resides.
     -  Fixed the missing ACK bit when pdump uses color.
     -  Now using libpcap 0.5.2 instead of 0.4.


0.778:   [08/20/00]

     -  Fixed a few minor bugs with -c and -g.
     -  Added 'Omnivore', a plug-in almost identical to
        dsniff's mailsnarf (identical pretty much, just
        in different languages :), or is it *cough*
        Carnivore *cough*.  This will sniff all email 
        going in and out of the network you're on.
     -  Also changed -h a little bit.
     -  Added AIM password decryption and sniffing.
        Thanks to David Hulton for the original code
        and paper he did on AIM decryption.


-Samy Kamkar [CommPort5@LucidX.com]
