
PACKHACK.TXT   Doc file for PACKHACK Version 8a  Nov. 97

(now the legal disclaimers...)
The use and distribution of the Compiled version of PACKHACK
is intended to be for non-pecuniray uses only. That means for
Free.  You are Not Authorized to sell it;  Give it, distribute
it to anyone who might want it, but only on a free basis.
(C) Wbradford 1997  

PACKHACK  is a program used to analyze packet radio activity
taking place on a specific radio channel.  It identifies and
counts packets from each station, and categorizes the packets
into frame types.  Generally, only "I" frames contain user
information.  The "RR" frames are Acks, the "UA" frames are
Acks for disconnect requests, the "D" frames are disconnect
requests, and the REJ frames are Reject, send again requests.
See the TNC-II/PK232 manuals for a complete discussion on frame
types.

With PACKHACK you can see a list of stations on the air, and
the number and type of each packet sent by each station.
You can see which node is most active and if most of it's
activity is retries or real information.  It is interesting
to compare the ratio of I to RR frames for different stations,
and hopefully it will be useful too.

This version of PackHack works with data from either TNC-II
clones or AEA PK232 TNC's.

How to use PackHack:

First set the TNC type.  Enter  PACKHACK SETTNC  and pick the
type of TNC data to be used.

To use PACKHACK, you first need a text file that contains
the monitored packets of the radio channel to be analyzed.

This program was developed for TNC-II Clones (specifically
the MFJ-1270/B TNC), and later modified to accomodate PK232
units. Set the TNC commands as follows to see packet headers:

MON ON    MCOM ON    MCON ON    MALL ON    MRPT ON   MSTAMP ON

It is important that the "<RR R R5>" or "<I C S7 R2>" data
be seen in each packet.  Also if MSTAMP is set ON, the date
and time of the first buffer file packet will be shown in
the PackHack reports.  When using data from PK-232, the day/time
information MUST be present.

Set the TNC as above, open a capture buffer, and monitor
packets for some period of time (10 minutes? 3 hours?).
Then save the buffer to disk.

After saving the buffer to file, you are ready to run PACKHACK.

(*If the capture buffer option is not available with your terminal
program, do this:  Set the TNC as above, and then initiate
Receive (download) text file.  End it when you please, and this
file will work fine with PackHack.*)

Enter  PACKHACK  [filename]  where filename is the name of the
file saved from capture buffer.  If the specified file can
not be found, and error message is displayed, and the program
exits.

After finding the capture buffer file, PACKHACK will say:


  Analyzing file: [filename]    Length: [size]  Bytes

  working, please wait.....

   (on a 386DX, a 100k file will take about seven seconds to
    run.  On a slow floppy drive it may take a minute or so.
    Please be patient.)

Next a screen appears that gives a choice of where to send the
report.

  PackHack Chronicle for  [filename]

  Send report to...

        1  Screen

        2  Printer

        3  File named [filename].rpt

If you are running PackHack for the first time, enter  '1', send
report to screen.

Display after entering '1':

  The PACKHACK Chronicle for file: [filename]   [size] bytes

  First Time/Date stamp:           [time and date stamp, 1st packet]

     Originating
         Station    Total   Packet Frame type:
       Call Sign  Packets   I       RR      UA      D     REJ    C

            etc.     etc.   etc.    etc.    etc.   etc.   etc.   etc.

    (you get a list of call signs, and the total number of frame types
     from each call sign.)


Choice  '2' sends the report to printer.  If there is a printer error,
PackHack prompts user to try again or exit.

Choice  '3' sends the report to a file in the current directory.  The
report file has the same name as the original capture buffer file,
but with the extension  '.RPT' added.  For example, if the capture
buffer file used with PackHack is named 'APR29145.TXT' then the report
file will be named 'APR29145.RPT'.

The PackHack Chronicle report format is the same for reports sent to
the screen, printer, or file.


Things that PackHack does to your computer:

PackHack makes one or two new files in the current directory.
The file named BUFFER is made every time PackHack is run, and
is used as a buffer for data crunching.  BUFFER is overwritten
every time PackHack runs, so it's OK to just pretend it doesn't
exist, or you can delete it to save disk space.

The other file named [filename].RPT is created when choice '3'
is made, 'Send report to file'.  This file only appears when
choice '3' is made.

Of course, PackHack runs best (fastest) on a fixed drive.  It is
a DOS program but tests OK on WIN95 and NT 4.0 workstation.


Special Request:

PackHack was written for use with TNC-II clones and PK232's.
Other TNC types present the frame data in different ways.
To make PackHack work with other types of TNC's, I need
capture buffer files from Kantronics and other TNC's.  I
solicit your files.  If you can supply me with capture buffer
files using Any TNC, I would happily pay the postage and disk
cost.  Please advise me via email, the packet network, or mail,
your TNC type and what files you have available.  I will
then send a disk, and stamped mailer, and make sure that you
receive the new PackHack versions.

This program was written in Borland Pascal.  If you would like
the source code, or a version that runs in protected mode, contact
me.  I hope that you find it useful.  Feedback please.

Distribution of this program is encouraged.  For Free of course.

Bill Bradford   K7EA      Packet K7EA@KG7FC.UT.USA.NOAM

wbradford@delphi.com 