Notice: Karpski development has ceased! I will never touch the code again. I've tried to give this project away several times, and no one seems interested. I'd have to say, the best sniffer out there now is Ethereal. Although it doesn't do everything Karpski did, it is very close, and does TONS of things karpski didn't do. Now that it can follow TCP/IP connections, it has become a useful sniffer, and is rivaling Network General's olde dos sniffers (having destroyed the assy net X-ray style crash-o-tron Sniffer Pro long ago) PLEASE don't send me any more mail, unless you want to take over development. Thank you for being such a supportive community. Brian Latest version: 0.101 Introduction K-Arp-Ski is a project that started with the intention of being a simple network mapper and misuse detector. It has since turned into a decent sniffer with a Gtk interface. For those of you who are interested, the name came from the Fat Boys rapper Kool Rock-Ski. I don't know why I chose his name, as he wasn't even my favorite of the Fat Boys (I liked the late Darren "The Human Beat Box" Robinson). But Kool Rock-Ski was pretty badass. Features K-Arp-Ski has several features. * It automatically finds all of the IP addresses on your network, as they are broadcast. It can find these from ARP broadcasts, TCP and UDP. * TCP Connections are tracked per MAC address. * Multiple connections can be watched simultaneously. A whole MAC address can be watched as well, for traffic such as datagrams (which have no connections). * The "launch" feature. This is the plug-in interface. Basically, you can have K-Arp-Ski call any remote program (a scanner, a DOS tool, etc) with the IP address of your target as part of its arguments. * It's free under the GPL meaning you get source too! Read LICENSE.TXT in the distrubtion for more details. * NIC vendors - You can see which vendor is associated with the MAC address of each card. The best use of this feature is to figure out what type of system is attached to that NIC. Cisco's are usually routers, Power Computing is a Macintosh, etc. * You can add a (theoretically) unlimited number of protocols/frame types to its packet recognition engine. * During scanning, you can have Kitt's (from Knight Rider) scanning sound :) * The Lion of Judah logo, stolen from the internet! Whose it is, I do not know. If it's yours, and you mind my non-commercial program using it, I will stop. Until I get a new logo (hopefully lion related) this will remain the logo cuz I like it. Missing Features There are many that are planned. * Configurability - right now, a user must use MY interface the way I intended. All options have to be compiled in... While this is good for me, it sucks for you. I'll take recommendations :) * Network mapping - It's pretty easy to determine which hosts are gateways... I hope to incorporate this knowledge and new knowledge into a a mapping tool. That is what the item role corresponds to. I currently have a basic algorithm for detecting routers. * Fragmentation - I don't unfragment TCP ot IP AT ALL. It's a big pain in the ass to unfragment, especially the way I watch -- I dump the TCP or UDP payload into a Gtk textbox. This will probably change in the future. * Missing runtime configuration- Certain features must be compiled in for no good reason. Tested platforms Karpski has been successfully compiled on several different platforms -- Linux, Solaris 2.5-2.6, AIX and FreeBSD. However, the author only has personal access to Redhat Linux (meaning glibc) on i386 and Alpha platforms. Karpski appears to work similarly on both, but my platform of choice is my i386 pentium (I can't get my damn alpha to boot a new linux kernel ... grr) Therefore, it would be appreciated if you could send me patches of any changes you make vs. a particular version. The old karpski webpage was located at: http://mojo.calyx.net/~btx/karpski.html Cryptographic signatures and checksums may be provided by the developers at the URL(s) above. Wiretapped recommends that users check these before use of the software/information.