XIPDUMP(8) XIPDUMP(8)
April 12, 1999
NAME
xipdump - displays ip packets using X window.
SYNOPSIS
xipdump [-cf xipdump_conf_file] [-i dev] [-s snaplen] [-p] [-t to_ms]
[-O] [-r tcpdump_fname] [-c count] [-n] [-B] [-F] [-h] [-v] [-dm]
[-dmv] expression
DESCRIPTION
Xipdump is a protocol analyzer and tester. It's a kind of graphical
tcpdump(8) with the possibility of changing packet values and
resending them.
Graphical representation of a packet is intended to offer a complete
view at a glance. Note that it is also customizable (e.g ability to
change colors and fonts).
GUI is composed of a big scrolled drawing area called "packet box".
All packets captured with libpcap(3) are displayed here first using a
mini-representation (unless -B is activated). They can then be
magnified by mouse button 3.
Once packet is magnified, you can do actions by clicking on links with
mouse buttons 1 or 2. If you click with mouse button 2, a new window
is created as result of operation. These actions can be changing
fields values, checksuming packets, extracting patterns, saving,
loading packets and so on. If you click on mouse button 3, it popups a
contextual menu which operates on pattern pointed by mouse.
By default, xipdump acts like tcpdump(8) (same options, etc.).
Options
The options to xipdump are:
-cf xipdump_conf_file
Defines configuration file. See detailed section.
-i dev Defines device (or interface) used to capture packets.
-s snaplen Defines snap length as in tcpdump(8).
-p Does not set interface dev in promiscuous mode.
-t to_ms See tcpdump(8).
-O Does not optimize bpf programs. See tcpdump(8).
-r tcpdump_fname
Reads a tcpdump(8) file (.dmp).
- 1 - Formatted: November 7, 2025
XIPDUMP(8) XIPDUMP(8)
April 12, 1999
-c cnt Reads only cnt bytes from tcpdump_fname.
-n Does not convert addresses (for example, host addresses
and port numbers) to names. Note: This option is
limited to standard internet features.
-B Displays big packets.
-F Forces pcap stuff to fork. This is intended to use by
systems which don't have a kernel bpf filter. Because
pcap handler is called each time a packet arrives, it
leads X server crazy. This solution works but pushes
this problem away.
-h This option shows a short usage.
-v This option produces more output of program. This is a
debug option.
-dm This option causes all the memory allocations done by
program to be registered and checked. This is a debug
option. Must be compiled with DEBUG_MALLOC.
-dmv This option causes all the memory allocations done by
program to be printed out stderr. This must be combined
with -dm. This is a debug option. Must be compiled with
DEBUG_MALLOC.
expression is a bpf program. See tcpdump(8).
RESOURCES
binEditorPath is path of a binary editor (e.g emacs(1) or beav(1)).
Default value is emacs. Use M-x hexl-mode.
<pattern>Color defines color of <pattern>. There is one resource per
pattern.
defaultColorName
is default color used when no pattern specific color is
provided.
bodyColorName is color specified in BODY tag of each packet.
bodyBackgroundName
is background (bit|pix)map used in BODY tag of each
packet. It can be internal:xipicon.xbm, either
internal:gray.xbm or any xbm or xpm files (if compiled
with libXpm(3)). Note that extension of file is
important for resolver.
- 2 - Formatted: November 7, 2025
XIPDUMP(8) XIPDUMP(8)
April 12, 1999
controlsColorName
is background color of the controls part of packet.
pktHelpOffset defines pixel offset of packet help.
pinMode if True, packet help is sticky.
helpMode if False, disables packet help.
scrollMode lets last packet always visible by scrolling "packet
box".
smoothScrollMode
scrolls smoothScrollOffset pixels by smoothScrollOfset
pixels.
smoothScrollLimit
starts smooth-scrolling when scroll space is less than
this value. This allows scrolling to be fast if "packet
box" viewport has to move from top to bottom by
subsequently dividing scroll space by two and to be
smooth when we have reached this limit.
smoothScrollOffset
see smoothScrollMode.
ACTIONS
XipPopupPktMenu()
Popups sub-pattern specific menus.
XipApplyMethodToPkt(new_window,xipdump_method)
Applies xipdump_method to packet. If new_window is
"True", then result of action is a new packet.
XIPDUMP METHODS
delete() Deletes packet.
set(pattern[idx].field)|set(pattern[idx].field,value)
Sets specified field to value or ask for a value.
extract(pattern[idx])|extract()
Extracts specified pattern or duplicates packet.
extract_to_pkt_box(pattern[idx])|extract_to_pkt_box()
Extracts specified pattern or duplicates packet to
"packet box".
trunc(pattern[idx])
Truncates packet to specified pattern.
- 3 - Formatted: November 7, 2025
XIPDUMP(8) XIPDUMP(8)
April 12, 1999
save()|save(file)
Saves packet to file or ask for a file name.
load()|load(file)
Loads packet from file or ask for a file name.
sum() Checksums packet.
adapt_len() Adapts various length to current lengths.
cut(fine)|cut(fine,pattern[index])
Cuts packet to cut buffer. If fine, cuts whitout sub-
patterns.
paste(fine)|paste(fine,pattern[index])
Pastes cut buffer to packet. If fine, replaces pattern
by cut buffer.
edit() Calls an external editor (see binEditorPath resource).
reply() Make a possible reply for packet. E.g swaps ip.src and
ip.dst, increments ip.id, ...
custom(path,arg1,arg2,...,argn)
Calls an external binary which modifies packet. Note:
Xipdump launches process reassigning stdin and stdout
to packet input and packet output respectively in using
".pkb" format.
opts()|opts(True|False)
Show opts or switch.
CONFIGURATION FILE
Syntax
Configuration file is a set of variables definitions in the form var =
value.
Spaces, tabs and returns are ignored but it is possible to backslash
them. It is also possible to specify a string containing spaces in
quoting with the " character. The sequences \n, \r and \t are also
recognized.
Comments are specified with traditional # and are valid up to end of
line. Empty lines are also ignored.
All theses variables are configurable through GUI.
Variables
tmpl_bufsiz = [0[xX]]nnnnn (number)
is size of buffer used to compute template strings.
Default value is 16 * BUFSIZ.
- 4 - Formatted: November 7, 2025
XIPDUMP(8) XIPDUMP(8)
April 12, 1999
html_bufsiz = number
is size of final HTML buffer. Default value is 16 *
BUFSIZ.
htmlize_bufsiz = number
is size of buffer used to transform packet field values
to an HTML form. Default value is 16 * BUFSIZ.
net_ifname = interface
is the interface where packets are written.
pat_data_bytes_per_line = number
is number of bytes displayed per line by "data"
pattern.
pat_udp_perform_sum = [true|false]
tells udp pattern to perform checksum or not.
pat_udp_guess_mode = [true|false]
tells udp pattern to guess it's sub-patterns according
its source port or destination port.
pat_verb_level = [all|nbstuff|pkt]
is a debug feature. E.g pat_msg and typ_msg prints
respectively messages relative to their class.
ghost_ip = A.B.C.D
is default ip address of ip-stack. Packets are sent
using this address.
ghost_ether = xx[:-]xx[:-]xx[:-]xx[:-]xx[:-]xx
is default ethernet address of ip-stack used for arp
replies.
plugins = plugin_path1;plugin_path2;...;plugin_pathn
defines the pathes of all the plugins.
pat_base = number
sets base used when printing numbers. Default is 10.
nbgethost_timeout = number
sets maximum timeout allowed when resolving hostnames
or ip addresses.
pat_etheraddr_dec_way = [true|false]
if true, prints ethernet addresses with a "-" instead
of a ":".
pat_pad_nbytes = number
defines number of bytes of pattern "pad". It is used
mainly as a debug feature to unalign packets (and test
- 5 - Formatted: November 7, 2025
XIPDUMP(8) XIPDUMP(8)
April 12, 1999
implementations).
pat_pad_sub_pat = pat
defines layer that pattern "pad" should deserve.
Default is "ether".
xipdump_do_opts = [true|false]
tells xipdump to manage options. Note that it is also
configurable at packet level.
ENVIRONMENT
The following variables involves progress of program. All of them are
debug variables.
XMG_VERB_LEVEL debugs Xmg part.
PAT_VERB_LEVEL debugs patterns part. See configuration variable
pat_verb_level.
XIPDUMP_VERB_LEVEL
debugs xipdump part.
FILES
${HOME}/.xipdumprc
is loaded and saved automatically. See configuration
file.
Xipdump.ad is a resource file. Try xrdb -merge Xipdump.ad.
.pkt files describe packets in a portable and readable manner.
.pkc files describe packets collections.
.pkb files describe packets in a portable and binary manner (not
readable). This format is not mainly intended to be
used in files but mostly in network or pipe streams.
.dmp files are tcpdump files.
@prefix@/share/xipdump/pkc/*
Pkc example files.
@prefix@/share/xipdump/pkt/*
Pkt example files.
SIGNALS
SIGINT Controls flow from controling terminal.
Sometimes, flow of packets is so fast we can't do
anything on GUI as XWindow is busy. In such cases we
use SIGINT as an emergency option. See also -F option.
- 6 - Formatted: November 7, 2025
XIPDUMP(8) XIPDUMP(8)
April 12, 1999
STATUS
A value of 0 means that everything was allright. A value of 1 means
that there was an error.
SEE ALSO
libpcap(3), tcpdump(8). wtap2dmp(1).
AUTHOR
Vianney Rancurel (vianney@epita.fr)
- 7 - Formatted: November 7, 2025
