TCPSpy v1.0                        Installation and Users' Guide
Copyright (C) 1995, DN Software.

Introduction

TCPSpy is a tool for administration and monitoring of TCP/IP networks.
TCPSpy allows you to view the data being sent along each TCP connection
that has at least one participant on your local network segment (see below).
The data sent by both sides of the connection can be viewed by simply
selecting the connection from the list of current connections.

System Requirements

TCPSpy requires only an 8088 (or greater) PC, and a supported network card.
TCPSpy interacts with your network card through packet drivers, small
programs that are each specific to a certain type of network card.  Packet
drivers are available for free for most network devices, and for most cards,
can be found in the public domain. If you have access to Internet FTP, many
packet drivers can be obtained by FTP to ftp.coast.net, in the directory
/simtel/msdos/pktdrvr.

Note: TCPSpy requires that your network device be able to enter "promiscuous" 
mode.  If your network device/packet driver does not support this mode,
TCPSpy will not run, and the error message "Packet Driver does not support
extended functions" will appear on your screen.

Note: TCPSpy does not yet work correctly with Novell's ODIPKT software.

Installation and Usage

Before running TCPSpy, you must first load the packet driver for your card.
Prior to loading your packet driver, it is a good idea to unload any other
network drivers currently in use, or boot your system without the network
drivers.

After the packet driver is loaded, make sure the TCPSPY.EXE file is in a
directory in your path, or change in to the directory. Also, make sure the
TCPSPY.KEY file is in your current directory if you have registered your copy
of TCPSpy (see below).  At your DOS prompt, type:

tcpspy

to start the program.  If you have not yet registered your copy of TCPSpy,
you will be greeted with a message reminding you to register your copy, which
will stay on your screen for 10 seconds.

If TCPSpy starts correctly, a window titled "Active Connections" will appear
on your screen, and a few seconds later, a list of the active TCP connections
on your network segment will appear in the window.  Select a connection using
the arrow keys.  If there are more connections than can fit in the window, a
down arrow will appear in the bottom-right corner of the window, indicating
that you can scroll down to see more.  If you would like TCPSpy to update its
list of active connections, press the U key.

Once you have selected the TCP connection you wish to view, press <ENTER>.
The screen will change, becoming split in half by a red bar.  Each half of
the screen shows the data sent by each host.  The IP address of each host
appears on the red bar next to an arrow pointing to the half of the screen
that the host's data is in.  As each host sends data, the information is
placed in the host's window.  When you are done watching the TCP connection,
press the <ESC> key to return to the active connection list window.  From the
active connection list window, press <Alt>-<X> to exit the program.

Which Connections Can I View?

With TCPSpy, you can view any TCP connection, as long as at least one of the
hosts of the connection is on the same network segment as you.  Examples:

o     Your machine and the target machine are on the same piece of 10Base-2 
      (thinnet).
o     Your machine and the target machine are directly connected to a non-
      switching(ones that do not remember which machines are on which ports) 
      10Base-T hub.
o     Your machine and the target machine are connected to different, non-
      switching hubs that are connected by coax, or by another non-switching 
      hub.

Examples of connections you cannot view are:

o     Your machine and the target machine are connected to a switching hub.
o     Your machine and the target machine are on opposite sides of an IP 
      router.

Error Messages

"Fatal: No Packet Driver Loaded."
You have not loaded a packet driver.  You must first load the packet driver
for your card, and then run TCPSpy.

"Fatal: Packet driver doesn't do extended functions."
Either your network interface, your packet driver, or both do not support the 
necessary extended functions to use TCPSpy.  TCPSpy will not run.

"Fatal: Out of memory allocating packet buffers."
TCPSpy was not able to obtain enough main memory (RAM) for its internal 
buffers.  Try increasing available memory, and this should not happen.


Ordering and Licensing Information

You are entitled to use this program until thirty (30) days after your first
use without registering.  After that time, you must register your copy of
TCPSpy. To register,  send a filled-out copy of the enclosed order form
(ORDER.TXT or ORDER.PS for PostScript printers) to the address below, and
enclose a check or money order for the amount stated on the form.  

When we receive your order, we will send a certificate of registration to you,
which has your registration number printed in the lower left-hand corner of
the certificate.  Change into TCPSpy's directory, and run TCPSpy with the
/r flag, i.e.:

	tcpspy /r

You will then be prompted to enter your registration number. Enter this
number exactly as shown on your registration certificate.  If you typed in
the correct number, TCPSpy will write the registration data to a file named
TCPSPY.KEY in your current directory. Please make sure this file is in your
current directory when running TCPSpy, as TCPSpy will not know that it is
registered unless this file is present.

If you have registered your copy, and have an Internet-accessible electronic
mail account, you will receive updates of TCPSpy for free.  Just write your
email address in the space provided on the order form, and you will be put on
our mailing list.  Also, you can look at our web page at
http://www.cs.orst.edu/~noord/dnsoftware.


Remember that your registration of TCPSpy not only allows you to legally use
our product, but it also helps fund our continued work on this product, in
order to bring you more great features (see below).  Register Now!

Mailing Address:
DN Software
PO Box 1764
Corvallis, OR 97339
Phone: (503) 928-4553

E-mail: noord@mail.cs.orst.edu

If you have a comment or suggestion, please tell it to us! We highly value
the opinions of our customers.

Possible Future Improvements

Some of the improvements you may see in future versions of TCPSpy:

O Improved user interface
O Connection traffic logging
O Automatic recording of connection when certain data is seen
O Automatic recording of connection when certain IP's are in use
O Compatibility with Novell ODI Drivers

DISCLAIMER

DN SOFTWARE MAKES NO GUARANTEES OR WARRANTIES, EXPRESSED OR 
IMPLIED, AS TO THE FITNESS OF THIS SOFTWARE FOR ANY PURPOSE.  
ALTHOUGH WE AT DN SOFTWARE HAVE DONE OUR BEST TO PRODUCE A 
QUALITY PRODUCT, WE WILL NOT BE HELD RESPONSIBLE FOR ANY 
MALFUNCTION/INACCURACIES OF/IN THE SOFTWARE OR ITS 
DOCUMENTATION, ANY DAMAGES INCURRED BY THE SOFTWARE, OR THE 
RESULT OF THE USE/MISUSE OF THIS SOFTWARE.
