ParfumBall 0.1.0 Release Notes

1. Welcome

Welcome to ParfumBall - a Java based network analyzer and packet sniffer - much like Ethereal. It is meant to be an Eclipse plugin to enable Java programmers capture and analyze network packets all within the comfort of their familiar Eclipse environment.

This is release 0.1.0 of ParfumBall. ParfumBall is still in pre-alpha stage.

2. In This Release

This release is a complete redesign of ParfumBall. Earlier versions of ParfumBall provided a PacketAnalyzer interface that could be used for implementing protocol analyzers that I hoped would gradually get added to ParfumBall over time. However, I found this approach to be too slow and time consuming - not to mention that I had to become familiar with every protocol that could be analyzed. This is simply not possible without a good following of developers interested in the project.

I therefore decided to take an entirely different path (thanks in part to a suggestion by Fabrizio Bertocci) in building ParfumBall. ParfumBall now uses the native libethereal (available when you compile Ethereal) library directly to gain access to the protocol dissectors that are supported by Ethereal. This approach has the following advantages:

• ParfumBall immediately gains access to the several hundred protocol dissectors developed for Ethereal.
  
• New protocol dissectors that get added to Ethereal automatically get added to ParfumBall.
• Ethereal has a powerful Wiretap library that can be used to read multiple packet sniffer file formats. 
• Ethereal is portable to a variety of platforms. ParfumBall can therefore be extended easily (with little or no additional effort) to the other platforms.
  

There are some disadvantages to using Ethereal as well.

• It appears that the Ethereal library has the ability to work with only one file at a time. According to some documentation some protocol dissectors also assume that there is only one active file at a time. I have been able to simultaneously open and work with multiple files in ParfumBall 0.1.0. I am not sure which protocol dissectors assume that there is only one file open. Please work with multiple files at your own risk.  
• Ethereal comes with some significant baggage - it relies on a number of open source libraries. These include GLIB, INTL, ICONV, ADNS, ZLIB etc. A good amount of functionality that these libraries provide is taken for granted in everyday Java usage.
  

3. Requirements

• You must have Eclipse installed. I have tested it with Eclipse version 3.0 and 3.1.
• You must have Java SDK version 1.4.2 or better.
  
• You must install WinPcap first. You can download WinPcap from http://www.winpcap.org.
• This version of ParfumBall works ONLY on Windows. I have tested it only on Windows XP.
  

4. Installing ParfumBall 0.1.0

4.1 Uninstall Previous Versions of ParfumBall

If you had previously downloaded ParfumBall, you MUST uninstall that plugin. Uninstallation is easy. Simply remove the parfumball_x.y.z (replace x.y.z with the appropriate version numbers) folder from your C:\Eclipse\plugins folder (it is assumed that you have installed Eclipse in C:\Eclipse).

4.2 Download and Unzip PafumBall

If you are reading this document, you probably already have downloaded ParfumBall 0.1.0. To install the plugin, simply unzip the zip file in your Eclipse install directory. For example, if you have Eclipse installed in C:\Eclipse and you are using WinZip to extract the plugin zip file, simply set the "Extract To:" directory to C:\Eclipse. The plugin will be installed in the C:\Eclipse\plugins directory.

After installation, please verify that you have a parfumball_0.1.0 directory in your C:\Eclipse\plugins directory.

5. Activating ParfumBall

To start capturing packets, start Eclipse. Then select Window->Open Perspective->Other... In the dialog box that pops up, select ParfumBall: The Sniffer perspective. This will activate the plugin. The plugin will display three views to start with:

• The Network Interfaces View - In this view a list of network interfaces available on your machine is provided. You can select an interface and press the Start Capture button in the view's toolbar to start a capture on this interface. Note that at this time ParfumBall supports only Ethernet interfaces. 
• The Packet Analysis View - This view will present the packet analysis information as a hierarchical tree of nodes. This view will initially be empty. 
• The Packet Dump view - This view presents a hex dump of a captured packet. This view will initially be empty.
  

6. Capturing Packets

To capture packets, select a network interface in the Network Interfaces view and click on the Start Capture button. The interface MUST be an Ethernet interface. ParfumBall does not support other interfaces for the moment. You will be asked for a file name in which to save the captured packets. Once you enter the file name and close the file dialog, the capture process starts. Now simulate any network traffic by visiting web sites etc. (make sure the selected interface is being used for all network communication). Once you are done, go back to Eclipse, and click on the Stop Capture button (in the Network Interfaces view). This will stop the capture process. A table listing all the packets will be presented in the editor area. Clicking on any packet will cause the analysis information to be presented in the Packet Analysis view and the hex dump of the captured packet to be presented in the Packet Dump view.

Selecting nodes in the Packet Analysis view will cause the corresponding bytes to be highlighted in the Packet Dump view.

7. Known Issues

To the best of my knowledge, there are no known issues at this time. I am more than happy to hear from you if you discover any bugs. Please see Section 9 for reporting bugs.

8. Source Code

The source code for ParfumBall is available under GPL from the project's website on sourceforge.net. Go to http://sourceforge.net/projects/parfumball for more information.

9. Reporting Bugs

The correct place to report bugs is to on the project's website on sourceforge.net.