A Network Analyzer and Traffic Logger.

netraf Project ChangeLog

This is our path we came through. The way netraf is born.

24.02.2005 OK... Here we are. It's time to invent something interesting.
26.02.2005 I've register some free domain, configure primary and secondary DNS. It's time to bring some http server up.
03.03.2005 We are working on describing major Project Goals. Those are in VERY unofficial state, and probably they will change.
05.03.2005 netraf project "web-page creating process" has been started. From now is the official web-address of project.
09.03.2005 Micha? is trying to create an account and register netraf at
10.03.2005 First steps in network programming with pcap library in linux. It's quite easy. I'm diggin' in documentation.
I've configured some test-environments (linux 2.4.xx, FreeBSD 5.1 with generic kernel, Cygwin under Windows®) wondering if some ioctl() calls will be portable (NO :(, at least it won't be a child's play).
13.03.2005 netraf code parts (hmm... "early stages") are available.
After looking at licenses page we have chosen BSD License - it's short and plain.
Short introduction (and explanation "why?") to netraf is available.
15.03.2005 netraf project is registered at! Thus, new addresses are available: and
Project page is a little modernized (added a bit of CSS and some cosmetic changes).
28.03.2005 our project page can be found via since 25.03.2005! PS: Happy Easter!!
02.04.2005 I'm starting work with GUI. Learning NCURSES Library from wonderful NCURSES Programming HOWTO.
05.04.2005 Our second "first steps" in pcap (now it's Micha? turn to figure out how it all works), some packets captured, now we know how this big machinery works, lots of fun with tracing packet flow through system.
07.04.2005 NCURSES library is amazing, but insufficient to build convenient User Interface. We need good thread-model; solution: POSIX-threads specification. It's well described in Mark Mitchell's book - "Advanced Linux Programming".
08.04.2005 Tons of packets captured. Work on counting packets by MAC addresses begun.
09.04.2005 Found some implementation of hash table, which would nicely fit into our project. Tweaking some features, assimilation process in progress.
10.04.2005 We've noticed the need for some kind of communication protocol (GUI and daemons have to communicate in some way).
Tomek is learning all about autoconf. We will have "professional" configure script and Makefiles :).
First worth mentioning success with netrafd part of the project: packets are flowing through machine, counters are spinning... Looks like everything will eventually work.
12.04.2005 Small trip into the world of advanced linux programming. First thoughts that tracing packets going through system might not be as easy as it looked... Back to the drawingboard, time to refresh knowledge about packet structure, size of particular fields in packet headers.
14.04.2005 Finally - we've described how netraf will be working. We'll invite you to reading changed project goals.
Amazed by the fact that small and simple things tend to become big and complex when they come in large numbers. There are so many network protocols, from link layer to session layer, and every one of them have its own header. Great, big world of possibilities opened its gates for us, and crushed us with endless complexity of the problem. Another step in describing the goals of the project helped to overcome the crisis.
17.04.2005 The packets from one interface are counted by MAC addresses. Don't know why, but something is going wrong with linux pseudo interface "any" (way to capture on all interfaces). Investigation in progress.
18.04.2005 Another part of code almost working, first steps to connection logging. Connections will be remembered by two pairs (IP and PORT). Reading about the three way handshake in TCP protocol, and trying to understand the process of closing connection.
19.04.2005 Encountered another problem; this time it is about the hash table implementation - it doesn't fit our needs. It implements the LRU algorithm which causes it to dynamically shift physical position of the hashes in table. So... when we have one writer and many readers, different readers would have different readings from the structure. What's more, even the same reader could read some entry twice or crash when trying to read entry that is being moved. We need a hashtable that would give some interface for readers, where data is static.
22.04.2005 Shared memory model born and is described now. Mateusz starts coding it.
Can't focus on one thing, started work on counting packets for interface statistics.
23.04.2005 Stopped working. Thinking and reading about interface "any" in linux kernel. The problem is that when capturing packets from interface "any", the source MAC is set to something like 00:00:01:00:00:06, and I don't know what to do with it - how to recover the original source mac.
25.04.2005 First GUI screenshot is available! "Menu system" based on NCURSES menus library is very near...
26.04.2005 netrafg "Menu system" is passing tests (screenshot available).
02.05.2005 Working with existing netrafd code, rewriting and optimizing functions, commenting code, trying to figure out how to put everything together. Working on threading, and thinking how to split code into autonomous parts.
04.05.2005 Shared memory model is ready to use (available in Code Chunks).
05.05.2005 Rewrote parts of netrafd to use shmem.
06.05.2005 "... I was who you are...
                  You will be who I am..."

I'm sure we'll meet each other again some day.

12.05.2005 Goodbye to pcap. Change of plans; we'll write our own, simple library to capture packets. Why? As mentioned before, Micha? couldn't figure out how to get machine source hardware address while listening on interface "any".
18.04.2005 netrafg "Menu system" is ready to use. It is thread-safe and using NCURSES menu and panel libraries.
The "mycap" set of functions is ready. It presents a simple interface similar to the one presented by pcap, so it shouldn't be difficult to rearrange existing code to use it instead of pcap.
19.05.2005 Finished the MAC statistics module. Interface statistics module is also capturing packets on all interfaces.
20.05.2005 Organized all netrafd functions into one interface, allowing simple adding and managing of modules. Using shmem made whole work much easier.
21.05.2005 "Literature" section added to project page.
22.05.2005 Interface statistics module is finished. Now it listens on all interfaces, and counts incoming and outgoing bytes/packets. Also knows how to recognize broadcast, multicast and loopback packets.
23.05.2005 We've invented Config-file module interface. Tomek is working on whole library.
Started to write parts of filtering module, which will allow us to add user filters to packet capturing functions.
26.05.2005 We have moved our project page to since "" domain no longer exists.
27.05.2005 We began working on "man" pages to netraf.
28.05.2005 "Theory" section added. You're invited to look at "netraf Operation Diagram".
30.05.2005 Tomek introduced first working version of Config-file module.
netraf Shared Memory Model, netrafd working scheme and "MYCAP" packet capture library articles are finally done.
03.06.2005 There are more and more dialog boxes in netrafg (form.h library usage).
06.06.2005 First working version of netrafl is ready for tests.
08.06.2005 netrafg Interface Statistics, MAC Statistics, IP Statistics and TCP Connection Statistics windows are done. Every window is owned by different thread, so every change in individual netrafd structure are visible immediately.
09.06.2005 A major bug in shmem implementation found and fixed (Code Chunks updated). It was mistake in deleting element from hash table.
10.06.2005 Change of technology in configuration files, because usage of mmap wasn't stable enough
16.06.2005 netrafg has two "screen-savers" (available in code chunks separately).
17.06.2005 Configuration Files library with example is available in Code Chunks.
18.06.2005 New articles in "Theory" section: netrafl Working Scheme and netraf Configuration Files and Filters Syntax
19.06.2005 "Documentation" section appeared.
20.06.2005 New screenshots of netrafg added.
21.06.2005 netraf finally has professional "configure" and "make" scripts!
22.06.2005 We invite you to download first official beta of netraf project. (Everything is here).

back to main page

Copyright © 2005, M.K., T.J., M.S.
netraf is Open Source software, distributed under the terms of the New BSD License. activity involved