By default, a configuration is read from a file <tv3 directory>\tv3.cfg. Other configuration file of is possible to specify at start with -c <file> parameter. Empty lines and lines beginning with a symbol ";" processing are passed. A format of options:
keyword <blank|tabulation> value <blank|tabulation> value [<blank|tabulation>value][...]
Options:log – an output log file.
By default: is displayed.
charset – the name of the coding of symbols that will be used
for information interchange. It is recommended to use utf-8. All WEB-interface
tv3 is constructed with use utf-8.
By default: utf-8
storage – a file that will be used for storage of the filter
and statistic. This file is used during tv3 work and is read out at start.
By default: filter.xml
flush – intervals of time in minutes through that the
information in a file "storage" will be updated.
By default: record is made by the end of work.
cache_len – quantity of records in a cache storing the
information on packets and corresponding rules for fast processing of
identical packets. Too small cache leads to frequent processing of rules
through the filter and the raised loading of the processor, but it is not
necessary to set too big cache, processing of the cache can borrow a lot of
time. The optimum size depends on quantity of various connections and steals
up in case of occurrence of the big number of the "lost" packets
(see statistics of a condition tv3).
By default: 40
listen – the IP-address (in a numerical format xxx.xxx.xxx.xxx)
and the port on that will accept connections WEB-service. The instruction only
numbers of port is possible, in this case connections will be accepted on all
interfaces.
By default: the network interface is not used
doc_path – path to files of the WEB-interface.
By default: doc
free_access – adjusts free (value YES) or limited (value NO) access on reading of the information through the WEB-interface. At the limited access only the registered users can read statistics. The Java-client works only at the included easy approach. By default: yes
tracer/source – sources of data, see section 3.2.
observer_keep_alive –
time in seconds before automatic deenergizing a mode
"promiscuous mode" (observer) from the moment
of last reference.
By default: 900
There are 3 ways of monitoring of packets in the current version tv3: using of library ipspy (Edgar Buerkle) through the tool tracer, using plug-in module for SafeFire Firewall through the tool source and the main way - receiving of the information from own NDIS-driver through the tool tracer. These ways can be applied simultaneously to various network interfaces. I.e. there is a possibility to use several tracer and source in a configuration tv3.
IPSpy Library is written long time ago and is not supported by the author. Last version 1.40 was published 31 of May, 1998. Main benefit of this way of tracking of passing packets in tv3 is that there is no necessity for additional adjustment of the package ipspy and reboot a computer during adjustment of a source of data in case of if the mode "promiscuous mode" is not required. Ipspy supports a mode "promiscuous" of networks when interfaces of the given station are received all packets in the network. However, this library has disadvantages: first, at big traffic in network the trace of packets simply stops without any messages, secondly during work ipspy utilizing unfairly for the central processor highly. In addition using this library by any application can caused with the system error message when it stopped, tv3 it does not influence the basic work.
The library ipspy.dll is included in a package tv3, but for use of a "promiscuous" mode it is necessary to load a file ipspy140.zip from file archive http://hobbes.nmsu.edu/ and to install according to the instruction.
For trace of packets by the this way, it is necessary to add a line(s) to file tv3.cfg a following kind:
tracer tv3ipspy lanN flags queue_len
Where:
tracer – a keyword specifying connection of the plug-in module
tv3ipspy – a name of the plug-in module put in <tv3root>\plugins
lanN – a name of the network interface
flags – hex-al or decimal value, being the sum of flags of modes:
queue_len – queue length of the received packets waiting processing through the filter. If tv3 informs on a plenty of not considered (passed) packets (see Status a field "lost packets") and this value constantly increases, it is meaningful to increase queue length.
An example:
SafeFire Firewall as a source is the most reliable way of tracking of streams of IP-packets. Disadvantage is that thus it is possible to trace packets only on one network interface. SafeFire Firewall with the plug-in module tv3sf from a package tv3 has to be installed for this purpose. The module tv3sf should be specified in a configuration file, for example:
Here "redEye" - a symbol name of queue (this is not OS/2 native queue), through that data from SafeFire Firewall through the module tv3sf will be transferred in tv3. The will be a line in a configuration file tv3.cfg for listening a stream "redEye":
source redEye
If the name is not set - value "sfire" is used. The parameter "len" sets length of queue, to default value 500 is used.
After the instruction of adjustments it is possible to start sfire.exe, then tv3.exe
This way is the most preferable. Data on passing packets are monitored at a level of network interface drivers - protocols and transferred for the analysis. The driver allows to receive the information from all network interfaces available in system, or to choose only definite. Tv3cap works as transparent "lining" between drivers of network cards and the tcpip protocol, passing through itself data and transferring the information to tv3.
You have to use "install.cmd /I" for the automatic installation of the driver on all interfaces available in system. Use "install.cmd /U" in case to remove the driver. If service MPTS is installed on a disk differ from boot-disk, it is necessary to specify in addition a parameter /D:d where d - the letter of a disk on that MPTS is installed. The original copies of files config.sys and protocol.ini will be kept at installation/removal of the driver. After completing the install.cmd process it is necessary to reload a computer.
It is necessary to add a line(s) for trace of packets by the given way in a file tv3.cfg, example:
tracer tv3cap tv3N$ flags queue_len
There are 2 value that can be accepted in "flags" parameter: 0x01 - to accept broadcasting (broadcast) packets, 0x00 - not to accept broadcasting packets. N sets number of the driver.
An example for system with 3 interfaces:
Information on the registered users is read from a file <tv3 directory>\users.lst. Empty lines and lines beginning a symbol ";" at parsing are skipped. There should be following format of user line in the configuration file:
Name <blank|tabulation> password <blank|tabulation> privilege
Privileges: ADMIN - the administrator, USER - the user. Administrators have the right to establish filters, "promiscuous mode" rules. With USER privileges it will be authorized to users to read statistics (if the reading is restricted in a configuration).
If the file users.lst has been changed, it will be loaded at a following input of the user. Reload of tv3 it is not required.