# $Id: README-SERVER,v 1.2 2000/04/26 12:22:32 bill Exp $
-- The EGRESSOR Server --
----------------------------------------------------------------------
The tool is intended to be used by experienced system administrators,
and the instructions provided here are correspondingly brief. 

-- SERVER INSTALLATION INSTRUCTIONS --
This server has been tested and works on both Solaris (7) and Linux
(Red Hat 6.1).  The server is a Perl script, which also makes use of
the Perl module Net-RawIP.    Steps: 
-  If not already installed, download and install Perl.  
	(See http://www.perl.com/CPAN/src/latest.tar.gz)
-  If not already installed, download and install libpcap.  
    	(See  ftp://ftp.ee.lbl.gov/libpcap.tar.Z)
-  If not already installed, download and install Net-RawIP.  
    	(See http://search.cpan.org/doc/SKOLYCHEV/Net-RawIP-0.09/RawIP.pm)
-  Create results directory for output from server script
-  Edit server file: 
   -  Make sure path to perl is correct
   -  Set variables highlighted at start of server script
-  Run server

-- SERVER OPERATING INSTRUCTIONS --
Command Usage:
egressor_server.pl -i <interface> [-html] [-daemon]
    -i <interface> - interface for server to listen on
    -html - print output in html format (default is plain text)
    -daemon - run until killed (default is die after first session)

Examples:
- A one time use of the server, output to results directory:
	egressor_server.pl -i eth0 
- A continuous use of the server, with html output
	egressor_server.pl -i eth0 -daemon -html

Ideas:
- Some of the packets the client sends to the server will naturally
cause a response from the server, yet these in this case these
response packets serve no useful purpose, and can be prevented.  To
eliminate useless packets from the server in response to the test 
packets, one could configure a second (possibly virtual, if you wish)
interface for the same LAN on the server to serve as the IP address
for the test.  Then you have two options:  

Option one: If you are on a hub one could prevent undesirable
responses by filtering out all inbound packets to the test address.
The test script can monitor the other interface, and since you have a
hub you will receive the traffic.    

Option two: filter out outbound packets from the test IP address on
the router/firewall. 

- If one wanted to run the server as a public service, it would be
easy to respect the privacy of those using the service.  Simply tail
the web server log file and destroy each result page as it is read.
Further, have a script run periodically (10 minutes?) to destroy any
pages older than a threshold value (10 minutes?) 

(c) 2000 The MITRE Corporation. All rights reserved.
----------------------------------------------------------------------

