rumint FAQ 17 August 2005 Changes new to this version are marked with '**' **0. Overview ** 0.1 Q: What does rumint mean? A: rumint (room-int) is intelligence community slang. Along the lines of SIGINT (signals intelligence), HUMINT (human intelligence) and IMINT (imagery intelligence), RUMINT is rumor intelligence. Think of it as rumors in the network :) ** 0.2 Q: What are rumint's basic capabilities? A: rumint performs live packet capture (toolbars>capture) and will load packet capture files (file>load). For the time being, capture files must be converted from tcpdump(pcap) format to rumint format before they can be loaded. A conversion utility, as both a generic C program and windows executable, is available on the downloads page. Packets are stored in a buffer which can handle 30,000 packets (larger support is planned). The pvr interface (toolbars>pvr) will allow you to play back the packets. The packets can then be viewed in a variety of different visualization windows designed to provide you different, but useful views of the traffic. These views are accessible from the view menu and by clicking on the thumbnail views on the main rumint application. 1. Known issues and possible work arounds 1.1 Q: I am having problems building the pcap to rumint converter. A: I compiled the conversion utility to a Windows command line executable. It is available from the main software download page at www.rumint.org It includes a short howto. [while I haven't heard any reports of the command line tool not working, please let me know if you run into any problems] 1.2 Q: When loading a dataset, rumint throws an overflow error #6 and crashes. A: This should be fixed as of version 1.85. [please let me know if this version doesn't work for you] ** 1.3 Q: My network adapter list is blank A: Still working on this one. I believe that this only occurs with wireless cards, if you encounter this with a wired card, please let me know. It might be useful to check and see if ethereal recognizes the card (indicating winpcap sees it). You might try seeing if carnivore PE works on your machine. It uses the same packet capture library, packetX, as rumint and may indicate if packetX sees it. http://www.rhizome.org/carnivore/ http://www.rhizome.org/carnivore/CPE_source.zip (source code) http://www.beesync.com/packetx/docs/html/interfaceIPktXAdapter.html (library API manual) see also discussion at http://project.lonebear.net/blog/index.php (entry 23/2/2005) The adapter list uses the description returned by the network card. If it is blank, it may indicate the card didn't return this information. http://www.beesync.com/packetx/docs/html/interfaceIPktXAdapter.html#a3 [any help or thoughts on fixing this would be appreciated] Also, I received feedback via the webform on this issue. I'd like to help, email might work better... conti [at] cc.gatech.edu ** 1.4 Q: My network adapter list lists an unsupported card. A: I used packetx's "isgood" method to test If this operation failed, rumint returns an unsupported card entry. http://www.beesync.com/packetx/docs/html/interfaceIPktXAdapter.html#a29 1.4 Q: When launching rumint with XP it gives displays a system error "Error &H8007007E(-2147024770). A: Apparently, rumint requires a module that isn't installed by default. The module is available on machines with MS Office installed (go figure), so many users will not see the problem. Anyway, installing the ActiveX Control Panel from the link below (setuppad.exe) and rebooting should fix the problem. (Thanks goes to M.Y.) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaxctrl/html/cpad.asp [Can anyone suggest a long term solution to this issue? (perhaps as part of my installation package build)] 2. Compatibility 2.1 Q: I tried to run rumint with the Japanese version of XP. When loading a file, I receive an error 9 and rumint crashes. A: Still working on this. [any help or thoughts on fixing this would be appreciated] 2.2 Q: You state that you've tested rumint with winpcap 3.0, will it work with any of the beta versions? A: I have reports that it has worked with winpcap 3.1 beta4. 3.3 Q: Will rumint run under vmware? A: I have received reports that it will work. 3. Feature Requests 3.1 Q: The scaling is too coarse for my network, can I change the range? A: Not at this time, but this is one of my top priorities. 3.2 Q: Have you looked at any other interaction metaphors? A: A user suggested looking at video editing and jog wheels for inspiration. I plan to do so. 3.3 Q: Currently the strings command in the text rainfall only detects ASCII, do you plan to support Unicode? A: Yes, I'm planning on adding support for Latin Unicode.