Cheops Network User Interface
=============================
Mark Spencer <markster@marko.net>
http://www.marko.net

What is Cheops?
---------------
Cheops is a network "swiss army knife".  It's "network neighborhood" done right
(or gone out of control, depending on your perspective).  It's a combination
of a variety of network tools to provide system adminstrators and users with
a simple interface to managing and accessing their networks.  Cheops aims to
do for the network what the file manager did for the filesystem.

Location:
---------
http://www.marko.net/cheops    (home page)
ftp://ftp.marko.net/pub/cheops (FTP site:  look here for newest releases)

But reports can be e-mailed to me (Mark Spencer) at markster@marko.net, but
any questions answered in the FAQ at the main cheops page will not be
answered.  Suggestions and ideas for improving it are welcomed.

Build:
------
(Note: If you run a libc5 system, you will need to edit the Makefile.  Also
 if you want to enable GNOME support, edit the Makefile)

Type "make" and (optionally) "make install"

You may wish to make the cheops executable setuid root, but it may be possible
for users to obtain raw network sockets, should bugs exist in gtk and/or gnome.

Run: 
----
Run "cheops" (or "./cheops" if you did not do the "install" part).  Cheops
does not yet use any command line options, however, you can set the
CHEOPS_HOME environment variable to the place cheops should look for its
pixmaps and configuration file.

Mechanics:
----------
While the interface that cheops provides is new, he mechanics of 
its operation are nothing new:

* Simple ICMP "ping" packets are used to initially search a network for
  hosts that are alive. (ping)

* Domain Name Transfers are used to list hosts in a domain (nslookup)

* OS detection is done using invalid flags on TCP packets (queso)

* Port detection is done (somewhat) silently using half-open TCP
  connections in order to avoid unnecessarily starting
  services or logging on the remote machine. (halfscan)

* Mapping is done using UDP (or optionally ICMP) packets with small
  time-to-live values (traceroute and mtr, respectively)

Notes:
------
It requires GTK but should build with gtk 1.0 or 1.1 series.

This *IS NOT* designed to be a hacker tool, and you *MAY NOT* use it to
explore domains you do not have authorization to access.  I do not take any
responsibility for use of this tool on unauthorized domains!

Distribution is governed by the GPL, included in this archive.

Credits:
--------
halfscan:  halflife@saturn.net
queso:     savage@apostles.org