COLD is both a network analysis tool and a protocol analyzer. It is distributed freely,
so its usage is free and the package is freely available. COLD is a network
monitoring and protocol analyzing tool which allows to study, maintain and troubleshoot
networks by extracting flowing data and printing out the contents and structure.
COLD has been developed for troubleshooting, educational, security and commercial
COLD has bugs. Lots of work is still to be done and lots of new features will appear in the next versions. If you discover a bug, or some not implemented protocol, just send me a file with some COLD output (including ascii and hex dump) and all the information you have about that protocol and the data you think was passing.
If you need support or you would like to be kept informed of new releases, just subscribe to the COLD mailing list, sending an email to firstname.lastname@example.org writing 'subscribe cold' in the body of the message.
The source code of COLD is not currently available. It needs some refinement and the implementation of some new
features before letting others to mess with it.
Recompiled on RedHat 7.3 for Intel/AMD architectures
Compiled on RedHat 6.2 for SparcStation5
802.1Q VLAN support (experimental).
Complete DHCP and BOOTP support.
IPv6 option processing and Mobile IPv6 support.
IPv6 and ICMP6 support (TCP, UDP, Neighbor discovery protocol)
IPv6 over IPv4 encapsulation support
Lots of new protocol numbers for IPv4 and IPv6
Added new ICMP and ICMP6 types
Support for TCP options
Fixed bugs in TCP sequence and ack numbers
External file for OUIs and TCP/UDP well-known port numbers with binsearch
New ethernet protocol types
Limited PIM and EIGRP support
Improved SNAP support
Now using libpcap 0.5rel2 (http://www.tcpdump.org)
Code cleaning and Slackware 7 includes support
See the files included in the package for more information.
COLD runs on Linux and the currently available version has
been compiled for a K6 Slakware 7.1 2.2.18.
Latest Linux version is 1.0.14alpha
COLD is able to get data from different sources. You can specify which network
device it has to listen to. For example:
ethX - Ethernet Network Interface
pppX - Point to point link
trX - Token ring interface
loX - Loopback device
isdnX - An ISDN connection
COLD is able to interpret the data coming from the selected network device and
printout the content or protocol structure of the packets. Currently COLD supports
the following protocols:
- 802.1 BPDU, 802.2 LLC, 802.3 MAC, 802.5 Token Ring, 802.1Q
- NetBIOS and IPX
- IPv4, ICMP
- IPv6, ICMP6, Mobile IPv6
- TCP, UDP
- DHCP, PIM, EIGRP
COLD development has been done with standards in mind and information has been taken from a lot of sources: IEEE,
IANA, RFC792, RFC826, RFC951, RFC1042, RFC1112, RFC1340, RFC1466, RFC1497, RFC1548, RFC1700, RFC1885, RFC2132, RFC2
153, RFC2461, RFC2463, RFC2373, RFC2374, Cisco, Cabletron, Novell, IBM and Microsoft freely available technical report
s, and from a lot of WEB pages and books. COLD includes a list of more that 2000 ethernet card manifacturers OU