Last updated on March 29, 2003

accesses since Sep. 18, 1998

What is COLD ?
COLD is both a network analysis tool and a protocol analyzer. It is distributed freely, so its usage is free and the package is freely available. COLD is a network monitoring and protocol analyzing tool which allows to study, maintain and troubleshoot networks by extracting flowing data and printing out the contents and structure. COLD has been developed for troubleshooting, educational, security and commercial purposes only.

Bugs and support
COLD has bugs. Lots of work is still to be done and lots of new features will appear in the next versions. If you discover a bug, or some not implemented protocol, just send me a file with some COLD output (including ascii and hex dump) and all the information you have about that protocol and the data you think was passing.
If you need support or you would like to be kept informed of new releases, just subscribe to the COLD mailing list, sending an email to writing 'subscribe cold' in the body of the message.

Source code
The source code of COLD is not currently available. It needs some refinement and the implementation of some new features before letting others to mess with it.
New features
COLD 1.0.14alpha
Recompiled on RedHat 7.3 for Intel/AMD architectures
Compiled on RedHat 6.2 for SparcStation5

COLD 1.0.14
Trademark fixings.

COLD 1.0.13delta
802.1Q VLAN support (experimental).

COLD 1.0.13gamma
Complete DHCP and BOOTP support.

COLD 1.0.13beta
IPv6 option processing and Mobile IPv6 support.

COLD 1.0.12
IPv6 and ICMP6 support (TCP, UDP, Neighbor discovery protocol)
IPv6 over IPv4 encapsulation support
Lots of new protocol numbers for IPv4 and IPv6
Added new ICMP and ICMP6 types
Support for TCP options
Fixed bugs in TCP sequence and ack numbers
External file for OUIs and TCP/UDP well-known port numbers with binsearch
New ethernet protocol types
Limited PIM and EIGRP support
Improved SNAP support
Now using libpcap 0.5rel2 (
Code cleaning and Slackware 7 includes support

See the files included in the package for more information.

COLD runs on Linux and the currently available version has been compiled for a K6 Slakware 7.1 2.2.18.

Latest Linux version is 1.0.14alpha

HTTP - Cold 1.0.14alpha Intel
HTTP - Cold 1.0.14alpha Sparc
HTTP - Cold 1.0.14
Supported interfaces
COLD is able to get data from different sources. You can specify which network device it has to listen to. For example:
ethX - Ethernet Network Interface
pppX - Point to point link
trX - Token ring interface
loX - Loopback device
isdnX - An ISDN connection

Supported protocols
COLD is able to interpret the data coming from the selected network device and printout the content or protocol structure of the packets. Currently COLD supports the following protocols:
- 802.1 BPDU, 802.2 LLC, 802.3 MAC, 802.5 Token Ring, 802.1Q
- NetBIOS and IPX
- IPv4, ICMP
- IPv6, ICMP6, Mobile IPv6

COLD development has been done with standards in mind and information has been taken from a lot of sources: IEEE, IANA, RFC792, RFC826, RFC951, RFC1042, RFC1112, RFC1340, RFC1466, RFC1497, RFC1548, RFC1700, RFC1885, RFC2132, RFC2 153, RFC2461, RFC2463, RFC2373, RFC2374, Cisco, Cabletron, Novell, IBM and Microsoft freely available technical report s, and from a lot of WEB pages and books. COLD includes a list of more that 2000 ethernet card manifacturers OU Is.

Copyright (c) 1998,1999,2000,2001,2002,2003 Giuliano C. Peritore. All rights reserved for their respective owners.