8 files changed, 0 insertions, 4562 deletions

diff --git a/contrib/ipfilter/perl/Ipfanaly.pl b/contrib/ipfilter/perl/Ipfanaly.pl
deleted file mode 100644
index 0fa7c17..0000000
--- a/contrib/ipfilter/perl/Ipfanaly.pl
+++ /dev/null
@@ -1,639 +0,0 @@
-#!/usr/local/bin/perl
-# (C) Copyright 1998 Ivan S. Bishop (isb@notoryus.genmagic.com)
-#
-############### START SUBROUTINE DECLARATIONS ###########
-
-
-sub usage {
-    print "\n" x 24;
-    print "USAGE: ipfanalyze.pl -h  [-p port# or all] [-g] [-s] [-v] [-o] portnum -t [target ip address] [-f] logfilename\n";
-    print "\n arguments to -p -f -o REQUIRED\n";
-    print "\n -h show this help\n";
-    print "\n -p limit stats/study to this port number.(eg 25 not smtp)\n";
-    print " -g make graphs, one per 4 hour interval called outN.gif 1<=N<=5\n";
-    print " -s make  security report only (no graphical or full port info generated) \n";
-    print " -o  lowest port number incoming traffic can talk to and be regarded as safe\n";
-    print " -v verbose report with graphs and textual AND SECURITY REPORTS with -o 1024 set\n";
-    print " -t the ip address of the inerface on which you collected data!\n";
-    print " -f name ipfilter log file (compatible with V 3.2.9) [ipfilter.log]\n";
-    print " \nExample: ./ipfanalyze.pl -p all -g -f log1\n";
-    print "Will look at traffic to/from all ports and make graphs from file log1\n";
-    print " \nExample2 ./ipfanalyze.pl -p 25 -g -f log2\n";
-    print "Will look at SMTP traffic and make graphs from file log2\n";
-    print " \nExample3 ./ipfanalyze.pl -p all -g -f log3 -o 1024\n";
-    print "Will look at all traffic,make graphs from file log3 and log security info for anthing talking inwards below port 1024\n";
-    print " \nExample4 ./ipfanalyze.pl -p all -f log3 -v \n";
-    print "Report the works.....when ports below 1024 are contacted highlight (like -s -o 1024)\n";
-}
-
-
-
-
-sub makegifs {
-local  ($maxin,$maxout,$lookat,$xmax)=@_;
-$YMAX=$maxin;
-$XMAX=$xmax;
-
-if ($maxout > $maxin)
-  { $YMAX=$maxout;}
-
-($dateis,$junk)=split " " ,  @recs[0];
-($dayis,$monthis,$yearis)=split "/",$dateis;
-$month=$months{$monthis};
-$dateis="$dayis " . "$month " . "$yearis ";
-# split graphs in to 6 four hour spans for 24 hours 
-$numgraphs=int($XMAX/240);
-
-$junk=0;
-$junk=$XMAX - 240*($numgraphs);
-if($junk gt 0 )
-{
-$numgraphs++;
-}
-
-$cnt1=0;
-$end=0;
-$loop=0;
-
-while ($cnt1++ < $numgraphs)
-{
- $filename1="in$cnt1.dat";
- $filename2="out$cnt1.dat";
- $filename3="graph$cnt1.conf";
- open(OUTDATA,"> $filename2") || die "Couldnt open $filename2 for writing \n";
- open(INDATA,"> $filename1") || die "Couldnt open $filename1 for writing \n";
-  
- $loop=$end;
- $end=($end + 240);
-
-# write all files as x time coord from 1 to 240 minutes
-# set hour in graph via conf file
- $arraycnt=0;
- while ($loop++ < $end )
-  {
-   $arraycnt++;
-   $val1="";
-   $val2="";
-   $val1=$inwards[$loop] [1];
-   if($val1 eq "")
-     {$val1=0};
-   $val2=$outwards[$loop] [1];
-   if($val2 eq "")
-     {$val2=0};
-   print INDATA "$arraycnt:$val1\n";
-   print OUTDATA "$arraycnt:$val2\n";
-  }
-  close INDATA;
-  close OUTDATA;
-  $gnum=($cnt1 - 1);
- open(INCONFIG,"> $filename3") || die "Couldnt open ./graph.conf for writing \n";
-   print INCONFIG "NUMBERYCELLGRIDSIZE:5\n";
-   print INCONFIG "MAXYVALUE:$YMAX\n";
-   print INCONFIG "MINYVALUE:0\n";
-   print INCONFIG "XCELLGRIDSIZE:1.3\n";
-   print INCONFIG "XMAX: 240\n";
-   print INCONFIG "Bar:0\n";
-   print INCONFIG "Average:0\n";
-   print INCONFIG "Graphnum:$gnum\n";
-   print INCONFIG "Title: port $lookat packets/minute to/from gatekeep on $dateis  \n";
-   print INCONFIG "Transparent:no\n";
-   print INCONFIG "Rbgcolour:0\n";
-   print INCONFIG "Gbgcolour:255\n";
-   print INCONFIG "Bbgcolour:255\n";
-   print INCONFIG "Rfgcolour:0\n";
-   print INCONFIG "Gfgcolour:0\n";
-   print INCONFIG "Bfgcolour:0\n";
-   print INCONFIG "Rcolour:0\n";
-   print INCONFIG "Gcolour:0\n";
-   print INCONFIG "Bcolour:255\n";
-   print INCONFIG "Racolour:255\n";
-   print INCONFIG "Gacolour:255\n";
-   print INCONFIG "Bacolour:0\n";
-   print INCONFIG "Rincolour:100\n";
-   print INCONFIG "Gincolour:100\n";
-   print INCONFIG "Bincolour:60\n";
-   print INCONFIG "Routcolour:60\n";
-   print INCONFIG "Goutcolour:100\n";
-   print INCONFIG "Boutcolour:100\n";
-   close INCONFIG;
-
-}
-
-
-$cnt1=0;
-while ($cnt1++ < $numgraphs)
-{
- $filename1="in$cnt1.dat";
- $out="out$cnt1.gif";
- $filename2="out$cnt1.dat";
- $filename3="graph$cnt1.conf";
- system( "cp ./$filename1  ./in.dat;
-          cp ./$filename2  ./out.dat;
-          cp ./$filename3  ./graph.conf");
- system( "./isbgraph -conf graph.conf;mv graphmaker.gif $out");
- system(" cp $out /isb/local/etc/httpd/htdocs/.");
-
-}
-
-} # end of subroutine make gifs
-
-
-
-
-sub packbytime {
-local  ($xmax)=@_;
-$XMAX=$xmax;
-# pass in the dest port number or get graph for all packets
-# at 1 minute intervals 
-# @shortrecs has form 209.24.1.217 123 192.216.16.2 123 udp len 20 76
-# @recs has form 27/07/1998 00:01:05.216596  le0 @0:2 L 192.216.21.16,2733 -> 192.216.16.2,53 PR udp len 20 62
-#
-# dont uses hashes to store how many packets per minite as they
-# return random x coordinate order
-@inwards=();
-@outwards=();
-$cnt=-1;
-$value5=0;
-$maxin=0;
-$maxout=0;
-$xpos=0;
-while ($cnt++ <= $#recs )
- {
- ($srcip,$srcport,$destip,$destport,$pro)= split " " ,  @shortrecs[$cnt];
-  $bit=substr(@recs[$cnt],11);
-  ($bit,$junkit)= split " " , $bit ;
- ($hour,$minute,$sec,$junk) = split ":", $bit;
-#
-# covert the time to decimal minutes and bucket to nearest minute
-#
- $xpos=($hour * 3600) + ($minute * 60) + ($sec) ;
-# xpos is number of seconds since 00:00:00 on day......
- $xpos=int($xpos / 60);
-# if we just want to see all packet in/out activity
- if("$lookat" eq "all")
-   {
-    if("$destip" eq "$gatekeep")
-      {
-#      TO GATEKEEP port lookat
-#        print "to gatekeep at $xpos\n"; 
-        $value5=$inwards[$xpos] [1];
-        $value5++ ; 
-#        $maxin = $value5 if $maxin < $value5 ;
-
-         if($value5 > $maxin)
-                   {
-                        $maxin=$value5;
-                        $timemaxin="$hour:$minute";
-                   }
-        $inwards[$xpos][1]=$value5;
-        }
-    else
-      {
-#       FROM GATEKEEP to port lookat
-#        print "from gatekeep at $xpos\n"; 
-        $value4=$outwards[$xpos] [1];
-        $value4++ ; 
-#        $maxout = $value4 if $maxout < $value4 ;
-	if($value4 > $maxout)
-           {
-                $maxout=$value4;
-                $timemaxout="$hour:$minute";
-           }
-
-        $outwards[$xpos][1]=$value4;
-      }
-    }
-
-
-
-
- if("$destport" eq "$lookat")
-   {
-    if("$destip" eq "$gatekeep")
-      {
-#      TO GATEKEEP port lookat
-#        print "to gatekeep at $xpos\n"; 
-        $value5=$inwards[$xpos] [1];
-        $value5++ ; 
-        $maxin = $value5 if $maxin < $value5 ;
-        $inwards[$xpos][1]=$value5;
-        }
-    else
-      {
-#       FROM GATEKEEP to port lookat
-#        print "from gatekeep at $xpos\n"; 
-        $value4=$outwards[$xpos] [1];
-        $value4++ ; 
-        $maxout = $value4 if $maxout < $value4 ;
-        $outwards[$xpos][1]=$value4;
-      }
-   }
- } # end while
-
-# now call gif making stuff
-if("$opt_g" eq "1")
-{
- print "Making plots of in files outN.gif\n";;
- makegifs($maxin,$maxout,$lookat,$#inwards);
-}
-if ("$timemaxin" ne "")
-{print "\nTime of peak packets/minute in was $timemaxin\n";}
-if ("$timemaxout" ne "")
-{print "\nTime of peak packets/minute OUT was $timemaxout\n";}
-
-} # end of subroutine packets by time
-
-
-
-
-
-sub posbadones {
-
-$safenam="";
-@dummy=$saferports;
-foreach $it (split " ",$saferports) {
-if ($it eq "icmp" )
- {
-   $safenam = $safenam . " icmp";
- }
-else
- {
-   $safenam = $safenam . " $services{$it}" ;
- }
-
-}
-print "\n\n########################################################################\n";
-print "well known ports are 0->1023\n";
-print "Registered ports are 1024->49151\n";
-print "Dynamic/Private ports are 49152->65535\n\n";
-print "Sites that contacted gatekeep on 'less safe' ports  (<$ITRUSTABOVE)\n";
-
-print " 'safe'  ports are $safenam                               \n";
-print "\n variables  saferports and safehosts hardwire what/who we trust\n";
-print "########################################################################\n";
-
-$loop=-1;
-while ($loop++ <= $#recs )
- {
- ($srcip,$srcport,$destip,$destport,$pro)= split " " ,  @shortrecs[$loop];
-  if ("$destip" eq "$gatekeep") 
-    {
-     if ($destport < $ITRUSTABOVE )
-     {
-#      if index not found (ie < 0) then we have a low port attach to gatekeep
-#      that is not to a safer port (see top of this file)
-#      ie no ports 25 (smtp), 53 (dns) , 113 (ident), 123 (ntp), icmp
-       $where=index($saferports,$destport);
-       if ($where < 0)
-         {
-          $nameis=$services{$destport};
-          if ("$nameis" eq "" )
-            {
-              $nameis=$destport;
-            }
-              print " Warning: $srcip contacted gatekeep $nameis\n";
-         }
-      }
-    }
-  }
-print "\n\n";
-} # end of subroutine posbadones
-
-
-
-
-sub toobusy_site {
-$percsafe=1;
-print "\n\n########################################################################\n";
-print "# Sites sending > $percsafe % of all packets to gatekeep MAY be attacking/probing\n";
-print "Trusted hosts are $safehosts\n";
-print "\nTOTAL packets were $#recs \n";
-print "########################################################################\n";
-while(($ipadd,$numpacketsent)=each %numpacks) 
-{
-$perc=$numpacketsent/$#recs*100;
-if ($perc > $percsafe) 
-# dont believe safehosts are attacking!
- {
-   $where=index($safehosts,$ipadd);
-#  if not found (ie < 0 then the source host IP address
-#  isn't in the saferhosts list, a list we trust......
-   if ($where < 0 )
-   {
-     printf "$ipadd	 sent %4.1f (\045) of all packets to gatekeep\n",$perc;
-   }
- }
-}
-
-print "\n\n";
-} # end of subroutine toobusy_site 
-
-
-############### END SUBROUTINE DECLARATIONS ###########
-
-use Getopt::Std;
-
-getopt('pfot');
-
-if("$opt_t" eq "0")
- {usage;print "\n---->ERROR: You must psecify the IP address of the interface that collected the data!\n";
-exit;
-}
- 
-if("$opt_h" eq "1")
- {usage;exit 0};
-if("$opt_H" eq "1")
- {usage;exit 0};
-
-if("$opt_v" eq "1")
-{
-$ITRUSTABOVE=1024;
-$opt_s=1;
-$opt_o=$ITRUSTABOVE;
-print "\n" x 5;
-print "NOTE: when the final section of the verbose report is generated\n";
-print "      every host IP address that contacted $gatekeep has \n";
-print "      a tally of how many times packets from a particular port on that host\n";
-print "      reached $gatekeep, and WHICH source port or source portname \n";
-print "      these packets originated from.\n";
-print "      Many non RFC obeying boxes do not use high ports and respond to requests from\n";
-print "      $gatekeep using  reserved low ports... hence you'll see things like\n";
-print "      #### with 207.50.191.60 as the the source for packets ####\n";
-print "      1 connections from topx to gatekeep\n\n\n\n";
-
-}
-
-if("$opt_o" eq "")
- {usage;print "\n---->ERROR: Must specify lowest safe port name for incoming trafic\n";exit 0}
-else
-{
-$ITRUSTABOVE=$opt_o;$opt_s=1;}
-
-if("$opt_f" eq "")
- {usage;print "\n---->ERROR: Must specify filename with -f \n";exit 0};
-$FILENAME=$opt_f;
-
-if("$opt_p" eq "")
- {usage;print "\n---->ERROR: Must specify port number or 'all' with -p \n";exit 0};
-
-# -p arg must be all or AN INTEGER in range 1<=N<=64K
-if ("$opt_p" ne "all")
- {
-   $_=$opt_p;  
-   unless (/^[+-]?\d+$/)
-   {
-     usage;
-     print "\n---->ERROR: Must specify port number (1-64K) or 'all' with -p \n";
-     exit 0;
-   }
- }
-
-
-# if we get here then the port option is either 'all' or an integer...
-# good enough.....
-$lookat=$opt_p;
-
-# -o arg must be all or AN INTEGER in range 1<=N<=64K
-   $_=$opt_o;  
-   unless (/^[+-]?\d+$/)
-   {
-     usage;
-     print "\n---->ERROR: Must specify port number (1-64K)  with -o \n";
-     exit 0;
-   }
-
-
-#---------------------------------------------------------------------
-
-
-%danger=();
-%numpacks=();
-
-$saferports="25 53 113 123 icmp";
-$gatekeep="192.216.16.2";
-#genmagic is  192.216.25.254
-$safehosts="$gatekeep 192.216.25.254";
-
-
-
-# load hash with service numbers versus names
-
-# hash  called $services
-print "Creating hash of service names / numbers \n";
-$SERV="./services";
-open (INFILE, $SERV) || die "Cant open $SERV: $!n";
-while(<INFILE>)
-{
- ($servnum,$servname,$junk)=split(/ /,$_);
-# chop off null trailing.....
-  $servname =~ s/\n$//;
-  $services{$servnum}=$servname;
-}
-print "Create hash of month numbers as month names\n";
-%months=("01","January","02","February","03","March","04","April","05","May","06","June","07","July","08","August","09","September","10","October","11","November","12","December");
-
-print "Reading log file into an array\n";
-#$FILENAME="./ipfilter.log";
-open (REC, $FILENAME) || die "Cant open $FILENAME: \n";
-($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$junk)=stat REC;
-print "Log file $FILENAME is $size bytes in size\n";
-#each record is an element of array rec[] now
-while(<REC>) 
- {
- @recs[$numrec++]=$_;
- }
-
-
-# get list of UNIQUE source IP addresses now, records look like
-# 192.216.25.254,62910 ->  192.216.16.2,113 PR tcp len 20 40 -R
-# this is slow on big log files, about 1minute for every 2.5M log file
-print "Making list of unique source IP addresses (1minute for every 2M log parsed)\n";
-$loop=-1;
-$where=-1;
-while ($loop++ < $#recs )
- {
-# get the LHS = source IP address, need fiddle as icmp rcords are logged oddly
-  $bit=substr(@recs[$loop],39);
-  $bit =~ s/,/ /g;
-  ($sourceip,$junkit)= split " " , $bit ;
-  
-# NOTE the  . is the string concat command NOT + .......!!!!
-
-  $sourceip =~ split " ", $sourceip;
-   $where=index($allips,$sourceip);
-#  if not found (ie < 0, add it)
-   if ($where < 0 )
-   {
-     $allips = $allips . "$sourceip " ;
-   }
- }
-  
-print "Put all unique ip addresses into a 1D array\n";
-@allips=split " ", $allips;
-
-#set loop back to -1 as first array element in recs is element 0 NOT 1 !!
-print "Making compact array of logged entries\n";
-$loop=-1;
-$icmp=" icmp ";
-$ptr=" -> ";
-$lenst=" len ";
-$numpackets=0;
-
-while ($loop++ < $#recs )
- {
-# this prints from 39 char to EOR
- $a=substr(@recs[$loop],39);
- ($srcip,$dummy,$destip,$dummy2,$dummy3,$dummy4,$lenicmp)= split " " ,  $a ;
-# need to rewrite icmp ping records.... they dont have service numbers
- $whereicmp=index($a,"PR icmp");
- if($whereicmp > 0 )
- {
-  $a = $srcip . $icmp .  $ptr . $destip  . $icmp . $icmp . $lenst . $lenicmp ;
- }
- 
-# dump the "->"  and commas from logging
- $a =~ s/->//g;
- $a =~ s/PR//g;
- $a =~ s/,/ /g;
-# shortrec has records that look like
-# 209.24.1.217 123 192.216.16.2 123 udp len 20 76
- @shortrecs[$loop]= "$a";
-
-# count number packets from each IP address into hash
- ($srcip,$junk) = split " ","$a";
- $numpackets=$numpacks{"$srcip"};
- $numpackets++ ;
- $numpacks{"$srcip"}=$numpackets; 
-
-}
-
-
-
-# call sub to analyse packets by time
-# @shortrecs has form 209.24.1.217 123 192.216.16.2 123 udp len 20 76
-# @recs has form 27/07/1998 00:01:05.216596  le0 @0:2 L 192.216.21.16,2733 -> 192.216.16.2,53 PR udp len 20 62
-packbytime($XMAX);
-
-if("$opt_s" eq "1")
-{
-# call subroutine to scan for connections to ports on gatekeep
-# other than those listed in saferports, connections to high
-# ports are assumed OK.....
-posbadones;
-
-# call subroutine to print out which sites had sent more than
-# a defined % of packets to gatekeep
-toobusy_site;
-}
-
-
-# verbose reporting?
-if ("$opt_v" eq "1")
-{
-$cnt=-1;
-# loop over ALL unique IP source destinations
-while ($cnt++ < $#allips)
-{
-  %tally=();
-  %unknownsrcports=();
-  $uniqip=@allips[$cnt];
-  $loop=-1;
-  $value=0;
-  $value1=0;
-  $value2=0;
-  $value3=0;
-  $set="N";
-
-  while ($loop++ < $#recs )
-   {
-#    get src IP num,    src port number, 
-#    destination IP num, destnation port number,protocol
-     ($srcip,$srcport,$destip,$destport,$pro)= split " " ,  @shortrecs[$loop];
-# loop over all records for the machine $uniqip
-# NOTE THE STRINGS ARE COMPARED WITH eq NOT cmp and NOT = !!!!
-   if(  "$uniqip" eq "$srcip")
-    {
-# look up hash of service names to get key... IF ITS NOT THERE THEN WHAT???
-# its more than likely  a request coming back in on a high port
-# ....So...
-# find out the destination port from the unknown (high) src port
-# and tally these as they may be a port attack
-  if ("$srcport" eq "icmp")
-   { $srcportnam="icmp";}
-  else
-   {
-     $srcportnam=$services{$srcport};
-   }
-#    try and get dest portname, if not there, leave it as the 
-#    dest portnumber
-  if ("$destport" eq "icmp")
-   { $destportnam="icmp";}
-  else
-   {
-  $destportnam=$services{$destport};
-   }
-
-  if ($destportnam eq "")
-   {
-     $destportnam=$destport;
-   }
-
-  if ($srcportnam eq "")
-    {
-#    increment number of times a (high)/unknown port has gone to destport
-     $value1=$unknownsrcports{$destportnam}; 
-     $value1++ ; 
-     $unknownsrcports{$destportnam}=$value1;
-    }
-  else
-   {
-#    want tally(srcport) counter to be increased by 1
-     $value3=$tally{$srcportnam};
-     $value3++ ; 
-     $tally{$srcportnam}=$value3;
-    }
-   }
-
-
-   }
-#  end of loop over ALL IP's
-
-if ($set eq "N")
-{
-$set="Y";
-
-print "\n#### with $uniqip as the the source for packets ####\n";
-while(($key,$value)=each %tally) 
-  {
-   if (not "$uniqip" eq "$gatekeep")
-    {
-      print "$value connections from $key to gatekeep\n";
-    }
-   else
-    {
-      print "$value connections from gatekeep to $key\n";
-     }
-  }
-
-
-
-while(($key2,$value2)=each %unknownsrcports) 
-  {
-   if (not "$uniqip" eq "$gatekeep")
-    {
-     print "$value2 high port connections to $key2 on gatekeep\n";
-    }
-   else
-    {
-      print "$value2 high port connections to $key2 from gatekeep\n";
-     }
-  }
-
-}
-# print if rests for UNIQIP IF flag is set to N then toggle flag
-
-} # end of all IPs loop 
-} # end of if verbose option set block
-
-
-
diff --git a/contrib/ipfilter/perl/Isbgraph b/contrib/ipfilter/perl/Isbgraph
deleted file mode 100644
index c68b672..0000000
--- a/contrib/ipfilter/perl/Isbgraph
+++ /dev/null
@@ -1,297 +0,0 @@
-#!/usr/local/bin/perl
-
-# isbgraph
-# an example in not so hot perl programming....
-# based around GraphMaker from Fabrizio Pivari
-# A graph maker perl script
-
-use GD;
-use Getopt::Long;
-$hr=0;
-
-sub main{
-
-$opt_conf="./graphmaker.cnf";
-
-@elem=("NUMBERYCELLGRIDSIZE","MAXYVALUE","MINYVALUE","XCELLGRIDSIZE","XMAX",
-       "Data","Graph","Bar","Average","Graphnum","Title","Transparent","Rbgcolour",
-       "Gbgcolour","Bbgcolour","Rfgcolour","Gfgcolour","Bfgcolour","Rcolour",
-       "Gcolour","Bcolour","Racolour","Gacolour","Bacolour");
-
-%option=(
-      NUMBERYCELLGRIDSIZE => '8',
-      MAXYVALUE => '7748',
-      MINYVALUE => '6500',
-      XCELLGRIDSIZE => '18',
-      XMAX => '1000',
-      Data => './graphmaker.dat',
-      Graph => './graphmaker.gif',
-      Bar => '1',
-      Average => '1',
-      Graphnum => '1',
-      Title => 'GraphMaker 2.1',
-      Transparent => 'yes',
-      Rbgcolour => '255',
-      Gbgcolour => '255',
-      Bbgcolour => '255',
-      Rfgcolour => '0',
-      Gfgcolour => '0',
-      Bfgcolour => '0',
-      Rcolour => '0',
-      Gcolour => '0',
-      Bcolour => '255',
-      Racolour => '255',
-      Gacolour => '255',
-      Bacolour => '0');
-
-&GetOptions("conf=s","help") || &printusage ;
-
-
-if ($opt_help) {&printusage};
-
-open (CNF, $opt_conf) || die;
-while (<CNF>) {
-s/\t/ /g;  #replace tabs by space
-next if /^\s*\#/; #ignore comment lines
-next if /^\s*$/;  #ignore empty lines
-foreach $elem (@elem)
-   {
-   if (/\s*$elem\s*:\s*(.*)/) { $option{$elem}=$1; }
-   }
-}
-close(CNF);
-#########################################
-#
-#
-#
-#       number datapoints/24 hours is 1440 (minutes)
-#
-#       Split into N graphs where each graph has max of 240 datapoints (4 hours)
-# 
-
-$barset=0;
-$m=0;
-$YGRIDSIZE = 400;
-$YCELLGRIDSIZE = $YGRIDSIZE/$option{'NUMBERYCELLGRIDSIZE'};
-$XINIT = 30;
-$XEND = 8;
-$YINIT =20;
-$YEND = 20;
-#$XGRIDSIZE = ($option{'XMAX'}*$option{'XCELLGRIDSIZE'});
-#$XGRIDSIZE = (240*$option{'XCELLGRIDSIZE'});
-$XGRIDSIZE = 620;
-$XGIF = $XGRIDSIZE + $XINIT + $XEND;
-$XGRAPH = $XGRIDSIZE + $XINIT;
-$YGIF = $YGRIDSIZE + $YEND + $YINIT;
-$YGRAPH = $YGRIDSIZE + $YINIT;
-$RANGE=$option{'MAXYVALUE'}-$option{'MINYVALUE'};
-$SCALE=$YGRIDSIZE/$RANGE;
-
-# NEW IMAGE
-   $im=new GD::Image($XGIF,$YGIF);
-
-$white=$im->colorAllocate(255,255,255);
-$black=$im->colorAllocate(0,0,0);
-$pink=$im->colorAllocate(255,153,153);
-$red=$im->colorAllocate(255,0,0);
-$blue=$im->colorAllocate(0,0,255);
-$green=$im->colorAllocate(0,192,51);
-$orange=$im->colorAllocate(255,102,0);
-$pink=$im->colorAllocate(255,153,153);
-$teal=$im->colorAllocate(51,153,153);
-# gif background is $bg
-   $bg=$white;
-   $fg=$blue;
-# LINE COLOUR HELP BY VAR $colour
-   $colour=$red;
-   $acolour=$yellow;
-   # GRID
-   if ($option{'Transparent'} eq "yes") {$im->transparent($bg)};
-   $im->filledRectangle(0,0,$XGIF,$YGIF,$bg);
-
-# Dot style
-# vertical markers on Y axis grid
-   $im->setStyle($fg,$bg,$bg,$bg);
-   for $i (0..$option{'XMAX'})
-      {
-      $xspace= $XINIT+$option{'XCELLGRIDSIZE'}*$i +$i;
-     # $im->line($xspace,$YINIT,$xspace,$YGRAPH,gdStyled);
-      $num = $i+1;
-      
-      use integer;
-     {
-      $posis=$num - ($num/60)*60;
-    }
-      if ($posis eq 0)
-         {
-	   $outhr=0;
-           $hr=($hr + 1) ;
-	   $outhr=$hr+$option{'Graphnum'}*4;
-#          shift minutes coords to correct stat hour!
-           $im->string(gdMediumBoldFont,$xspace-3,$YGRAPH,"$outhr",$fg);
-         }
-
-      } # end of scan over X values (minutes)
-
-   $YCELLVALUE=($option{'MAXYVALUE'}-$option{'MINYVALUE'})/$option{'NUMBERYCELLGRIDSIZE'};
-   for $i (0..$option{'NUMBERYCELLGRIDSIZE'})
-      {
-      $num=$option{'MINYVALUE'}+$YCELLVALUE*($option{'NUMBERYCELLGRIDSIZE'}-$i);
-      $im->string(gdMediumBoldFont,0,$YINIT+$YCELLGRIDSIZE*$i -6,"$num",$fg);
-      }
-   $im->string(gdSmallFont,$XGRIDSIZE/2-80,0,$option{'Title'},$fg);
-
-   $odd_even = $option{'XCELLGRIDSIZE'}%2;
-   #odd
-   if ($odd_even eq 1) {$middle = $option{'XCELLGRIDSIZE'}/2 +0.5;}
-   else {$middle = $option{'XCELLGRIDSIZE'}/2 +0.5;}
-
-# start reading data
-#   open (DATA,$option{'Data'}) || die "cant open $option{'Data'}";
-# nextdata becomes Y on reading of second data set....
-$nextdata="N";
-@datafiles=("./in.dat" , "./out.dat" );
-   foreach  ( @datafiles )
-{
-   $m=0;
-   $count=0;
-   $i=0;
-   $fname=$_;
-    
-  print "fname $fname\n";
-#  change entry for red in colour table to green for packets LEAVING target host
-
-   open (DATA,$_) || die "cant open $_";
-   print "$nextdata nextdata\n";
-   while (<DATA>)
-      {
-      /(.*):(.*)/;
-      if ($option{'Average'} eq 1) {$m+=$2;$i++;}
-      if ($count eq 0){$XOLD=$1;$YOLD=$2;$count=1;next}
-      $X=$1; $Y=$2;
-# +($X-1) are the pixel of the line
-      $xspace= $XINIT+$option{'XCELLGRIDSIZE'}*($X-1) +($X-1);
-      $xspaceold= $XINIT+$option{'XCELLGRIDSIZE'}*($XOLD-1) +($XOLD-1);
-      $yspace= $YGRAPH-($Y-$option{'MINYVALUE'})*$SCALE;
-      $yspaceold= $YGRAPH-($YOLD-$option{'MINYVALUE'})*$SCALE;
-      $barset=$option{'Bar'};
-      if ($barset eq  0)
-   {
-
-     if($nextdata eq "Y")
-     {
-	
-         #$im->line($XINIT,$YGRAPH,$X,$Y,$orange);
-         $im->line($xspaceold,$yspaceold,$xspace,$yspace,$green);
-     }
-     else
-     {
-         $im->line($xspaceold,$yspaceold,$xspace,$yspace,$red);
-     } 
-    }
-      else
-         {
-         if ($1 eq 2)
-            {
-            $im->filledRectangle($xspaceold,$yspaceold,
-                                 $xspaceold+$middle,$YGRAPH,$colour);
-            $im->rectangle($xspaceold,$yspaceold,
-                           $xspaceold+$middle,$YGRAPH,$fg);
-            }
-         else
-            {
-            $im->filledRectangle($xspaceold-$middle,$yspaceold,
-                                 $xspaceold+$middle,$YGRAPH,$colour);
-            $im->rectangle($xspaceold-$middle,$yspaceold,
-                           $xspaceold+$middle,$YGRAPH,$fg);
-            }
-         }
-      $XOLD=$X; $YOLD=$Y;
-
-      }  # end of while DATA loop
-
-     $im->line(500,40,530,40,$red);
-     $im->line(500,60,530,60,$green);
-     $im->string(gdSmallFont,535,35,"Packets IN",$fg);
-     $im->string(gdSmallFont,535,55,"Packets OUT",$fg);
-     
-   if ($option{'Bar'} ne 0)
-      {
-      if ($X eq $option{'XMAX'})
-         {
-         $im->filledRectangle($xspace-$middle,$yspace,
-                              $xspace,$YGRAPH,$colour);
-         $im->rectangle($xspace-$middle,$yspace,
-                        $xspace,$YGRAPH,$fg);
-         }
-      else
-         {
-         $im->filledRectangle($xspace-$middle,$yspace,
-                              $xspace+$middle,$YGRAPH,$colour);
-         $im->rectangle($xspace-$middle,$yspace,
-                        $xspace+$middle,$YGRAPH,$fg);
-         }
-      }
-   close (DATA);
-
-
-     $nextdata="Y";
-# TOP LEFT is 0,0 on GIF (image)
-# origin of plot is xinit,yinit 
- # print "little line\n";
-     $im->line($xspace,$yspace,$xspace,$YGRAPH,$blue);
-     $im->line($xspace,$YGRAPH,$XINIT,$YGRAPH,$blue);
-#    (0,0) in cartesian space time=0 minutes, rate 0 packets/s
-     $im->line($XINIT,$YGRAPH,$XINIT,$YGRAPH,$blue);
-     $im->line($XINIT,$YGRAPH,$XINIT,$YGRAPH,$green);
-
-} # close foreach loop on data file names
-
-
-
-
-   if ($option{'Average'} eq 1)
-      {
-      # Line style
-      $im->setStyle($acolour,$acolour,$acolour,$acolour,$bg,$bg,$bg,$bg);
-      $m=$m/$i;
-      $ym=$YGRAPH-($m-$option{'MINYVALUE'})*$SCALE;
-      $im->line($XINIT,$ym,$XGRAPH,$ym,gdStyled)
-      }
-   $im->line($XINIT,$YINIT,$XINIT,$YGRAPH,$fg);
-   $im->line($XINIT,$YINIT,$XGRAPH,$YINIT,$fg);
-   $im->line($XGRAPH,$YINIT,$XGRAPH,$YGRAPH,$fg);
-   $im->line($XINIT,$YGRAPH,$XGRAPH,$YGRAPH,$fg);
-
-   $im->string(gdSmallFont,$XGIF-335,$YGIF - 12,"Time of Day (hours)",$fg);
-   open (GRAPH,">$option{'Graph'}") || die "Error: Grafico.gif - $!\n";
-   print GRAPH $im -> gif;
-   close (GRAPH);
-
-
-
-
-} # end of subroutine main
-
-main;
-exit(0);
-
-sub printusage {
-    print <<USAGEDESC;
-
-usage:
-        graphmaker [-options ...]
-
-where options include:
-    -help                        print out this message
-    -conf  file                  the configuration file (default graphmaker.cnf)
-
-If you want to know more about this tool, you might want
-to read the docs. They came together with graphmaker!
-
-Home: http://www.geocities.com/CapeCanaveral/Lab/3469/graphmaker.html
-
-USAGEDESC
-    exit(1);
-}
-
diff --git a/contrib/ipfilter/perl/LICENSE b/contrib/ipfilter/perl/LICENSE
deleted file mode 100644
index 4ae42df..0000000
--- a/contrib/ipfilter/perl/LICENSE
+++ /dev/null
@@ -1,6 +0,0 @@
-These shell scripts are provided "as is" by Ivan S. Bishop and any
-express or implied warranties, including, but not limited to, the
-implied warranties of merchantability and fitness for a particular
-purpose are disclaimed.
-
-Permission has been granted for their redistribution within this package.
diff --git a/contrib/ipfilter/perl/Services b/contrib/ipfilter/perl/Services
deleted file mode 100644
index 401fff0..0000000
--- a/contrib/ipfilter/perl/Services
+++ /dev/null
@@ -1,2146 +0,0 @@
-1 tcpmux TCPPortServiceMultiplexer
-3 compressnet CompressionProcess
-5 rje RemoteJobEntry
-7 echo
-9 discard
-11 systat
-13 daytime
-15 netstat
-17 qotd QuoteoftheDay
-18 msp MessageSendProtocol
-19 chargen
-20 ftp-data
-21 ftp
-22 ssh SSHRemoteLoginProtocol
-23 telnet
-25 smtp
-27 nsw-fe NSWUserSystemFE
-29 msg-icp MSGICP
-31 msg-auth MSGAuthentication
-33 dsp DisplaySupportProtocol
-37 time Time
-38 rap RouteAccessProtocol
-39 rlp ResourceLocationProtocol
-41 graphics Graphics
-42 nameserver HostNameServer
-43 whois
-44 mpm-flags MPMFLAGSProtocol
-45 mpm MessageProcessingModule[recv]
-46 mpm-snd MPM[defaultsend]
-47 ni-ftp NIFTP
-48 auditd DigitalAuditDaemon
-49 tacacs LoginHostProtocol(TACACS)
-50 re-mail-ck RemoteMailCheckingProtocol
-51 la-maint IMPLogicalAddressMaintenance
-52 xns-time XNSTimeProtocol
-53 domain DomainNameServer
-54 xns-ch XNSClearinghouse
-55 isi-gl ISIGraphicsLanguage
-56 xns-auth XNSAuthentication
-58 xns-mail XNSMail
-61 ni-mail NIMAIL
-62 acas ACAServices
-63 whois++ whois++
-64 covia CommunicationsIntegrator(CI)
-65 tacacs-ds TACACS-DatabaseService
-66 sqlnet OracleSQL*NET
-67 bootps BootstrapProtocolServer
-68 bootpc BootstrapProtocolClient
-69 tftp TrivialFileTransfer
-70 gopher Gopher
-71 netrjs-1 RemoteJobService
-72 netrjs-2 RemoteJobService
-73 netrjs-3 RemoteJobService
-74 netrjs-4 RemoteJobService
-76 deos DistributedExternalObjectStore
-77 rje
-78 vettcp vettcp
-79 finger Finger
-80 www-http WorldWideWebHTTP
-81 hosts2-ns HOSTS2NameServer
-82 xfer XFERUtility
-83 mit-ml-dev MITMLDevice
-84 ctf CommonTraceFacility
-85 mit-ml-dev MITMLDevice
-86 mfcobol MicroFocusCobol
-87 link
-88 kerberos Kerberos
-89 su-mit-tg SU/MITTelnetGateway
-90 dnsix DNSIXSecuritAttributeTokenMap
-91 mit-dov MITDoverSpooler
-92 npp NetworkPrintingProtocol
-93 dcp DeviceControlProtocol
-94 objcall TivoliObjectDispatcher
-95 supdup SUPDUP
-96 dixie DIXIEProtocolSpecification
-97 swift-rvf SwiftRemoteVirturalFileProtocol
-98 tacnews TACNews
-99 metagram MetagramRelay
-100 newacct [unauthorizeduse]
-101 hostname NICHostNameServer
-102 iso-tsap ISO-TSAPClass0
-103 x400
-104 x400-snd
-105 cso CCSOnameserverprotocol
-106 3com-tsmux 3COM-TSMUX
-107 rtelnet RemoteTelnetService
-108 snagas SNAGatewayAccessServer
-109 pop2 PostOfficeProtocol-Version2
-110 pop3 PostOfficeProtocol-Version3
-111 sunrpc SUNRemoteProcedureCall
-112 mcidas McIDASDataTransmissionProtocol
-113 ident 
-114 audionews AudioNewsMulticast
-115 sftp SimpleFileTransferProtocol
-116 ansanotify ANSAREXNotify
-117 uucp-path UUCPPathService
-118 sqlserv SQLServices
-119 nntp NetworkNewsTransferProtocol
-120 cfdptkt CFDPTKT
-121 erpc EncoreExpeditedRemotePro.Call
-122 smakynet SMAKYNET
-123 ntp NetworkTimeProtocol
-124 ansatrader ANSAREXTrader
-125 locus-map LocusPC-InterfaceNetMapSer
-126 unitary UnisysUnitaryLogin
-127 locus-con LocusPC-InterfaceConnServer
-128 gss-xlicen GSSXLicenseVerification
-129 pwdgen PasswordGeneratorProtocol
-130 cisco-fna ciscoFNATIVE
-131 cisco-tna ciscoTNATIVE
-132 cisco-sys ciscoSYSMAINT
-133 statsrv StatisticsService
-134 ingres-net INGRES-NETService
-135 epmap DCEendpointresolution
-136 profile PROFILENamingSystem
-137 netbios-ns NETBIOSNameService
-138 netbios-dgm NETBIOSDatagramService
-139 netbios-ssn NETBIOSSessionService
-140 emfis-data EMFISDataService
-141 emfis-cntl EMFISControlService
-142 bl-idm Britton-LeeIDM
-143 imap InternetMessageAccessProtocol
-144 NeWS
-145 uaac UAACProtocol
-146 iso-tp0 ISO-IP0
-147 iso-ip ISO-IP
-148 jargon Jargon
-149 aed-512 AED512EmulationService
-150 sql-net SQL-NET
-151 hems HEMS
-152 bftp BackgroundFileTransferProgram
-153 sgmp SGMP
-154 netsc-prod NETSC
-155 netsc-dev NETSC
-156 sqlsrv SQLService
-157 knet-cmp KNET/VMCommand/MessageProtocol
-158 pcmail-srv PCMailServer
-159 nss-routing NSS-Routing
-160 sgmp-traps SGMP-TRAPS
-161 snmp SNMP
-162 snmptrap SNMPTRAP
-163 cmip-man CMIP/TCPManager
-164 cmip-agent CMIP/TCPAgent
-165 xns-courier Xerox
-166 s-net SiriusSystems
-167 namp NAMP
-168 rsvd RSVD
-169 send SEND
-170 print-srv NetworkPostScript
-171 multiplex NetworkInnovationsMultiplex
-172 cl/1 NetworkInnovationsCL/1
-173 xyplex-mux Xyplex
-174 mailq MAILQ
-175 vmnet VMNET
-176 genrad-mux GENRAD-MUX
-177 xdmcp XDisplayManagerControlProtocol
-178 nextstep NextStepWindowServer
-179 bgp BorderGatewayProtocol
-180 ris Intergraph
-181 unify Unify
-182 audit UnisysAuditSITP
-183 ocbinder OCBinder
-184 ocserver OCServer
-185 remote-kis Remote-KIS
-186 kis KISProtocol
-187 aci ApplicationCommunicationInterface
-188 mumps PlusFive'sMUMPS
-189 qft QueuedFileTransport
-190 gacp GatewayAccessControlProtocol
-191 prospero ProsperoDirectoryService
-192 osu-nms OSUNetworkMonitoringSystem
-193 srmp SpiderRemoteMonitoringProtocol
-194 irc InternetRelayChatProtocol
-195 dn6-nlm-aud DNSIXNetworkLevelModuleAudit
-196 dn6-smm-red DNSIXSessionMgtModuleAuditRedir
-197 dls DirectoryLocationService
-198 dls-mon DirectoryLocationServiceMonitor
-199 smux SMUX
-200 src IBMSystemResourceController
-201 at-rtmp AppleTalkRoutingMaintenance
-202 at-nbp AppleTalkNameBinding
-203 at-3 AppleTalkUnused
-204 at-echo AppleTalkEcho
-205 at-5 AppleTalkUnused
-206 at-zis AppleTalkZoneInformation
-207 at-7 AppleTalkUnused
-208 at-8 AppleTalkUnused
-209 qmtp TheQuickMailTransferProtocol
-210 z39.50 ANSIZ39.50
-211 914c/g TexasInstruments914C/GTerminal
-212 anet ATEXSSTR
-213 ipx IPX
-214 vmpwscs VMPWSCS
-215 softpc InsigniaSolutions
-216 CAIlic ComputerAssociatesInt'lLicenseServer
-217 dbase dBASEUnix
-218 mpp NetixMessagePostingProtocol
-219 uarps UnisysARPs
-220 imap3 InteractiveMailAccessProtocolv3
-221 fln-spx BerkeleyrlogindwithSPXauth
-222 rsh-spx BerkeleyrshdwithSPXauth
-223 cdc CertificateDistributionCenter
-224 Reserved
-225 Reserved
-226 Reserved
-227 Reserved
-228 Reserved
-229 Reserved
-230 Reserved
-231 Reserved
-232 Reserved
-233 Reserved
-234 Reserved
-235 Reserved
-236 Reserved
-237 Reserved
-238 Reserved
-239 Reserved
-240 Reserved
-241 Reserved
-242 direct Direct
-243 sur-meas SurveyMeasurement
-244 dayna Dayna
-245 link LINK
-246 dsp3270 DisplaySystemsProtocol
-247 subntbcst_tftp SUBNTBCST_TFTP
-248 bhfhs bhfhs
-249
-250 Reserved
-251 Reserved
-252 Reserved
-253 Reserved
-254 Reserved
-255 Reserved
-256 rap RAP
-257 set SecureElectronicTransaction
-258 yak-chat YakWinsockPersonalChat
-259 esro-gen EfficientShortRemoteOperations
-260 openport Openport
-261 nsiiops IIOPNameServiceoverTLS/SSL
-262 arcisdms Arcisdms
-263 hdap HDAP
-280 http-mgmt http-mgmt
-281 personal-link PersonalLink
-282 cableport-ax CablePortA/X
-309 entrusttime EntrustTime
-310 bhmds bhmds
-311 asip-webadmin AppleShareIPWebAdmin
-312 vslmp VSLMP
-313 magenta-logic MagentaLogic
-314 opalis-robot OpalisRobot
-315 dpsi DPSI
-316 decauth decAuth
-317 zannet Zannet
-344 pdap ProsperoDataAccessProtocol
-345 pawserv PerfAnalysisWorkbench
-346 zserv Zebraserver
-347 fatserv FatmenServer
-348 csi-sgwp CabletronManagementProtocol
-349 mftp mftp
-350 matip-type-a MATIPTypeA
-351 bhoetty bhoetty(added5/21/97)
-352 dtag-ste-sb DTAG
-353 ndsauth NDSAUTH
-354 bh611 bh611
-355 datex-asn DATEX-ASN
-356 cloanto-net-1 CloantoNet1
-357 bhevent bhevent
-358 shrinkwrap Shrinkwrap
-359 tenebris_nts TenebrisNetworkTraceService
-360 scoi2odialog scoi2odialog
-361 semantix Semantix
-362 srssend SRSSend
-363 rsvp_tunnel RSVPTunnel
-364 aurora-cmgr AuroraCMGR
-365 dtk DTK
-366 odmr ODMR
-367 mortgageware MortgageWare
-368 qbikgdp QbikGDP
-369 rpc2portmap rpc2portmap
-370 codaauth2 codaauth2
-371 clearcase Clearcase
-372 ulistproc ListProcessor
-373 legent-1 LegentCorporation
-374 legent-2 LegentCorporation
-375 hassle Hassle
-376 nip AmigaEnvoyNetworkInquiryProto
-377 tnETOS NECCorporation
-378 dsETOS NECCorporation
-379 is99c TIA/EIA/IS-99modemclient
-380 is99s TIA/EIA/IS-99modemserver
-381 hp-collector hpperformancedatacollector
-382 hp-managed-node hpperformancedatamanagednode
-383 hp-alarm-mgr hpperformancedataalarmmanager
-384 arns ARemoteNetworkServerSystem
-385 ibm-app IBMApplication
-386 asa ASAMessageRouterObjectDef.
-387 aurp AppletalkUpdate-BasedRoutingPro.
-388 unidata-ldm UnidataLDMVersion4
-389 ldap LightweightDirectoryAccessProtocol
-390 uis UIS
-391 synotics-relay SynOpticsSNMPRelayPort
-392 synotics-broker SynOpticsPortBrokerPort
-393 dis DataInterpretationSystem
-394 embl-ndt EMBLNucleicDataTransfer
-395 netcp NETscoutControlProtocol
-396 netware-ip NovellNetwareoverIP
-397 mptn MultiProtocolTrans.Net.
-398 kryptolan Kryptolan
-399 iso-tsap-c2 ISOTransportClass2Non-Controlover
-400 work-sol WorkstationSolutions
-401 ups UninterruptiblePowerSupply
-402 genie GenieProtocol
-403 decap decap
-404 nced nced
-405 ncld ncld
-406 imsp InteractiveMailSupportProtocol
-407 timbuktu Timbuktu
-408 prm-sm ProsperoResourceManagerSys.Man.
-409 prm-nm ProsperoResourceManagerNodeMan.
-410 decladebug DECLadebugRemoteDebugProtocol
-411 rmt RemoteMTProtocol
-412 synoptics-trap TrapConventionPort
-413 smsp SMSP
-414 infoseek InfoSeek
-415 bnet BNet
-416 silverplatter Silverplatter
-417 onmux Onmux
-418 hyper-g Hyper-G
-419 ariel1 Ariel
-420 smpte SMPTE
-421 ariel2 Ariel
-422 ariel3 Ariel
-423 opc-job-start IBMOperationsPlanningandControlStart
-424 opc-job-track IBMOperationsPlanningandControlTrack
-425 icad-el ICAD
-426 smartsdp smartsdp
-427 svrloc ServerLocation
-428 ocs_cmu OCS_CMU
-429 ocs_amu OCS_AMU
-430 utmpsd UTMPSD
-431 utmpcd UTMPCD
-432 iasd IASD
-433 nnsp NNSP
-434 mobileip-agent MobileIP-Agent
-435 mobilip-mn MobilIP-MN
-436 dna-cml DNA-CML
-437 comscm comscm
-438 dsfgw dsfgw
-439 dasp daspThomasObermair
-440 sgcp sgcp
-441 decvms-sysmgt decvms-sysmgt
-442 cvc_hostd cvc_hostd
-443 https httpprotocoloverTLS/SSL
-444 snpp SimpleNetworkPagingProtocol
-445 microsoft-ds Microsoft-DS
-446 ddm-rdb DDM-RDB
-447 ddm-dfm DDM-RFM
-448 ddm-ssl DDM-SSL
-449 as-servermap ASServerMapper
-450 tserver TServer
-451 sfs-smp-net CrayNetworkSemaphoreserver
-452 sfs-config CraySFSconfigserver
-453 creativeserver CreativeServer
-454 contentserver ContentServer
-455 creativepartnr CreativePartnr
-456 macon-udp macon-udp
-457 scohelp scohelp
-458 appleqtc applequicktime
-459 ampr-rcmd ampr-rcmd
-460 skronk skronk
-461 datasurfsrv DataRampSrv
-462 datasurfsrvsec DataRampSrvSec
-463 alpes alpes
-464 kpasswd kpasswd
-465 smtps smtpprotocoloverTLS/SSL(wasssmtp)
-466 digital-vrc digital-vrc
-467 mylex-mapd mylex-mapd
-468 photuris proturis
-469 rcp RadioControlProtocol
-470 scx-proxy scx-proxy
-471 mondex Mondex
-472 ljk-login ljk-login
-473 hybrid-pop hybrid-pop
-474 tn-tl-w1 tn-tl-w1
-475 tcpnethaspsrv tcpnethaspsrv
-476 tn-tl-fd1 tn-tl-fd1
-477 ss7ns ss7ns
-478 spsc spsc
-479 iafserver iafserver
-480 iafdbase iafdbase
-481 ph Phservice
-482 bgs-nsi bgs-nsi
-483 ulpnet ulpnet
-484 integra-sme IntegraSoftwareManagementEnvironment
-485 powerburst AirSoftPowerBurst
-486 avian avian
-487 saft saftSimpleAsynchronousFileTransfer
-488 gss-http gss-http
-489 nest-protocol nest-protocol
-490 micom-pfs micom-pfs
-491 go-login go-login
-492 ticf-1 TransportIndependentConvergenceforFNA
-493 ticf-2 TransportIndependentConvergenceforFNA
-494 pov-ray POV-Ray
-495 intecourier intecourier
-496 pim-rp-disc PIM-RP-DISC
-497 dantz dantz
-498 siam siam
-499 iso-ill ISOILLProtocol
-500 isakmp isakmp
-501 stmf STMF
-502 asa-appl-proto asa-appl-proto
-503 intrinsa Intrinsa
-504 citadel citadel
-505 mailbox-lm mailbox-lm
-506 ohimsrv ohimsrv
-507 crs crs
-508 xvttp xvttp
-509 snare snare
-510 fcp FirstClassProtocol
-511 mynet mynet-as
-512 exec-or-biff
-513 login-or-who
-514 shell-or-syslog
-515 printer spooler
-516 videotex videotex
-517 talk liketenexlink,butacross
-518 ntalk 
-519 utime unixtime
-520 route
-521 ripng ripng
-522 ulp ULP
-523 ibm-db2 IBM-DB2
-524 ncp NCP
-525 timed timeserver
-526 tempo newdate
-527 stx StockIXChange
-528 custix CustomerIXChange
-529 irc-serv IRC-SERV
-530 courier rpc
-531 conference chat
-532 netnews readnews
-533 netwall foremergencybroadcasts
-534 mm-admin MegaMediaAdmin
-535 iiop iiop
-536 opalis-rdv opalis-rdv
-537 nmsp NetworkedMediaStreamingProtocol
-538 gdomap gdomap
-539 apertus-ldp ApertusTechnologiesLoadDetermination
-540 uucp uucpd
-541 uucp-rlogin uucp-rlogin
-542 commerce commerce
-543 klogin 
-544 kshell krcmd
-545 appleqtcsrvr appleqtcsrvr
-546 dhcpv6-client DHCPv6Client
-547 dhcpv6-server DHCPv6Server
-548 afpovertcp AFPoverTCP
-549 idfp IDFP
-550 new-rwho new-who
-551 cybercash cybercash
-552 deviceshare deviceshare
-553 pirp pirp
-554 rtsp RealTimeStreamControlProtocol
-555 dsf 
-556 remotefs rfsserver
-557 openvms-sysipc openvms-sysipc
-558 sdnskmp SDNSKMP
-559 teedtap TEEDTAP
-560 rmonitor rmonitord
-561 monitor
-562 chshell chcmd
-563 nntps nntpprotocoloverTLS/SSL(wassnntp)
-564 9pfs plan9fileservice
-565 whoami whoami
-566 streettalk streettalk
-567 banyan-rpc banyan-rpc
-568 ms-shuttle microsoftshuttle
-569 ms-rome microsoftrome
-570 meter demon
-571 meter udemon
-573 banyan-vip banyan-vip
-574 ftp-agent FTPSoftwareAgentSystem
-575 vemmi VEMMI
-576 ipcd ipcd
-577 vnas vnas
-578 ipdd ipdd
-579 decbsrv decbsrv
-580 sntp-heartbeat SNTPHEARTBEAT
-581 bdp BundleDiscoveryProtocol
-582 scc-security SCCSecurity
-583 philips-vc PhilipsVideo-Conferencing
-584 keyserver KeyServer
-585 imap4-ssl IMAP4+SSL(use993instead)
-586 password-chg PasswordChange
-587 submission Submission
-588 cal CAL
-589 eyelink EyeLink
-590 tns-cml TNSCML
-591 http-alt FileMaker,Inc.-HTTPAlternate(see
-592 eudora-set EudoraSet
-593 http-rpc-epmap HTTPRPCEpMap
-594 tpip TPIP
-595 cab-protocol CABProtocol
-596 smsd SMSD
-597 ptcnameservice PTCNameService
-598 sco-websrvrmg3 SCOWebServerManager3
-599 acp AeolonCoreProtocol
-600 ipcserver SunIPCserver
-606 urm CrayUnifiedResourceManager
-607 nqs nqs
-608 sift-uft Sender-Initiated/UnsolicitedFileTransfer
-609 npmp-trap npmp-trap
-610 npmp-local npmp-local
-611 npmp-gui npmp-gui
-612 hmmp-ind HMMPIndication
-613 hmmp-op HMMPOperation
-614 sshell SSLshell
-615 sco-inetmgr InternetConfigurationManager
-616 sco-sysmgr SCOSystemAdministrationServer
-617 sco-dtmgr SCODesktopAdministrationServer
-618 dei-icda DEI-ICDA
-619 digital-evm DigitalEVM
-620 sco-websrvrmgr SCOWebServerManager
-621 escp-ip ESCP
-622 collaborator Collaborator
-623 aux_bus_shunt AuxBusShunt
-624 cryptoadmin CryptoAdmin
-625 dec_dlm DECDLM
-626 asia ASIA
-627 cks-tivioli CKS&TIVIOLI
-628 qmqp QMQP
-629 3com-amp3 3ComAMP3
-630 rda RDA
-631 ipp IPP(InternetPrintingProtocol)
-632 bmpp bmpp
-633 servstat ServiceStatusupdate(SterlingSoftware)
-634 ginad ginad
-635 rlzdbase RLZDBase
-636 ldaps ldapprotocoloverTLS/SSL(wassldap)
-637 lanserver lanserver
-638 mcns-sec mcns-sec
-639 msdp MSDP
-666 mdqs 
-667 disclose campaigncontributiondisclosures-SDRTechnologies
-668 mecomm MeComm
-669 meregister MeRegister
-670 vacdsm-sws VACDSM-SWS
-671 vacdsm-app VACDSM-APP
-672 vpps-qua VPPS-QUA
-673 cimplex CIMPLEX
-674 acap ACAP
-675 dctp DCTP
-676 vpps-via VPPSVia
-704 elcsd errlogcopy/serverdaemon
-705 agentx AgentX
-707 borland-dsj BorlandDSJ
-709 entrust-kmsh EntrustKeyManagementServiceHandler
-710 entrust-ash EntrustAdministrationServiceHandler
-711 cisco-tdp CiscoTDP
-729 netviewdm1 IBMNetViewDM/6000Server/Client
-730 netviewdm2 IBMNetViewDM/6000send
-731 netviewdm3 IBMNetViewDM/6000receive
-741 netgw netGW
-742 netrcs NetworkbasedRev.Cont.Sys.
-744 flexlm FlexibleLicenseManager
-747 fujitsu-dev FujitsuDeviceControl
-748 ris-cm RussellInfoSciCalendarManager
-749 kerberos-adm kerberosadministration
-750 kerberos-iv kerberosversioniv
-751 pump 
-752 qrh 
-753 rrh 
-754 tell send
-758 nlogin 
-759 con 
-760 ns 
-761 rxe 
-762 quotad 
-763 cycleserv 
-764 omserv 
-765 webster 
-767 phonebook phone
-769 vid 
-770 cadlock 
-771 rtip 
-772 cycleserv2 
-773 notify 
-774 rpasswd 
-775 acmaint_transd 
-776 wpages 
-780 wpgs 
-786 concert Concert
-787 qsc QSC
-800 mdbs_daemon 
-801 device 
-829 pkix-3-ca-ra PKIX-3CA/RA
-873 rsync rsync
-886 iclcnet-locate ICLcoNETionlocateserver
-887 iclcnet_svinfo ICLcoNETionserverinfo
-888 accessbuilder AccessBuilder
-900 omginitialrefs OMGInitialRefs
-911 xact-backup xact-backup
-989 ftps-data ftpprotocol,data,overTLS/SSL
-990 ftps ftpprotocol,control,overTLS/SSL
-991 nas NetnewsAdministrationSystem
-992 telnets telnetprotocoloverTLS/SSL
-993 imaps imap4protocoloverTLS/SSL
-994 ircs ircprotocoloverTLS/SSL
-995 pop3s pop3protocoloverTLS/SSL(wasspop3)
-996 vsinet vsinet
-997 maitrd 
-998 busboy 
-999 garcon 
-1000 cadlock 
-1008 ufsd
-1010 surf surf
-1011 Reserved
-1012 Reserved
-1013 Reserved
-1014 Reserved
-1015 Reserved
-1016 Reserved
-1017 Reserved
-1018 Reserved
-1019 Reserved
-1020 Reserved
-1021 Reserved
-1022 Reserved
-1025 blackjack networkblackjack
-1030 iad1 BBNIAD
-1031 iad2 BBNIAD
-1032 iad3 BBNIAD
-1047 neod1 Sun'sNEOObjectRequestBroker
-1048 neod2 Sun'sNEOObjectRequestBroker
-1058 nim nim
-1059 nimreg nimreg
-1067 instl_boots InstallationBootstrapProto.Serv.
-1068 instl_bootc InstallationBootstrapProto.Cli.
-1080 socks Socks
-1083 ansoft-lm-1 AnasoftLicenseManager
-1084 ansoft-lm-2 AnasoftLicenseManager
-1099 rmiSun
-1103 xaudio
-1110 nfsd-status Clusterstatusinfo
-1111 lmsocialserver LMSocialServer
-1123 murray Murray
-1155 nfa NetworkFileAccess
-1161 health-polling HealthPolling
-1162 health-trap HealthTrap
-1180 mc-client MillicentClientProxy
-1212 lupa lupa
-1222 nerv SNIR&Dnetwork
-1234 search-agent InfoseekSearchAgent
-1239 nmsd NMSD
-1248 hermes 
-1300 h323hostcallsc H323HostCallSecure
-1313 bmc_patroldb BMC_PATROLDB
-1314 pdps PhotoscriptDistributedPrintingSystem
-1345 vpjp VPJP
-1346 alta-ana-lm AltaAnalyticsLicenseManager
-1347 bbn-mmc multimediaconferencing
-1348 bbn-mmx multimediaconferencing
-1349 sbook RegistrationNetworkProtocol
-1350 editbench RegistrationNetworkProtocol
-1351 equationbuilder DigitalToolWorks(MIT)
-1352 lotusnote LotusNote
-1353 relief ReliefConsulting
-1354 rightbrain RightBrainSoftware
-1355 intuitive-edge IntuitiveEdge
-1356 cuillamartin CuillaMartinCompany
-1357 pegboard ElectronicPegBoard
-1358 connlcli CONNLCLI
-1359 ftsrv FTSRV
-1360 mimer MIMER
-1361 linx LinX
-1362 timeflies TimeFlies
-1363 ndm-requester NetworkDataMoverRequester
-1364 ndm-server NetworkDataMoverServer
-1365 adapt-sna NetworkSoftwareAssociates
-1366 netware-csp NovellNetWareCommServicePlatform
-1367 dcs DCS
-1368 screencast ScreenCast
-1369 gv-us GlobalViewtoUnixShell
-1370 us-gv UnixShelltoGlobalView
-1371 fc-cli FujitsuConfigProtocol
-1372 fc-ser FujitsuConfigProtocol
-1373 chromagrafx Chromagrafx
-1374 molly EPISoftwareSystems
-1375 bytex Bytex
-1376 ibm-pps IBMPersontoPersonSoftware
-1377 cichlid CichlidLicenseManager
-1378 elan ElanLicenseManager
-1379 dbreporter IntegritySolutions
-1380 telesis-licman TelesisNetworkLicenseManager
-1381 apple-licman AppleNetworkLicenseManager
-1382 udt_os 
-1383 gwha GWHannawayNetworkLicenseManager
-1384 os-licman ObjectiveSolutionsLicenseManager
-1385 atex_elmd AtexPublishingLicenseManager
-1386 checksum CheckSumLicenseManager
-1387 cadsi-lm ComputerAidedDesignSoftwareIncLM
-1388 objective-dbc ObjectiveSolutionsDataBaseCache
-1389 iclpv-dm DocumentManager
-1390 iclpv-sc StorageController
-1391 iclpv-sas StorageAccessServer
-1392 iclpv-pm PrintManager
-1393 iclpv-nls NetworkLogServer
-1394 iclpv-nlc NetworkLogClient
-1395 iclpv-wsm PCWorkstationManagersoftware
-1396 dvl-activemail DVLActiveMail
-1397 audio-activmail AudioActiveMail
-1398 video-activmail VideoActiveMail
-1399 cadkey-licman CadkeyLicenseManager
-1400 cadkey-tablet CadkeyTabletDaemon
-1401 goldleaf-licman GoldleafLicenseManager
-1402 prm-sm-np ProsperoResourceManager
-1403 prm-nm-np ProsperoResourceManager
-1404 igi-lm InfiniteGraphicsLicenseManager
-1405 ibm-res IBMRemoteExecutionStarter
-1406 netlabs-lm NetLabsLicenseManager
-1407 dbsa-lm DBSALicenseManager
-1408 sophia-lm SophiaLicenseManager
-1409 here-lm HereLicenseManager
-1410 hiq HiQLicenseManager
-1411 af AudioFile
-1412 innosys InnoSys
-1413 innosys-acl Innosys-ACL
-1414 ibm-mqseries IBMMQSeries
-1415 dbstar DBStar
-1416 novell-lu6.2 NovellLU6.2
-1417 timbuktu-srv1 TimbuktuService1Port
-1418 timbuktu-srv2 TimbuktuService2Port
-1419 timbuktu-srv3 TimbuktuService3Port
-1420 timbuktu-srv4 TimbuktuService4Port
-1421 gandalf-lm GandalfLicenseManager
-1422 autodesk-lm AutodeskLicenseManager
-1423 essbase EssbaseArborSoftware
-1424 hybrid HybridEncryptionProtocol
-1425 zion-lm ZionSoftwareLicenseManager
-1426 sais Satellite-dataAcquisitionSystem1
-1427 mloadd mloaddmonitoringtool
-1428 informatik-lm InformatikLicenseManager
-1429 nms HypercomNMS
-1430 tpdu HypercomTPDU
-1431 rgtp ReverseGossipTransport
-1432 blueberry-lm BlueberrySoftwareLicenseManager
-1433 ms-sql-s Microsoft-SQL-Server
-1434 ms-sql-m Microsoft-SQL-Monitor
-1435 ibm-cics IBMCICS
-1436 saism Satellite-dataAcquisitionSystem2
-1437 tabula Tabula
-1438 eicon-server EiconSecurityAgent/Server
-1439 eicon-x25 EiconX25/SNAGateway
-1440 eicon-slp EiconServiceLocationProtocol
-1441 cadis-1 CadisLicenseManagement
-1442 cadis-2 CadisLicenseManagement
-1443 ies-lm IntegratedEngineeringSoftware
-1444 marcam-lm MarcamLicenseManagement
-1445 proxima-lm ProximaLicenseManager
-1446 ora-lm OpticalResearchAssociatesLicenseManager
-1447 apri-lm AppliedParallelResearchLM
-1448 oc-lm OpenConnectLicenseManager
-1449 peport PEport
-1450 dwf TandemDistributedWorkbenchFacility
-1451 infoman IBMInformationManagement
-1452 gtegsc-lm GTEGovernmentSystemsLicenseMan
-1453 genie-lm GenieLicenseManager
-1454 interhdl_elmd interHDLLicenseManager
-1455 esl-lm ESLLicenseManager
-1456 dca DCA
-1457 valisys-lm ValisysLicenseManager
-1458 nrcabq-lm NicholsResearchCorp.
-1459 proshare1 ProshareNotebookApplication
-1460 proshare2 ProshareNotebookApplication
-1461 ibm_wrless_lan IBMWirelessLAN
-1462 world-lm WorldLicenseManager
-1463 nucleus Nucleus
-1464 msl_lmd MSLLicenseManager
-1465 pipes PipesPlatformmfarlin@peerlogic.com
-1466 oceansoft-lm OceanSoftwareLicenseManager
-1467 csdmbase CSDMBASE
-1468 csdm CSDM
-1469 aal-lm ActiveAnalysisLimitedLicenseManager
-1470 uaiact UniversalAnalytics
-1471 csdmbase csdmbase
-1472 csdm csdm
-1473 openmath OpenMath
-1474 telefinder Telefinder
-1475 taligent-lm TaligentLicenseManager
-1476 clvm-cfg clvm-cfg
-1477 ms-sna-server ms-sna-server
-1478 ms-sna-base ms-sna-base
-1479 dberegister dberegister
-1480 pacerforum PacerForum
-1481 airs AIRS
-1482 miteksys-lm MiteksysLicenseManager
-1483 afs AFSLicenseManager
-1484 confluent ConfluentLicenseManager
-1485 lansource LANSource
-1486 nms_topo_serv nms_topo_serv
-1487 localinfosrvr LocalInfoSrvr
-1488 docstor DocStor
-1489 dmdocbroker dmdocbroker
-1490 insitu-conf insitu-conf
-1491 anynetgateway anynetgateway
-1492 stone-design-1 stone-design-1
-1493 netmap_lm netmap_lm
-1494 ica ica
-1495 cvc cvc
-1496 liberty-lm liberty-lm
-1497 rfx-lm rfx-lm
-1498 sybase-sqlany SybaseSQLAny
-1499 fhc FedericoHeinzConsultora
-1500 vlsi-lm VLSILicenseManager
-1501 saiscm Satellite-dataAcquisitionSystem3
-1502 shivadiscovery Shiva
-1503 imtc-mcs Databeam
-1504 evb-elm EVBSoftwareEngineeringLicenseManager
-1505 funkproxy FunkSoftware,Inc.
-1506 utcd UniversalTimedaemon(utcd)
-1507 symplex symplex
-1508 diagmond diagmond
-1509 robcad-lm Robcad,Ltd.LicenseManager
-1510 mvx-lm MidlandValleyExplorationLtd.Lic.Man.
-1511 3l-l1 3l-l1
-1512 wins Microsoft'sWindowsInternetNameService
-1513 fujitsu-dtc FujitsuSystemsBusinessofAmerica,Inc
-1514 fujitsu-dtcns FujitsuSystemsBusinessofAmerica,Inc
-1515 ifor-protocol ifor-protocol
-1516 vpad VirtualPlacesAudiodata
-1517 vpac VirtualPlacesAudiocontrol
-1518 vpvd VirtualPlacesVideodata
-1519 vpvc VirtualPlacesVideocontrol
-1520 atm-zip-office atmzipoffice
-1521 ncube-lm nCubeLicenseManager
-1522 ricardo-lm RicardoNorthAmericaLicenseManager
-1523 cichild-lm cichild
-1524 ingreslock ingres
-1525 orasrv oracle
-1526 pdap-np ProsperoDataAccessProtnon-priv
-1527 tlisrv oracle
-1528 mciautoreg micautoreg
-1529 coauthor oracle
-1530 rap-service rap-service
-1531 rap-listen rap-listen
-1532 miroconnect miroconnect
-1533 virtual-places VirtualPlacesSoftware
-1534 micromuse-lm micromuse-lm
-1535 ampr-info ampr-info
-1536 ampr-inter ampr-inter
-1537 sdsc-lm isi-lm
-1538 3ds-lm 3ds-lm
-1539 intellistor-lm IntellistorLicenseManager
-1540 rds rds
-1541 rds2 rds2
-1542 gridgen-elmd gridgen-elmd
-1543 simba-cs simba-cs
-1544 aspeclmd aspeclmd
-1545 vistium-share vistium-share
-1546 abbaccuray abbaccuray
-1547 laplink laplink
-1548 axon-lm AxonLicenseManager
-1549 shivahose ShivaHose
-1550 3m-image-lm ImageStoragelicensemanager3MCompany
-1551 hecmtl-db HECMTL-DB
-1552 pciarray pciarray
-1553 sna-cs sna-cs
-1554 caci-lm CACIProductsCompanyLicenseManager
-1555 livelan livelan
-1556 ashwin AshWinCITecnologies
-1557 arbortext-lm ArborTextLicenseManager
-1558 xingmpeg xingmpeg
-1559 web2host web2host
-1560 asci-val asci-val
-1561 facilityview facilityview
-1562 pconnectmgr pconnectmgr
-1563 cadabra-lm CadabraLicenseManager
-1564 pay-per-view Pay-Per-View
-1565 winddlb WinDD
-1566 corelvideo CORELVIDEO
-1567 jlicelmd jlicelmd
-1568 tsspmap tsspmap
-1569 ets ets
-1570 orbixd orbixd
-1571 rdb-dbs-disp OracleRemoteDataBase
-1572 chip-lm ChipcomLicenseManager
-1573 itscomm-ns itscomm-ns
-1574 mvel-lm mvel-lm
-1575 oraclenames oraclenames
-1576 moldflow-lm moldflow-lm
-1577 hypercube-lm hypercube-lm
-1578 jacobus-lm JacobusLicenseManager
-1579 ioc-sea-lm ioc-sea-lm
-1580 tn-tl-r2 tn-tl-r2
-1581 mil-2045-47001 MIL-2045-47001
-1582 msims MSIMS
-1583 simbaexpress simbaexpress
-1584 tn-tl-fd2 tn-tl-fd2
-1585 intv intv
-1586 ibm-abtact ibm-abtact
-1587 pra_elmd pra_elmd
-1588 triquest-lm triquest-lm
-1589 vqp VQP
-1590 gemini-lm gemini-lm
-1591 ncpm-pm ncpm-pm
-1592 commonspace commonspace
-1593 mainsoft-lm mainsoft-lm
-1594 sixtrak sixtrak
-1595 radio radio
-1596 radio-bc radio-bc
-1597 orbplus-iiop orbplus-iiop
-1598 picknfs picknfs
-1599 simbaservices simbaservices
-1600 issd 
-1601 aas aas
-1602 inspect inspect
-1603 picodbc pickodbc
-1604 icabrowser icabrowser
-1605 slp SalutationManager(SalutationProtocol)
-1606 slm-api SalutationManager(SLM-API)
-1607 stt stt
-1608 smart-lm SmartCorp.LicenseManager
-1609 isysg-lm isysg-lm
-1610 taurus-wh taurus-wh
-1611 ill InterLibraryLoan
-1612 netbill-trans NetBillTransactionServer
-1613 netbill-keyrep NetBillKeyRepository
-1614 netbill-cred NetBillCredentialServer
-1615 netbill-auth NetBillAuthorizationServer
-1616 netbill-prod NetBillProductServer
-1617 nimrod-agent NimrodInter-AgentCommunication
-1618 skytelnet skytelnet
-1619 xs-openstorage xs-openstorage
-1620 faxportwinport faxportwinport
-1621 softdataphone softdataphone
-1622 ontime ontime
-1623 jaleosnd jaleosnd
-1624 udp-sr-port udp-sr-port
-1625 svs-omagent svs-omagent
-1630 oraclenet8cman OracleNet8Cman
-1636 cncp CableNetControlProtocol
-1637 cnap CableNetAdminProtocol
-1638 cnip CableNetInfoProtocol
-1639 cert-initiator cert-initiator
-1640 cert-responder cert-responder
-1641 invision InVision
-1642 isis-am isis-am
-1643 isis-ambc isis-ambc
-1644 saiseh Satellite-dataAcquisitionSystem4
-1645 datametrics datametrics
-1646 sa-msg-port sa-msg-port
-1647 rsap rsap
-1648 concurrent-lm concurrent-lm
-1649 inspect inspect
-1650 nkd nkd
-1651 shiva_confsrvr shiva_confsrvr
-1652 xnmp xnmp
-1653 alphatech-lm alphatech-lm
-1654 stargatealerts stargatealerts
-1655 dec-mbadmin dec-mbadmin
-1656 dec-mbadmin-h dec-mbadmin-h
-1657 fujitsu-mmpdc fujitsu-mmpdc
-1658 sixnetudr sixnetudr
-1659 sg-lm SiliconGrailLicenseManager
-1660 skip-mc-gikreq skip-mc-gikreq
-1661 netview-aix-1 netview-aix-1
-1662 netview-aix-2 netview-aix-2
-1663 netview-aix-3 netview-aix-3
-1664 netview-aix-4 netview-aix-4
-1665 netview-aix-5 netview-aix-5
-1666 netview-aix-6 netview-aix-6
-1667 netview-aix-7 netview-aix-7
-1668 netview-aix-8 netview-aix-8
-1669 netview-aix-9 netview-aix-9
-1670 netview-aix-10 netview-aix-10
-1671 netview-aix-11 netview-aix-11
-1672 netview-aix-12 netview-aix-12
-1673 proshare-mc-1 IntelProshareMulticast
-1674 proshare-mc-2 IntelProshareMulticast
-1675 pdp PacificDataProducts
-1676 netcomm1 netcomm1
-1677 groupwise groupwise
-1678 prolink prolink
-1679 darcorp-lm darcorp-lm
-1680 microcom-sbp microcom-sbp
-1681 sd-elmd sd-elmd
-1682 lanyon-lantern lanyon-lantern
-1683 ncpm-hip ncpm-hip
-1684 snaresecure SnareSecure
-1685 n2nremote n2nremote
-1686 cvmon cvmon
-1687 nsjtp-ctrl nsjtp-ctrl
-1688 nsjtp-data nsjtp-data
-1689 firefox firefox
-1690 ng-umds ng-umds
-1691 empire-empuma empire-empuma
-1692 sstsys-lm sstsys-lm
-1693 rrirtr rrirtr
-1694 rrimwm rrimwm
-1695 rrilwm rrilwm
-1696 rrifmm rrifmm
-1697 rrisat rrisat
-1698 rsvp-encap-1 RSVP-ENCAPSULATION-1
-1699 rsvp-encap-2 RSVP-ENCAPSULATION-2
-1700 mps-raft mps-raft
-1701 l2f l2f
-1702 deskshare deskshare
-1703 hb-engine hb-engine
-1704 bcs-broker bcs-broker
-1705 slingshot slingshot
-1706 jetform jetform
-1707 vdmplay vdmplay
-1708 gat-lmd gat-lmd
-1709 centra centra
-1710 impera impera
-1711 pptconference pptconference
-1712 registrar resourcemonitoringservice
-1713 conferencetalk ConferenceTalk
-1714 sesi-lm sesi-lm
-1715 houdini-lm houdini-lm
-1716 xmsg xmsg
-1717 fj-hdnet fj-hdnet
-1718 h323gatedisc h323gatedisc
-1719 h323gatestat h323gatestat
-1720 h323hostcall h323hostcall
-1721 caicci caicci
-1722 hks-lm HKSLicenseManager
-1723 pptp pptp
-1724 csbphonemaster csbphonemaster
-1725 iden-ralp iden-ralp
-1726 iberiagames IBERIAGAMES
-1727 winddx winddx
-1728 telindus TELINDUS
-1729 citynl CityNLLicenseManagement
-1730 roketz roketz
-1731 msiccp MSICCP
-1732 proxim proxim
-1733 siipat SIMS-SIIPATProtocolforAlarm
-1734 cambertx-lm CamberCorporationLicenseManagement
-1735 privatechat PrivateChat
-1736 street-stream street-stream
-1737 ultimad ultimad
-1738 gamegen1 GameGen1
-1739 webaccess webaccess
-1740 encore encore
-1741 cisco-net-mgmt cisco-net-mgmt
-1742 3Com-nsd 3Com-nsd
-1743 cinegrfx-lm CinemaGraphicsLicenseManager
-1744 ncpm-ft ncpm-ft
-1745 remote-winsock remote-winsock
-1746 ftrapid-1 ftrapid-1
-1747 ftrapid-2 ftrapid-2
-1748 oracle-em1 oracle-em1
-1749 aspen-services aspen-services
-1750 sslp SimpleSocketLibrary'sPortMaster
-1751 swiftnet SwiftNet
-1752 lofr-lm LeapofFaithResearchLicenseManager
-1753 translogic-lm TranslogicLicenseManager
-1754 oracle-em2 oracle-em2
-1755 ms-streaming ms-streaming
-1756 capfast-lmd capfast-lmd
-1757 cnhrp cnhrp
-1758 tftp-mcast tftp-mcast
-1759 spss-lm SPSSLicenseManager
-1760 www-ldap-gw www-ldap-gw
-1761 cft-0 cft-0
-1762 cft-1 cft-1
-1763 cft-2 cft-2
-1764 cft-3 cft-3
-1765 cft-4 cft-4
-1766 cft-5 cft-5
-1767 cft-6 cft-6
-1768 cft-7 cft-7
-1769 bmc-net-adm bmc-net-adm
-1770 bmc-net-svc bmc-net-svc
-1771 vaultbase vaultbase
-1772 essweb-gw EssWebGateway
-1773 kmscontrol KMSControl
-1774 global-dtserv global-dtserv
-1775 Unknown 
-1776 femis FederalEmergencyManagementInformationSystem
-1777 powerguardian powerguardian
-1778 prodigy-intrnet prodigy-internet
-1779 pharmasoft pharmasoft
-1780 dpkeyserv dpkeyserv
-1781 answersoft-lm answersoft-lm
-1782 hp-hcip hp-hcip
-1783 fjris FujitsuRemoteInstallService
-1784 finle-lm FinleLicenseManager
-1785 windlm WindRiverSystemsLicenseManager
-1786 funk-logger funk-logger
-1787 funk-license funk-license
-1788 psmond psmond
-1789 hello hello
-1790 nmsp NarrativeMediaStreamingProtocol
-1791 ea1 EA1
-1792 ibm-dt-2 ibm-dt-2
-1793 rsc-robot rsc-robot
-1794 cera-bcm cera-bcm
-1795 dpi-proxy dpi-proxy
-1796 vocaltec-admin VocaltecServerAdministration
-1797 uma UMA
-1798 etp EventTransferProtocol
-1799 netrisk NETRISK
-1800 ansys-lm ANSYS-Licensemanager
-1801 msmq MicrosoftMessageQue
-1802 concomp1 ConComp1
-1803 hp-hcip-gwy HP-HCIP-GWY
-1804 enl ENL
-1805 enl-name ENL-Name
-1806 musiconline Musiconline
-1807 fhsp FujitsuHotStandbyProtocol
-1808 oracle-vp2 Oracle-VP2
-1809 oracle-vp1 Oracle-VP1
-1810 jerand-lm JerandLicenseManager
-1811 scientia-sdb Scientia-SDB
-1812 radius RADIUS
-1813 radius-acct RADIUSAccounting
-1814 tdp-suite TDPSuite
-1815 mmpft MMPFT
-1816 harp HARP
-1818 etftp EnhancedTrivialFileTransferProtocol
-1819 plato-lm PlatoLicenseManager
-1820 mcagent mcagent
-1821 donnyworld donnyworld
-1822 es-elmd es-elmd
-1823 unisys-lm UnisysNaturalLanguageLicenseManager
-1824 metrics-pas metrics-pas
-1850 gsi GSI
-1860 sunscalar-svc SunSCALARServices
-1861 lecroy-vicp LeCroyVICP
-1862 techra-server techra-server
-1863 msnp MSNP
-1864 paradym-31port Paradym31Port
-1865 entp ENTP
-1870 sunscalar-dns SunSCALARDNSService
-1881 ibm-mqseries2 IBMMQSeries
-1901 fjicl-tep-a FujitsuICLTerminalEmulatorProgramA
-1902 fjicl-tep-b FujitsuICLTerminalEmulatorProgramB
-1903 linkname LocalLinkNameResolution
-1904 fjicl-tep-c FujitsuICLTerminalEmulatorProgramC
-1905 sugp SecureUP.LinkGatewayProtocol
-1906 tpmd TPortMapperReq
-1907 intrastar IntraSTAR
-1908 dawn Dawn
-1909 global-wlink GlobalWorldLink
-1911 mtp StarlightNetworksMultimediaTransportProtocol
-1913 armadp armadp
-1914 elm-momentum Elm-Momentum
-1915 facelink FACELINK
-1916 persona PersoftPersona
-1917 noagent nOAgent
-1918 can-nds CandleDirectoryService-NDS
-1919 can-dch CandleDirectoryService-DCH
-1920 can-ferret CandleDirectoryService-FERRET
-1921 noadmin NoAdmin
-1944 close-combat close-combat
-1945 dialogic-elmd dialogic-elmd
-1946 tekpls tekpls
-1947 hlserver hlserver
-1948 eye2eye eye2eye
-1949 ismaeasdaqlive ISMAEasdaqLive
-1950 ismaeasdaqtest ISMAEasdaqTest
-1951 bcs-lmserver bcs-lmserver
-1973 dlsrap DataLinkSwitchingRemoteAccessProtocol
-1985 hsrp HotStandbyRouterProtocol
-1986 licensedaemon ciscolicensemanagement
-1987 tr-rsrb-p1 ciscoRSRBPriority1port
-1988 tr-rsrb-p2 ciscoRSRBPriority2port
-1989 tr-rsrb-p3 ciscoRSRBPriority3port
-1990 stun-p1 ciscoSTUNPriority1port
-1991 stun-p2 ciscoSTUNPriority2port
-1992 stun-p3 ciscoSTUNPriority3port
-1993 snmp-tcp-port ciscoSNMPTCPport
-1994 stun-port ciscoserialtunnelport
-1995 perf-port ciscoperfport
-1996 tr-rsrb-port ciscoRemoteSRBport
-1997 gdp-port ciscoGatewayDiscoveryProtocol
-1998 x25-svc-port ciscoX.25service(XOT)
-1999 tcp-id-port ciscoidentificationport
-2000 callbook 
-2001 dc 
-2002 globe 
-2004 mailbox 
-2005 berknet 
-2006 invokator 
-2007 dectalk 
-2008 conf 
-2009 news 
-2010 search 
-2011 raid-cc raid
-2012 ttyinfo 
-2013 raid-am 
-2014 troff 
-2015 cypress 
-2016 bootserver 
-2017 cypress-stat 
-2018 terminaldb 
-2019 whosockami 
-2020 xinupageserver 
-2021 servexec 
-2022 down 
-2023 xinuexpansion3 
-2024 xinuexpansion4 
-2025 ellpack 
-2026 scrabble 
-2027 shadowserver 
-2028 submitserver 
-2030 device2 
-2032 blackboard 
-2033 glogger 
-2034 scoremgr 
-2035 imsldoc 
-2038 objectmanager 
-2040 lam 
-2041 interbase 
-2042 isis isis
-2043 isis-bcast isis-bcast
-2044 rimsl 
-2045 cdfunc 
-2046 sdfunc 
-2047 dls 
-2048 dls-monitor 
-2049 nfsd-or-shilp
-2065 dlsrpn DataLinkSwitchReadPortNumber
-2067 dlswpn DataLinkSwitchWritePortNumber
-2090 lrp LoadReportProtocol
-2091 prp PRP
-2102 zephyr-srv Zephyrserver
-2103 zephyr-clt Zephyrserv-hmconnection
-2104 zephyr-hm Zephyrhostmanager
-2105 minipay MiniPay
-2180 mc-gt-srv MillicentVendorGatewayServer
-2200 ici ICI
-2201 ats AdvancedTrainingSystemProgram
-2202 imtc-map Int.MultimediaTeleconferencingCosortium
-2213 kali Kali
-2220 ganymede Ganymede
-2221 unreg-ab1 Allen-Bradleyunregisteredport
-2222 unreg-ab2 Allen-Bradleyunregisteredport
-2223 inreg-ab3 Allen-Bradleyunregisteredport
-2232 ivs-video IVSVideodefault
-2233 infocrypt INFOCRYPT
-2234 directplay DirectPlay
-2235 sercomm-wlink Sercomm-WLink
-2236 nani Nani
-2237 optech-port1-lm OptechPort1LicenseManager
-2238 aviva-sna AVIVASNASERVER
-2239 imagequery ImageQuery
-2240 recipe RECIPe
-2241 ivsd IVSDaemon
-2242 foliocorp FolioRemoteServer
-2279 xmquery xmquery
-2280 lnvpoller LNVPOLLER
-2281 lnvconsole LNVCONSOLE
-2282 lnvalarm LNVALARM
-2283 lnvstatus LNVSTATUS
-2284 lnvmaps LNVMAPS
-2285 lnvmailmon LNVMAILMON
-2286 nas-metering NAS-Metering
-2287 dna DNA
-2288 netml NETML
-2295 advant-lm AdvantLicenseManager
-2296 theta-lm ThetaLicenseManager(Rainbow)
-2297 d2k-datamover1 D2KDataMover1
-2298 d2k-datamover2 D2KDataMover2
-2299 pc-telecommute PCTelecommute
-2300 cvmmon CVMMON
-2301 cpq-wbem CompaqHTTP
-2302 binderysupport BinderySupport
-2303 proxy-gateway ProxyGateway
-2304 attachmate-uts AttachmateUTS
-2305 mt-scaleserver MTScaleServer
-2306 tappi-boxnet TAPPIBoxNet
-2307 pehelp pehelp
-2308 sdhelp sdhelp
-2309 sdserver SDServer
-2310 sdclient SDClient
-2311 messageservice MessageService
-2313 iapp IAPP(InterAccessPointProtocol)
-2314 cr-websystems CRWebSystems
-2315 precise-sft PreciseSft.
-2316 sent-lm SENTLicenseManager
-2317 attachmate-g32 AttachmateG32
-2318 cadencecontrol CadenceControl
-2319 infolibria InfoLibria
-2320 siebel-ns SiebelNS
-2321 rdlap RDLAPoverUDP
-2322 ofsd ofsd
-2323 3d-nfsd 3d-nfsd
-2324 cosmocall Cosmocall
-2325 designspace-lm DesignSpaceLicenseManagement
-2326 idcp IDCP
-2327 xingcsm xingcsm
-2328 netrix-sftm NetrixSFTM
-2329 nvd NVD
-2330 tscchat TSCCHAT
-2331 agentview AGENTVIEW
-2332 rcc-host RCCHost
-2333 snapp SNAPP
-2334 ace-client ACEClientAuth
-2335 ace-proxy ACEProxy
-2336 appleugcontrol AppleUGControl
-2337 ideesrv ideesrv
-2338 norton-lambert NortonLambert
-2339 3com-webview 3ComWebView
-2340 wrs_registry WRSRegistry
-2341 xiostatus XIOStatus
-2342 manage-exec SeagateManageExec
-2343 nati-logos natilogos
-2344 fcmsys fcmsys
-2345 dbm dbm
-2346 redstorm_join GameConnectionPort
-2347 redstorm_find GameAnnouncementandLocation
-2348 redstorm_info Informationtoqueryforgamestatus
-2349 redstorm_diag DisgnosticsPort
-2350 psbserver psbserver
-2351 psrserver psrserver
-2352 pslserver pslserver
-2353 pspserver pspserver
-2354 psprserver psprserver
-2355 psdbserver psdbserver
-2356 gxtelmd GXTLicenseManagemant
-2357 unihub-server UniHubServer
-2358 futrix Futrix
-2359 flukeserver FlukeServer
-2389 ovsessionmgr OpenViewSessionMgr
-2390 rsmtp RSMTP
-2391 3com-net-mgmt 3COMNetManagement
-2392 tacticalauth TacticalAuth
-2393 ms-olap1 MSOLAP1
-2394 ms-olap2 MSOLAP2
-2395 lan900_remote LAN900Remote
-2396 wusage Wusage
-2397 ncl NCL
-2398 orbiter Orbiter
-2399 fmpro-fdal FileMaker,Inc.-DataAccessLayer
-2400 opequus-server OpEquusServer
-2401 cvspserver cvspserver
-2402 taskmaster2000 TaskMaster2000Server
-2403 taskmaster2000 TaskMaster2000Web
-2404 iec870-5-104 IEC870-5-104
-2405 trc-netpoll TRCNetpoll
-2406 jediserver JediServer
-2407 orion Orion
-2408 optimanet OptimaNet
-2409 sns-protocol SNSProtocol
-2410 vrts-registry VRTSRegistry
-2411 netwave-ap-mgmt NetwaveAPManagement
-2412 cdn CDN
-2413 orion-rmi-reg orion-rmi-reg
-2414 interlingua Interlingua
-2415 comtest COMTEST
-2416 rmtserver RMTServer
-2417 composit-server CompositServer
-2418 cas cas
-2419 attachmate-s2s AttachmateS2S
-2420 dslremote-mgmt DSLRemoteManagement
-2421 g-talk G-Talk
-2422 crmsbits CRMSBITS
-2423 rnrp RNRP
-2424 kofax-svr KOFAX-SVR
-2425 fjitsuappmgr FujitsuAppManager
-2426 appliantudp AppliantUDP
-2427 stgcp SimpletelephonyGatewayControlProtocol
-2428 ott OneWayTripTime
-2429 ft-role FT-ROLE
-2430 venus venus
-2431 venus-se venus-se
-2432 codasrv codasrv
-2433 codasrv-se codasrv-se
-2434 pxc-epmap pxc-epmap
-2435 optilogic OptiLogic
-2436 topx TOP/X
-2437 unicontrol UniControl
-2438 msp MSP
-2439 sybasedbsynch SybaseDBSynch
-2440 spearway SpearwayLockser
-2441 pvsw-inet pvsw-inet
-2442 netangel Netangel
-2500 rtsserv ResourceTrackingsystemserver
-2501 rtsclient ResourceTrackingsystemclient
-2524 optiwave-lm OptiwaveLicenseManagement
-2525 ms-v-worlds MSV-Worlds
-2526 ema-sent-lm EMALicenseManager
-2527 iqserver IQServer
-2528 ncr_ccl NCRCCL
-2529 utsftp UTSFTP
-2530 vrcommerce VRCommerce
-2531 ito-e-gui ITO-EGUI
-2532 ovtopmd OVTOPMD
-2534 combox-web-acc ComboxWebAccess
-2564 hp-3000-telnet HP3000NS/VTblockmodetelnet
-2592 netrek netrek
-2593 mns-mail MNSMailNoticeService
-2628 dict DICT
-2629 sitaraserver SitaraServer
-2630 sitaramgmt SitaraManagement
-2631 sitaradir SitaraDir
-2632 irdg-post IRdgPost
-2633 interintelli InterIntelli
-2634 pk-electronics PKElectronics
-2635 backburner BackBurner
-2636 solve Solve
-2637 imdocsvc ImportDocumentService
-2638 sybaseanywhere SybaseAnywhere
-2639 aminet AMInet
-2640 sai_sentlm SabbaghAssociatesLicenceManager
-2641 hdl-srv HDLServer
-2642 tragic Tragic
-2643 gte-samp GTE-SAMP
-2644 travsoft-ipx-t TravsoftIPXTunnel
-2645 novell-ipx-cmd NovellIPXCMD
-2646 and-lm ANDLicenceManager
-2647 syncserver SyncServer
-2648 upsnotifyprot Upsnotifyprot
-2649 vpsipport VPSIPPORT
-2650 eristwoguns eristwoguns
-2651 ebinsite EBInSite
-2652 interpathpanel InterPathPanel
-2653 sonus Sonus
-2654 corel_vncadmin CorelVNCAdmin
-2655 unglue UNIXNtGlue
-2656 kana Kana
-2657 sns-dispatcher SNSDispatcher
-2658 sns-admin SNSAdmin
-2659 sns-query SNSQuery
-2700 tqdata tqdata
-2766 listen
-2784 www-dev worldwideweb-development
-2785 aic-np aic-np
-2786 aic-oncrpc aic-oncrpc-DestinyMCDdatabase
-2787 piccolo piccolo-CornerstoneSoftware
-2788 fryeserv NetWareLoadableModule-SeagateSoftware
-2908 mao mao
-2909 funk-dialout FunkDialout
-2910 tdaccess TDAccess
-2911 blockade Blockade
-2912 epicon Epicon
-2913 boosterware BoosterWare
-2914 gamelobby GameLobby
-2915 tksocket TKSocket
-2916 elvin_server ElvinServer
-2917 elvin_client ElvinClient
-2918 kastenchasepad KastenChasePad
-2971 netclip NetClip
-2972 pmsm-webrctl PMSMWebrctl
-2973 svnetworks SVNetworks
-2974 signal Signal
-2975 fjmpcm FujitsuConfigurationManagementService
-2998 realsecure RealSecure
-3000 hbci HBCI
-3001 redwood-broker RedwoodBroker
-3002 exlm-agent EXLMAgent
-3003 cgms CGMS
-3004 csoftragent CsoftAgent
-3005 geniuslm GeniusLicenseManager
-3006 ii-admin InstantInternetAdmin
-3007 lotusmtap LotusMailTrackingAgentProtocol
-3008 midnight-tech MidnightTechnologies
-3009 pxc-ntfy PXC-NTFY
-3010 gw TelerateWorkstation
-3011 trusted-web TrustedWeb
-3012 twsdss TrustedWebClient
-3013 gilatskysurfer GilatSkySurfer
-3014 broker_service BrokerService
-3015 nati-dstp NATIDSTP
-3016 notify_srvr NotifyServer
-3017 event_listener EventListener
-3018 srvc_registry ServiceRegistry
-3019 resource_mgr ResourceManager
-3020 cifs CIFS
-3021 agriserver AGRIServer
-3047 hlserver FastSecurityHLServer
-3048 pctrader SierraNetPCTrader
-3049 nsws NSWS
-3080 stm_pproc stm_pproc
-3105 cardbox Cardbox
-3106 cardbox-http CardboxHTTP
-3130 icpv2 ICPv2
-3131 netbookmark NetBookMark
-3141 vmodem VMODEM
-3142 rdc-wh-eos RDCWHEOS
-3143 seaview SeaView
-3144 tarantella Tarantella
-3145 csi-lfap CSI-LFAP
-3147 rfio RFIO
-3180 mc-brk-srv MillicentBrokerServer
-3264 ccmail cc:mail/lotus
-3265 altav-tunnel AltavTunnel
-3266 ns-cfg-server NSCFGServer
-3267 ibm-dial-out IBMDialOut
-3268 msft-gc MicrosoftGlobalCatalog
-3269 msft-gc-ssl MicrosoftGlobalCatalogwithLDAP/SSL
-3270 verismart Verismart
-3271 csoft-prev CSoftPrevPort
-3272 user-manager FujitsuUserManager
-3273 sxmp SimpleExtensibleMultiplexedProtocol
-3274 ordinox-server OrdinoxServer
-3275 samd SAMD
-3276 maxim-asics MaximASICs
-3277 awg-proxy AWGProxy
-3278 lkcmserver LKCMServer
-3279 admind admind
-3280 vs-server VSServer
-3281 sysopt SYSOPT
-3282 datusorb Datusorb
-3283 net-assistant NetAssistant
-3284 4talk 4Talk
-3285 plato Plato
-3286 e-net E-Net
-3287 directvdata DIRECTVDATA
-3288 cops COPS
-3289 enpc ENPC
-3290 caps-lm CAPSLOGISTICSTOOLKIT-LM
-3291 sah-lm SAHolditch&Associates-
-3292 cart-o-rama CartORama
-3293 fg-fps fg-fps
-3294 fg-gip fg-gip
-3295 dyniplookup DynamicIPLookup
-3296 rib-slm RibLicenseManager
-3297 cytel-lm CytelLicenseManager
-3298 transview Transview
-3299 pdrncs pdrncs
-3300 bmcpatrolagent BMCPatrolAgent
-3301 bmcpatrolrnvu BMCPatrolRendezvous
-3302 mcs-fastmail MCSFastmail
-3303 opsession-clnt OPSessionClient
-3304 opsession-srvr OPSessionServer
-3305 odette-ftp ODETTE-FTP
-3306 mysql MySQL
-3307 opsession-prxy OPSessionProxy
-3308 tns-server TNSServer
-3309 tns-adv TNDADV
-3310 dyna-access DynaAccess
-3311 mcns-tel-ret MCNSTelRet
-3312 appman-server ApplicationManagementServer
-3313 uorb UnifyObjectBroker
-3314 uohost UnifyObjectHost
-3315 cdid CDID
-3316 aicc-cmi AICC/CMI
-3317 vsaiport VSAIPORT
-3318 ssrip SwithtoSwithRoutingInformationProtocol
-3319 sdt-lmd SDTLicenseManager
-3320 officelink2000 OfficeLink2000
-3321 vnsstr VNSSTR
-3322 active-net
-3323 active-net
-3324 active-net
-3325 active-net
-3326 sftu SFTU
-3327 bbars BBARS
-3328 egptlm EaglepointLicenseManager
-3329 hp-device-disc HPDeviceDisc
-3330 mcs-calypsoicf MCSCalypsoICF
-3331 mcs-messaging MCSMessaging
-3332 mcs-mailsvr MCSMailServer
-3333 dec-notes DECNotes
-3334 directv-web DirectTVWebcasting
-3335 directv-soft DirectTVSoftwareUpdates
-3336 directv-tick DirectTVTickers
-3337 directv-catlg DirectTVDataCatalog
-3338 anet-b OMFdatab
-3339 anet-l OMFdatal
-3340 anet-m OMFdatam
-3341 anet-h OMFdatah
-3342 webtie WebTIE
-3343 ms-cluster-net MSClusterNet
-3344 bnt-manager BNTManager
-3345 influence Influence
-3346 trnsprntproxy TrnsprntProxy
-3347 phoenix-rpc PhoenixRPC
-3348 pangolin-laser PangolinLaser
-3349 chevinservices ChevinServices
-3350 findviatv FINDVIATV
-3351 btrieve BTRIEVE
-3352 ssql SSQL
-3353 fatpipe FATPIPE
-3354 suitjd SUITJD
-3355 ordinox-dbase OrdinoxDbase
-3356 upnotifyps UPNOTIFYPS
-3357 adtech-test AdtechTestIP
-3358 mpsysrmsvr MpSysRmsvr
-3359 wg-netforce WGNetForce
-3360 kv-server KVServer
-3361 kv-agent KVAgent
-3362 dj-ilm DJILM
-3363 nati-vi-server NATIViServer
-3364 creativeserver CreativeServer
-3365 contentserver ContentServer
-3366 creativepartnr CreativePartner
-3367 satvid-dtalnk
-3368 satvid-dtalnk
-3369 satvid-dtalnk
-3370 satvid-dtalnk
-3371 satvid-dtalnk
-3372 tip2 TIP2
-3373 lavenir-lm LavenirLicenseManager
-3374 cluster-disc ClusterDisc
-3375 vsnm-agent VSNMAgent
-3376 cdbroker CDBroker
-3377 cogsys-lm CogsysNetworkLicenseManager
-3378 wsicopy WSICOPY
-3379 socorfs SOCORFS
-3380 sns-channels SNSChannels
-3381 geneous Geneous
-3382 fujitsu-neat FujitsuNetworkEnhancedAntitheftfunction
-3383 esp-lm EnterpriseSoftwareProductsLicenseManager
-3384 hp-clic HardwareManagement
-3385 qnxnetman qnxnetman
-3386 gprs-sig GPRSSIG
-3387 backroomnet BackRoomNet
-3388 cbserver CBServer
-3389 ms-wbt-server MSWBTServer
-3390 dsc DistributedServiceCoordinator
-3391 savant SAVANT
-3392 efi-lm EFILicenseManagement
-3393 d2k-tapestry1 D2KTapestryClienttoServer
-3394 d2k-tapestry2 D2KTapestryServertoServer
-3395 dyna-lm DynaLicenseManager(Elam)
-3396 printer_agent PrinterAgent
-3397 cloanto-lm CloantoLicenseManager
-3398 mercantile Mercantile
-3421 bmap BullAppriseportmapper
-3454 mira AppleRemoteAccessProtocol
-3455 prsvp RSVPPort
-3456 vat VATdefaultdata
-3457 vat-control VATdefaultcontrol
-3458 d3winosfi DsWinOSFI
-3459 integral Integral
-3460 edm-manager EDMManger
-3461 edm-stager EDMStager
-3462 edm-std-notify EDMSTDNotify
-3463 edm-adm-notify EDMADMNotify
-3464 edm-mgr-sync EDMMGRSync
-3465 edm-mgr-cntrl EDMMGRCntrl
-3466 workflow WORKFLOW
-3563 watcomdebug WatcomDebug
-3900 udt_os UnidataUDTOS
-3984 mapper-nodemgr MAPPERnetworknodemanager
-3985 mapper-mapethd MAPPERTCP/IPserver
-3986 mapper-ws_ethd MAPPERworkstationserver
-3987 centerline Centerline
-4000 terabase Terabase
-4001 newoak NewOak
-4008 netcheque NetChequeaccounting
-4009 chimera-hwm ChimeraHWM
-4010 samsung-unidex SamsungUnidex
-4011 altserviceboot AlternateServiceBoot
-4012 pda-gate PDAGate
-4013 acl-manager ACLManager
-4014 taiclock TAICLOCK
-4045 lockd
-4096 bre BRE(BridgeRelayElement)
-4132 nuts_dem NUTSDaemon
-4133 nuts_bootp NUTSBootpServer
-4134 nifty-hmi NIFTY-ServeHMIprotocol
-4141 oirtgsvc WorkflowServer
-4142 oidocsvc DocumentServer
-4143 oidsr DocumentReplication
-4200 VRML
-4201 VRML
-4202 VRML
-4203 VRML
-4204 VRML
-4205 VRML
-4206 VRML
-4207 VRML
-4208 VRML
-4209 VRML
-4210 VRML
-4211 VRML
-4212 VRML
-4213 VRML
-4214 VRML
-4215 VRML
-4216 VRML
-4217 VRML
-4218 VRML
-4219 VRML
-4220 VRML
-4221 VRML
-4222 VRML
-4223 VRML
-4224 VRML
-4225 VRML
-4226 VRML
-4227 VRML
-4228 VRML
-4229 VRML
-4230 VRML
-4231 VRML
-4232 VRML
-4233 VRML
-4234 VRML
-4235 VRML
-4236 VRML
-4237 VRML
-4238 VRML
-4239 VRML
-4240 VRML
-4241 VRML
-4242 VRML
-4243 VRML
-4244 VRML
-4245 VRML
-4246 VRML
-4247 VRML
-4248 VRML
-4249 VRML
-4250 VRML
-4251 VRML
-4252 VRML
-4253 VRML
-4254 VRML
-4255 VRML
-4256 VRML
-4257 VRML
-4258 VRML
-4259 VRML
-4260 VRML
-4261 VRML
-4262 VRML
-4263 VRML
-4264 VRML
-4265 VRML
-4266 VRML
-4267 VRML
-4268 VRML
-4269 VRML
-4270 VRML
-4271 VRML
-4272 VRML
-4273 VRML
-4274 VRML
-4275 VRML
-4276 VRML
-4277 VRML
-4278 VRML
-4279 VRML
-4280 VRML
-4281 VRML
-4282 VRML
-4283 VRML
-4284 VRML
-4285 VRML
-4286 VRML
-4287 VRML
-4288 VRML
-4289 VRML
-4290 VRML
-4291 VRML
-4292 VRML
-4293 VRML
-4294 VRML
-4295 VRML
-4296 VRML
-4297 VRML
-4298 VRML
-4299 VRML
-4300 corelccam CorelCCam
-4321 rwhois RemoteWhoIs
-4343 unicall UNICALL
-4344 vinainstall VinaInstall
-4345 m4-network-as Macro4NetworkAS
-4346 elanlm ELANLM
-4347 lansurveyor LANSurveyor
-4348 itose ITOSE
-4349 fsportmap FileSystemPortMap
-4350 net-device NetDevice
-4351 plcy-net-svcs PLCYNetServices
-4444 krb524 KRB524
-4445 upnotifyp UPNOTIFYP
-4446 n1-fwp N1-FWP
-4447 n1-rmgmt N1-RMGMT
-4448 asc-slmd ASCLicenceManager
-4449 privatewire PrivateWire
-4450 camp Camp
-4451 ctisystemmsg CTISystemMsg
-4452 ctiprogramload CTIProgramLoad
-4453 nssalertmgr NSSAlertManager
-4454 nssagentmgr NSSAgentManager
-4455 prchat-user PRChatUser
-4456 prchat-server PRChatServer
-4457 prRegister PRRegister
-4500 sae-urn sae-urn
-4501 urn-x-cdchoice urn-x-cdchoice
-4545 highscore Highscore
-4546 sf-lm SFLicenseManager(Sentinel)
-4547 lanner-lm LannerLicenseManager
-4672 rfa remotefileaccessserver
-4800 iims IconaInstantMessengingSystem
-4801 iwec IconaWebEmbeddedChat
-4802 ilss IconaLicenseSystemServer
-4827 htcp HTCP
-4868 phrelay PhotonRelay
-4869 phrelaydbg PhotonRelayDebug
-4885 abbs ABBS
-5000 commplex-main 
-5001 commplex-link 
-5002 rfe radiofreeethernet
-5003 fmpro-internal FileMaker,Inc.-Proprietarynamebinding
-5004 avt-profile-1 avt-profile-1
-5005 avt-profile-2 avt-profile-2
-5010 telelpathstart TelepathStart
-5011 telelpathattack TelepathAttack
-5020 zenginkyo-1 zenginkyo-1
-5021 zenginkyo-2 zenginkyo-2
-5050 mmcc multimediaconferencecontroltool
-5051 ita-agent ITAAgent
-5052 ita-manager ITAManager
-5060 sip SIP
-5145 rmonitor_secure 
-5150 atmp AscendTunnelManagementProtocol
-5190 aol America-Online
-5191 aol-1 AmericaOnline1
-5192 aol-2 AmericaOnline2
-5193 aol-3 AmericaOnline3
-5236 padl2sim 
-5272 pk PK
-5300 hacl-hb #HAclusterheartbeat
-5301 hacl-gs #HAclustergeneralservices
-5302 hacl-cfg #HAclusterconfiguration
-5303 hacl-probe #HAclusterprobing
-5304 hacl-local #HAClusterCommands
-5305 hacl-test #HAClusterTest
-5306 sun-mc-grp SunMCGroup
-5307 sco-aip SCOAIP
-5308 cfengine CFengine
-5309 jprinter JPrinter
-5310 outlaws Outlaws
-5311 tmlogin TMLogin
-5400 excerpt ExcerptSearch
-5401 excerpts ExcerptSearchSecure
-5402 mftp MFTP
-5403 hpoms-ci-lstn HPOMS-CI-LSTN
-5404 hpoms-dps-lstn HPOMS-DPS-LSTN
-5405 netsupport NetSupport
-5406 systemics-sox SystemicsSox
-5407 foresyte-clear Foresyte-Clear
-5408 foresyte-sec Foresyte-Sec
-5409 salient-dtasrv SalientDataServer
-5410 salient-usrmgr SalientUserManager
-5411 actnet ActNet
-5412 continuus Continuus
-5413 wwiotalk WWIOTALK
-5414 statusd StatusD
-5415 ns-server NSServer
-5416 sns-gateway SNSGateway
-5417 sns-agent SNSAgent
-5418 mcntp MCNTP
-5419 dj-ice DJ-ICE
-5420 cylink-c Cylink-C
-5500 fcp-addr-srvr1 fcp-addr-srvr1
-5501 fcp-addr-srvr2 fcp-addr-srvr2
-5502 fcp-srvr-inst1 fcp-srvr-inst1
-5503 fcp-srvr-inst2 fcp-srvr-inst2
-5504 fcp-cics-gw1 fcp-cics-gw1
-5555 personal-agent PersonalAgent
-5599 esinstall EnterpriseSecurityRemoteInstall
-5600 esmmanager EnterpriseSecurityManager
-5601 esmagent EnterpriseSecurityAgent
-5602 a1-msc A1-MSC
-5603 a1-bs A1-BS
-5604 a3-sdunode A3-SDUNode
-5605 a4-sdunode A4-SDUNode
-5631 pcanywheredata pcANYWHEREdata
-5632 pcanywherestat pcANYWHEREstat
-5678 rrac RemoteReplicationAgentConnection
-5679 dccm DirectCableConnectManager
-5713 proshareaudio proshareconfaudio
-5714 prosharevideo proshareconfvideo
-5715 prosharedata proshareconfdata
-5716 prosharerequest proshareconfrequest
-5717 prosharenotify proshareconfnotify
-5729 openmail OpenmailUserAgentLayer
-5741 ida-discover1 IDADiscoverPort1
-5742 ida-discover2 IDADiscoverPort2
-5745 fcopy-server fcopy-server
-5746 fcopys-server fcopys-server
-5755 openmailg OpenMailDeskGatewayserver
-5757 x500ms OpenMailX.500DirectoryServer
-5766 openmailns OpenMailNewMailServer
-5767 s-openmail OpenMailSuerAgentLayer(Secure)
-5768 openmailpxy OpenMailCMTSServer
-6000 X11
-6001 X11
-6002 X11
-6003 X11
-6004 X11
-6005 X11
-6006 X11
-6007 X11
-6008 X11
-6009 X11
-6010 X11
-6011 X11
-6012 X11
-6013 X11
-6014 X11
-6015 X11
-6016 X11
-6017 X11
-6018 X11
-6019 X11
-6020 X11
-6021 X11
-6022 X11
-6023 X11
-6024 X11
-6025 X11
-6026 X11
-6027 X11
-6028 X11
-6029 X11
-6030 X11
-6031 X11
-6032 X11
-6033 X11
-6034 X11
-6035 X11
-6036 X11
-6037 X11
-6038 X11
-6039 X11
-6040 X11
-6041 X11
-6042 X11
-6043 X11
-6044 X11
-6045 X11
-6046 X11
-6047 X11
-6048 X11
-6049 X11
-6050 X11
-6051 X11
-6052 X11
-6053 X11
-6054 X11
-6055 X11
-6056 X11
-6057 X11
-6058 X11
-6059 X11
-6060 X11
-6061 X11
-6062 X11
-6063 X11
-6110 softcm HPSoftBenchCM
-6111 spc HPSoftBenchSub-ProcessControl
-6112 dtspcd dtspcd
-6123 backup-express BackupExpress
-6141 meta-corp MetaCorporationLicenseManager
-6142 aspentec-lm AspenTechnologyLicenseManager
-6143 watershed-lm WatershedLicenseManager
-6144 statsci1-lm StatSciLicenseManager-1
-6145 statsci2-lm StatSciLicenseManager-2
-6146 lonewolf-lm LoneWolfSystemsLicenseManager
-6147 montage-lm MontageLicenseManager
-6148 ricardo-lm RicardoNorthAmericaLicenseManager
-6149 tal-pod tal-pod
-6253 crip CRIP
-6389 clariion-evr01 clariion-evr01
-6455 skip-cert-recv SKIPCertificateReceive
-6456 skip-cert-send SKIPCertificateSend
-6471 lvision-lm LVisionLicenseManager
-6500 boks BoKSMaster
-6501 boks_servc BoKSServc
-6502 boks_servm BoKSServm
-6503 boks_clntd BoKSClntd
-6505 badm_priv BoKSAdminPrivatePort
-6506 badm_pub BoKSAdminPublicPort
-6507 bdir_priv BoKSDirServer,PrivatePort
-6508 bdir_pub BoKSDirServer,PublicPort
-6558 xdsxdm 
-6665 ircu
-6666 ircu
-6667 ircu
-6668 ircu
-6669 ircu IRCU
-6670 vocaltec-gold VocaltecGlobalOnlineDirectory
-6672 vision_server vision_server
-6673 vision_elmd vision_elmd
-6701 kti-icad-srvr KTI/ICADNameserver
-6790 hnmp HNMP
-6831 ambit-lm ambit-lm
-6969 acmsoda acmsoda
-7000 afs3-fileserver fileserveritself
-7001 afs3-callback callbackstocachemanagers
-7002 afs3-prserver users&groupsdatabase
-7003 afs3-vlserver volumelocationdatabase
-7004 afs3-kaserver AFS/Kerberosauthenticationservice
-7005 afs3-volser volumemanagementserver
-7006 afs3-errors errorinterpretationservice
-7007 afs3-bos basicoverseerprocess
-7008 afs3-update server-to-serverupdater
-7009 afs3-rmtsys remotecachemanagerservice
-7010 ups-onlinet onlinetuninterruptablepowersupplies
-7020 dpserve DPServe
-7021 dpserveadmin DPServeAdmin
-7070 arcp ARCP
-7099 lazy-ptop lazy-ptop
-7100 font-service XFontService
-7121 virprot-lm VirtualPrototypesLicenseManager
-7174 clutild Clutild
-7200 fodms FODMSFLIP
-7201 dlip DLIP
-7395 winqedit winqedit
-7426 pmdmgr OpenViewDMPostmasterManager
-7427 oveadmgr OpenViewDMEventAgentManager
-7428 ovladmgr OpenViewDMLogAgentManager
-7429 opi-sock OpenViewDMrqtcommunication
-7430 xmpv7 OpenViewDMxmpv7apipipe
-7431 pmd OpenViewDMovc/xmpv3apipipe
-7491 telops-lmd telops-lmd
-7511 pafec-lm pafec-lm
-7544 nta-ds FlowAnalyzerDisplayServer
-7545 nta-us FlowAnalyzerUtilityServer
-7570 aries-kfinder AriesKfinder
-7588 sun-lm SunLicenseManager
-7777 cbt cbt
-7781 accu-lmgr accu-lmgr
-7932 t2-drm Tier2DataResourceManager
-7933 t2-brm Tier2BusinessRulesManager
-7980 quest-vista QuestVista
-7999 irdmi2 iRDMI2
-8000 irdmi iRDMI
-8001 vcom-tunnel VCOMTunnel
-8008 http-alt HTTPAlternate
-8032 pro-ed ProEd
-8033 mindprint MindPrint
-8080 http-alt HTTPAlternate(seeport80)
-8200 trivnet1 TRIVNET
-8201 trivnet2 TRIVNET
-8376 cruise-enum CruiseENUM
-8377 cruise-swroute CruiseSWROUTE
-8378 cruise-config CruiseCONFIG
-8379 cruise-diags CruiseDIAGS
-8380 cruise-update CruiseUPDATE
-8400 cvd cvd
-8401 sabarsd sabarsd
-8402 abarsd abarsd
-8403 admind admind
-8450 npmp npmp
-8473 vp2p VitualPointtoPoint
-8554 rtsp-alt RTSPAlternate(seeport554)
-8765 ultraseek-http UltraseekHTTP
-8880 cddbp-alt CDDBP
-8888 ddi-tcp-1 NewsEDGEserverTCP(TCP1)
-8889 ddi-tcp-2 DesktopDataTCP1
-8890 ddi-tcp-3 DesktopDataTCP2
-8891 ddi-tcp-4 DesktopDataTCP3:NESSapplication
-8892 ddi-tcp-5 DesktopDataTCP4:FARMproduct
-8893 ddi-tcp-6 DesktopDataTCP5:NewsEDGE/Webapplication
-8894 ddi-tcp-7 DesktopDataTCP6:COALapplication
-9000 cslistener CSlistener
-9006 sctp SCTP
-9090 websm WebSM
-9535 man 
-9594 msgsys MessageSystem
-9595 pds PingDiscoveryService
-9876 sd SessionDirector
-9888 cyborg-systems CYBORGSystems
-9898 monkeycom MonkeyCom
-9992 palace Palace
-9993 palace Palace
-9994 palace Palace
-9995 palace Palace
-9996 palace Palace
-9997 palace Palace
-9998 distinct32 Distinct32
-9999 distinct distinct
-10000 ndmp NetworkDataManagementProtocol
-10007 mvs-capacity MVSCapacity
-11001 metasys Metasys
-11367 atm-uhas ATMUHAS
-12000 entextxid IBMEnterpriseExtenderSNAXIDExchange
-12001 entextnetwk IBMEnterpriseExtenderSNACOSNetwork
-12002 entexthigh IBMEnterpriseExtenderSNACOSHigh
-12003 entextmed IBMEnterpriseExtenderSNACOSMedium
-12004 entextlow IBMEnterpriseExtenderSNACOSLow
-12753 tsaf tsafport
-13160 i-zipqd I-ZIPQD
-13720 bprd BPRDProtocol(VERITASNetBackup)
-13721 bpbrm BPBRMProtocol(VERITASNetBackup)
-13782 bpcd VERITASNetBackup
-13818 dsmcc-config DSMCCConfig
-13819 dsmcc-session DSMCCSessionMessages
-13820 dsmcc-passthru DSMCCPass-ThruMessages
-13821 dsmcc-download DSMCCDownloadProtocol
-13822 dsmcc-ccp DSMCCChannelChangeProtocol
-14001 itu-sccp-ss7 ITUSCCP(SS7)
-17007 isode-dua 
-17219 chipper Chipper
-18000 biimenu BeckmanInstruments,Inc.
-19541 jcp JCPClient
-21845 webphone webphone
-21846 netspeak-is NetSpeakCorp.DirectoryServices
-21847 netspeak-cs NetSpeakCorp.ConnectionServices
-21848 netspeak-acd NetSpeakCorp.AutomaticCallDistribution
-21849 netspeak-cps NetSpeakCorp.CreditProcessingSystem
-22273 wnn6 wnn6
-22555 vocaltec-wconf VocaltecWebConference
-22800 aws-brf TelerateInformationPlatformLAN
-22951 brf-gw TelerateInformationPlatformWAN
-24000 med-ltp med-ltp
-24001 med-fsp-rx med-fsp-rx
-24002 med-fsp-tx med-fsp-tx
-24003 med-supp med-supp
-24004 med-ovw med-ovw
-24005 med-ci med-ci
-24006 med-net-svc med-net-svc
-25000 icl-twobase1 icl-twobase1
-25001 icl-twobase2 icl-twobase2
-25002 icl-twobase3 icl-twobase3
-25003 icl-twobase4 icl-twobase4
-25004 icl-twobase5 icl-twobase5
-25005 icl-twobase6 icl-twobase6
-25006 icl-twobase7 icl-twobase7
-25007 icl-twobase8 icl-twobase8
-25008 icl-twobase9 icl-twobase9
-25009 icl-twobase10 icl-twobase10
-25793 vocaltec-hos VocaltecAddressServer
-26000 quake quake
-26208 wnn6-ds wnn6-ds
-27000 flex-lm
-27001 flex-lm FLEXLM(1-10)
-27002 flex-lm FLEXLM(1-10)
-27003 flex-lm FLEXLM(1-10)
-27004 flex-lm FLEXLM(1-10)
-27005 flex-lm FLEXLM(1-10)
-27006 flex-lm FLEXLM(1-10)
-27007 flex-lm FLEXLM(1-10)
-27008 flex-lm FLEXLM(1-10)
-27009 flex-lm FLEXLM(1-10)
-27999 tw-auth-key TWAuthentication/KeyDistributionand
-33434 traceroute tracerouteuse
-44818 rockwell-encap RockwellEncapsulation
-45678 eba EBAPRISE
-47557 dbbrowse DatabeamCorporation
-47624 directplaysrvr DirectPlayServer
-47806 ap ALCProtocol
-47808 bacnet BuildingAutomationandControlNetworks
diff --git a/contrib/ipfilter/perl/ipf-mrtg.pl b/contrib/ipfilter/perl/ipf-mrtg.pl
deleted file mode 100644
index cce30ab..0000000
--- a/contrib/ipfilter/perl/ipf-mrtg.pl
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/usr/local/bin/perl
-# reads stats and uptime for ip-filter for mrtg
-# ron@rosie.18james.com,  2 Jan 2000
-
-my $firewall = "IP Filter v3.3.3";
-my($in_pkts,$out_pkts) = (0,0);
-
-open(FW, "/sbin/ipfstat -hi|") || die "cannot open ipfstat -hi\n";
-while (<FW>) {
-  $in_pkts += $1 if (/^(\d+)\s+pass\s+in\s+quick.*group\s+1\d0/);
-}
-close(FW);
-open(FW, "/sbin/ipfstat -ho|") || die "cannot open ipfstat -ho\n";
-while (<FW>) {
-  $out_pkts += $1 if (/^(\d+)\s+pass\s+out\s+quick.*group\s+1\d0/);
-}
-print "$in_pkts\n",
-      "$out_pkts\n";
-my $uptime = `/usr/bin/uptime`;
-$uptime =~ /^\s+(\d{1,2}:\d{2}..)\s+up\s+(\d+)\s+(......),/;
-print "$2 $3\n",
-      "$firewall\n";
\ No newline at end of file
diff --git a/contrib/ipfilter/perl/ipfmeta.pl b/contrib/ipfilter/perl/ipfmeta.pl
deleted file mode 100644
index 1a7bb3f..0000000
--- a/contrib/ipfilter/perl/ipfmeta.pl
+++ /dev/null
@@ -1,210 +0,0 @@
-#!/usr/bin/perl -w
-#
-# Written by Camiel Dobbelaar <cd@sentia.nl>, Aug-2000
-# ipfmeta is in the Public Domain.
-#
-
-use strict;
-use Getopt::Std;
-
-## PROCESS COMMANDLINE
-our($opt_v); $opt_v=1;
-getopts('v:') || die "usage: ipfmeta [-v verboselevel] [objfile]\n";
-my $verbose = $opt_v + 0;
-my $objfile = shift || "ipf.objs";
-my $MAXRECURSION = 10;
-
-## READ OBJECTS
-open(FH, "$objfile") || die "cannot open $objfile: $!\n";
-my @tokens;
-while (<FH>) {
-	chomp;
-	s/#.*$//;	# remove comments
-	s/^\s+//;	# compress whitespace
-	s/\s+$//;
-	next if m/^$/;	# skip empty lines
-	push (@tokens, split);
-}
-close(FH) || die "cannot close $objfile: $!\n";
-# link objects with their values
-my $obj="";
-my %objs;
-while (@tokens) {
-	my $token = shift(@tokens);
-	if ($token =~ m/^\[([^]]*)\]$/) {
-		# new object
-		$obj = $1;
-	} else {
-		# new value
-		push(@{$objs{$obj}}, $token) unless ($obj eq "");
-	}
-}
-
-# sort objects: longest first
-my @objs = sort { length($b) <=> length($a) } keys %objs;
-
-## SUBSTITUTE OBJECTS WITH THEIR VALUES FROM STDIN
-foreach (<STDIN>) {
-	foreach (expand($_, 0)) {
-		print;
-	}
-}
-
-## END
-
-sub expand {
-	my $line = shift;
-	my $level = shift;
-	my @retlines = $line;
-	my $obj;
-	my $val;
-
-	# coarse protection
-	if ($level > $MAXRECURSION) {
-		print STDERR "ERR: recursion exceeds $MAXRECURSION levels\n";
-		return;
-	}
-
-	foreach $obj (@objs) {
-		if ($line =~ m/$obj/) {
-			@retlines = "";
-			if ($level < $verbose) {
-				# add metarule as a comment
-				push(@retlines, "# ".$line);
-			}
-			foreach $val (@{$objs{$obj}}) {
-				my $newline = $line;
-				$newline =~ s/$obj/$val/;
-				push(@retlines, expand($newline, $level+1));
-			}
-			last;
-		}
-	}
-
-	return @retlines;
-}
-				
-__END__
-
-=head1 NAME
-
-B<ipfmeta> - use objects in IP filter files
-
-=head1 SYNOPSIS
-
-B<ipfmeta> [F<options>] [F<objfile>]
-
-=head1 DESCRIPTION
-
-B<ipfmeta> is used to simplify the maintenance of your IP filter
-ruleset. It does this through the use of 'objects'.  A matching
-object gets replaced by its values at runtime.  This is similar to
-what a macro processor like m4 does.
-
-B<ipfmeta> is specifically geared towards IP filter. It is line
-oriented, if an object has multiple values, the line with the object
-is duplicated and substituted for each value. It is also recursive,
-an object may have another object as a value.
-
-Rules to be processed are read from stdin, output goes to stdout.
-
-The verbose option allows for the inclusion of the metarules in the
-output as comments.
-
-Definition of the objects and their values is done in a separate
-file, the filename defaults to F<ipf.objs>.  An object is delimited
-by square brackets. A value is delimited by whitespace.  Comments
-start with '#' and end with a newline. Empty lines and extraneous
-whitespace are allowed.  A value belongs to the first object that
-precedes it.
-
-It is recommended that you use all caps or another distinguishing
-feature for object names. You can use B<ipfmeta> for NAT rules also,
-for instance to keep them in sync with filter rules.  Combine
-B<ipfmeta> with a Makefile to save typing.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-v> I<verboselevel>
-
-Include metarules in output as comments. Default is 1, the top level
-metarules. Higher levels cause expanded metarules to be included.
-Level 0 does not add comments at all.
-
-=back
-
-=head1 BUGS
-
-A value can not have whitespace in it.
-
-=head1 EXAMPLE
-
-(this does not look good, formatted)
-
-I<ipf.objs>
-
-[PRIVATE] 10.0.0.0/8 127.0.0.0/8 172.16.0.0/12 192.168.0.0/16
-
-[MULTICAST] 224.0.0.0/4
-
-[UNWANTED] PRIVATE MULTICAST
-
-[NOC] xxx.yy.zz.1/32 xxx.yy.zz.2/32
-
-[WEBSERVERS] 192.168.1.1/32 192.168.1.2/32
-
-[MGMT-PORTS] 22 23
-
-I<ipf.metarules>
-
-block in from UNWANTED to any
-
-pass  in from NOC to WEBSERVERS port = MGMT-PORTS
-
-pass  out all
- 
-I<Run>
-
-ipfmeta ipf.objs <ipf.metarules >ipf.rules
-
-I<Output>
-
-# block in from UNWANTED to any
-
-block in from 10.0.0.0/8 to any
-
-block in from 127.0.0.0/8 to any
-
-block in from 172.16.0.0/12 to any
-
-block in from 192.168.0.0/16 to any
-
-block in from 224.0.0.0/4 to any
-
-# pass  in from NOC to WEBSERVERS port = MGMT-PORTS
-
-pass  in from xxx.yy.zz.1/32 to 192.168.1.1/32 port = 22
-
-pass  in from xxx.yy.zz.1/32 to 192.168.1.1/32 port = 23
-
-pass  in from xxx.yy.zz.1/32 to 192.168.1.2/32 port = 22
-
-pass  in from xxx.yy.zz.1/32 to 192.168.1.2/32 port = 23
-
-pass  in from xxx.yy.zz.2/32 to 192.168.1.1/32 port = 22
-
-pass  in from xxx.yy.zz.2/32 to 192.168.1.1/32 port = 23
-
-pass  in from xxx.yy.zz.2/32 to 192.168.1.2/32 port = 22
-
-pass  in from xxx.yy.zz.2/32 to 192.168.1.2/32 port = 23
-
-pass  out all
-
-=head1 AUTHOR
-
-Camiel Dobbelaar <cd@sentia.nl>. B<ipfmeta> is in the Public Domain.
-
-=cut
diff --git a/contrib/ipfilter/perl/logfilter.pl b/contrib/ipfilter/perl/logfilter.pl
deleted file mode 100644
index 6ebe401..0000000
--- a/contrib/ipfilter/perl/logfilter.pl
+++ /dev/null
@@ -1,181 +0,0 @@
-#!perl.exe
-
-# Author: Chris Grant
-# Copyright 1999, Codetalker Communications, Inc.
-#
-# This script takes a firewall log and breaks it into several 
-# different files. Each file is named based on the service that
-# runs on the port that was recognized in log line. After
-# this script has run, you should end up with several files.
-# Of course you will have the original log file and then files
-# such as web.log, telnet.log, pop3.log, imap.log, backorifice.log,
-# netbus.log, and unknown.log.
-#
-# The number of entries in unknown.log should be minimal. The
-# mappings of the port numbers and file names are stored in the bottom
-# of this file in the data section. Simply look at the ports being hit,
-# find out what these ports do, and add them to the data section.
-#
-# You may be wondering why I haven't simply parsed RFC1700 to come up
-# with a list of port numbers and files. The reason is that I don't
-# believe reading firewall logs should be all that automated. You 
-# should be familiar with what probes are hitting your system. By
-# manually adding entries to the data section this ensures that I 
-# have at least educated myself about what this protocol is, what 
-# the potential exposure is, and why you might be seeing this traffic. 
-
-%icmp = ();
-%udp = ();
-%tcp = ();
-%openfiles = ();
-$TIDBITSFILE = "unknown.log";
-
-# Read the ports data from the end of this file and build the three hashes
-while (<DATA>) {
-    chomp;                                # trim the newline
-    s/#.*//;                              # no comments
-    s/^\s+//;                             # no leading white
-    s/\s+$//;                             # no trailing white
-    next unless length;                   # anything left?
-    $_ = lc;                              # switch to lowercase
-    ($proto, $identifier, $filename) = m/(\S+)\s+(\S+)\s+(\S+)/;
-    SWITCH: {
-	if ($proto =~ m/^icmp$/) { $icmp{$identifier} = $filename; last SWITCH; };
-	if ($proto =~ m/^udp$/) { $udp{$identifier} = $filename; last SWITCH; };
-        if ($proto =~ m/^tcp$/) { $tcp{$identifier} = $filename; last SWITCH; };
-	die "An unknown protocol listed in the proto defs\n$_\n";
-    }
-}
-
-$filename = shift;
-unless (defined($filename)) { die "Usage: logfilter.pl <log file>\n"; }
-open(LOGFILE, $filename) || die "Could not open the firewall log file.\n";
-$openfiles{$filename} = "LOGFILE";
-
-$linenum = 0;
-while($line = <LOGFILE>) {
-
-    chomp($line);
-    $linenum++;
-
-    # determine the protocol - send to unknown.log if not found
-    SWITCH: {
-
-	($line =~ m /\sicmp\s/) && do { 
-
-	    #
-	    # ICMP Protocol 
-	    #
-	    # Extract the icmp packet information specifying the type.
-	    # 
-	    # Note: Must check for ICMP first because this may be an ICMP reply
-	    #       to a TCP or UDP connection (eg Port Unreachable).
-	    
-	    ($icmptype) = $line =~ m/icmp (\d+)\/\d+/;
-
-	    $filename = $TIDBITSFILE;
-	    $filename = $icmp{$icmptype} if (defined($icmp{$icmptype}));
-
-	    last SWITCH; 
-	  };
-
-	($line =~ m /\stcp\s/) && do { 
-
-	    # 
-	    # TCP Protocol
-	    #
-	    # extract the source and destination ports and compare them to 
-	    # known ports in the tcp hash. For the first match, place this
-	    # line in the file specified by the tcp hash. Ignore one of the
-	    # port matches if both ports happen to be known services.
-
-	    ($sport, $dport) = $line =~ m/\d+\.\d+\.\d+\.\d+,(\d+) -> \d+\.\d+\.\d+\.\d+,(\d+)/;
-	    #print "$line\n" unless (defined($sport) && defined($dport));
-
-	    $filename = $TIDBITSFILE;
-	    $filename = $tcp{$sport} if (defined($tcp{$sport}));
-	    $filename = $tcp{$dport} if (defined($tcp{$dport}));
-
-	    last SWITCH; 
-	  };
-
-	($line =~ m /\sudp\s/) && do { 
-
-	    #
-	    # UDP Protocol - same procedure as with TCP, different hash
-	    # 
-
-	    ($sport, $dport) = $line =~ m/\d+\.\d+\.\d+\.\d+,(\d+) -> \d+\.\d+\.\d+\.\d+,(\d+)/;
-
-	    $filename = $TIDBITSFILE;
-	    $filename = $udp{$sport} if (defined($udp{$sport}));
-	    $filename = $udp{$dport} if (defined($udp{$dport}));
-
-	    last SWITCH; 
-	  };
-
-	#
-	# The default case is that the protocol was unknown
-	#
-	$filename = $TIDBITSFILE;
-    }
-
-    #
-    # write the line to the appropriate file as determined above
-    #
-    # check for filename in the openfiles hash. if it exists then write
-    # to the given handle. otherwise open a handle to the file and add
-    # it to the hash of open files.
-    
-    if (defined($openfiles{$filename})) {
-	$handle = $openfiles{$filename};
-    } else {
-	$handle = "HANDLE" . keys %openfiles;
-	open ($handle, ">>".$filename) || die "Couldn't open|create the file $filename";
-	$openfiles{$filename} = $handle;
-    }
-    print $handle "#$linenum\t $line\n";
-
-}
-
-# close all open file handles
-
-foreach $key (keys %openfiles) {
-    close($openfiles{$key});
-}
-
-close(LOGFILE);
-
-__DATA__
-icmp    3         destunreach.log
-icmp    8         ping.log
-icmp    9         router.log
-icmp    10        router.log
-icmp    11        ttl.log
-tcp     23        telnet.log
-tcp     25        smtp.log
-udp     25        smtp.log
-udp     53        dns.log
-tcp     80        http.log
-tcp     110       pop3.log
-tcp     111       rpc.log
-udp     111       rpc.log
-tcp     137       netbios.log
-udp     137       netbios.log
-tcp     143       imap.log
-udp     161       snmp.log
-udp     370       backweb.log
-udp     371       backweb.log
-tcp     443       https.log
-udp     443       https.log
-udp     512       syslog.log
-tcp     635       nfs.log           # NFS mount services
-udp     635       nfs.log           # NFS mount services
-tcp     1080      socks.log
-udp     1080      socks.log
-tcp     6112      games.log         # Battle net
-tcp     6667      irc.log
-tcp     7070      realaudio.log
-tcp     8080      http.log
-tcp     12345     netbus.log
-udp     31337     backorifice.log
\ No newline at end of file
diff --git a/contrib/ipfilter/perl/plog b/contrib/ipfilter/perl/plog
deleted file mode 100644
index 208c6ea..0000000
--- a/contrib/ipfilter/perl/plog
+++ /dev/null
@@ -1,1061 +0,0 @@
-#!/usr/bin/perl -wT
-#
-# Author: Jefferson Ogata (JO317) <jogata@pobox.com>
-# Date: 2000/04/22
-# Version: 0.10
-#
-# Please feel free to use or redistribute this program if you find it useful.
-# If you have suggestions, or even better, bits of new code, send them to me
-# and I will add them when I have time. The current version of this script
-# can always be found at the URL:
-#
-#    http://www.antibozo.net/ogata/webtools/plog.pl
-#    http://pobox.com/~ogata/webtools/plog.txt
-#
-# Parse ipmon output into a coherent form. This program only handles the
-# lines regarding filter actions. It does not parse nat and state lines.
-#
-# Present lines from ipmon to this program on standard input.
-#
-# EXAMPLES
-#
-# plog -AF block,log < /var/log/ipf
-#
-#    Generate source and destination reports of all packets logged with
-#    block or log actions, and report TCP flags and keep state actions.
-#
-# plog -S -s ./services www.example.com < /var/log/ipf
-#
-#    Generate a source report of traffic to or from www.example.com using
-#    the additional services defined in ./services.
-#
-# plog -nSA block < /var/log/ipf
-#
-#    Generate a source report of all blocked packets with no hostname
-#    lookups. This is handy for an initial pass to identify portscans or
-#    other aggressive traffic.
-#
-# plog -SFp 192.168.0.0/24 www.example.com/24 < /var/log/ipf
-#
-#    Generate a source report of all packets whose source or destination
-#    address is either in 192.168.0.0/24 or an address associated with
-#    the host www.example.com, report packet flags and perform paranoid
-#    hostname lookups. This is a handy usage for examining traffic more
-#    closely after identifying a potential attack.
-#
-# TODO
-#
-# - Handle output from ipmon -v.
-# - Handle timestamps from other locales. Anyone with a timestamp problem
-#   please email me the format of your timestamps.
-# - It looks as though short TCP or UDP packets will break things, but I
-#   haven't seen any yet.
-#
-# CHANGES
-#
-# 2000/04/22 (0.10):
-# - Restructured host name and address caches. Hosts are now cached using
-#   packed addresses as keys. Conversion to IPv6 should be simple now.
-# - Added paranoid hostname lookups.
-# - Added netmask qualifications for address arguments.
-# - Tweaked usage info.
-# 2000/04/20:
-# - Added parsing and tracking of TCP and state flags.
-# 2000/04/12 (0.9):
-# - Wasn't handling underscore in hostname,servicename fields; these may be
-#   logged using ipmon -n. Observation by <ark@eltex.ru>.
-# - Hadn't properly attributed observation and fix for repetition counter in
-#   0.8 change log. Added John Ladwig to attribution. Thanks, John.
-#
-# 2000/04/10 (0.8):
-# - Service names can also have hyphens, dummy. I wasn't allowing these
-#   either. Observation and fix thanks to Taso N. Devetzis
-#   <devetzis@snet.net>.
-# - IP Filter now logs a repetition counter. Observation and fixes (changed
-#   slightly) from Andy Kreiling <Andy@ntcs-inc.com> and John Ladwig
-#   <jladwig@nts.umn.edu>.
-# - Added fix to handle new Solaris log format, e.g.:
-#     Nov 30 04:49:37 raoul ipmon[121]: [ID 702911 local0.warning] 04:49:36.420541 hme0 @0:34 b 205.152.16.6,58596 -> 204.60.220.24,113 PR tcp len 20 44
-#   Fix thanks to Taso N. Devetzis <devetzis@SNET.Net>.
-# - Added services map option.
-# - Added options for generating only source/destination tables.
-# - Added verbosity option.
-# - Added option for reporting traffic for specific hosts.
-# - Added some more ICMP unreachable codes, and made code and type names
-#   match the ones in IP Filter parse.c.
-# - Condensed output format somewhat.
-# - Various minor improvements, perhaps slight speed improvements.
-# - Documented new options in usage() and tried to improve wording.
-#
-# 1999/08/02 (0.7):
-# - Hostnames can have hyphens, dummy. I wasn't allowing them in the syslog
-#   line. Fix from Antoine Verheijen <antoine.verheijen@ualberta.ca>.
-#
-# 1999/05/05 (0.6):
-# - IRIX syslog prefixes the hostname with a severity code. Handle it. Fix
-#   from John Ladwig <jladwig@nts.umn.edu>.
-#
-# 1999/05/05 (0.5):
-# - Protocols other than TCP, UDP, or ICMP have packet lengths reported in
-#   parentheses for some reason. The script now handles this. Thanks to
-#   Dispatcher <dispatch@blackhelicopters.org>.
-# - I had mixed up info-request and info-reply ICMP codes, and omitted the
-#   traceroute code. Sorted this out. I had also missed code 0 for type 6
-#   (alternate address for host). Thanks to John Ladwig <jladwig@nts.umn.edu>.
-#
-# 1999/05/03:
-# - Now accepts hostnames in the source and destination address fields, as
-#   well as port names in the port fields. This allows the people who are
-#   using ipmon -n to still use plog. Note that if you are logging
-#   hostnames, you are vulnerable to forgery of DNS information, modified
-#   DNS information, and your log files will be larger also. If you are
-#   using this program you can have it look up the names for you (still
-#   vulnerable to forgery) and keep your logged addresses all in numeric
-#   format, so that packets from the same source will always show the same
-#   source address regardless of what's up with DNS. Obviously, I don't
-#   favor using ipmon -n. Nevertheless, some people wanted this, so here it
-#   is.
-# - Added S and n flags to %acts hash. Thanks to Stephen J. Roznowski
-#   <sjr@home.net>.
-# - Stopped reporting host IPs twice when numeric output was requested.
-#   Thanks, yet again, to Stephen J. Roznowski <sjr@home.net>.
-# - Number of minor tweaks that might speed it up a bit, and some comments.
-# - Put the script back up on the web site. I had moved the site and
-#   forgotten to move the tool.
-#
-# 1999/02/04:
-# - Changed log line parser to accept fully-qualified name in the logging
-#   host field. Thanks to Stephen J. Roznowski <sjr@home.net>.
-#
-# 1999/01/22:
-# - Changed high port strategy to use 65536 for unknown high ports so that
-#   they are sorted last.
-#
-# 1999/01/21:
-# - Moved icmp parsing to output loop.
-# - Added parsing of icmp codes, and more types.
-# - Changed packet sort routine to sort by port number rather than service
-#   name.
-#
-# 1999/01/20:
-# - Fixed problem matching ipmon log lines. Sometimes they have "/ipmon" in
-#   them, sometimes just "ipmon".
-# - Added numeric parse option to turn off hostname lookups.
-# - Moved summary to usage() sub.
-
-use strict;
-use Socket;
-use IO::File;
-
-select STDOUT; $| = 1;
-
-my %hosts;
-
-my $me = $0;
-$me =~ s/^.*\///;
-
-# Map of log codes for various actions. Not all of these can occur, but
-# I've included everything in print_ipflog() from ipmon.c.
-my %acts = (
-    'p'	=> 'pass',
-    'P'	=> 'pass',
-    'b'	=> 'block',
-    'B'	=> 'block',
-    'L'	=> 'log',
-    'S' => 'short',
-    'n' => 'nomatch',
-);
-
-# Map of ICMP types and their relevant codes.
-my %icmpTypeMap = (
-    0	=> +{
-	name	=> 'echorep',
-	codes	=> +{0	=> undef},
-    },
-    3	=> +{
-	name	=> 'unreach',
-	codes	=> +{
-	    0	=> 'net-unr',
-	    1	=> 'host-unr',
-	    2	=> 'proto-unr',
-	    3	=> 'port-unr',
-	    4	=> 'needfrag',
-	    5	=> 'srcfail',
-	    6	=> 'net-unk',
-	    7	=> 'host-unk',
-	    8	=> 'isolate',
-	    9	=> 'net-prohib',
-	    10	=> 'host-prohib',
-	    11	=> 'net-tos',
-	    12	=> 'host-tos',
-	    13	=> 'filter-prohib',
-	    14	=> 'host-preced',
-	    15	=> 'preced-cutoff',
-	},
-    },
-    4	=> +{
-	name	=> 'squench',
-	codes	=> +{0	=> undef},
-    },
-    5	=> +{
-	name	=> 'redir',
-	codes	=> +{
-	    0	=> 'net',
-	    1	=> 'host',
-	    2	=> 'tos',
-	    3	=> 'tos-host',
-	},
-    },
-    6	=> +{
-	name	=> 'alt-host-addr',
-	codes	=> +{
-	    0	=> 'alt-addr'
-	},
-    },
-    8	=> +{
-	name	=> 'echo',
-	codes	=> +{0	=> undef},
-    },
-    9	=> +{
-	name	=> 'routerad',
-	codes	=> +{0	=> undef},
-    },
-    10	=> +{
-	name	=> 'routersol',
-	codes	=> +{0	=> undef},
-    },
-    11	=> +{
-	name	=> 'timex',
-	codes	=> +{
-	    0	=> 'in-transit',
-	    1	=> 'frag-assy',
-	},
-    },
-    12	=> +{
-	name	=> 'paramprob',
-	codes	=> +{
-	    0	=> 'ptr-err',
-	    1	=> 'miss-opt',
-	    2	=> 'bad-len',
-	},
-    },
-    13	=> +{
-	name	=> 'timest',
-	codes	=> +{0	=> undef},
-    },
-    14	=> +{
-	name	=> 'timestrep',
-	codes	=> +{0	=> undef},
-    },
-    15	=> +{
-	name	=> 'inforeq',
-	codes	=> +{0	=> undef},
-    },
-    16	=> +{
-	name	=> 'inforep',
-	codes	=> +{0	=> undef},
-    },
-    17	=> +{
-	name	=> 'maskreq',
-	codes	=> +{0	=> undef},
-    },
-    18	=> +{
-	name	=> 'maskrep',
-	codes	=> +{0	=> undef},
-    },
-    30	=> +{
-	name	=> 'tracert',
-	codes	=> +{ },
-    },
-    31	=> +{
-	name	=> 'dgram-conv-err',
-	codes	=> +{ },
-    },
-    32	=> +{
-	name	=> 'mbl-host-redir',
-	codes	=> +{ },
-    },
-    33	=> +{
-	name	=> 'ipv6-whereru?',
-	codes	=> +{ },
-    },
-    34	=> +{
-	name	=> 'ipv6-iamhere',
-	codes	=> +{ },
-    },
-    35	=> +{
-	name	=> 'mbl-reg-req',
-	codes	=> +{ },
-    },
-    36	=> +{
-	name	=> 'mbl-reg-rep',
-	codes	=> +{ },
-    },
-);
-
-# Arguments we will parse from argument list.
-my $numeric = 0;	# Don't lookup hostnames.
-my $paranoid = 0;	# Do paranoid hostname lookups.
-my $verbosity = 0;	# Bla' bla' bla'.
-my $sTable = 0;		# Generate source table.
-my $dTable = 0;		# Generate destination table.
-my @services = ();	# Preload services tables.
-my $showFlags = 0;	# Show TCP flag combinations.
-my %selectAddrs;	# Limit report to these hosts.
-my %selectActs;		# Limit report to these actions.
-
-# Parse argument list.
-while (defined ($_ = shift))
-{
-    if (s/^-//)
-    {
-	while (s/^([vnpSD\?hsAF])//)
-	{
-	    my $flag = $1;
-	    if ($flag eq 'v')
-	    {
-		++$verbosity;
-	    }
-	    elsif ($flag eq 'n')
-	    {
-		$numeric = 1;
-	    }
-	    elsif ($flag eq 'p')
-	    {
-		$paranoid = 1;
-	    }
-	    elsif ($flag eq 'S')
-	    {
-		$sTable = 1;
-	    }
-	    elsif ($flag eq 'D')
-	    {
-		$dTable = 1;
-	    }
-	    elsif ($flag eq 'F')
-	    {
-		$showFlags = 1;
-	    }
-	    elsif (($flag eq '?') || ($flag eq 'h'))
-	    {
-		&usage (0);
-	    }
-	    else
-	    {
-		my $arg = shift;
-		defined ($arg) || &usage (1, qq{-$flag requires an argument});
-		if ($flag eq 's')
-		{
-		    push (@services, $arg);
-		}
-		elsif ($flag eq 'A')
-		{
-		    my @acts = split (/,/, $arg);
-		    my $a;
-		    foreach $a (@acts)
-		    {
-			my $aa;
-			my $match = 0;
-			foreach $aa (keys (%acts))
-			{
-			    if ($acts{$aa} eq $a)
-			    {
-				++$match;
-				$selectActs{$aa} = $a;
-			    }
-			}
-			$match || &usage (1, qq{unknown action $a});
-		    }
-		}
-	    }
-	}
-
-	&usage (1, qq{unknown option: -$_}) if (length);
-
-	next;
-    }
-
-    # Add host to hash of hosts we're interested in.
-    (/^(.+)\/([\d+\.]+)$/) || (/^(.+)$/) || &usage (1, qq{invalid CIDR address $_});
-    my ($addr, $mask) = ($1, $2);
-    my @addr = &hostAddrs ($addr);
-    (scalar (@addr)) || &usage (1, qq{cannot resolve hostname $_});
-    if (!defined ($mask))
-    {
-	$mask = (2 ** 32) - 1;
-    }
-    elsif (($mask =~ /^\d+$/) && ($mask <= 32))
-    {
-	$mask = (2 ** 32) - 1 - ((2 ** (32 - $mask)) - 1);
-    }
-    elsif (defined ($mask = &isDottedAddr ($mask)))
-    {
-	$mask = &integerAddr ($mask);
-    }
-    else
-    {
-	&usage (1, qq{invalid CIDR address $_});
-    }
-    foreach $addr (@addr)
-    {
-	# Save mask unless we already have a less specific one for this address.
-	my $a = &integerAddr ($addr) & $mask;
-	$selectAddrs{$a} = $mask unless (exists ($selectAddrs{$a}) && ($selectAddrs{$a} < $mask));
-    }
-}
-
-# Which tables will we generate?
-$dTable = $sTable = 1 unless ($dTable || $sTable);
-my @dirs;
-push (@dirs, 'd') if ($dTable);
-push (@dirs, 's') if ($sTable);
-
-# Are we interested in specific hosts?
-my $selectAddrs = scalar (keys (%selectAddrs));
-
-# Are we interested in specific actions?
-if (scalar (keys (%selectActs)) == 0)
-{
-    %selectActs = %acts;
-}
-
-# We use this hash to cache port name -> number and number -> name mappings.
-# Isn't it cool that we can use the same hash for both?
-my %pn;
-
-# Preload any services maps.
-my $sm;
-foreach $sm (@services)
-{
-    my $sf = new IO::File ($sm, "r");
-    defined ($sf) || &quit (1, qq{cannot open services file $sm});
-
-    while (defined ($_ = $sf->getline ()))
-    {
-	my $text = $_;
-	chomp;
-	s/#.*$//;
-	s/\s+$//;
-	next unless (length);
-	my ($name, $spec, @aliases) = split (/\s+/);
-	($spec =~ /^([\w\-]+)\/([\w\-]+)$/)
-	    || &quit (1, qq{$sm:$.: invalid definition: $text});
-	my ($pnum, $proto) = ($1, $2);
-
-	# Enter service definition in pn hash both forwards and backwards.
-	my $port;
-	my $pname;
-	foreach $port ($name, @aliases)
-	{
-	    $pname = "$pnum/$proto";
-	    $pn{$pname} = $port;
-	}
-	$pname = "$name/$proto";
-	$pn{$pname} = $pnum;
-    }
-
-    $sf->close ();
-}
-
-# Cache for host name -> addr mappings.
-my %ipAddr;
-
-# Cache for host addr -> name mappings.
-my %ipName;
-
-# Hash for protocol number <--> name mappings.
-my %pr;
-
-# Under IPv4 port numbers are unsigned shorts. The value below is higher
-# than the maximum value of an unsigned short, and is used in place of
-# high port numbers that don't correspond to known services. This makes
-# high ports get sorted behind all others.
-my $highPort = 0x10000;
-
-while (<STDIN>)
-{
-    chomp;
-
-    # For ipmon output that came through syslog, we'll have an asctime
-    # timestamp, an optional severity code (IRIX), the hostname,
-    # "ipmon"[process id]: prefixed to the line. For output that was
-    # written directly to a file by ipmon, we'll have a date prefix as
-    # dd/mm/yyyy (no y2k problem here!). Both formats then have a packet
-    # timestamp and the log info.
-    my ($log);
-    if (s/^\w+\s+\d+\s+\d+:\d+:\d+\s+(?:\d\w:)?[\w\.\-]+\s+\S*ipmon\[\d+\]:\s+(?:\[ID\s+\d+\s+[\w\.]+\]\s+)?\d+:\d+:\d+\.\d+\s+//)
-    {
-	$log = $_;
-    }
-    elsif (s/^(?:\d+\/\d+\/\d+)\s+(?:\d+:\d+:\d+\.\d+)\s+//)
-    {
-	$log = $_;
-    }
-    else
-    {
-	# It don't look like no ipmon output to me, baby.
-	next;
-    }
-    next unless (defined ($log));
-
-    print STDERR "$log\n" if ($verbosity);
-
-    # Parse the log line. We're expecting interface name, rule group and
-    # number, an action code, a source host name or IP with possible port
-    # name or number, a destination host name or IP with possible port
-    # number, "PR", a protocol name or number, "len", a header length, a
-    # packet length (which will be in parentheses for protocols other than
-    # TCP, UDP, or ICMP), and maybe some additional info.
-    my @fields = ($log =~ /^(?:(\d+)x)?\s*(\w+)\s+@(\d+):(\d+)\s+(\w)\s+([\w\-\.,]+)\s+->\s+([\w\-\.,]+)\s+PR\s+(\w+)\s+len\s+(\d+)\s+\(?(\d+)\)?\s*(.*)$/ox);
-    unless (scalar (@fields))
-    {
-	print STDERR "$me:$.: cannot parse: $_\n";
-	next;
-    }
-    my ($count, $if, $group, $rule, $act, $src, $dest, $proto, $hlen, $len, $more) = @fields;
-
-    # Skip actions we're not interested in.
-    next unless (exists ($selectActs{$act}));
-
-    # Packet count defaults to 1.
-    $count = 1 unless (defined ($count));
-
-    my ($sport, $dport, @flags);
-
-    if ($proto eq 'icmp')
-    {
-	if ($more =~ s/^icmp (\d+)\/(\d+)\s*//)
-	{
-	    # We save icmp type and code in both sport and dport. This
-	    # allows us to sort icmp packets using the normal port-sorting
-	    # code.
-	    $dport = $sport = "$1.$2";
-	}
-	else
-	{
-	    $sport = '';
-	    $dport = '';
-	}
-    }
-    else
-    {
-	if ($showFlags)
-	{
-	    if (($proto eq 'tcp') && ($more =~ s/^\-([A-Z]+)\s*//))
-	    {
-		push (@flags, $1);
-	    }
-	    if ($more =~ s/^K\-S\s*//)
-	    {
-		push (@flags, 'state');
-	    }
-	}
-	if ($src =~ s/,([\-\w]+)$//)
-	{
-	    $sport = &portSimplify ($1, $proto);
-	}
-	else
-	{
-	    $sport = '';
-	}
-	if ($dest =~ s/,([\-\w]+)$//)
-	{
-	    $dport = &portSimplify ($1, $proto);
-	}
-	else
-	{
-	    $dport = '';
-	}
-    }
-
-    # Make sure addresses are numeric at this point. We want to sort by
-    # IP address later. If the hostname doesn't resolve, punt. If you
-    # must use ipmon -n, be ready for weirdness. Use only the first
-    # address returned.
-    my $x;
-    $x = (&hostAddrs ($src))[0];
-    unless (defined ($x))
-    {
-	print STDERR "$me:$.: cannot resolve hostname $src\n";
-	next;
-    }
-    $src = $x;
-    $x = (&hostAddrs ($dest))[0];
-    unless (defined ($x))
-    {
-	print STDERR "$me:$.: cannot resolve hostname $dest\n";
-	next;
-    }
-    $dest = $x;
-
-    # Skip hosts we're not interested in.
-    if ($selectAddrs)
-    {
-	my ($a, $m);
-	my $s = &integerAddr ($src);
-	my $d = &integerAddr ($dest);
-	my $cute = 0;
-	while (($a, $m) = each (%selectAddrs))
-	{
-	    if ((($s & $m) == $a) || (($d & $m) == $a))
-	    {
-		$cute = 1;
-		last;
-	    }
-	}
-	next unless ($cute);
-    }
-
-    # Convert proto to proto number.
-    $proto = &protoNumber ($proto);
-
-    sub countPacket
-    {
-	my ($host, $dir, $peer, $proto, $count, $packet, @flags) = @_;
-
-	# Make sure host is in the hosts hash.
-	$hosts{$host} =
-	    +{
-		'd'	=> +{ },
-		's'	=> +{ },
-	    } unless (exists ($hosts{$host}));
-
-	# Get the source/destination traffic hash for the host in question.
-	my $trafficHash = $hosts{$host}->{$dir};
-
-	# Make sure there's a hash for the peer.
-	$trafficHash->{$peer} = +{ } unless (exists ($trafficHash->{$peer}));
-
-	# Make sure the peer hash has a hash for the protocol number.
-	my $peerHash = $trafficHash->{$peer};
-	$peerHash->{$proto} = +{ } unless (exists ($peerHash->{$proto}));
-
-	# Make sure there's a counter for this packet type in the proto hash.
-	my $protoHash = $peerHash->{$proto};
-	$protoHash->{$packet} = +{ '' => 0 } unless (exists ($protoHash->{$packet}));
-
-	# Increment the counter and mark flags.
-	my $packetHash = $protoHash->{$packet};
-	$packetHash->{''} += $count;
-	map { $packetHash->{$_} = undef; } (@flags);
-    }
-
-    # Count the packet as outgoing traffic from the source address.
-    &countPacket ($src, 's', $dest, $proto, $count, "$sport:$dport:$if:$act", @flags) if ($sTable);
-
-    # Count the packet as incoming traffic to the destination address.
-    &countPacket ($dest, 'd', $src, $proto, $count, "$dport:$sport:$if:$act", @flags) if ($dTable);
-}
-
-my $dir;
-foreach $dir (@dirs)
-{
-    my $order = ($dir eq 's' ? 'source' : 'destination');
-    my $arrow = ($dir eq 's' ? '->' : '<-');
-
-    print "###\n";
-    print "### Traffic by $order address:\n";
-    print "###\n";
-
-    sub ipSort
-    {
-	&integerAddr ($a) <=> &integerAddr ($b);
-    }
-
-    sub packetSort
-    {
-	my ($asport, $adport, $aif, $aact) = split (/:/, $a);
-	my ($bsport, $bdport, $bif, $bact) = split (/:/, $b);
-	$bact cmp $aact || $aif cmp $bif || $asport <=> $bsport || $adport <=> $bdport;
-    }
-
-    my $host;
-    foreach $host (sort ipSort (keys %hosts))
-    {
-	my $traffic = $hosts{$host}->{$dir};
-
-	# Skip hosts with no traffic.
-	next unless (scalar (keys (%{$traffic})));
-
-	if ($numeric)
-	{
-	    print &dottedAddr ($host), "\n";
-	}
-	else
-	{
-	    print &hostName ($host), " \[", &dottedAddr ($host), "\]\n";
-	}
-
-	my $peer;
-	foreach $peer (sort ipSort (keys %{$traffic}))
-	{
-	    my $peerHash = $traffic->{$peer};
-	    my $peerName = ($numeric ? &dottedAddr ($peer) : &hostName ($peer));
-	    my $proto;
-	    foreach $proto (sort (keys (%{$peerHash})))
-	    {
-		my $protoHash = $peerHash->{$proto};
-		my $protoName = &protoName ($proto);
-
-		my $packet;
-		foreach $packet (sort packetSort (keys %{$protoHash}))
-		{
-		    my ($sport, $dport, $if, $act) = split (/:/, $packet);
-		    my $packetHash = $protoHash->{$packet};
-		    my $count = $packetHash->{''};
-		    $act = '?' unless (defined ($act = $acts{$act}));
-		    if (($protoName eq 'tcp') || ($protoName eq 'udp'))
-		    {
-			printf ("    %-6s %7s %4d %4s %16s %2s %s.%s", $if, $act, $count, $protoName, &portName ($sport, $protoName), $arrow, $peerName, &portName ($dport, $protoName));
-		    }
-		    elsif ($protoName eq 'icmp')
-		    {
-			printf ("    %-6s %7s %4d %4s %16s %2s %s", $if, $act, $count, $protoName, &icmpType ($sport), $arrow, $peerName);
-		    }
-		    else
-		    {
-			printf ("    %-6s %7s %4d %4s %16s %2s %s", $if, $act, $count, $protoName, '', $arrow, $peerName);
-		    }
-		    if ($showFlags)
-		    {
-			my @flags = sort (keys (%{$packetHash}));
-			if (scalar (@flags))
-			{
-			    shift (@flags);
-			    print ' (', join (',', @flags), ')' if (scalar (@flags));
-			}
-		    }
-		    print "\n";
-		}
-	    }
-	}
-    }
-
-    print "\n";
-}
-
-exit (0);
-
-# Translates a numeric port/named protocol to a port name. Reserved ports
-# that do not have an entry in the services database are left numeric. High
-# ports that do not have an entry in the services database are mapped
-# to '<high>'.
-sub portName
-{
-    my $port = shift;
-    my $proto = shift;
-    my $pname = "$port/$proto";
-    unless (exists ($pn{$pname}))
-    {
-	my $name = getservbyport ($port, $proto);
-	$pn{$pname} = (defined ($name) ? $name : ($port <= 1023 ? $port : '<high>'));
-    }
-    return $pn{$pname};
-}
-
-# Translates a named port/protocol to a port number.
-sub portNumber
-{
-    my $port = shift;
-    my $proto = shift;
-    my $pname = "$port/$proto";
-    unless (exists ($pn{$pname}))
-    {
-	my $number = getservbyname ($port, $proto);
-	unless (defined ($number))
-	{
-	    # I don't think we need to recover from this. How did the port
-	    # name get into the log file if we can't find it? Log file from
-	    # a different machine? Fix /etc/services on this one if that's
-	    # your problem.
-	    die ("Unrecognized port name \"$port\" at $.");
-	}
-	$pn{$pname} = $number;
-    }
-    return $pn{$pname};
-}
-
-# Convert all unrecognized high ports to the same value so they are treated
-# identically. The protocol should be by name.
-sub portSimplify
-{
-    my $port = shift;
-    my $proto = shift;
-
-    # Make sure port is numeric.
-    $port = &portNumber ($port, $proto)
-	unless ($port =~ /^\d+$/);
-
-    # Look up port name.
-    my $portName = &portName ($port, $proto);
-
-    # Port is an unknown high port. Return a value that is too high for a
-    # port number, so that high ports get sorted last.
-    return $highPort if ($portName eq '<high>');
-
-    # Return original port number.
-    return $port;
-}
-
-# Translates a numeric address into a hostname. Pass only packed numeric
-# addresses to this routine.
-sub hostName
-{
-    my $ip = shift;
-    return $ipName{$ip} if (exists ($ipName{$ip}));
-
-    # Do an inverse lookup on the address.
-    my $name = gethostbyaddr ($ip, AF_INET);
-    unless (defined ($name))
-    {
-	# Inverse lookup failed, so map the IP address to its dotted
-	# representation and cache that.
-	$ipName{$ip} = &dottedAddr ($ip);
-	return $ipName{$ip};
-    }
-
-    # For paranoid hostname lookups.
-    if ($paranoid)
-    {
-	# If this address already matches, we're happy.
-	unless (exists ($ipName{$ip}) && (lc ($ipName{$ip}) eq lc ($name)))
-	{
-	    # Do a forward lookup on the resulting name.
-	    my @addr = &hostAddrs ($name);
-	    my $match = 0;
-
-	    # Cache the forward lookup results for future inverse lookups,
-	    # but don't stomp on inverses we've already cached, even if they
-	    # are questionable. We want to generate consistent output, and
-	    # the cache is growing incrementally.
-	    foreach (@addr)
-	    {
-		$ipName{$_} = $name unless (exists ($ipName{$_}));
-		$match = 1 if ($_ eq $ip);
-	    }
-
-	    # Was this one of the addresses? If not, tack on a ?.
-	    $name .= '?' unless ($match);
-	}
-    }
-    else
-    {
-	# Just believe it and cache it.
-	$ipName{$ip} = $name;
-    }
-
-    return $name;
-}
-
-# Translates a hostname or dotted address into a list of packed numeric
-# addresses.
-sub hostAddrs
-{
-    my $name = shift;
-    my $ip;
-
-    # Check if it's a dotted representation.
-    return ($ip) if (defined ($ip = &isDottedAddr ($name)));
-
-    # Return result from cache.
-    $name = lc ($name);
-    return @{$ipAddr{$name}} if (exists ($ipAddr{$name}));
-
-    # Look up the addresses.
-    my @addr = gethostbyname ($name);
-    splice (@addr, 0, 4);
-
-    unless (scalar (@addr))
-    {
-	# Again, I don't think we need to recover from this gracefully.
-	# If we can't resolve a hostname that ended up in the log file,
-	# punt. We want to be able to sort hosts by IP address later,
-	# and letting hostnames through will snarl up that code. Users
-	# of ipmon -n will have to grin and bear it for now. The
-	# functions that get undef back should treat it as an error or
-	# as some default address, e.g. 0 just to make things work.
-	return ();
-    }
-
-    $ipAddr{$name} = [ @addr ];
-    return @{$ipAddr{$name}};
-}
-
-# If the argument is a valid dotted address, returns the corresponding
-# packed numeric address, otherwise returns undef.
-sub isDottedAddr
-{
-    my $addr = shift;
-    if ($addr =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/)
-    {
-	my @a = (int ($1), int ($2), int ($3), int ($4));
-	foreach (@a)
-	{
-	    return undef if ($_ >= 256);
-	}
-	return pack ('C*', @a);
-    }
-    return undef;
-}
-
-# Unpacks a packed numeric address and returns an integer representation.
-sub integerAddr
-{
-    my $addr = shift;
-    return unpack ('N', $addr);
-
-    # The following is for generalized IPv4/IPv6 stuff. For now, it's a
-    # lot faster to assume IPv4.
-    my @a = unpack ('C*', $addr);
-    my $a = 0;
-    while (scalar (@a))
-    {
-	$a = ($a << 8) | shift (@a);
-    }
-    return $a;
-}
-
-# Unpacks a packed numeric address into a dotted representation.
-sub dottedAddr
-{
-    my $addr = shift;
-    my @a = unpack ('C*', $addr);
-    return join ('.', @a);
-}
-
-# Translates a protocol number into a protocol name, or a number if no name
-# is found in the protocol database.
-sub protoName
-{
-    my $code = shift;
-    return $code if ($code !~ /^\d+$/);
-    unless (exists ($pr{$code}))
-    {
-	my $name = scalar (getprotobynumber ($code));
-	if (defined ($name))
-	{
-	    $pr{$code} = $name;
-	}
-	else
-	{
-	    $pr{$code} = $code;
-	}
-    }
-    return $pr{$code};
-}
-
-# Translates a protocol name or number into a protocol number.
-sub protoNumber
-{
-    my $name = shift;
-    return $name if ($name =~ /^\d+$/);
-    unless (exists ($pr{$name}))
-    {
-	my $code = scalar (getprotobyname ($name));
-	if (defined ($code))
-	{
-	    $pr{$name} = $code;
-	}
-	else
-	{
-	    $pr{$name} = $name;
-	}
-    }
-    return $pr{$name};
-}
-
-sub icmpType
-{
-    my $typeCode = shift;
-    my ($type, $code) = split ('\.', $typeCode);
-
-    return "?" unless (defined ($code));
-
-    my $info = $icmpTypeMap{$type};
-
-    return "\(type=$type/$code?\)" unless (defined ($info));
-
-    my $typeName = $info->{name};
-    my $codeName;
-    if (exists ($info->{codes}->{$code}))
-    {
-	$codeName = $info->{codes}->{$code};
-	$codeName = (defined ($codeName) ? "/$codeName" : '');
-    }
-    else
-    {
-	$codeName = "/$code";
-    }
-    return "$typeName$codeName";
-}
-
-sub quit
-{
-    my $ec = shift;
-    my $msg = shift;
-
-    print STDERR "$me: $msg\n";
-    exit ($ec);
-}
-
-sub usage
-{
-    my $ec = shift;
-    my @msg = @_;
-
-    if (scalar (@msg))
-    {
-	print STDERR "$me: ", join ("\n", @msg), "\n\n";
-    }
-
-    print <<EOT;
-usage: $me [-nSDF] [-s servicemap] [-A act1,...] [address...]
-
-Parses logging from ipmon and presents it in a comprehensible format. This
-program generates two reports: one organized by source address and another
-organized by destination address. For the first report, source addresses are
-sorted by IP address. For each address, all packets originating at the address
-are presented in a tabular form, where all packets with the same source and
-destination address and port are counted as a single entry. Any port number
-greater than 1023 that does not match an entry in the services table is treated
-as a "high" port; all high ports are coalesced into the same entry. The fields
-for the source address report are:
-    iface action packet-count proto src-port dest-host.dest-port \[\(flags\)\]
-The fields for the destination address report are:
-    iface action packet-count proto dest-port src-host.src-port \[\(flags\)\]
-
-Options are:
--n           Disable hostname lookups, and report only IP addresses.
--p           Perform paranoid hostname lookups.
--S           Generate a source address report.
--D           Generate a destination address report.
--F           Show all flag combinations associated with packets.
--s map       Supply an alternate services map to be preloaded. The map should
-	     be in the same format as /etc/services. Any service name not found
-             in the map will be looked for in the system services file.
--A act1,...  Limit the report to the specified actions. The possible actions
-	     are pass, block, log, short, and nomatch.
-
-If any addresses are supplied on the command line, the report is limited to
-these hosts. Addresses may be given as dotted IP addresses or hostnames, and
-may be qualified with netmasks in CIDR \(/24\) or dotted \(/255.255.255.0\) format.
-If a hostname resolves to multiple addresses, all addresses are used.
-
-If neither -S nor -D is given, both reports are generated.
-
-Note: if you are logging traffic with ipmon -n, ipmon will already have looked
-up and logged addresses as hostnames where possible. This has an important side
-effect: this program will translate the hostnames back into IP addresses which
-may not match the original addresses of the logged packets because of numerous
-DNS issues. If you care about where packets are really coming from, you simply
-cannot rely on ipmon -n. An attacker with control of his reverse DNS can map
-the reverse lookup to anything he likes. If you haven't logged the numeric IP
-address, there's no way to discover the source of an attack reliably. For this
-reason, I strongly recommend that you run ipmon without the -n option, and use
-this or a similar script to do reverse lookups during analysis, rather than
-during logging.
-EOT
-
-    exit ($ec);
-}
-