Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!seismo!ut-sally!husc6!cmcl2!beta!hc!hi!cyrus From: cyrus@hi.UUCP (Tait Cyrus) Newsgroups: comp.dcom.lans Subject: Re: Ethernet Analyzer Info Needed Message-ID: <10669@hi.UUCP> Date: Thu, 9-Jul-87 12:28:14 EDT Article-I.D.: hi.10669 Posted: Thu Jul 9 12:28:14 1987 Date-Received: Sun, 12-Jul-87 06:10:01 EDT References: <402@rover.UUCP> <1139@csib.UUCP> Reply-To: cyrus@hc.dspo.gov (Tait Cyrus) Distribution: world Organization: U. of New Mexico, Albuquerque Lines: 63 In article <1139@csib.UUCP> jwhitnel@csib.UUCP (Jerry Whitnell) writes: >In article <402@rover.UUCP> fred@rover.UUCP (Fred Christiansen) writes: >>we're thinking of getting an Ethernet monitor/analyzer for some >>TOP work. we need to examine packets/frames, to select frames >>meeting certain criteria, etc. i've seen some monitors that >>know about XNS or TCP/IP packet types and display per those formats. > >You might also want to look at Network General's Sniffer. They support >a large number of protocols, as well as displaying of the packet in hex/ascii/ >ebcidic dumps. I know they have XNS and I think TCP/IP. They also support >writting your own protocol disassemblers (in C). Finally, they also support >filtering of the packets on various criteria. Their number is (408) 734-0464. Here at the University of New Mexico we built up a network monitor/analyzer package around a SUN 3. We were building some ethernet hardware and needed some way to see if we were transmitting things correctly, you know - network byte order. Using the NIT (Network Interface Tap) protocol on the SUN, we were able to put the SUN's ethernet board in promiscuous mode and capture all packets. Now anyone that is familiar with SUN knows about 'etherfind' which basically does the same thing, or 'tcpdump' which gives a little more info than 'etherfind'. What we needed was some way to dump all incoming packets, from our hardware, to a file to be analyzed later. Well, this package now has the ability to display, split screen style, both directions of a connection, capture packets (to be looked at in depth later) plus anything else we might want it to do. We have even built up some utilities which verify checksums (in ip & tcp packets), in a machine INDEPENDENT way. This means that you can look at these packets, which were dumped to file, on any machine you like. You don't have to worry about any evil "Network-byte-order" problems. It would be easy to add to this package to do just about anything you wanted it to, whether it was capture XNS packets, IP packets or your own XYZ type packets. We are still cleaning some things up in this package to add some more options. When we feel it is clean enough, we will post it. Unlike 'tcpdump' which was derived from SUN sources and whose sources can't be posted, our package was not derived from sources. We feel that just about anything that needs to be looked at can be derived from our program. One thing, though, that can't, as far as I know, be obtained from the NIT protocol, is the number of collisions. I have never really gotten 'down-and-dirty' with network monitors, so my perception of what an ethernet monitor/analyzer should do might be full of it. I would appreciate any suggestions or ideas of things to include in this this program, or any comments in general. -- @__________@ W. Tait Cyrus (505) 277-0806 /| /| University of New Mexico / | / | Dept of EECE - Hypercube Project @__|_______@ | Albuquerque, New Mexico 87131 | | | | | | hc | | e-mail: | @.......|..@ cyrus@hc.dspo.gov or | / | / seismo!unmvax!hi!cyrus @/_________@/